Real-time monitoring as a supplementary security component of vigilantism in modern network environments

© 2020, The Author(s). The phenomenon of network vigilantism is autonomously attributed to how anomalies and obscure activities from adversaries can be tracked in real-time. Needless to say, in today’s dynamic, virtualized, and complex network environments, it has become undeniably necessary for network administrators, analysts as well as engineers to practice network vigilantism, on traffic as well as other network events in real-time. The reason is to understand the exact security posture of an organization’s network environment at any given time. This is driven by the fact that modern network environments do, not only present new opportunities to organizations but also a different set of new and complex cybersecurity challenges that need to be resolved daily. The growing size, scope, complexity, and volume of networked devices in our modern network environments also makes it hard even for the most experienced network administrators to independently provide the breadth and depth of knowledge needed to oversee or diagnose complex network problems. Besides, with the growing number of Cyber Security Threats (CSTs) in the world today, many organisations have been forced to change the way they plan, develop and implement cybersecurity strategies as a way to reinforce their ability to respond to cybersecurity incidents. This paper, therefore, examines the relevance of Real-Time Monitoring (RTM) as a supplementary security component of vigilantism in modern network environments, more especially for proper planning, preparedness, and mitigation in case of a cybersecurity incident. Additionally, this paper also investigates some of the key issues and challenges surrounding the implementation of RTM for security vigilantism in our modern network environments

Encountering distributed denial of service attack utilizing federated software defined network

This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture

Augmenting speech quality estimation in software-defined networking using machine learning algorithms

With the increased number of Software-Defined Networking (SDN) installations, the data centers of large service providers are becoming more and more agile in terms of network performance efficiency and flexibility. While SDN is an active and obvious trend in a modern data center design, the implications and possibilities it carries for effective and efficient network management are not yet fully explored and utilized. With most of the modern Internet traffic consisting of multimedia services and media-rich content sharing, the quality of multimedia communications is at the center of attention of many companies and research groups. Since SDN-enabled switches have an inherent feature of monitoring the flow statistics in terms of packets and bytes transmitted/lost, these devices can be utilized to monitor the essential statistics of the multimedia communications, allowing the provider to act in case of network failing to deliver the required service quality. The internal packet processing in the SDN switch enables the SDN controller to fetch the statistical information of the particular packet flow using the PacketIn and Multipart messages. This information, if preprocessed properly, can be used to estimate higher layer interpretation of the link quality and thus allowing to relate the provided quality of service (QoS) to the quality of user experience (QoE). This article discusses the experimental setup that can be used to estimate the quality of speech communication based on the information provided by the SDN controller. To achieve higher accuracy of the result, latency characteristics are added based on the exploiting of the dummy packet injection into the packet stream and/or RTCP packet analysis. The results of the experiment show that this innovative approach calculates the statistics of each individual RTP stream, and thus, we obtain a method for dynamic measurement of speech quality, where when quality decreases, it is possible to respond quickly by changing routing at the network level for each individual call. To improve the quality of call measurements, a Convolutional Neural Network (CNN) was also implemented. This model is based on two standard approaches to measuring the speech quality: PESQ and E-model. However, unlike PESQ/POLQA, the CNN-based model can take delay into account, and unlike the E-model, the resulting accuracy is much higher.Web of Science2110art. no. 347

A robust multimedia traffic SDN-Based management system using patterns and models of QoE estimation with BRNN

