Теоретико-ігровий підхід до проблеми безпеки мереж

В даній роботі здійснено огляд основних напрямків застосування теоретико-ігрового підходу до розв’язання актуальних проблем безпеки. Теорія ігор досліджує взаємодію раціональних агентів за умов конфлікту та невизначеності. Моделі теорії ігор успішно застосовуються для вивчення процесів у економіці, біології, комп’ютерних мережах та інших. Застосування до забезпечення безпеки – відносно новий напрямок, який дозволяє представити проблему захисту у вигляді гри, та застосувати розвинені методи ігрового аналізу. Описано сучасний стан області, виділені основні напрямки загроз та відповідні моделі і методи теорії ігор. Запропоновано класифікацію ігрових підходів у області кібербезпеки та проведено порівняння різних класифікацій. Окремо розглядаються атаки на відмову, які є одним з найбільш небезпечним напрямком розвитку кіберзлочинності. Побудовані ігрові моделі таких атак, та проведений аналіз вразливості стратегій захисту. Виділені майбутні тренди застосування ігрового підходу в області кібербезпеки.В данной работе приведен обзор основных направлений применения теоретико-игрового подхода к решению актуальных проблем безопасности. Теория игр исследует взаимодействие рациональных агентов в условиях конфликта и неопределенности. Модели теории игр успешно применяются в экономике, биологии, компьютерных сетях и многих других. Применение в области безопасности – относительно новое направление, которое позволяет представить проблему защиты в виде игры и применить развитые методы анализа. Описано современное состояние области, выделены основные угрозы и соответствующие модели и методы теории игр. Предложено классификацию игровых подходов и проведено сравнение существующих классификаций. Отдельно исследованы атаки типа отказ в обслуживании, которые являются одним из наиболее опасных видов кибер­преступности. Построены игровые модели таких атак и проведен анализ уязвимости существующих стратегий защиты. Выделены вероятные будущие тренды в применении игрового подхода к проблемам кибербезопасности.In this paper we present an overview of the main applications of the game-theoretic approach to the network security. The game theory explores the interaction of rational agents in conflict and uncertainty. Models of game theory are successfully applied in economics, biology, computer networks and many others. Application in the field of security is a relatively new direction that allows us to present the problem of protection in the form of a game and apply advanced analysis methods. We describe main threats and corresponding models and methods of game theory in this field of science. A classification of game-theoretic approaches is proposed and a comparison of existing classifications is made. Denial of service attacks which are one of the most dangerous types of cybercrime are investigated separately. Game models of such attacks are built and the vulnerability of existing defense strategies is analyzed. Possible future trends in the application of the game approach to the problems of cybersecurity are identified and described

Optimisation des Systèmes Partiellement Observables dans les Réseaux Sans-fil (Théorie des jeux, Auto-adaptation et Apprentissage)

