1,305 research outputs found
Why (and How) Networks Should Run Themselves
The proliferation of networked devices, systems, and applications that we
depend on every day makes managing networks more important than ever. The
increasing security, availability, and performance demands of these
applications suggest that these increasingly difficult network management
problems be solved in real time, across a complex web of interacting protocols
and systems. Alas, just as the importance of network management has increased,
the network has grown so complex that it is seemingly unmanageable. In this new
era, network management requires a fundamentally new approach. Instead of
optimizations based on closed-form analysis of individual protocols, network
operators need data-driven, machine-learning-based models of end-to-end and
application performance based on high-level policy goals and a holistic view of
the underlying components. Instead of anomaly detection algorithms that operate
on offline analysis of network traces, operators need classification and
detection algorithms that can make real-time, closed-loop decisions. Networks
should learn to drive themselves. This paper explores this concept, discussing
how we might attain this ambitious goal by more closely coupling measurement
with real-time control and by relying on learning for inference and prediction
about a networked application or system, as opposed to closed-form analysis of
individual protocols
Systems and Methods for Measuring and Improving End-User Application Performance on Mobile Devices
In today's rapidly growing smartphone society, the time users are spending on their smartphones is continuing to grow and mobile applications are becoming the primary medium for providing services and content to users. With such fast paced growth in smart-phone usage, cellular carriers and internet service providers continuously upgrade their infrastructure to the latest technologies and expand their capacities to improve the performance and reliability of their network and to satisfy exploding user demand for mobile data. On the other side of the spectrum, content providers and e-commerce companies adopt the latest protocols and techniques to provide smooth and feature-rich user experiences on their applications.
To ensure a good quality of experience, monitoring how applications perform on users' devices is necessary. Often, network and content providers lack such visibility into the end-user application performance. In this dissertation, we demonstrate that having visibility into the end-user perceived performance, through system design for efficient and coordinated active and passive measurements of end-user application and network performance, is crucial for detecting, diagnosing, and addressing performance problems on mobile devices. My dissertation consists of three projects to support this statement. First, to provide such continuous monitoring on smartphones with constrained resources that operate in such a highly dynamic mobile environment, we devise efficient, adaptive, and coordinated systems, as a platform, for active and passive measurements of end-user performance. Second, using this platform and other passive data collection techniques, we conduct an in-depth user trial of mobile multipath to understand how Multipath TCP (MPTCP) performs in practice. Our measurement study reveals several limitations of MPTCP. Based on the insights gained from our measurement study, we propose two different schemes to address the identified limitations of MPTCP. Last, we show how to provide visibility into the end- user application performance for internet providers and in particular home WiFi routers by passively monitoring users' traffic and utilizing per-app models mapping various network quality of service (QoS) metrics to the application performance.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/146014/1/ashnik_1.pd
Performance Evaluation And Anomaly detection in Mobile BroadBand Across Europe
With the rapidly growing market for smartphones and user’s confidence for immediate
access to high-quality multimedia content, the delivery of video over wireless networks has
become a big challenge. It makes it challenging to accommodate end-users with flawless
quality of service. The growth of the smartphone market goes hand in hand with the
development of the Internet, in which current transport protocols are being re-evaluated to
deal with traffic growth. QUIC and WebRTC are new and evolving standards. The latter
is a unique and evolving standard explicitly developed to meet this demand and enable
a high-quality experience for mobile users of real-time communication services. QUIC
has been designed to reduce Web latency, integrate security features, and allow a highquality
experience for mobile users. Thus, the need to evaluate the performance of these
rising protocols in a non-systematic environment is essential to understand the behavior
of the network and provide the end user with a better multimedia delivery service. Since
most of the work in the research community is conducted in a controlled environment, we
leverage the MONROE platform to investigate the performance of QUIC and WebRTC
in real cellular networks using static and mobile nodes. During this Thesis, we conduct
measurements ofWebRTC and QUIC while making their data-sets public to the interested
experimenter. Building such data-sets is very welcomed with the research community,
opening doors to applying data science to network data-sets. The development part of the
experiments involves building Docker containers that act as QUIC and WebRTC clients.
These containers are publicly available to be used candidly or within the MONROE
platform. These key contributions span from Chapter 4 to Chapter 5 presented in Part
II of the Thesis.
We exploit data collection from MONROE to apply data science over network
data-sets, which will help identify networking problems shifting the Thesis focus from
performance evaluation to a data science problem.
