3,136 research outputs found
Comparative Study Of Congestion Control Techniques In High Speed Networks
Congestion in network occurs due to exceed in aggregate demand as compared to
the accessible capacity of the resources. Network congestion will increase as
network speed increases and new effective congestion control methods are
needed, especially to handle bursty traffic of todays very high speed networks.
Since late 90s numerous schemes i.e. [1]...[10] etc. have been proposed. This
paper concentrates on comparative study of the different congestion control
schemes based on some key performance metrics. An effort has been made to judge
the performance of Maximum Entropy (ME) based solution for a steady state
GE/GE/1/N censored queues with partial buffer sharing scheme against these key
performance metrics.Comment: 10 pages IEEE format, International Journal of Computer Science and
Information Security, IJCSIS November 2009, ISSN 1947 5500,
http://sites.google.com/site/ijcsis
Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing
Emergency services are vital services that Next Generation Networks (NGNs)
have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs,
3GPP has carried the burden of specifying a standardized IMS-based emergency
services framework. Unfortunately, like any other IP-based standards, the
IMS-based emergency service framework is prone to Distributed Denial of Service
(DDoS) attacks. We propose in this work, a simple but efficient solution that
can prevent certain types of such attacks by creating firewall pinholes that
regular clients will surely be able to pass in contrast to the attackers
clients. Our solution was implemented, tested in an appropriate testbed, and
its efficiency was proven.Comment: 17 Pages, IJNGN Journa
TCP â Random Early Detection (RED) mechanism for Congestion Control
This thesis discusses the Random Early Detection (RED) algorithm, proposed by Sally Floyd, used for congestion avoidance in computer networking, how existing algorithms compare to this approach and the configuration and implementation of the Weighted Random Early Detection (WRED) variation.
RED uses a probability approach in order to calculate the probability that a packet will be dropped before periods of high congestion, relative to the minimum and maximum queue threshold, average queue length, packet size and the number of packets since the last drop.
The motivation for this thesis has been the high QoS provided to current delay-sensitive applications such as Voice-over-IP (VoIP) by the incorporation of congestion avoidance algorithms derived from the original RED design [45]. The WRED variation of RED is not directly invoked on the VoIP class because congestion avoidance mechanisms are not configured for voice queues. WRED is instead used to prioritize other traffic classes in order to avoid congestion to provide and guarantee high quality of service for voice traffic [43][44].
The most notable simulations performed for the RED algorithm in comparison to the Tail Drop (TD) and Random Drop (RD) algorithms have been detailed in order to show that RED is much more advantageous in terms of congestion control in a network. The WRED, Flow RED (FRED) and Adaptive RED (ARED) variations of the RED algorithm have been detailed with emphasis on WRED. Details of the concepts of forwarding classes, output queues, traffic policies, traffic classes, class maps, schedulers, scheduler maps, and DSCP classification shows that the WRED feature is easily configurable on tier-1 vendor routers
Robust control tools for traffic monitoring in TCP/AQM networks
Several studies have considered control theory tools for traffic control in
communication networks, as for example the congestion control issue in IP
(Internet Protocol) routers. In this paper, we propose to design a linear
observer for time-delay systems to address the traffic monitoring issue in
TCP/AQM (Transmission Control Protocol/Active Queue Management) networks. Due
to several propagation delays and the queueing delay, the set TCP/AQM is
modeled as a multiple delayed system of a particular form. Hence, appropriate
robust control tools as quadratic separation are adopted to construct a delay
dependent observer for TCP flows estimation. Note that, the developed mechanism
enables also the anomaly detection issue for a class of DoS (Denial of Service)
attacks. At last, simulations via the network simulator NS-2 and an emulation
experiment validate the proposed methodology
Cyber Physical System Security â DoS Attacks on Synchrophasor Networks in the Smart Grid
With the rapid increase of network-enabled sensors, switches, and relays, cyber-physical system security in the smart grid has become important. The smart grid operation demands reliable communication. Existing encryption technologies ensures the authenticity of delivered messages. However, commonly applied technologies are not able to prevent the delay or drop of smart grid communication messages. In this dissertation, the author focuses on the network security vulnerabilities in synchrophasor network and their mitigation methods. Side-channel vulnerabilities of the synchrophasor network are identified. Synchrophasor network is one of the most important technologies in the smart grid transmission system. Experiments presented in this dissertation shows that a DoS attack that exploits the side-channel vulnerability against the synchrophasor network can lead to the power system in stability. Side-channel analysis extracts information by observing implementation artifacts without knowing the actual meaning of the information. Synchrophasor network consist of Phasor Measurement Units (PMUs) use synchrophasor protocol