In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches

Volumetric distributed Denial-of-Service (DDoS) attacks have become one of the most significant threats to modern telecommunication networks. However, most existing defense systems require that detection software operates from a centralized monitoring collector, leading to increased traffic load and delayed response. The recent advent of Data Plane Programmability (DPP) enables an alternative solution: threshold-based volumetric DDoS detection can be performed directly in programmable switches to skim only potentially hazardous traffic, to be analyzed in depth at the controller. In this paper, we first introduce the BACON data structure based on sketches, to estimate per-destination flow cardinality, and theoretically analyze it. Then we employ it in a simple in-network DDoS victim identification strategy, INDDoS, to detect the destination IPs for which the number of incoming connections exceeds a pre-defined threshold. We describe its hardware implementation on a Tofino-based programmable switch using the domain-specific P4 language, proving that some limitations imposed by real hardware to safeguard processing speed can be overcome to implement relatively complex packet manipulations. Finally, we present some experimental performance measurements, showing that our programmable switch is able to keep processing packets at line-rate while performing volumetric DDoS detection, and also achieves a high F1 score on DDoS victim identification.Comment: Accepted by IEEE Transactions on Network and Service Management Special issue on Latest Developments for Security Management of Networks and Service

Network Selection and Resource Allocation Games for Wireless Access Networks

Wireless access networks are often characterized by the interaction of different end users, communication technologies, and network operators. This paper analyzes the dynamics among these "actors" by focusing on the processes of wireless network selection, where end users may choose among multiple available access networks to get connectivity, and resource allocation, where network operators may set their radio resources to provide connectivity. The interaction among end users is modeled as a non-cooperative congestion game where players (end users) selfishly select the access network that minimizes their perceived selection cost. A method based on mathematical programming is proposed to find Nash equilibria and characterize their optimality under three cost functions, which are representative of different technological scenarios. System level simulations are then used to evaluate the actual throughput and fairness of the equilibrium points. The interaction among end users and network operators is then assessed through a two-stage multi-leader/multi-follower game, where network operators (leaders) play in the first stage by properly setting the radio resources to maximize their users, and end users (followers) play in the second stage the aforementioned network selection game. The existence of exact and approximated subgame perfect Nash equilibria of the two-stage game is thoroughly assessed and numerical results are provided on the "quality" of such equilibria

Fairness in Communication and Computer Network Design

In communication networks, fair sharing of resources is an important issue for one main reason. The growth of network capacity is in general not matching the rapid growth of traffic. Consequently, the resources consumed by each user have to be limited. This implies that users cannot always be assigned the end-to-end bandwidth they ask for. Instead, the limited network resources should be distributed to users in a way that assures fair end-to-end bandwidth assignment among them. Obtaining fairness between network users and at the same time assuring efficient network utilization, is a source of non-trivial network optimization problems. Complicating factors are that each user has limited access to the (limited) network resources and that different users require and consume different amounts and types of resources. In this thesis different types of optimization problems associated with fair resource sharing in communication networks are studied. Initially, the notions of max-min fairness, proportional fairness, alpha-fairness etc., are put in a formal framework of fair rational preference relations. A clear, unified definition of fairness is presented. The theory is first applied to different types of allocation problems. Focus is put on convex and non-convex max-min fair traffic allocation problems, and a difference in difficulty between the two groups of problems is demonstrated. The studies are continued by an investigation of proportionally fair dimensioning. Two different cases are studied -- a simpler, when no resilience to failures is required, and a more complicated, assuming the possibility of link failures. In the context of fair sharing of the resources of a communication network, this thesis presents several original theoretical findings as well as solution algorithms for the studied problems. The results are accompanied by numerical results, illustrating algorithm efficiency for virtually all of the studied problems

Topology Control Multi-Objective Optimisation in Wireless Sensor Networks: Connectivity-Based Range Assignment and Node Deployment

The distinguishing characteristic that sets topology control apart from other methods, whose motivation is to achieve effects of energy minimisation and an increased network capacity, is its network-wide perspective. In other words, local choices made at the node-level always have the goal in mind of achieving a certain global, network-wide property, while not excluding the possibility for consideration of more localised factors. As such, our approach is marked by being a centralised computation of the available location-based data and its reduction to a set of non-homogeneous transmitting range assignments, which elicit a certain network-wide property constituted as a whole, namely, strong connectedness and/or biconnectedness. As a means to effect, we propose a variety of GA which by design is multi-morphic, where dependent upon model parameters that can be dynamically set by the user, the algorithm, acting accordingly upon either single or multiple objective functions in response. In either case, leveraging the unique faculty of GAs for finding multiple optimal solutions in a single pass. Wherefore it is up to the designer to select the singular solution which best meets requirements. By means of simulation, we endeavour to establish its relative performance against an optimisation typifying a standard topology control technique in the literature in terms of the proportion of time the network exhibited the property of strong connectedness. As to which, an analysis of the results indicates that such is highly sensitive to factors of: the effective maximum transmitting range, node density, and mobility scenario under observation. We derive an estimate of the optimal constitution thereof taking into account the specific conditions within the domain of application in that of a WSN, thereby concluding that only GA optimising for the biconnected components in a network achieves the stated objective of a sustained connected status throughout the duration.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

