583 research outputs found
Bits Through Bufferless Queues
This paper investigates the capacity of a channel in which information is
conveyed by the timing of consecutive packets passing through a queue with
independent and identically distributed service times. Such timing channels are
commonly studied under the assumption of a work-conserving queue. In contrast,
this paper studies the case of a bufferless queue that drops arriving packets
while a packet is in service. Under this bufferless model, the paper provides
upper bounds on the capacity of timing channels and establishes achievable
rates for the case of bufferless M/M/1 and M/G/1 queues. In particular, it is
shown that a bufferless M/M/1 queue at worst suffers less than 10% reduction in
capacity when compared to an M/M/1 work-conserving queue.Comment: 8 pages, 3 figures, accepted in 51st Annual Allerton Conference on
Communication, Control, and Computing, University of Illinois, Monticello,
Illinois, Oct 2-4, 201
The Embedding Capacity of Information Flows Under Renewal Traffic
Given two independent point processes and a certain rule for matching points
between them, what is the fraction of matched points over infinitely long
streams? In many application contexts, e.g., secure networking, a meaningful
matching rule is that of a maximum causal delay, and the problem is related to
embedding a flow of packets in cover traffic such that no traffic analysis can
detect it. We study the best undetectable embedding policy and the
corresponding maximum flow rate ---that we call the embedding capacity--- under
the assumption that the cover traffic can be modeled as arbitrary renewal
processes. We find that computing the embedding capacity requires the inversion
of very structured linear systems that, for a broad range of renewal models
encountered in practice, admits a fully analytical expression in terms of the
renewal function of the processes. Our main theoretical contribution is a
simple closed form of such relationship. This result enables us to explore
properties of the embedding capacity, obtaining closed-form solutions for
selected distribution families and a suite of sufficient conditions on the
capacity ordering. We evaluate our solution on real network traces, which shows
a noticeable match for tight delay constraints. A gap between the predicted and
the actual embedding capacities appears for looser constraints, and further
investigation reveals that it is caused by inaccuracy of the renewal traffic
model rather than of the solution itself.Comment: Sumbitted to IEEE Trans. on Information Theory on March 10, 201
Federated Agentless Detection of Endpoints Using Behavioral and Characteristic Modeling
During the past two decades computer networks and security have evolved that, even though we use the same TCP/IP stack, network traffic behaviors and security needs have significantly changed. To secure modern computer networks, complete and accurate data must be gathered in a structured manner pertaining to the network and endpoint behavior. Security operations teams struggle to keep up with the ever-increasing number of devices and network attacks daily. Often the security aspect of networks gets managed reactively instead of providing proactive protection. Data collected at the backbone are becoming inadequate during security incidents. Incident response teams require data that is reliably attributed to each individual endpoint over time. With the current state of dissociated data collected from networks using different tools it is challenging to correlate the necessary data to find origin and propagation of attacks within the network. Critical indicators of compromise may go undetected due to the drawbacks of current data collection systems leaving endpoints vulnerable to attacks. Proliferation of distributed organizations demand distributed federated security solutions. Without robust data collection systems that are capable of transcending architectural and computational challenges, it is becoming increasingly difficult to provide endpoint protection at scale. This research focuses on reliable agentless endpoint detection and traffic attribution in federated networks using behavioral and characteristic modeling for incident response
- …