Progressive congestion management based on packet marking and validation techniques

© 2012 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Congestion management in multistage interconnection networks is a serious problem, which is not solved completely. In order to avoid the degradation of network performance when congestion appears, several congestion management mechanisms have been proposed. Most of these mechanisms are based on explicit congestion notification. For this purpose, switches detect congestion and depending on the applied strategy, packets are marked to warn the source hosts. In response, source hosts apply some corrective actions to adjust their packet injection rate. Although these proposals seem quite effective, they either exhibit some drawbacks or are partial solutions. Some of them introduce some penalties over the flows not responsible for congestion, whereas others can cope only with congestion situations that last for a short time. In this paper, we present an overview of the different strategies to detect and correct congestion in multistage interconnection networks, and propose a new mechanism referred to as Marking and Validation Congestion Management (MVCM), targeted to this kind of lossless networks, and based on a more refined packet marking strategy combined with a fair set of corrective actions, that makes the mechanism able to effectively manage congestion regardless of the congestion degree. Evaluation results show the effectiveness and robustness of the proposed mechanism.This work was supported by the Spanish MEC and MICINN, as well as European Commission FEDER funds, under Grants CSD2006-00046 and TIN2009-14475-C04-01.Ferrer Pérez, JL.; Baydal Cardona, ME.; Robles Martínez, A.; López Rodríguez, PJ.; Duato Marín, JF. (2012). Progressive congestion management based on packet marking and validation techniques. IEEE Transactions on Computers. 61(9):1296-1309. doi:10.1109/TC.2011.146S1296130961

DESIGN OF EFFICIENT PACKET MARKING-BASED CONGESTION MANAGEMENT TECHNIQUES FOR CLUSTER INTERCONNECTS

El crecimiento de los computadores paralelos basados en redes de altas prestaciones ha aumentado el interés y esfuerzo de la comunidad investigadora en desarrollar nuevas técnicas que permitan obtener el mejor rendimiento de estas redes. En particular, el desarrollo de nuevas técnicas que permitan un encaminamiento eficiente y que reduzcan la latencia de los paquetes, aumentando así la productividad de la red. Sin embargo, una alta tasa de utilización de la red podría conllevar el que se conoce como "congestión de red", el cual puede causar una degradación del rendimiento. El control de la congestión en redes multietapa es un problema importante que no está completamente resuelto. Con el fin de evitar la degradación del rendimiento de la red cuando aparece congestión, se han propuesto diferentes mecanismos para el control de la congestión. Muchos de estos mecanismos están basados en notificación explícita de la congestión. Para este propósito, los switches detectan congestión y dependiendo de la estrategia aplicada, los paquetes son marcados con la finalidad de advertir a los nodos origenes. Como respuesta, los nodos origenes aplican acciones correctivas para ajustar su tasa de inyección de paquetes. El propósito de esta tesis es analizar las diferentes estratégias de detección y corrección de la congestión en redes multietapa, y proponer nuevos mecanismos de control de la congestión encaminados a este tipo de redes sin descarte de paquetes. Las nuevas propuestas están basadas en una estrategia más refinada de marcaje de paquetes en combinación con un conjunto de acciones correctivas justas que harán al mecanismo capaz de controlar la congestión de manera efectiva con independencia del grado de congestión y de las condiciones de tráfico.Ferrer Pérez, JL. (2012). DESIGN OF EFFICIENT PACKET MARKING-BASED CONGESTION MANAGEMENT TECHNIQUES FOR CLUSTER INTERCONNECTS [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/18197Palanci

