Multipath routing and QoS provisioning in mobile ad hoc networks

PhDA Mobile Ad Hoc Networks (MANET) is a collection of mobile nodes that can communicate with each other using multihop wireless links without utilizing any fixed based-station infrastructure and centralized management. Each mobile node in the network acts as both a host generating flows or being destination of flows and a router forwarding flows directed to other nodes. Future applications of MANETs are expected to be based on all-IP architecture and be capable of carrying multitude real-time multimedia applications such as voice and video as well as data. It is very necessary for MANETs to have an efficient routing and quality of service (QoS) mechanism to support diverse applications. This thesis proposes an on-demand Node-Disjoint Multipath Routing protocol (NDMR) with low broadcast redundancy. Multipath routing allows the establishment of multiple paths between a single source and single destination node. It is also beneficial to avoid traffic congestion and frequent link breaks in communication because of the mobility of nodes. The important components of the protocol, such as path accumulation, decreasing routing overhead and selecting node-disjoint paths, are explained. Because the new protocol significantly reduces the total number of Route Request packets, this results in an increased delivery ratio, smaller end-to-end delays for data packets, lower control overhead and fewer collisions of packets. Although NDMR provides node-disjoint multipath routing with low route overhead in MANETs, it is only a best-effort routing approach, which is not enough to support QoS. DiffServ is a standard approach for a more scalable way to achieve QoS in any IP network and could potentially be used to provide QoS in MANETs because it minimises the need for signalling. However, one of the biggest drawbacks of DiffServ is that the QoS provisioning is separate from the routing process. This thesis presents a Multipath QoS Routing protocol for iv supporting DiffServ (MQRD), which combines the advantages of NDMR and DiffServ. The protocol can classify network traffic into different priority levels and apply priority scheduling and queuing management mechanisms to obtain QoS guarantees

An Automated Methodology for Validating Web Related Cyber Threat Intelligence by Implementing a Honeyclient

Loodud töö panustab küberkaitse valdkonda pakkudes alternatiivse viisi, kuidas hoida ohuteadmus andmebaas uuendatuna. Veebilehti kasutatakse ära viisina toimetada pahatahtlik kood ohvrini. Peale veebilehe klassifitseerimist pahaloomuliseks lisatakse see ohuteadmus andmebaasi kui pahaloomulise indikaatorina. Lõppkokkuvõtteks muutuvad sellised andmebaasid mahukaks ja sisaldavad aegunud kirjeid. Lahendus on automatiseerida aegunud kirjete kontrollimist klient-meepott tarkvaraga ning kogu protsess on täielikult automatiseeritav eesmärgiga hoida kokku aega. Jahtides kontrollitud ja kinnitatud indikaatoreid aitab see vältida valedel alustel küberturbe intsidentide menetlemist.This paper is contributing to the open source cybersecurity community by providing an alternative methodology for analyzing web related cyber threat intelligence. Websites are used commonly as an attack vector to spread malicious content crafted by any malicious party. These websites become threat intelligence which can be stored and collected into corresponding databases. Eventually these cyber threat databases become obsolete and can lead to false positive investigations in cyber incident response. The solution is to keep the threat indicator entries valid by verifying their content and this process can be fully automated to keep the process less time consuming. The proposed technical solution is a low interaction honeyclient regularly tasked to verify the content of the web based threat indicators. Due to the huge amount of database entries, this way most of the web based threat indicators can be automatically validated with less time consumption and they can be kept relevant for monitoring purposes and eventually can lead to avoiding false positives in an incident response processes

Federated Agentless Detection of Endpoints Using Behavioral and Characteristic Modeling

During the past two decades computer networks and security have evolved that, even though we use the same TCP/IP stack, network traffic behaviors and security needs have significantly changed. To secure modern computer networks, complete and accurate data must be gathered in a structured manner pertaining to the network and endpoint behavior. Security operations teams struggle to keep up with the ever-increasing number of devices and network attacks daily. Often the security aspect of networks gets managed reactively instead of providing proactive protection. Data collected at the backbone are becoming inadequate during security incidents. Incident response teams require data that is reliably attributed to each individual endpoint over time. With the current state of dissociated data collected from networks using different tools it is challenging to correlate the necessary data to find origin and propagation of attacks within the network. Critical indicators of compromise may go undetected due to the drawbacks of current data collection systems leaving endpoints vulnerable to attacks. Proliferation of distributed organizations demand distributed federated security solutions. Without robust data collection systems that are capable of transcending architectural and computational challenges, it is becoming increasingly difficult to provide endpoint protection at scale. This research focuses on reliable agentless endpoint detection and traffic attribution in federated networks using behavioral and characteristic modeling for incident response