[EN] Nowadays, network infrastructures such as Software Defined Networks (SDN) achieve a huge computational power. This allows to add a high processing on the network nodes. In this paper, a multimedia traffic management system is presented. This system is based on estimation models of Quality of Experience (QoE) and also on the traffic patterns classification. In order to achieve this, a QoE estimation method has been modeled. This method allows for classifying the multimedia traffic from multimedia transmission patterns. In order to do this, the SDN controller gathers statistics from the network. The patterns used have been defined from a lineal combination of objective QoE measurements. The model has been defined by Bayesian regularized neural networks (BRNN). From this model, the system is able to classify several kind of traffic according to the quality perceived by the users. Then, a model has been developed to determine which video characteristics need to be changed to provide the user with the best possible quality in the critical moments of the transmission. The choice of these characteristics is based on the quality of service (QoS) parameters, such as delay, jitter, loss rate and bandwidth. Moreover, it is also based on subpatterns defined by clusters from the dataset and which represents network and video characteristics. When a critical network situation is given, the model selects, by using network parameters as entries, the subpattern with the most similar network condition. The minimum Euclidean distance between these entries and the network parameters of the subpatters is calculated to perform this selection. Both models work together to build a reliable multimedia traffic management system perfectly integrated into current network infrastructures, which is able to classify the traffic and solve critical situations changing the video characteristics, by using the SDN architecture.This work has been partially supported by the "Ministerio de Educacion, Cultura y Deporte", through the "Ayudas para contratos predoctorales de Formation del Profesorado Universitario FPU (Convocatoria 2015)", grant number FPU15/06837 and by the "Ministerio de Economia y Competitividad" in the "Programa Estatal de Fomento de la Investigation Cientffica y Tecnica de Excelencia, Subprograma Estatal de Generacion de Conocimiento" within the project under Grant TIN2017-84802-C2-1-P.Canovas Solbes, A.; Rego Mañez, A.; Romero Martínez, JO.; Lloret, J. (2020). A robust multimedia traffic SDN-Based management system using patterns and models of QoE estimation with BRNN. Journal of Network and Computer Applications. 150:1-14. https://doi.org/10.1016/j.jnca.2019.102498S114150Cánovas, A., Taha, M., Lloret, J., & Tomás, J. (2018). Smart resource allocation for improving QoE in IP Multimedia Subsystems. Journal of Network and Computer Applications, 104, 107-116. doi:10.1016/j.jnca.2017.12.020Canovas, A., Jimenez, J. M., Romero, O., & Lloret, J. (2018). Multimedia Data Flow Traffic Classification Using Intelligent Models Based on Traffic Patterns. IEEE Network, 32(6), 100-107. doi:10.1109/mnet.2018.1800121Burden, F., & Winkler, D. (2008). Bayesian Regularization of Neural Networks. Artificial Neural Networks, 23-42. doi:10.1007/978-1-60327-101-1_3Goodman, S. N. (2005). Introduction to Bayesian methods I: measuring the strength of evidence. Clinical Trials, 2(4), 282-290. doi:10.1191/1740774505cn098oaHirschen, K., & Schäfer, M. (2006). Bayesian regularization neural networks for optimizing fluid flow processes. Computer Methods in Applied Mechanics and Engineering, 195(7-8), 481-500. doi:10.1016/j.cma.2005.01.015Huang, X., Yuan, T., Qiao, G., & Ren, Y. (2018). Deep Reinforcement Learning for Multimedia Traffic Control in Software Defined Networking. IEEE Network, 32(6), 35-41. doi:10.1109/mnet.2018.1800097Lin, Y. (2002). Data Mining and Knowledge Discovery, 6(3), 259-275. doi:10.1023/a:1015469627679Lopez-Martin, M., Carro, B., Lloret, J., Egea, S., & Sanchez-Esguevillas, A. (2018). Deep Learning Model for Multimedia Quality of Experience Prediction Based on Network Flow Packets. IEEE Communications Magazine, 56(9), 110-117. doi:10.1109/mcom.2018.1701156Hagan, M. T., & Menhaj, M. B. (1994). Training feedforward networks with the Marquardt algorithm. IEEE Transactions on Neural Networks, 5(6), 989-993. doi:10.1109/72.329697Nguyen, T. T. T., & Armitage, G. (2008). A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys & Tutorials, 10(4), 56-76. doi:10.1109/surv.2008.080406Queiroz, W., Capretz, M. A. M., & Dantas, M. (2019). An approach for SDN traffic monitoring based on big data techniques. Journal of Network and Computer Applications, 131, 28-39. doi:10.1016/j.jnca.2019.01.016Rego, A., Canovas, A., Jimenez, J. M., & Lloret, J. (2018). An Intelligent System for Video Surveillance in IoT Environments. IEEE Access, 6, 31580-31598. doi:10.1109/access.2018.2842034Seshadrinathan, K., Soundararajan, R., Bovik, A. C., & Cormack, L. K. (2010). Study of Subjective and Objective Quality Assessment of Video. IEEE Transactions on Image Processing, 19(6), 1427-1441. doi:10.1109/tip.2010.2042111Soysal, M., & Schmidt, E. G. (2010). Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison. Performance Evaluation, 67(6), 451-467. doi:10.1016/j.peva.2010.01.001Tan, X., Xie, Y., Ma, H., Yu, S., & Hu, J. (2019). Recognizing the content types of network traffic based on a hybrid DNN-HMM model. Journal of Network and Computer Applications, 142, 51-62. doi:10.1016/j.jnca.2019.06.004Tongaonkar, A., Torres, R., Iliofotou, M., Keralapura, R., & Nucci, A. (2015). Towards self adaptive network traffic classification. Computer Communications, 56, 35-46. doi:10.1016/j.comcom.2014.03.02

