Service quality measurements for IPv6 inter-networks

Measurement-based performance evaluation of network traffic is becoming very important, especially for networks trying to provide differentiated levels of service quality to the different application flows. The non-identical response of flows to the different types of network-imposed performance degradation raises the need for ubiquitous measurement mechanisms, able to measure numerous performance properties, and being equally applicable to different applications and transports. This paper presents a new measurement mechanism, facilitated by the steady introduction of IPv6 in network nodes and hosts, which exploits native features of the protocol to provide support for performance measurements at the network (IP) layer. IPv6 Extension Headers have been used to carry the triggers involving the measurement activity and the measurement data in-line with the payload data itself, providing a high level of probability that the behaviour of the real user traffic flows is observed. End-to-end one-way delay, jitter, loss, and throughput have been measured for applications operating on top of both reliable and unreliable transports, over different-capacity IPv6 network configurations. We conclude that this technique could form the basis for future Internet measurements that can be dynamically deployed where and when required in a multi-service IP environment

Quality in Measurement: Beyond the deployment barrier

Network measurement stands at an intersection in the development of the science. We explore possible futures for the area and propose some guidelines for the development of stronger measurement techniques. The paper concludes with a discussion of the work of the NLANR and WAND network measurement groups including the NLANR Network Analysis Infrastructure, AMP, PMA, analysis of Voice over IP traffic and separation of HTTP delays into queuing delay, network latency and server delay

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

A survey on online monitoring approaches of computer-based systems

This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use

Smart Monitoring and Control in the Future Internet of Things

The Internet of Things (IoT) and related technologies have the promise of realizing pervasive and smart applications which, in turn, have the potential of improving the quality of life of people living in a connected world. According to the IoT vision, all things can cooperate amongst themselves and be managed from anywhere via the Internet, allowing tight integration between the physical and cyber worlds and thus improving efficiency, promoting usability, and opening up new application opportunities. Nowadays, IoT technologies have successfully been exploited in several domains, providing both social and economic benefits. The realization of the full potential of the next generation of the Internet of Things still needs further research efforts concerning, for instance, the identification of new architectures, methodologies, and infrastructures dealing with distributed and decentralized IoT systems; the integration of IoT with cognitive and social capabilities; the enhancement of the sensing–analysis–control cycle; the integration of consciousness and awareness in IoT environments; and the design of new algorithms and techniques for managing IoT big data. This Special Issue is devoted to advancements in technologies, methodologies, and applications for IoT, together with emerging standards and research topics which would lead to realization of the future Internet of Things

A Comprehensive Study on Security in Wireless Sensor Networks(WSNs)

Wireless Sensor Networks(WSNs) are an important component of today\u27s ubiquitous and pervasive computing. Without WSNs, the applications aren\u27t as clever as they could be. Almost every scenario involving WSNs necessitates a quick and precise localization process. Existing frameworks and algorithms, on the other hand suffer from a significant disadvantage when it comes to beacon node trust, which is a critical component in Wireless Sensor Network. For localization this has to be ensured.. This issue is addressed in our current solution. In the harsh environment of WSN operations, malicious nodes are inescapable. As a consequence, A technique has been proposed to find out the problem while simultaneously offering a safe trust based localization system. It focuses on the algorithm for assessing trust and the creation of blockchains. Every beacon node’s truth value(trust value) are determined using various trust criteria with the corresponding weights being dynamically changed during localization process. After that the most reliable beacon nodes are chosen for mining. This two-step process ensures that the blockchain is kept up to current, and that beacon nodes have consistent Tvalues(Trust values). We conducted a series of simulations to test the suggested algorithm’s performance and effectiveness. The accuracy of localization, harmful activity detection, the confusion matrixes are used to compare results

Network Traffic Measurements, Applications to Internet Services and Security

The Internet has become along the years a pervasive network interconnecting billions of users and is now playing the role of collector for a multitude of tasks, ranging from professional activities to personal interactions. From a technical standpoint, novel architectures, e.g., cloud-based services and content delivery networks, innovative devices, e.g., smartphones and connected wearables, and security threats, e.g., DDoS attacks, are posing new challenges in understanding network dynamics. In such complex scenario, network measurements play a central role to guide traffic management, improve network design, and evaluate application requirements. In addition, increasing importance is devoted to the quality of experience provided to final users, which requires thorough investigations on both the transport network and the design of Internet services. In this thesis, we stress the importance of users’ centrality by focusing on the traffic they exchange with the network. To do so, we design methodologies complementing passive and active measurements, as well as post-processing techniques belonging to the machine learning and statistics domains. Traffic exchanged by Internet users can be classified in three macro-groups: (i) Outbound, produced by users’ devices and pushed to the network; (ii) unsolicited, part of malicious attacks threatening users’ security; and (iii) inbound, directed to users’ devices and retrieved from remote servers. For each of the above categories, we address specific research topics consisting in the benchmarking of personal cloud storage services, the automatic identification of Internet threats, and the assessment of quality of experience in the Web domain, respectively. Results comprise several contributions in the scope of each research topic. In short, they shed light on (i) the interplay among design choices of cloud storage services, which severely impact the performance provided to end users; (ii) the feasibility of designing a general purpose classifier to detect malicious attacks, without chasing threat specificities; and (iii) the relevance of appropriate means to evaluate the perceived quality of Web pages delivery, strengthening the need of users’ feedbacks for a factual assessment

On the Novel Network Forensics Perspective of Enhanced E-Business Security

E-business security is crucial to the development of e-business. Due to the complexity and characteristics of e-business security, the current approaches for security focus on preventing the network intrusion or misusing in advanced and seldom concern of the forensics data requiring for the investigation after the network attack or fraud. We discuss the method for resolving the problem of the e-business security from the different side of view - network forensics approaches – from the thinking of the active protection or defense for the e-business security, which can also improve the ability of emergence response and incident investigation for e-business security. It is also for the first time to systematically discuss the network forensics evidence source, network forensics principles, network forensics functions and network forensics techniques