La dernière décennie a vu l'émergence d'Internet et l'apparition des applications multimédia qui requièrent de plus en plus de bande passante, ainsi que des utilisateurs qui exigent une meilleure qualité de service. Dans cette perspective, beaucoup de travaux ont été effectués pour améliorer l'utilisation du spectre sans fil.Le sujet de ma thèse de doctorat porte sur l'application de la théorie des jeux, la théorie des files d'attente et l'apprentissage dans les réseaux sans fil,en particulier dans des environnements partiellement observables. Nous considérons différentes couches du modèle OSI. En effet, nous étudions l'accès opportuniste au spectre sans fil à la couche MAC en utilisant la technologie des radios cognitifs (CR). Par la suite, nous nous concentrons sur le contrôle de congestion à la couche transport, et nous développons des mécanismes de contrôle de congestion pour le protocole TCP.Since delay-sensitive and bandwidth-intense multimedia applications have emerged in the Internet, the demand for network resources has seen a steady increase during the last decade. Specifically, wireless networks have become pervasive and highly populated.These motivations are behind the problems considered in this dissertation.The topic of my PhD is about the application of game theory, queueing theory and learning techniques in wireless networks under some QoS constraints, especially in partially observable environments.We consider different layers of the protocol stack. In fact, we study the Opportunistic Spectrum Access (OSA) at the Medium Access Control (MAC) layer through Cognitive Radio (CR) approaches.Thereafter, we focus on the congestion control at the transport layer, and we develop some congestion control mechanisms under the TCP protocol.The roadmap of the research is as follows. Firstly, we focus on the MAC layer, and we seek for optimal OSA strategies in CR networks. We consider that Secondary Users (SUs) take advantage of opportunities in licensed channels while ensuring a minimum level of QoS. In fact, SUs have the possibility to sense and access licensed channels, or to transmit their packets using a dedicated access (like 3G). Therefore, a SU has two conflicting goals: seeking for opportunities in licensed channels, but spending energy for sensing those channels, or transmitting over the dedicated channel without sensing, but with higher transmission delay. We model the slotted and the non-slotted systems using a queueing framework. Thereafter, we analyze the non-cooperative behavior of SUs, and we prove the existence of a Nash equilibrium (NE) strategy. Moreover, we measure the gap of performance between the centralized and the decentralized systems using the Price of Anarchy (PoA).Even if the OSA at the MAC layer was deeply investigated in the last decade, the performance of SUs, such as energy consumption or Quality of Service (QoS) guarantee, was somehow ignored. Therefore, we study the OSA taking into account energy consumption and delay. We consider, first, one SU that access opportunistically licensed channels, or transmit its packets through a dedicated channel. Due to the partial spectrum sensing, the state of the spectrum is partially observable. Therefore, we use the Partially Observable Markov Decision Process (POMDP) framework to design an optimal OSA policy for SUs. Specifically, we derive some structural properties of the value function, and we prove that the optimal OSA policy has a threshold structure.Thereafter, we extend the model to the context of multiple SUs. We study the non-cooperative behavior of SUs and we prove the existence of a NE. Moreover, we highlight a paradox in this situation: more opportunities in the licensed spectrum may lead to worst performances for SUs. Thereafter, we focus on the study of spectrum management issues. In fact, we introduce a spectrum manager to the model, and we analyze the hierarchical game between the network manager and SUs.Finally, we focus on the transport layer and we study the congestion control for wireless networks under some QoS and Quality of Experience (QoE) constraints. Firstly, we propose a congestion control algorithm that takes into account applications' parameters and multimedia quality. In fact, we consider that network users maximize their expected multimedia quality by choosing the congestion control strategy. Since users ignore the congestion status at bottleneck links, we use a POMDP framework to determine the optimal congestion control strategy.Thereafter, we consider a subjective measure of the multimedia quality, and we propose a QoE-based congestion control algorithm. This algorithm bases on QoE feedbacks from receivers in order to adapt the congestion window size. Note that the proposed algorithms are designed based on some learning methods in order to face the complexity of solving POMDP problems.AVIGNON-Bib. numérique (840079901) / SudocSudocFranceF

Control of Energy Storage

Energy storage can provide numerous beneficial services and cost savings within the electricity grid, especially when facing future challenges like renewable and electric vehicle (EV) integration. Public bodies, private companies and individuals are deploying storage facilities for several purposes, including arbitrage, grid support, renewable generation, and demand-side management. Storage deployment can therefore yield benefits like reduced frequency fluctuation, better asset utilisation and more predictable power profiles. Such uses of energy storage can reduce the cost of energy, reduce the strain on the grid, reduce the environmental impact of energy use, and prepare the network for future challenges. This Special Issue of Energies explore the latest developments in the control of energy storage in support of the wider energy network, and focus on the control of storage rather than the storage technology itself

User-Centric Quality of Service Provisioning in IP Networks

The Internet has become the preferred transport medium for almost every type of communication, continuing to grow, both in terms of the number of users and delivered services. Efforts have been made to ensure that time sensitive applications receive sufficient resources and subsequently receive an acceptable Quality of Service (QoS). However, typical Internet users no longer use a single service at a given point in time, as they are instead engaged in a multimedia-rich experience, comprising of many different concurrent services. Given the scalability problems raised by the diversity of the users and traffic, in conjunction with their increasing expectations, the task of QoS provisioning can no longer be approached from the perspective of providing priority to specific traffic types over coexisting services; either through explicit resource reservation, or traffic classification using static policies, as is the case with the current approach to QoS provisioning, Differentiated Services (Diffserv). This current use of static resource allocation and traffic shaping methods reveals a distinct lack of synergy between current QoS practices and user activities, thus highlighting a need for a QoS solution reflecting the user services. The aim of this thesis is to investigate and propose a novel QoS architecture, which considers the activities of the user and manages resources from a user-centric perspective. The research begins with a comprehensive examination of existing QoS technologies and mechanisms, arguing that current QoS practises are too static in their configuration and typically give priority to specific individual services rather than considering the user experience. The analysis also reveals the potential threat that unresponsive application traffic presents to coexisting Internet services and QoS efforts, and introduces the requirement for a balance between application QoS and fairness. This thesis proposes a novel architecture, the Congestion Aware Packet Scheduler (CAPS), which manages and controls traffic at the point of service aggregation, in order to optimise the overall QoS of the user experience. The CAPS architecture, in contrast to traditional QoS alternatives, places no predetermined precedence on a specific traffic; instead, it adapts QoS policies to each individual’s Internet traffic profile and dynamically controls the ratio of user services to maintain an optimised QoS experience. The rationale behind this approach was to enable a QoS optimised experience to each Internet user and not just those using preferred services. Furthermore, unresponsive bandwidth intensive applications, such as Peer-to-Peer, are managed fairly while minimising their impact on coexisting services. The CAPS architecture has been validated through extensive simulations with the topologies used replicating the complexity and scale of real-network ISP infrastructures. The results show that for a number of different user-traffic profiles, the proposed approach achieves an improved aggregate QoS for each user when compared with Best effort Internet, Traditional Diffserv and Weighted-RED configurations. Furthermore, the results demonstrate that the proposed architecture not only provides an optimised QoS to the user, irrespective of their traffic profile, but through the avoidance of static resource allocation, can adapt with the Internet user as their use of services change.France Teleco

