DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST

Network Slicing in 5G: Admission, Scheduling, and Security

In the past few decades, there was an increase in the number of devices that have wireless capabilities such as phones, televisions, and home appliances. With the high demand for wireless networking, the fifth generation (5G) of mobile networks was designed to support the different services of new applications. In addition, one of the technical issues that 5G would evolve is the increase in traffic and the need to satisfy the user’s experience. With the evolution of wireless networking and 5G, Network Slicing has been introduced to accommodate the diverse requirements of the applications. Thus, network slicing is the concept of partitioning the physical network infrastructure into multiple self-contained logical pieces which can be identified as slices. Each slice can be customized to serve and meet different network requirements and characteristics. In terms of security, network security has allowed for new security vulnerabilities such as Distributed Denial of Service (DDoS) and resource exhaustion. However, slices can be isolated to provide better resource isolation. In addition, each slice is considered an end-to-end virtual network, operators would be able to allocate resources to the tenants which are the service providers. The isolated resources are controlled by the tenants; each tenant has control over how to use them to meet the requirements of the clients. One of the challenges in network slicing is RAN slicing. The target of RAN Slicing is to meet the QoS requirements of different services for each end-user. However, the coexistence of different services is challenging because each service has its requirements. Each slice must estimate its network demands based on the QoS requirements and control the admission to the slice. To solve this issue, we consider the scenario for the enhanced mobile broadband (eMBB) and the ultra-reliable-low-latency communication (URLLC) use cases’ coexistence, and we slice the RAN based on the priority of the user applicatio

Mecanismos para gerenciamento de banda passante em redes ópticas passivas Ethernet com clientes locatários de múltiplas unidades ópticas de redes

Orientador: Nelson Luis Saldanha da FonsecaDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: As atuais redes de acesso banda larga à Internet necessitam dar suporte às altas demandas de diversas aplicações tais como voz sobre IP (VoIP), streaming de vídeo UHD, videoconferência, internet das coisas (IoT) e jogos interativos. A tecnologia de redes ópticas passivas (PONs) é considerada promissora para fornecer alta capacidade de acesso com um custo-benefício aceitável. Existem duas diferentes tecnologias que disputam o mercado das redes ópticas; Ethernet PON (EPON) e Gigabit Capable PON(GPON). Devido ao alto custo de aquisição e manutenção de uma infraestrutura PON, muitas empresas (clientes) recorrem a fornecedores de infraestrutura (InP) para reduzir os altos custo, por meio do aluguel de uma porção dos recursos da PON. Esses clientes podem ser, por exemplo, operadores de rede móvel ou provedores de serviços virtuais, que podem adquirir múltiplas unidades da rede óptica (ONU) conectadas em uma única PON. Essa facilidade de alugar múltiplas ONUs pode gerar problemas de balanceamento de carga entre ONUs, uma vez que os atuais algoritmos de alocação de banda passante (DBA) são capazes de garantir banda para uma única ONU. Consequentemente, picos de demanda de banda passante podem ultrapassar a banda garantida em algumas ONUs e, ao mesmo tempo, subutilizar a banda garantida em outras ONUs de um mesmo cliente. Nesta dissertação, aborda-se o problema de gerenciamento de largura de banda para clientes multi-ONU nas redes EPON. Propõe-se um algoritmo de alocação dinâmica de banda passante (DBA) (MOS-IPACT) para dar suporte ao contrato de serviço (SLA) para clientes com várias ONUs. O mecanismo proposto distribui a largura de banda agregada entre ONUs de um mesmo cliente, com o objetivo de melhorar a utilização da largura de banda. Além disso propõe-se um algoritmo DBA para EPONs (subMOSIPACT) com o objetivo de garantir banda passante em diferentes níveis de granularidade. Este algoritmo é fundamental para clientes multi-ONU e que oferecem diversos tipos de serviços. Por exemplo, um operador da rede virtual pode alugar as ONUs de um InP para oferecer serviços corporativos e residenciais. Introduz-se, também, um algoritmo DBA para EPONs (coopMOS-IPACT) que permite a cooperação entre clientes. O algoritmo proposto permite que clientes cooperativos compartilhem banda passante não utilizada a fim de aumentar a banda disponível para alocação mas sem afetar seus SLAs individuais. Os resultados mostram que os três algoritmos propostos são capazes de garantir banda passante para clientes multi-ONU, mesmo em condições de tráfego desbalanceadas; Além de garantir banda passante em diferentes níveis de granularidade aumentando o suporte aos requisitos de qualidade de serviço (QoS). Resultados derivados por simulação mostraram que os algoritmos distribuem eficientemente a largura de banda entre os clientes multi-ONU bem como para clientes convencionais que possuem uma única ONU. Por fim, este trabalho mostra os benefícios do modelo de clientes cooperativos para aumentar a largura de banda disponívelAbstract: Current broadband access networks need to support the Quality of Service (QoS) requirements of diverse application such as voice over IP (VoIP), ultra-high video streaming, video conferencing, Internet of Things (IoT) and interactive gaming. Passive Optical Networks (PONs) is considered a promising solution to provides high access capacity with acceptable cost-benefit. Two different technologies share the optical access networks market: Ethernet PON (EPON) and Gigabit Capable PON (GPON). However, the deployment of PON infrastructure involves significant costs. On the other hand, Infrastructure Provider (InP) can alleviate these costs by leasing their PONs to several enterprises (customers). These customers can be Mobile Network Operators (MNOs), multi-site enterprises, or virtual service providers. New scenarios are envisioned in which customers owning multiple Optical Network Units (ONUs) (multi-ONUs customers) are connected to a single PON. However, current EPON Dynamic Bandwidth Allocation (DBA) algorithms are able to support only guaranteed bandwidth for individual ONUs. Consequently, peaks of bandwidth demand may surpass the guaranteed bandwidth for some ONUs and, at the same time, underutilize the bandwidth in other ONUs of a multi-ONU customer. In this work, the bandwidth management problem for multi-ONU customers in EPON network is addressed. This dissertation proposes a mechanisms for the support of multiONU Service Level Agreements (SLA) in DBA algorithms for EPONs. The proposed DBA algorithms (MOS-IPACT) allows customers owning multiple ONUs to redistribute the aggregated bandwidth of the group of ONUs to better balance the bandwidth utilization. This dissertation also proposes a DBA algorithm for EPON networks (subMOS-IPACT) with the objective of assuring bandwidth at different levels of granularity. This algorithm is quite important for multi-ONU customers offering diverse type of services. For example, a virtual network operator can lease ONUs from an InP to offer enterprise and residential services to its client.This work also introduce a DBA algorithm for EPONs (coopMOS-IPACT), which allows cooperation between customers. The proposed DBA algorithm allows cooperative customers share the unused bandwidth without affecting their individual multi-ONU SLAs. Results show that the three proposed Dynamic Bandwidth Allocation (DBA) algorithms are able to guarantee bandwidth for multi-Optical Network Unit (ONU) customers even in unbalancing traffic conditions. Furthermore, assuring bandwidth at different levels of granularity improves the Quality of Service (QoS) providing. Simulation results showed that the mechanisms efficiently distributes bandwidth between multi-ONU customers and traditional customers owning a single ONU. Finally, this work show the benefits of cooperative customers model in order to increase the available bandwidthMestradoCiência da ComputaçãoMestre em Ciência da Computação132308/2016-9CNP