Конструювання трафіку в програмно-конфігурованих мережах на основі технології Big Data

Бакалаврська дипломна робота присвячена вирішенню проблеми конструювання трафіку в програмно-конфігурованих мережах в реальному часі та з використанням історичної інформації про мережу. Розглянуті способи моніторингу та аналізу трафіку вирішують проблему збору і використання статистичних даних. Розроблений програмний продукт забезпечує можливість моделювання системи конструювання трафіку на основі парадигм Big Data з метою подальшого впровадження способу в існуючі системи моніторингу та аналізу.The Bachelor's thesis is devoted to solving the problem of traffic engineering in software-defined networks in real time and using historical information about the network. The considered methods of traffic monitoring and analysis solve the problem of collecting and using statistical data. The developed software product provides the ability to model the traffic design system based on Big Data paradigms in order to further implement the method in existing monitoring and analysis systems

Спосіб балансування навантаження в програмно-конфігурованій мережі за допомогою генетичного алгоритму

В магістерській дисертації розглядається принцип балансування навантаження в програмно-конфігурованій мережі, процес роботи якого базується на генетичному алгоритмі. Як практична частина реалізований програмний OpenFlow контролер за допомогою фреймворку Ryu на мові програмування Python. Даний контролер використовує генетичний алгоритм для балансування навантаження. Програмний контролер був протестований за допомогою системи віртуалізації мережі Mininet та показав покращення характеристик мережі SDN при його застосуванні, порівняно з аналогами.The master's thesis examines the principle of load balancing in a software-defined networking, the process of which is based on a genetic algorithm. As a practical part, a software OpenFlow controller is implemented using the Ryu framework in the Python programming language. This controller uses a genetic algorithm for load balancing. The software controller was tested using the Mininet network virtualization system and showed improved SDN network performance when it was applied, compared to its counterparts

Спосіб конструювання трафіка в SDN мережах на основі лямбда-архітектури

Дисертація присвячена розробці та дослідженню способу конструювання трафіка в програмно-конфігурованих мережах на основі лямбда-архітектури. Представлений спосіб конструювання трафіка дозволяє зменшити швидкість обробки мережевих та інвентарних даних, особливо для високонавантажених мереж, та підвищити надійність та консистентність процесів збору, агрегації та акумуляції мережевої інформації за допомогою застосування сучасним методів роботи з великими даними.The master’s thesis is devoted to the research and development of the method of traffic engineering in software-defined networks based on lambda architecture. The presented method of traffic engineering reduces the processing speed of network and inventory data, especially for high-load networks, and increase the reliability and consistency of processes of collection, aggregation and accumulation of network information through modern methods of Big Data