35,969 research outputs found
The Dynamics of Internet Traffic: Self-Similarity, Self-Organization, and Complex Phenomena
The Internet is the most complex system ever created in human history.
Therefore, its dynamics and traffic unsurprisingly take on a rich variety of
complex dynamics, self-organization, and other phenomena that have been
researched for years. This paper is a review of the complex dynamics of
Internet traffic. Departing from normal treatises, we will take a view from
both the network engineering and physics perspectives showing the strengths and
weaknesses as well as insights of both. In addition, many less covered
phenomena such as traffic oscillations, large-scale effects of worm traffic,
and comparisons of the Internet and biological models will be covered.Comment: 63 pages, 7 figures, 7 tables, submitted to Advances in Complex
System
Disaster-Resilient Control Plane Design and Mapping in Software-Defined Networks
Communication networks, such as core optical networks, heavily depend on
their physical infrastructure, and hence they are vulnerable to man-made
disasters, such as Electromagnetic Pulse (EMP) or Weapons of Mass Destruction
(WMD) attacks, as well as to natural disasters. Large-scale disasters may cause
huge data loss and connectivity disruption in these networks. As our dependence
on network services increases, the need for novel survivability methods to
mitigate the effects of disasters on communication networks becomes a major
concern. Software-Defined Networking (SDN), by centralizing control logic and
separating it from physical equipment, facilitates network programmability and
opens up new ways to design disaster-resilient networks. On the other hand, to
fully exploit the potential of SDN, along with data-plane survivability, we
also need to design the control plane to be resilient enough to survive network
failures caused by disasters. Several distributed SDN controller architectures
have been proposed to mitigate the risks of overload and failure, but they are
optimized for limited faults without addressing the extent of large-scale
disaster failures. For disaster resiliency of the control plane, we propose to
design it as a virtual network, which can be solved using Virtual Network
Mapping techniques. We select appropriate mapping of the controllers over the
physical network such that the connectivity among the controllers
(controller-to-controller) and between the switches to the controllers
(switch-to-controllers) is not compromised by physical infrastructure failures
caused by disasters. We formally model this disaster-aware control-plane design
and mapping problem, and demonstrate a significant reduction in the disruption
of controller-to-controller and switch-to-controller communication channels
using our approach.Comment: 6 page
Outsmarting Network Security with SDN Teleportation
Software-defined networking is considered a promising new paradigm, enabling
more reliable and formally verifiable communication networks. However, this
paper shows that the separation of the control plane from the data plane, which
lies at the heart of Software-Defined Networks (SDNs), introduces a new
vulnerability which we call \emph{teleportation}. An attacker (e.g., a
malicious switch in the data plane or a host connected to the network) can use
teleportation to transmit information via the control plane and bypass critical
network functions in the data plane (e.g., a firewall), and to violate security
policies as well as logical and even physical separations. This paper
characterizes the design space for teleportation attacks theoretically, and
then identifies four different teleportation techniques. We demonstrate and
discuss how these techniques can be exploited for different attacks (e.g.,
exfiltrating confidential data at high rates), and also initiate the discussion
of possible countermeasures. Generally, and given today's trend toward more
intent-based networking, we believe that our findings are relevant beyond the
use cases considered in this paper.Comment: Accepted in EuroSP'1
Recommended from our members
Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network
In this paper we present empirical results and speculative analysis based on observations collected over a two month period from studies with two high interaction honeynets, deployed in a corporate and an SME (small to medium enterprise) environment, and a distributed honeypots deployment. All three networks contain a mixture of Windows and Linux hosts. We detail the architecture of the deployment and results of comparing the observations from the three environments. We analyze in detail the times between attacks on different hosts, operating systems, networks or geographical location. Even though results from honeynet deployments are reported often in the literature, this paper provides novel results analyzing traffic from three different types of networks and some initial exploratory models. This research aims to contribute to endeavours in the wider security research community to build methods, grounded on strong empirical work, for assessment of the robustness of computer-based systems in hostile environments
Detection of network anomalies and novel attacks in the internet via statistical network traffic separation and normality prediction
With the advent and the explosive growth of the global Internet and the electronic commerce environment, adaptive/automatic network and service anomaly detection is fast gaining critical research and practical importance. If the next generation of network technology is to operate beyond the levels of current networks, it will require a set of well-designed tools for its management that will provide the capability of dynamically and reliably identifying network anomalies. Early detection of network anomalies and performance degradations is a key to rapid fault recovery and robust networking, and has been receiving increasing attention lately.
