Misconfiguration in Firewalls and Network Access Controls: Literature Review

Firewalls and network access controls play important roles in security control and protection. Those firewalls may create an incorrect sense or state of protection if they are improperly configured. One of the major configuration problems in firewalls is related to misconfiguration in the access control roles added to the firewall that will control network traffic. In this paper, we evaluated recent research trends and open challenges related to firewalls and access controls in general and misconfiguration problems in particular. With the recent advances in next-generation (NG) firewalls, firewall roles can be auto-generated based on networks and threats. Nonetheless, and due to the large number of roles in any medium to large networks, roles’ misconfiguration may occur for several reasons and will impact the performance of the firewall and overall network and protection efficiency

Guaranteed bit rate traffic prioritisation and isolation in multi-tenant radio access networks

©2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Network slicing is a key feature of forthcoming 5G systems to facilitate the partitioning of the network into multiple logical networks customised according to different operation and application needs. Network slicing allows the materialisation of multi-tenant networks, in which the same infrastructure is shared among multiple communication providers, each one using a different slice. The support of multi-tenancy through slicing in the Radio Access Network (RAN) is particularly challenging because it involves the configuration and operation of multiple and diverse RAN behaviour over a common pool of radio resources while guaranteeing a certain Quality of Service (QoS) and isolation to each of the slices. This paper presents a Markovian approach to model different QoS aware Admission Control (AC) policies in a multi-tenant scenario with Guaranteed Bit Rate (GBR) services. From the analytical model, different metrics are defined to later analyse the effect of AC mechanisms on the performance achieved in various scenarios. Results show the impact of priorities for services of different tenants and isolation between tenants when different AC polices are adopted.Peer ReviewedPostprint (author's final draft

mCast: An SDN-based resource-eficient live video streaming architecture with ISP-CDN collaboration

The rise of Software Defined Networking (SDN) presents an opportunity to overcome the limitations of rigid and static traditional Internet architecture and provide services like network layer multicast for live video streaming. In this paper we propose mCast, an SDN-based architecture for live streaming, to reduce the utilization of network and system resources for both Internet Service Providers (ISP) and Content Delivery Networks (CDN) by using multicast over the Internet. We propose a communication framework between ISPs and CDNs to enable mCast while retaining user and data privacy. mCast is transparent to the clients and maintains the control of CDNs on user sessions. We developed a testbed and performed large scale evaluation and comparison. Results showed that mCast can improve the video quality received by clients and, for CDNs and ISPs in comparison to IP unicast, mCast can decrease link utilization by more than 50% and network losses to 0%

A data mining approach for developing online streaming recommendations

[[notice]]補正完

Internet of Unmanned Aerial Vehicles—A Multilayer Low-Altitude Airspace Model for Distributed UAV Traffic Management

The rapid adoption of Internet of Things (IoT) has encouraged the integration of new connected devices such as Unmanned Aerial Vehicles (UAVs) to the ubiquitous network. UAVs promise a pragmatic solution to the limitations of existing terrestrial IoT infrastructure as well as bring new means of delivering IoT services through a wide range of applications. Owning to their potential, UAVs are expected to soon dominate the low-altitude airspace over populated cities. This introduces new research challenges such as the safe management of UAVs operation under high traffic demands. This paper proposes a novel way of structuring the uncontrolled, low-altitude airspace, with the aim of addressing the complex problem of UAV traffic management at an abstract level. The work, hence, introduces a model of the airspace as a weighted multilayer network of nodes and airways and presents a set of experimental simulation results using three UAV traffic management heuristics

Malicious UAV detection using integrated audio and visual features for public safety applications

RÉSUMÉ: Unmanned aerial vehicles (UAVs) have become popular in surveillance, security, and remote monitoring. However, they also pose serious security threats to public privacy. The timely detection of a malicious drone is currently an open research issue for security provisioning companies. Recently, the problem has been addressed by a plethora of schemes. However, each plan has a limitation, such as extreme weather conditions and huge dataset requirements. In this paper, we propose a novel framework consisting of the hybrid handcrafted and deep feature to detect and localize malicious drones from their sound and image information. The respective datasets include sounds and occluded images of birds, airplanes, and thunderstorms, with variations in resolution and illumination. Various kernels of the support vector machine (SVM) are applied to classify the features. Experimental results validate the improved performance of the proposed scheme compared to other related methods