Bandwidth management and quality of service

With the advent of bandwidth-hungry video and audio applications, demand for bandwidth is expected to exceed supply. Users will require more bandwidth and, as always, there are likely to be more users. As the Internet user base becomes more diverse, there is an increasing perception that Internet Service Providers (ISPs) should be able to differentiate between users, so that the specific needs of different types of users can be met. Differentiated services is seen as a possible solution to the bandwidth problem. Currently, however, the technology used on the Internet differentiates neither between users, nor between applications. The thesis focuses on current and anticipated bandwidth shortages on the Internet, and on the lack of a differentiated service. The aim is to identify methods of managing bandwidth and to investigate how these bandwidth management methods can be used to provide a differentiated service. The scope of the study is limited to networks using both Ethernet technology and the Internet Protocol (IP). Tile study is significant because it addresses current problems confronted by network managers. The key terms, Quality of Service (QoS) and bandwidth management, are defined. “QoS” is equated to a differentiating system. Bandwidth management is defined as any method of controlling and allocating bandwidth. Installing more capacity is taken to be a method of bandwidth management. The review of literature concentrates on Ethernet/IP networks. It begins with a detailed examination of definitions and interpretations of the term Quality of Service and shows how the meaning changed over the last decade. The review then examines congestion control, including a survey of queuing methods. Priority queuing implemented in hardware is examined in detail, followed by a review of the ReSource reserVation Protocol (RSVP) and a new version of IP (lPv6). Finally, the new standards IEEE 802.1p and IEEE 802.1Q are outlined, and parts of ISO/IEC 15802-3 are analysed. The Integrated Services Architecture (ISA), Differentiated Services (DiffServ) and MultiProtocol Label Switching (MPLS) are seen as providing a theoretical framework for QoS development. The Open Systems Interconnection Reference Model (OSI model) is chosen as the preferred framework for investigating bandwidth management because it is more comprehensive than the alternative US Department of Defence Model (DoD model). A case study of the Edith Cowan University (ECU) data network illustrates current practice in network management. It provides concrete examples of some of the problems, methods and solutions identified in the literary review. Bandwidth management methods are identified and categorised based on the OSI layers in which they operate. Suggestions are given as to how some of these bandwidth management methods are, or can be used within current QoS architectures. The experimental work consists of two series of tests on small, experimental LANs. The tests are aimed at evaluating the effectiveness of IEEE 802.1 p prioritisation. The results suggest that in small Local Area Networks (LANs) prioritisation provides no benefit when Ethernet switches are lightly loaded

MobileTrust: Secure Knowledge Integration in VANETs

Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy

Adaptive Response System for Distributed Denial-of-Service Attacks

The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS) attacks in today’s Internet raise growing security concerns and call for an immediate response to come up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually inflexible and determined attackers with knowledge of these mechanisms, could work around them. Most existing detection and response mechanisms are standalone systems which do not rely on adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating detected attack traffic, there is a need for an Adaptive Response System. We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a distributed DDoS mitigation system capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integrations for both signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. These components consist of an Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together interactively to adapt the detections and responses in accordance to the attack types. Experiments conducted on DARE show that the attack detection and mitigation are successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim under attack verifies the authenticity of the source by performing virtual relocations to differentiate the legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6 protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to verify that it would work with the existing Mobile IPv6 implementation. It was observed that the operations of each module were functioning correctly and TRAPS was able to successfully mitigate an attack launched with spoofed source IP addresses

Satellite Networks: Architectures, Applications, and Technologies

Since global satellite networks are moving to the forefront in enhancing the national and global information infrastructures due to communication satellites' unique networking characteristics, a workshop was organized to assess the progress made to date and chart the future. This workshop provided the forum to assess the current state-of-the-art, identify key issues, and highlight the emerging trends in the next-generation architectures, data protocol development, communication interoperability, and applications. Presentations on overview, state-of-the-art in research, development, deployment and applications and future trends on satellite networks are assembled

Smart PIN: performance and cost-oriented context-aware personal information network