In this dissertation we present a network anomaly detection methodology, which relies on the analysis of network traffic and the characterization of the dynamic statistical properties of traffic normality, in order to accurately and timely detect network anomalies. Anomaly detection is based on the concept that perturbations of normal behavior suggest the presence of anomalies, faults, attacks etc. This methodology can be uniformly applied in order to detect network attacks, especially in cases where novel attacks are present and the nature of the intrusion is unknown.
Specifically, in order to provide an accurate identification of the normal network traffic behavior, we first develop an anomaly-tolerant non-stationary traffic prediction technique, which is capable of removing both pulse and continuous anomalies. Furthermore we introduce and design dynamic thresholds, and based on them we define adaptive anomaly violation conditions, as a combined function of both the magnitude and duration of the traffic deviations. Numerical results are presented that demonstrate the operational effectiveness and efficiency of the proposed approach, under different anomaly traffic scenarios and attacks, such as mail-bombing and UDP flooding attacks.
In order to improve the prediction accuracy of the statistical network traffic normality, especially in cases where high burstiness is present, we propose, study and analyze a new network traffic prediction methodology, based on the frequency domain traffic analysis and filtering, with the objective_of enhancing the network anomaly detection capabilities. Our approach is based on the observation that the various network traffic components, are better identified, represented and isolated in the frequency domain. As a result, the traffic can be effectively separated into a baseline component, that includes most of the low frequency traffic and presents low burstiness, and the short-term traffic that includes the most dynamic part. The baseline traffic is a mean non-stationary periodic time series, and the Extended Resource-Allocating Network (BRAN) methodology is used for its accurate prediction. The short-term traffic is shown to be a time-dependent series, and the Autoregressive Moving Average (ARMA) model is proposed to be used for the accurate prediction of this component. Furthermore, it is demonstrated that the proposed enhanced traffic prediction strategy can be combined with the use of dynamic thresholds and adaptive anomaly violation conditions, in order to improve the network anomaly detection effectiveness. The performance evaluation of the proposed overall strategy, in terms of the achievable network traffic prediction accuracy and anomaly detection capability, and the corresponding numerical results demonstrate and quantify the significant improvements that can be achieved
Botnet Detection using Social Graph Analysis
Signature-based botnet detection methods identify botnets by recognizing
Command and Control (C\&C) traffic and can be ineffective for botnets that use
new and sophisticate mechanisms for such communications. To address these
limitations, we propose a novel botnet detection method that analyzes the
social relationships among nodes. The method consists of two stages: (i)
anomaly detection in an "interaction" graph among nodes using large deviations
results on the degree distribution, and (ii) community detection in a social
"correlation" graph whose edges connect nodes with highly correlated
communications. The latter stage uses a refined modularity measure and
formulates the problem as a non-convex optimization problem for which
appropriate relaxation strategies are developed. We apply our method to
real-world botnet traffic and compare its performance with other community
detection methods. The results show that our approach works effectively and the
refined modularity measure improves the detection accuracy.Comment: 7 pages. Allerton Conferenc
Security and Privacy Issues of Big Data
This chapter revises the most important aspects in how computing
infrastructures should be configured and intelligently managed to fulfill the
most notably security aspects required by Big Data applications. One of them is
privacy. It is a pertinent aspect to be addressed because users share more and
more personal data and content through their devices and computers to social
networks and public clouds. So, a secure framework to social networks is a very
hot topic research. This last topic is addressed in one of the two sections of
the current chapter with case studies. In addition, the traditional mechanisms
to support security such as firewalls and demilitarized zones are not suitable
to be applied in computing systems to support Big Data. SDN is an emergent
management solution that could become a convenient mechanism to implement
security in Big Data systems, as we show through a second case study at the end
of the chapter. This also discusses current relevant work and identifies open
issues.Comment: In book Handbook of Research on Trends and Future Directions in Big
Data and Web Intelligence, IGI Global, 201
- …