Resource slicing in virtual wireless networks: a survey

New architectural and design approaches for radio access networks have appeared with the introduction of network virtualization in the wireless domain. One of these approaches splits the wireless network infrastructure into isolated virtual slices under their own management, requirements, and characteristics. Despite the advances in wireless virtualization, there are still many open issues regarding the resource allocation and isolation of wireless slices. Because of the dynamics and shared nature of the wireless medium, guaranteeing that the traffic on one slice will not affect the traffic on the others has proven to be difficult. In this paper, we focus on the detailed definition of the problem, discussing its challenges. We also provide a review of existing works that deal with the problem, analyzing how new trends such as software defined networking and network function virtualization can assist in the slicing. We will finally describe some research challenges on this topic.Peer ReviewedPostprint (author's final draft

Dynamic bandwidth allocation in multi-class IP networks using utility functions.

PhDAbstact not availableFujitsu Telecommunications Europe Lt

Multi-tenant Admission Control for future networks

The global telecommunications landscape is going to shift considerably due to the impact of the new generation of future networks. It is estimated that by 2025, one-third of the global population will use 5G. Accordingly, all industry players are searching to develop new business cases. One of the main capabilities of 5G to answer these new requirements is Network Slicing since it allows splitting a common infrastructure into several virtual networks, enabling Multi-tenancy. In this case, the admission control function plays a vital role in ensuring the correct operation of these virtual networks by providing the required QoS to the services by allocating radio resources to them. Consequently, the purpose of this thesis is to study a new method to implement the admission control function, which allows optimizing the use of radio resources, to increase the available capacity of tenants, and offer flexibility under different traffic loads. Several simulations are performed to evaluate the algorithm within a multi-tenant, multi-cell environment using MATLAB, where the simplicity and flexibility of our proposal are assessed in each cell and the whole scenario. We obtain a 127% improvement in the bit rate when compared with a baseline scheme, and a gain of 17% when compared to a reference scheme that allows using extra capacity left by other tenants