The next generation of networks will involve interconnection of heterogeneous individual networks such as WPAN, WLAN, WMAN and Cellular network, adopting the IP as common infrastructural protocol and providing virtually always-connected network. Furthermore, there are many devices which enable easy acquisition and storage of information as pictures, movies, emails, etc. Therefore, the information overload and divergent content’s characteristics make it difficult for users to handle their data in manual way. Consequently, there is a need for personalised automatic services which would enable data exchange across heterogeneous network and devices. To support these personalised services, user centric approaches for data delivery across the heterogeneous network are also required. In this context, this thesis proposes Smart PIN - a novel performance and cost-oriented context-aware Personal Information Network. Smart PIN's architecture is detailed including its network, service and management components. Within the service component, two novel schemes for efficient delivery of context and content data are proposed: Multimedia Data Replication Scheme (MDRS) and Quality-oriented Algorithm for Multiple-source Multimedia Delivery (QAMMD). MDRS supports efficient data accessibility among distributed devices using data replication which is based on a utility function and a minimum data set. QAMMD employs a buffer underflow avoidance scheme for streaming, which achieves high multimedia quality without content adaptation to network conditions. Simulation models for MDRS and QAMMD were built which are based on various heterogeneous network scenarios. Additionally a multiple-source streaming based on QAMMS was implemented as a prototype and tested in an emulated network environment. Comparative tests show that MDRS and QAMMD perform significantly better than other approaches

Transportation System Performance Measures Using Internet of Things Data

The transportation system is undergoing a rapid change with innovative and promising technologies that provide real-time data for a variety of applications. As we transition into a technology-driven era and Internet of Things (IoT) applications, where everything is connected via a network of smart sensors and cloud computing, there will be an increasing amount of real-time data that will allow a better understanding of the transportation system. Devices emerging as a part of this connected environment can provide new and valuable data sources in a variety of transportation areas including safety, mobility, operations and intelligent transportation systems. Agencies and transportation professionals require effective performance measures and visualization tools to mine this big data to make design, operation, maintenance and investment decisions to improve the overall system performance. This dissertation discusses the development and demonstration of performance measures that leverage data from these emerging IoT devices to support analysis and guide investment decisions. Selected case studies are presented that demonstrate the impact of these new data sources on design, operation, and maintenance decisions. Performance measures such as vibration, noise levels and retroreflectivity were used to conduct a comprehensive assessment of different rumble strip configurations in the roadway and aviation environment. The results indicated that the 12 in sinusoidal wavelength satisfied the National Cooperative Highway Research Program (NCHRP) recommendations and reduced the noise exposure to adjacent homeowners. The application of low-cost rumble strips to mitigate runway incursions at general aviation airports was evaluated using the accelerations on the airframe. Although aircraft are designed for significant g-forces on landing, the results of analyzing accelerometers installed on airframes showed that long-term deployment of rumble strips is a concern for aircraft manufacturers as repeated traversal on the rumble strips may lead to excessive airframe fatigue. A suite of web dashboards and performance measures were developed to evaluate the impact of signal upgrades, signal retiming and maintenance activities on 138 arterials in the Commonwealth of Pennsylvania. For five corridors analyzed before and after an upgrade, the study found a reduction of 1.2 million veh-hours of delay, 10,000 tons of CO2 and an economic benefit of $32 million. Several billion dollars per year is expended upon security checkpoint screening at airports. Using wait time data from consumer electronic devices over a one-year period, performance dashboards identified periods of the day with high median wait times. The performance measures outlined in this study provided scalable techniques to analyze operating irregularities and identify opportunities for improving service. Reliability and median wait times were also used as performance measures to compare the standard and expedited security screening. The results found that the expedited screening was highly reliable than the standard screening and had a median wait time savings of 5.5 minutes. Bike sharing programs are an eco-friendly mode of transportation gaining immense popularity all over the world. Several performance measures are discussed which analyze the usage patterns, user behaviors and effect of weather on a bike sharing program initiated at Purdue University. Of the 1626 registered users, nearly 20% of them had at least one rental and around 6% had more than 100 rentals, with four of them being greater than 500 rentals. Bikes were rented at all hours of the day, but usage peaked between 11:00 and 19:00 on average. On a yearly basis, the rentals peaked in the fall semester, especially during September, but fell off in October and November with colder weather. Preliminary results from the study also identified some operating anomalies, which allowed the stakeholders to implement appropriate policy revisions. There are a number of outlier filtering algorithms proposed in the literature, however, their performance has never been evaluated. A curated travel time dataset was developed from real-world data, and consisted of 31,621 data points with 243 confirmed outliers. This dataset was used to evaluate the efficiency of three common outlier filtering algorithms, median absolute deviation, modified z-score and, box and whisker plots. The modified Z-score had the best performance with successful removal of 70% of the confirmed outliers and incorrect removal of only 5% of the true samples. The accuracy of vehicle to infrastructure (V2I) communication is an important metric for connected vehicle applications. Traffic signal state indication is an early development in the V2I communication that allows connected vehicles to display the current traffic signal status on the driver dashboard as the vehicle approaches an intersection. The study evaluated the accuracy of this prediction with on-field data and results showed a degraded performance during phase omits and force-offs. Performance measures such as, the probability of expected phase splits and the probability of expected green for a phase, are discussed to enhance the accuracy of the prediction algorithm. These measures account for the stochastic variations due to detectors actuations and will allow manufacturers and vendors to improve their algorithm. The application of these performance measures across three transportation modes and the transportation focus areas of safety, mobility and operations will provide a framework for agencies and transportation professionals to assess the performance of system components and support investment decisions