Indeed, the second part of the Thesis focuses on interpretable data science. Identifying
network problems leveraging Machine Learning (ML) has gained much visibility in the
past few years, resulting in dramatically improved cellular network services. However,
critical tasks like troubleshooting cellular networks are still performed manually by experts
who monitor the network around the clock. In this context, this Thesis contributes by proposing the use of simple interpretable
ML algorithms, moving away from the current trend of high-accuracy ML algorithms
(e.g., deep learning) that do not allow interpretation (and hence understanding) of their
outcome. We prefer having lower accuracy since we consider it interesting (anomalous)
the scenarios misclassified by the ML algorithms, and we do not want to miss them by
overfitting. To this aim, we present CIAN (from Causality Inference of Anomalies in
Networks), a practical and interpretable ML methodology, which we implement in the
form of a software tool named TTrees (from Troubleshooting Trees) and compare it to
a supervised counterpart, named STress (from Supervised Trees). Both methodologies
require small volumes of data and are quick at training. Our experiments using real
data from operational commercial mobile networks e.g., sampled with MONROE probes,
show that STrees and CIAN can automatically identify and accurately classify network
anomalies—e.g., cases for which a low network performance is not justified by operational
conditions—training with just a few hundreds of data samples, hence enabling precise
troubleshooting actions. Most importantly, our experiments show that a fully automated
unsupervised approach is viable and efficient. In Part III of the Thesis which includes
Chapter 6 and 7.
In conclusion, in this Thesis, we go through a data-driven networking roller coaster,
from performance evaluating upcoming network protocols in real mobile networks to
building methodologies that help identify and classify the root cause of networking
problems, emphasizing the fact that these methodologies are easy to implement and can
be deployed in production environments.This work has been supported by IMDEA Networks InstitutePrograma de Doctorado en Multimedia y Comunicaciones por la Universidad Carlos III de Madrid y la Universidad Rey Juan CarlosPresidente: Matteo Sereno.- Secretario: Antonio de la Oliva Delgado.- Vocal: Raquel Barco Moren
Understanding Home Networks with Lightweight Privacy-Preserving Passive Measurement
Homes are involved in a significant fraction of Internet traffic. However, meaningful and comprehensive information on the structure and use of home networks is still hard to obtain. The two main challenges in collecting such information are the lack of measurement infrastructure in the home network environment and individuals’ concerns about information privacy.
To tackle these challenges, the dissertation introduces Home Network Flow Logger (HNFL) to bring lightweight privacy-preserving passive measurement to home networks. The core of HNFL is a Linux kernel module that runs on resource-constrained commodity home routers to collect network traffic data from raw packets. Unlike prior passive measurement tools, HNFL is shown to work without harming either data accuracy or router performance.
This dissertation also includes a months-long field study to collect passive measurement data from home network gateways where network traffic is not mixed by NAT (Network Address Translation) in a non-intrusive way. The comprehensive data collected from over fifty households are analyzed to learn the characteristics of home networks such as number and distribution of connected devices, traffic distribution among internal devices, network availability, downlink/uplink bandwidth, data usage patterns, and application traffic distribution
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
Development of Campus Video-Conference System Based on Peer-To-Peer Architecture
Peer to Peer (P2P) systems inherently have high scalability, robustness and fault tolerance because there is no centralized server and the network self-organizes itself. This is achieved at the cost of higher latency for locating the resources of interest in the P2P overlay network. This paper describes the design and implementation of campus video conference system based on P2P architecture that was tested within premises of Ladoke Akintola University of Technology, Ogbomoso, Nigeria. The proposed Campus video conference system is made up of five modules which are the media stream engine, the conferencing control protocol, transmission module, TCP/UDP module and the user interface module. The media stream engine is responsible for audio/video capture and playback, the conferencing control protocol defines a set of conventions governing the structure and behavior of communication messages, the transmission module consists of a peer and a distribution network constituting of the peers also the delivery and exchange of streaming data while the audio manager and video manager use TCP/UDP to broadcast to other peer. The proposed system will offer smooth video conferencing with low delay and seldom and short freezes. It is believed that this videoconference system will bring video telephony to a new level of quality and will lead to a new trend in everyday communications in the university community
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
CHID : conditional hybrid intrusion detection system for reducing false positives and resource consumption on malicous datasets
Inspecting packets to detect intrusions faces challenges when coping with a high volume of network traffic. Packet-based detection processes every payload on the wire, which degrades the performance of network intrusion detection system (NIDS). This issue requires an introduction of a flow-based NIDS that reduces the amount of data to be processed by examining aggregated information of related packets.
However, flow-based detection still suffers from the generation of the false positive alerts due to incomplete data input. This study proposed a Conditional Hybrid Intrusion Detection (CHID) by combining the flow-based with packet-based detection. In addition, it is also aimed to improve the resource consumption of the packet-based detection approach. CHID applied attribute wrapper features evaluation algorithms that marked malicious flows for further analysis by the packet-based detection. Input Framework approach was employed for triggering packet flows between the packetbased and flow-based detections. A controlled testbed experiment was conducted to evaluate the performance of detection mechanism’s CHID using datasets obtained from on different traffic rates. The result of the evaluation showed that CHID gains a significant performance improvement in terms of resource consumption and packet drop rate, compared to the default packet-based detection implementation. At a 200 Mbps, CHID in IRC-bot scenario, can reduce 50.6% of memory usage and decreases 18.1% of the CPU utilization without packets drop. CHID approach can mitigate the
false positive rate of flow-based detection and reduce the resource consumption of packet-based detection while preserving detection accuracy. CHID approach can be considered as generic system to be applied for monitoring of intrusion detection systems
- …