to transmit measurement data. Two side-channels are discovered in the synchrophasor protocol. Side-channel analysis based Denial of Service (DoS) attacks differentiate the source of multiple PMU data streams within an encrypted tunnel and only drop selected PMU data streams. Simulations on a power system shows that, without any countermeasure, a power system can be subverted after an attack. Then, mitigation methods from both the network and power grid perspectives are carried out. From the perspective of network security study, side-channel analysis, and protocol transformation has the potential to assist the PMU communication to evade attacks lead with protocol identifications. From the perspective of power grid control study, to mitigate PMU DoS attacks, Cellular Computational Network (CCN) prediction of PMU data is studied and used to implement a Virtual Synchrophasor Network (VSN), which learns and mimics the behaviors of an objective power grid. The data from VSN is used by the Automatic Generation Controllers (AGCs) when the PMU packets are disrupted by DoS attacks. Real-time experimental results show the CCN based VSN effectively inferred the missing data and mitigated the negative impacts of DoS attacks. In this study, industry-standard hardware PMUs and Real-Time Digital Power System Simulator (RTDS) are used to build experimental environments that are as close to actual production as possible for this research. The above-mentioned attack and mitigation methods are also tested on the Internet. Man-In-The-Middle (MITM) attack of PMU traffic is performed with Border Gateway Protocol (BGP) hijacking. A side-channel analysis based MITM attack detection method is also investigated. A game theory analysis is performed to give a broade
QoS Design Consideration for Enterprise and Providerâs Network at Ingress and Egress Router for VoIP protocols
Compliance with the Service Level Agreement (SLA) metric is a major challenge in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) because mandatory models must be maintained on both sides of the MPLS VPN in order to achieve end-to-end service levels. The end-to-end service of an MPLS VPN can be degraded owing to various issues such as distributed denial of service (DDoS), and Random Early Detection (RED) that prevents congestion and differentiates between legitimate and illegitimate user traffic. In this study, we propose a centralized solution that uses a SLA Violation Detector (SLAVD) and intrusion detection to prevent SLA violation
The Dynamics of Internet Traffic: Self-Similarity, Self-Organization, and Complex Phenomena
The Internet is the most complex system ever created in human history.
Therefore, its dynamics and traffic unsurprisingly take on a rich variety of
complex dynamics, self-organization, and other phenomena that have been
researched for years. This paper is a review of the complex dynamics of
Internet traffic. Departing from normal treatises, we will take a view from
both the network engineering and physics perspectives showing the strengths and
weaknesses as well as insights of both. In addition, many less covered
phenomena such as traffic oscillations, large-scale effects of worm traffic,
and comparisons of the Internet and biological models will be covered.Comment: 63 pages, 7 figures, 7 tables, submitted to Advances in Complex
System
Maximum Production Of Transmission Messages Rate For Service Discovery Protocols
Minimizing the number of dropped User Datagram Protocol (UDP) messages in a network is regarded as a challenge by researchers. This issue represents serious problems for many protocols particularly those that depend on sending messages as part of their strategy, such us service discovery protocols. This paper proposes and evaluates an algorithm to predict the minimum period of time required between two or more consecutive messages and suggests the minimum queue sizes for the routers, to manage the traffic and minimise the number of dropped messages that has been caused by either congestion or queue overflow or both together. The algorithm has been applied to the Universal Plug and Play (UPnP) protocol using ns2 simulator. It was tested when the routers were connected in two configurations; as a centralized and de centralized. The message length and bandwidth of the links among the routers were taken in the consideration. The result shows Better improvement in number of dropped messages `among the routers
Managing network congestion with a Kohonen-based RED queue
The behaviour of the TCP AIMD algorithm is known to cause queue length
oscillations when congestion occurs at a router output link. Indeed, due to
these queueing variations, end-to-end applications experience large delay
jitter. Many studies have proposed efficient Active Queue Management (AQM)
mechanisms in order to reduce queue oscillations and stabilize the queue
length. These AQM are mostly improvements of the Random Early Detection (RED)
model. Unfortunately, these enhancements do not react in a similar manner for
various network conditions and are strongly sensitive to their initial setting
parameters. Although this paper proposes a solution to overcome the
difficulties of setting these parameters by using a Kohonen neural network
model, another goal of this study is to investigate whether cognitive
intelligence could be placed in the core network to solve such stability
problem. In our context, we use results from the neural network area to
demonstrate that our proposal, named Kohonen-RED (KRED), enables a stable queue
length without complex parameters setting and passive measurements.Comment: 8 pages, 9 figure
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
- âŠ