Machine Learning and Big Data Methodologies for Network Traffic Monitoring

Over the past 20 years, the Internet saw an exponential grown of traffic, users, services and applications. Currently, it is estimated that the Internet is used everyday by more than 3.6 billions users, who generate 20 TB of traffic per second. Such a huge amount of data challenge network managers and analysts to understand how the network is performing, how users are accessing resources, how to properly control and manage the infrastructure, and how to detect possible threats. Along with mathematical, statistical, and set theory methodologies machine learning and big data approaches have emerged to build systems that aim at automatically extracting information from the raw data that the network monitoring infrastructures offer. In this thesis I will address different network monitoring solutions, evaluating several methodologies and scenarios. I will show how following a common workflow, it is possible to exploit mathematical, statistical, set theory, and machine learning methodologies to extract meaningful information from the raw data. Particular attention will be given to machine learning and big data methodologies such as DBSCAN, and the Apache Spark big data framework. The results show that despite being able to take advantage of mathematical, statistical, and set theory tools to characterize a problem, machine learning methodologies are very useful to discover hidden information about the raw data. Using DBSCAN clustering algorithm, I will show how to use YouLighter, an unsupervised methodology to group caches serving YouTube traffic into edge-nodes, and latter by using the notion of Pattern Dissimilarity, how to identify changes in their usage over time. By using YouLighter over 10-month long races, I will pinpoint sudden changes in the YouTube edge-nodes usage, changes that also impair the end users’ Quality of Experience. I will also apply DBSCAN in the deployment of SeLINA, a self-tuning tool implemented in the Apache Spark big data framework to autonomously extract knowledge from network traffic measurements. By using SeLINA, I will show how to automatically detect the changes of the YouTube CDN previously highlighted by YouLighter. Along with these machine learning studies, I will show how to use mathematical and set theory methodologies to investigate the browsing habits of Internauts. By using a two weeks dataset, I will show how over this period, the Internauts continue discovering new websites. Moreover, I will show that by using only DNS information to build a profile, it is hard to build a reliable profiler. Instead, by exploiting mathematical and statistical tools, I will show how to characterize Anycast-enabled CDNs (A-CDNs). I will show that A-CDNs are widely used either for stateless and stateful services. That A-CDNs are quite popular, as, more than 50% of web users contact an A-CDN every day. And that, stateful services, can benefit of A-CDNs, since their paths are very stable over time, as demonstrated by the presence of only a few anomalies in their Round Trip Time. Finally, I will conclude by showing how I used BGPStream an open-source software framework for the analysis of both historical and real-time Border Gateway Protocol (BGP) measurement data. By using BGPStream in real-time mode I will show how I detected a Multiple Origin AS (MOAS) event, and how I studies the black-holing community propagation, showing the effect of this community in the network. Then, by using BGPStream in historical mode, and the Apache Spark big data framework over 16 years of data, I will show different results such as the continuous growth of IPv4 prefixes, and the growth of MOAS events over time. All these studies have the aim of showing how monitoring is a fundamental task in different scenarios. In particular, highlighting the importance of machine learning and of big data methodologies