Advances in honeycomb layered oxides: Part II -- Theoretical advances in the characterisation of honeycomb layered oxides with optimised lattices of cations

The quest for a successful condensed matter theory that incorporates diffusion of cations, whose trajectories are restricted to a honeycomb/hexagonal pattern prevalent in honeycomb layered materials is ongoing, with the recent progress discussed herein focusing on symmetries, topological aspects and phase transition descriptions of the theory. Such a theory is expected to differ both qualitatively and quantitatively from 2D electron theory on static carbon lattices, by virtue of the dynamical nature of diffusing cations within lattices in honeycomb layered materials. Herein, we have focused on recent theoretical progress in the characterisation of pnictogen- and chalcogen-based honeycomb layered oxides with emphasis on hexagonal/honeycomb lattices of cations. Particularly, we discuss the link between Liouville conformal field theory to expected experimental results characterising the optimal nature of the honeycomb/hexagonal lattices in congruent sphere packing problems. The diffusion and topological aspects are captured by an idealised model, which successfully incorporates the duality between the theory of cations and their vacancies. Moreover, the rather intriguing experimental result that a wide class of silver-based layered materials form stable Ag bilayers, each comprising a pair of triangular sub-lattices, suggests a bifurcation mechanism for the Ag triangular sub-lattices, which ultimately requires conformal symmetry breaking within the context of the idealised model, resulting in a cation monolayer-bilayer phase transition. Other relevant experimental, theoretical and computational techniques applicable to the characterisation of honeycomb layered materials have been availed for completeness.Comment: 93 pages, 21 figures, 4 tables, title updated, table of contents adde

Distributed Reinforcement Learning for Network Intrusion Response

The increasing adoption of technologies and the exponential growth of networks has made the area of information technology an integral part of our lives, where network security plays a vital role. One of the most serious threats in the current Internet is posed by distributed denial of service (DDoS) attacks, which target the availability of the victim system. Such an attack is designed to exhaust a server's resources or congest a network's infrastructure, and therefore renders the victim incapable of providing services to its legitimate users or customers. To tackle the distributed nature of these attacks, a distributed and coordinated defence mechanism is necessary, where many defensive nodes, across different locations cooperate in order to stop or reduce the flood. This thesis investigates the applicability of distributed reinforcement learning to intrusion response, specifically, DDoS response. We propose a novel approach to respond to DDoS attacks called Multiagent Router Throttling. Multiagent Router Throttling provides an agent-based distributed response to the DDoS problem, where multiple reinforcement learning agents are installed on a set of routers and learn to rate-limit or throttle traffic towards a victim server. One of the novel characteristics of the proposed approach is that it has a decentralised architecture and provides a decentralised coordinated response to the DDoS problem, thus being resilient to the attacks themselves. Scalability constitutes a critical aspect of a defence system since a non-scalable mechanism will never be considered, let alone adopted, for wide deployment by a company or organisation. We propose Coordinated Team Learning (CTL) which is a novel design to the original Multiagent Router Throttling approach based on the divide-and-conquer paradigm, that uses task decomposition and coordinated team rewards. To better scale-up CTL is combined with a form of reward shaping. The scalability of the proposed system is successfully demonstrated in experiments involving up to 1000 reinforcement learning agents. The significant improvements on scalability and learning speed lay the foundations for a potential real-world deployment