Congestion and medium access control in 6LoWPAN WSN

In computer networks, congestion is a condition in which one or more egressinterfaces are offered more packets than are forwarded at any given instant [1]. In wireless sensor networks, congestion can cause a number of problems including packet loss, lower throughput and poor energy efficiency. These problems can potentially result in a reduced deployment lifetime and underperforming applications. Moreover, idle radio listening is a major source of energy consumption therefore low-power wireless devices must keep their radio transceivers off to maximise their battery lifetime. In order to minimise energy consumption and thus maximise the lifetime of wireless sensor networks, the research community has made significant efforts towards power saving medium access control protocols with Radio Duty Cycling. However, careful study of previous work reveals that radio duty cycle schemes are often neglected during the design and evaluation of congestion control algorithms. This thesis argues that the presence (or lack) of radio duty cycle can drastically influence the performance of congestion control mechanisms. To investigate if previous findings regarding congestion control are still applicable in IPv6 over low power wireless personal area and duty cycling networks; some of the most commonly used congestion detection algorithms are evaluated through simulations. The research aims to develop duty cycle aware congestion control schemes for IPv6 over low power wireless personal area networks. The proposed schemes must be able to maximise the networks goodput, while minimising packet loss, energy consumption and packet delay. Two congestion control schemes, namely DCCC6 (Duty Cycle-Aware Congestion Control for 6LoWPAN Networks) and CADC (Congestion Aware Duty Cycle MAC) are proposed to realise this claim. DCCC6 performs congestion detection based on a dynamic buffer. When congestion occurs, parent nodes will inform the nodes contributing to congestion and rates will be readjusted based on a new rate adaptation scheme aiming for local fairness. The child notification procedure is decided by DCCC6 and will be different when the network is duty cycling. When the network is duty cycling the child notification will be made through unicast frames. On the contrary broadcast frames will be used for congestion notification when the network is not duty cycling. Simulation and test-bed experiments have shown that DCCC6 achieved higher goodput and lower packet loss than previous works. Moreover, simulations show that DCCC6 maintained low energy consumption, with average delay times while it achieved a high degree of fairness. CADC, uses a new mechanism for duty cycle adaptation that reacts quickly to changing traffic loads and patterns. CADC is the first dynamic duty cycle pro- tocol implemented in Contiki Operating system (OS) as well as one of the first schemes designed based on the arbitrary traffic characteristics of IPv6 wireless sensor networks. Furthermore, CADC is designed as a stand alone medium access control scheme and thus it can easily be transfered to any wireless sensor network architecture. Additionally, CADC does not require any time synchronisation algorithms to operate at the nodes and does not use any additional packets for the exchange of information between the nodes (For example no overhead). In this research, 10000 simulation experiments and 700 test-bed experiments have been conducted for the evaluation of CADC. These experiments demonstrate that CADC can successfully adapt its cycle based on traffic patterns in every traffic scenario. Moreover, CADC consistently achieved the lowest energy consumption, very low packet delay times and packet loss, while its goodput performance was better than other dynamic duty cycle protocols and similar to the highest goodput observed among static duty cycle configurations

An Introduction to Computer Networks

An open textbook for undergraduate and graduate courses on computer networks

An IPsec Compatible Implementation of DBRA and IP-ABR

Satellites are some of the most difficult links to exploit in a Quality of Service (QoS) sensitive network, largely due to their high latency, variable-bandwidth and low-bandwidth nature. Central management of shared links has been shown to provide efficiency gains and enhanced QoS by effectively allocating resources according to reservations and dynamic resource availability. In a modern network, segregated by secure gateways and tunnels such as provided by IPsec, central management appears impossible to implement due to the barriers created between a global Dynamic Bandwidth Resource Allocation (DBRA) system and the mediators controlling the individual flows. This thesis explores and evaluates various through-IPsec communications techniques aimed at providing a satellite-to-network control channel, while maintaining data security for all communications involved

Congestion control mechanisms within MPLS networks

PhDAbstract not availabl

Scalable and fault-tolerant data stream processing on multi-core architectures

With increasing data volumes and velocity, many applications are shifting from the classical “process-after-store” paradigm to a stream processing model: data is produced and consumed as continuous streams. Stream processing captures latency-sensitive applications as diverse as credit card fraud detection and high-frequency trading. These applications are expressed as queries of algebraic operations (e.g., aggregation) over the most recent data using windows, i.e., finite evolving views over the input streams. To guarantee correct results, streaming applications require precise window semantics (e.g., temporal ordering) for operations that maintain state. While high processing throughput and low latency are performance desiderata for stateful streaming applications, achieving both poses challenges. Computing the state of overlapping windows causes redundant aggregation operations: incremental execution (i.e., reusing previous results) reduces latency but prevents parallelization; at the same time, parallelizing window execution for stateful operations with precise semantics demands ordering guarantees and state access coordination. Finally, streams and state must be recovered to produce consistent and repeatable results in the event of failures. Given the rise of shared-memory multi-core CPU architectures and high-speed networking, we argue that it is possible to address these challenges in a single node without compromising window semantics, performance, or fault-tolerance. In this thesis, we analyze, design, and implement stream processing engines (SPEs) that achieve high performance on multi-core architectures. To this end, we introduce new approaches for in-memory processing that address the previous challenges: (i) for overlapping windows, we provide a family of window aggregation techniques that enable computation sharing based on the algebraic properties of aggregation functions; (ii) for parallel window execution, we balance parallelism and incremental execution by developing abstractions for both and combining them to a novel design; and (iii) for reliable single-node execution, we enable strong fault-tolerance guarantees without sacrificing performance by reducing the required disk I/O bandwidth using a novel persistence model. We combine the above to implement an SPE that processes hundreds of millions of tuples per second with sub-second latencies. These results reveal the opportunity to reduce resource and maintenance footprint by replacing cluster-based SPEs with single-node deployments.Open Acces

Designing security into software

Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2006.Includes bibliographical references (p. 88-92).When people talk about software security, they usually refer to security applications such as antivirus software, firewalls and intrusion detection systems. There is little emphasis on the security in the software itself. Therefore the thesis sets out to investigate if we can develop secure software in the first place. It first starts with a survey of the software security field, including the definition of software security, its current state and the research having been carried out in this aspect. Then the development processes of two products known for their security: Microsoft IIS 6.0 and Apache HTTP Web Server are examined. Although their approaches to tackle security are seemingly quite different, the analysis and comparisons identify they share a common framework to address the software security problem - designing security early into the software development lifecycle. In the end the thesis gives recommendations as to how to design security into software development process based upon the principles from the research and the actual practices from the two cases. Finally it describes other remaining open issues in this field.by Chang Tony Zhang.S.M