Alternate marking-based network telemetry for industrial WSNs

For continuous, persistent and problem-free operation of Industrial Wireless Sensor Networks (IWSN), it is critical to have visibility and awareness into what is happening on the network at any one time. Especially, for the use cases with strong needs for deterministic and real-time network services with latency and reliability guarantees, it is vital to monitor network devices continuously to guarantee their functioning, detect and isolate relevant problems and verify if all system requirements are being met simultaneously. In this context, this article investigates a light-weight telemetry solution for IWSNs, which enables the collection of accurate and continuous flowbased telemetry information, while adding no overhead on the monitored packets. The proposed monitoring solution adopts the recent Alternate Marking Performance Monitoring (AMPM) concept and mainly targets measuring end-to-end and hopby-hop reliability and delay performance in critical application flows. Besides, the technical capabilities and characteristics of the proposed solution are evaluated via a real-life implementation and practical experiments, validating its suitability for IWSNs

On mitigating distributed denial of service attacks

Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are probably the most ferocious threats in the Internet, resulting in tremendous economic and social implications/impacts on our daily lives that are increasingly depending on the wellbeing of the Internet. How to mitigate these attacks effectively and efficiently has become an active research area. The critical issues here include 1) IP spoofing, i.e., forged source lIP addresses are routinely employed to conceal the identities of the attack sources and deter the efforts of detection, defense, and tracing; 2) the distributed nature, that is, hundreds or thousands of compromised hosts are orchestrated to attack the victim synchronously. Other related issues are scalability, lack of incentives to deploy a new scheme, and the effectiveness under partial deployment. This dissertation investigates and proposes effective schemes to mitigate DDoS attacks. It is comprised of three parts. The first part introduces the classification of DDoS attacks and the evaluation of previous schemes. The second part presents the proposed IP traceback scheme, namely, autonomous system-based edge marking (ASEM). ASEM enhances probabilistic packet marking (PPM) in several aspects: (1) ASEM is capable of addressing large-scale DDoS attacks efficiently; (2) ASEM is capable of handling spoofed marking from the attacker and spurious marking incurred by subverted routers, which is a unique and critical feature; (3) ASEM can significantly reduce the number of marked packets required for path reconstruction and suppress false positives as well. The third part presents the proposed DDoS defense mechanisms, including the four-color-theorem based path marking, and a comprehensive framework for DDoS defense. The salient features of the framework include (1) it is designed to tackle a wide spectrum of DDoS attacks rather than a specified one, and (2) it can differentiate malicious traffic from normal ones. The receiver-center design avoids several related issues such as scalability, and lack of incentives to deploy a new scheme. Finally, conclusions are drawn and future works are discussed

Theories and Models for Internet Quality of Service

We survey recent advances in theories and models for Internet Quality of Service (QoS). We start with the theory of network calculus, which lays the foundation for support of deterministic performance guarantees in networks, and illustrate its applications to integrated services, differentiated services, and streaming media playback delays. We also present mechanisms and architecture for scalable support of guaranteed services in the Internet, based on the concept of a stateless core. Methods for scalable control operations are also briefly discussed. We then turn our attention to statistical performance guarantees, and describe several new probabilistic results that can be used for a statistical dimensioning of differentiated services. Lastly, we review recent proposals and results in supporting performance guarantees in a best effort context. These include models for elastic throughput guarantees based on TCP performance modeling, techniques for some quality of service differentiation without access control, and methods that allow an application to control the performance it receives, in the absence of network support

Advances in Internet Quality of Service

We describe recent advances in theories and architecture that support performance guarantees needed for quality of service networks. We start with deterministic computations and give applications to integrated services, differentiated services, and playback delays. We review the methods used for obtaining a scalable integrated services support, based on the concept of a stateless core. New probabilistic results that can be used for a statistical dimensioning of differentiated services are explained; some are based on classical queuing theory, while others capitalize on the deterministic results. Then we discuss performance guarantees in a best effort context; we review: methods to provide some quality of service in a pure best effort environment; methods to provide some quality of service differentiation without access control, and methods that allow an application to control the performance it receives, in the absence of network support

Modeling, analysis and defense strategies against Internet attacks.

Third, we have analyzed the tradeoff between delay caused by filtering of worms at routers, and the delay due to worms' excessive amount of network traffic. We have used the optimal control problem, to determine the appropriate tradeoffs between these two delays for a given rate of a worm spreading. Using our technique we can minimize the overall network delay by finding the number of routers that should perform filtering and the time at which they should start the filtering process.Many early Internet protocols were designed without a fundamentally secure infrastructure and hence vulnerable to attacks such as denial of service (DoS) attacks and worms. DoS attacks attempt to consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Network forensics is an emerging area wherein the source or the cause of the attacker is determined using IDS tools. The problem of finding the source(s) of attack(s) is called the "trace back problem". Lately, Internet worms have become a major problem for the security of computer networks, causing considerable amount of resources and time to be spent recovering from the disruption of systems. In addition to breaking down victims, these worms create large amounts of unnecessary network data traffic that results in network congestion, thereby affecting the entire network.In this dissertation, first we solve the trace back problem more efficiently in terms of the number of routers needed to complete the track back. We provide an efficient algorithm to decompose a network into connected components and construct a terminal network. We show that for a terminal network with n routers, the trace back can be completed in O(log n) steps.Second, we apply two classical epidemic SIS and SIR models to study the spread of Internet Worm. The analytical models that we provide are useful in determining the rate of spread and time required to infect a majority of the nodes in the network. Our simulation results on large Internet like topologies show that in a fairly small amount of time, 80% of the network nodes is infected

Active Topology Inference using Network Coding

Our goal is to infer the topology of a network when (i) we can send probes between sources and receivers at the edge of the network and (ii) intermediate nodes can perform simple network coding operations, i.e., additions. Our key intuition is that network coding introduces topology-dependent correlation in the observations at the receivers, which can be exploited to infer the topology. For undirected tree topologies, we design hierarchical clustering algorithms, building on our prior work. For directed acyclic graphs (DAGs), first we decompose the topology into a number of two-source, two-receiver (2-by-2) subnetwork components and then we merge these components to reconstruct the topology. Our approach for DAGs builds on prior work on tomography, and improves upon it by employing network coding to accurately distinguish among all different 2-by-2 components. We evaluate our algorithms through simulation of a number of realistic topologies and compare them to active tomographic techniques without network coding. We also make connections between our approach and alternatives, including passive inference, traceroute, and packet marking