3,757 research outputs found
A Characterization of Cybersecurity Posture from Network Telescope Data
Data-driven understanding of cybersecurity posture is an important problem
that has not been adequately explored. In this paper, we analyze some real data
collected by CAIDA's network telescope during the month of March 2013. We
propose to formalize the concept of cybersecurity posture from the perspectives
of three kinds of time series: the number of victims (i.e., telescope IP
addresses that are attacked), the number of attackers that are observed by the
telescope, and the number of attacks that are observed by the telescope.
Characterizing cybersecurity posture therefore becomes investigating the
phenomena and statistical properties exhibited by these time series, and
explaining their cybersecurity meanings. For example, we propose the concept of
{\em sweep-time}, and show that sweep-time should be modeled by stochastic
process, rather than random variable. We report that the number of attackers
(and attacks) from a certain country dominates the total number of attackers
(and attacks) that are observed by the telescope. We also show that
substantially smaller network telescopes might not be as useful as a large
telescope
Fluid model for a network operating under a fair bandwidth-sharing policy
We consider a model of Internet congestion control that represents the
randomly varying number of flows present in a network where bandwidth is shared
fairly between document transfers. We study critical fluid models obtained as
formal limits under law of large numbers scalings when the average load on at
least one resource is equal to its capacity. We establish convergence to
equilibria for fluid models and identify the invariant manifold.
The form of the invariant manifold gives insight into the phenomenon of
entrainment whereby congestion at some resources may prevent other resources
from working at their full capacity
Performance evaluation of an open distributed platform for realistic traffic generation
Network researchers have dedicated a notable part of their efforts
to the area of modeling traffic and to the implementation of efficient traffic
generators. We feel that there is a strong demand for traffic generators
capable to reproduce realistic traffic patterns according to theoretical
models and at the same time with high performance. This work presents an open
distributed platform for traffic generation that we called distributed
internet traffic generator (D-ITG), capable of producing traffic (network,
transport and application layer) at packet level and of accurately replicating
appropriate stochastic processes for both inter departure time (IDT) and
packet size (PS) random variables. We implemented two different versions of
our distributed generator. In the first one, a log server is in charge of
recording the information transmitted by senders and receivers and these
communications are based either on TCP or UDP. In the other one, senders and
receivers make use of the MPI library. In this work a complete performance
comparison among the centralized version and the two distributed versions of
D-ITG is presented
KISS: Stochastic Packet Inspection Classifier for UDP Traffic
This paper proposes KISS, a novel Internet classifica- tion engine. Motivated by the expected raise of UDP traffic, which stems from the momentum of Peer-to-Peer (P2P) streaming appli- cations, we propose a novel classification framework that leverages on statistical characterization of payload. Statistical signatures are derived by the means of a Chi-Square-like test, which extracts the protocol "format," but ignores the protocol "semantic" and "synchronization" rules. The signatures feed a decision process based either on the geometric distance among samples, or on Sup- port Vector Machines. KISS is very accurate, and its signatures are intrinsically robust to packet sampling, reordering, and flow asym- metry, so that it can be used on almost any network. KISS is tested in different scenarios, considering traditional client-server proto- cols, VoIP, and both traditional and new P2P Internet applications. Results are astonishing. The average True Positive percentage is 99.6%, with the worst case equal to 98.1,% while results are al- most perfect when dealing with new P2P streaming applications
On the flow-level stability of data networks without congestion control: the case of linear networks and upstream trees
In this paper, flow models of networks without congestion control are
considered. Users generate data transfers according to some Poisson processes
and transmit corresponding packet at a fixed rate equal to their access rate
until the entire document is received at the destination; some erasure codes
are used to make the transmission robust to packet losses. We study the
stability of the stochastic process representing the number of active flows in
two particular cases: linear networks and upstream trees. For the case of
linear networks, we notably use fluid limits and an interesting phenomenon of
"time scale separation" occurs. Bounds on the stability region of linear
networks are given. For the case of upstream trees, underlying monotonic
properties are used. Finally, the asymptotic stability of those processes is
analyzed when the access rate of the users decreases to 0. An appropriate
scaling is introduced and used to prove that the stability region of those
networks is asymptotically maximized
The Embedding Capacity of Information Flows Under Renewal Traffic
Given two independent point processes and a certain rule for matching points
between them, what is the fraction of matched points over infinitely long
streams? In many application contexts, e.g., secure networking, a meaningful
matching rule is that of a maximum causal delay, and the problem is related to
embedding a flow of packets in cover traffic such that no traffic analysis can
detect it. We study the best undetectable embedding policy and the
corresponding maximum flow rate ---that we call the embedding capacity--- under
the assumption that the cover traffic can be modeled as arbitrary renewal
processes. We find that computing the embedding capacity requires the inversion
of very structured linear systems that, for a broad range of renewal models
encountered in practice, admits a fully analytical expression in terms of the
renewal function of the processes. Our main theoretical contribution is a
simple closed form of such relationship. This result enables us to explore
properties of the embedding capacity, obtaining closed-form solutions for
selected distribution families and a suite of sufficient conditions on the
capacity ordering. We evaluate our solution on real network traces, which shows
a noticeable match for tight delay constraints. A gap between the predicted and
the actual embedding capacities appears for looser constraints, and further
investigation reveals that it is caused by inaccuracy of the renewal traffic
model rather than of the solution itself.Comment: Sumbitted to IEEE Trans. on Information Theory on March 10, 201
Uncovering the big players of the web
In this paper we aim at observing how today the Internet large organizations deliver web content to end users. Using one-week long data sets collected at three vantage points aggregating more than 30,000 Internet customers, we characterize the offered services precisely quantifying and comparing the performance of different players. Results show that today 65% of the web traffic is handled by the top 10 organiza- tions. We observe that, while all of them serve the same type of content, different server architectures have been adopted considering load bal- ancing schemes, servers number and location: some organizations handle thousands of servers with the closest being few milliseconds far away from the end user, while others manage few data centers. Despite this, the performance of bulk transfer rate offered to end users are typically good, but impairment can arise when content is not readily available at the server and has to be retrieved from the CDN back-en
Compact Markov-modulated models for multiclass trace fitting
Markov-modulated Poisson processes (MMPPs) are stochastic models for fitting empirical traces for simulation, workload characterization and queueing analysis purposes. In this paper, we develop the first counting process fitting algorithm for the marked MMPP (M3PP), a generalization of the MMPP for modeling traces with events of multiple types. We initially explain how to fit two-state M3PPs to empirical traces of counts. We then propose a novel form of composition, called interposition, which enables the approximate superposition of several two-state M3PPs without incurring into state space explosion. Compared to exact superposition, where the state space grows exponentially in the number of composed processes, in interposition the state space grows linearly in the number of composed M3PPs. Experimental results indicate that the proposed interposition methodology provides accurate results against artificial and real-world traces, with a significantly smaller state space than superposed processes
- …