A system for improving the quality of real-time services on the internet

Real-time Internet services are becoming more popular every day, and Voice over Internet Protocol (VOIP) is arguably the most popular of these, despite the quality and reliability problems that are so characteristic of VOIP. This thesis proposes to apply a routing technique called Fully Redundant Dispersity Routing to VOIP and shows how this mitigates these problems to deliver a premium service that is more equal to traditional telephony than VOIP is currently.Fully Redundant Dispersity Routing uses the path diversity readily available in the Internet to route complete copies of the data to be communicated over multiple paths. This allows the effect of a failure on a path to be reduced, and possibly even masked completely, by the other paths. Significantly, rather than expecting changes of the Internet that will improve real-time service quality, this approach simply changes the manner in which real-time services use the Internet, leaving the Internet itself to stay the way it is.First, real VOIP traffic in a commercial call centre is measured (1) to establish a baseline of current quality characteristics against which the effects of Fully Redundant Dispersity Routing may be measured, and (2) as a source of realistic path characteristics. Simulations of various Fully Redundant Dispersity Routing systems that adopt the measured VOIP traffic characteristics then (1) show how this routing technique mitigates quality and reliability problems, and (2) quantify the quality deliverable with the VOIP traffic characteristics measured. For example, quantifying quality as a Mean Opinion Score (MOS) estimated from the measurements with the International Telecommunication Union’s E-model, slightly more than 1 in every 23 of the VOIP telephone calls measured in the call centre is likely to be perceived to be of a quality with which humans would be less than very satisfied. Simulations carried out for this thesis show that using just two paths adopting the same measurements, Fully Redundant Dispersity Routing may increase quality to reduce that proportion to slightly less than 1 in every 10 000 VOIP telephone calls

Optimization of Spectrum Allocation in Cognitive Radio and Dynamic Spectrum Access Networks

Spectrum has become a treasured commodity. However, many licensed frequency bands exclusively assigned to the primary license holders (also called primary users) remain relatively unused or under-utilized for most of the time. Allowing other users (also called secondary users) without a license to operate in these bands with no interference becomes a promising way to satisfy the fast growing needs for frequency spectrum resources. A cognitive radio adapts to the environment it operates in by sensing the spectrum and quickly decides on appropriate frequency bands and transmission parameters to use in order to achieve certain performance goals. One of the most important issues in cognitive radio networks (CRNs) is intelligent channel allocation which will improve the performance of the network and spectrum utilization. The objective of this dissertation is to address the channel allocation optimization problem in cognitive radio and DSA networks under both centralized architecture and distributed architecture. By centralized architecture we mean the cognitive radio and DSA networks are infrastructure based. That is, there is a centralized device which collects all information from other cognitive radios and produces a channel allocation scheme. Then each secondary user follows the spectrum allocation and accesses the corresponding piece of spectrum. By distributed architecture we mean that each secondary user inside the cognitive radio and DSA networks makes its own decision based on local information on the spectrum usage. Each secondary user only considers the spectrum usage around itself. We studied three common objectives of the channel allocation optimization problem, including maximum network throughput (MNT), max-min fairness (MMF), and proportional fairness (PF). Given different optimization objectives, we developed mathematical models in terms of linear programing and non-linear programing formulations, under the centralized architecture. We also designed a unified framework with different heuristic algorithms for different optimization objectives and the best results from different algorithms can be automatically chosen without manual intervention. We also conducted additional work on spectrum allocation under distributed architecture. First, we studied the channel availability prediction problem. Since there is a lot of usable statistic information on spectrum usage from national and regional agencies, we presented a Bayesian inference based prediction method, which utilizes prior information to make better prediction on channel availability. Finally a distributed channel allocation algorithm is designed based on the channel prediction results. We illustrated that the interaction behavior between different secondary users can be modeled as a game, in which the secondary users are denoted as players and the channels are denoted as resources. We proved that our distributed spectrum allocation algorithm can achieve to Nash Equilibrium, and is Pareto optimal

GPU Accelerated protocol analysis for large and long-term traffic traces

This thesis describes the design and implementation of GPF+, a complete general packet classification system developed using Nvidia CUDA for Compute Capability 3.5+ GPUs. This system was developed with the aim of accelerating the analysis of arbitrary network protocols within network traffic traces using inexpensive, massively parallel commodity hardware. GPF+ and its supporting components are specifically intended to support the processing of large, long-term network packet traces such as those produced by network telescopes, which are currently difficult and time consuming to analyse. The GPF+ classifier is based on prior research in the field, which produced a prototype classifier called GPF, targeted at Compute Capability 1.3 GPUs. GPF+ greatly extends the GPF model, improving runtime flexibility and scalability, whilst maintaining high execution efficiency. GPF+ incorporates a compact, lightweight registerbased state machine that supports massively-parallel, multi-match filter predicate evaluation, as well as efficient arbitrary field extraction. GPF+ tracks packet composition during execution, and adjusts processing at runtime to avoid redundant memory transactions and unnecessary computation through warp-voting. GPF+ additionally incorporates a 128-bit in-thread cache, accelerated through register shuffling, to accelerate access to packet data in slow GPU global memory. GPF+ uses a high-level DSL to simplify protocol and filter creation, whilst better facilitating protocol reuse. The system is supported by a pipeline of multi-threaded high-performance host components, which communicate asynchronously through 0MQ messaging middleware to buffer, index, and dispatch packet data on the host system. The system was evaluated using high-end Kepler (Nvidia GTX Titan) and entry level Maxwell (Nvidia GTX 750) GPUs. The results of this evaluation showed high system performance, limited only by device side IO (600MBps) in all tests. GPF+ maintained high occupancy and device utilisation in all tests, without significant serialisation, and showed improved scaling to more complex filter sets. Results were used to visualise captures of up to 160 GB in seconds, and to extract and pre-filter captures small enough to be easily analysed in applications such as Wireshark