34,332 research outputs found
Why (and How) Networks Should Run Themselves
The proliferation of networked devices, systems, and applications that we
depend on every day makes managing networks more important than ever. The
increasing security, availability, and performance demands of these
applications suggest that these increasingly difficult network management
problems be solved in real time, across a complex web of interacting protocols
and systems. Alas, just as the importance of network management has increased,
the network has grown so complex that it is seemingly unmanageable. In this new
era, network management requires a fundamentally new approach. Instead of
optimizations based on closed-form analysis of individual protocols, network
operators need data-driven, machine-learning-based models of end-to-end and
application performance based on high-level policy goals and a holistic view of
the underlying components. Instead of anomaly detection algorithms that operate
on offline analysis of network traces, operators need classification and
detection algorithms that can make real-time, closed-loop decisions. Networks
should learn to drive themselves. This paper explores this concept, discussing
how we might attain this ambitious goal by more closely coupling measurement
with real-time control and by relying on learning for inference and prediction
about a networked application or system, as opposed to closed-form analysis of
individual protocols
Recommended from our members
Feature Engineering for Detection of Wormhole Attacking in Mobile Ad Hoc Networks with Machine Learning Methods
Due to the self-configuring nature of a Mobile Ad Hoc Network (MANET), each node must participate in the routing process, in addition to its other activities. Therefore, routing in a MANET is especially vulnerable to malicious node activity leading to potentially severe disruption in network communications. The wormhole attack is a particularly severe MANET routing threat since it is easy to launch, can be launched in several modes, difficult to detect, and can cause significant communication disruption. In this paper we establish a practice for feature engineering of network data for wormhole attack prevention and detection with intrusion detection methods based on machine learning
Robust control tools for traffic monitoring in TCP/AQM networks
Several studies have considered control theory tools for traffic control in
communication networks, as for example the congestion control issue in IP
(Internet Protocol) routers. In this paper, we propose to design a linear
observer for time-delay systems to address the traffic monitoring issue in
TCP/AQM (Transmission Control Protocol/Active Queue Management) networks. Due
to several propagation delays and the queueing delay, the set TCP/AQM is
modeled as a multiple delayed system of a particular form. Hence, appropriate
robust control tools as quadratic separation are adopted to construct a delay
dependent observer for TCP flows estimation. Note that, the developed mechanism
enables also the anomaly detection issue for a class of DoS (Denial of Service)
attacks. At last, simulations via the network simulator NS-2 and an emulation
experiment validate the proposed methodology
Security techniques for sensor systems and the Internet of Things
Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues.
We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We develop nesCheck, a novel approach that combines static analysis and dynamic checking to efficiently enforce memory safety on TinyOS applications. As security guarantees come at a cost, determining which resources to protect becomes important. Our solution, OptAll, leverages game-theoretic techniques to determine the optimal allocation of security resources in IoT networks, taking into account fixed and variable costs, criticality of different portions of the network, and risk metrics related to a specified security goal.
Monitoring IoT devices and sensors during operation is necessary to detect incidents. We design Kalis, a knowledge-driven intrusion detection technique for IoT that does not target a single protocol or application, and adapts the detection strategy to the network features. As the scale of IoT makes the devices good targets for botnets, we design Heimdall, a whitelist-based anomaly detection technique for detecting and protecting against IoT-based denial of service attacks.
Once our monitoring tools detect an attack, determining its actual cause is crucial to an effective reaction. We design a fine-grained analysis tool for sensor networks that leverages resident packet parameters to determine whether a packet loss attack is node- or link-related and, in the second case, locate the attack source. Moreover, we design a statistical model for determining optimal system thresholds by exploiting packet parameters variances.
With our techniques\u27 diagnosis information, we develop Kinesis, a security incident response system for sensor networks designed to recover from attacks without significant interruption, dynamically selecting response actions while being lightweight in communication and energy overhead
- …