3 research outputs found
Implementação de serviços em ambientes multi-access edge computing
Driven by the visions of the 5th Generation of Mobile Networks (5G), and with
an increasing acceptance of software-based network technologies, such as
Network Function Virtualization (NFV) and Software Defined Networks (SDN),
a transformation in network infrastructure is presently taking place, along with
different requirements in terms of how networks are managed and deployed.
One of the significantly changes is a shift in the cloud computing paradigm,
moving from a centralized cloud computing towards the edge of the network.
This new environment, providing a cloud computing platform at the edge of
the network, is referred to as Multi-Acess Edge Computing (MEC). The main
feature of MEC is to provide mobile computing, network control and storage to
the network edges, enabling computation-intensive and latency-critical applications
targeting resource-limited mobile devices. In this thesis a MEC architecture
solution is provided, capable of supporting heterogeneous access networks,
to assist as a platform for service deployment. Several MEC use case
scenarios are evaluated on the proposed scheme, in order to attest the advantages
of a MEC deployment. Results show that the proposed environment is
significantly faster on performing compute-intensive applications, mainly due
to lower end-to-end latency, when compared to traditional centralized cloud
servers, translating into energy saving, and reduced backhaul traffic.Impulsionados pelas visões da quinta geração de redes móveis, e com uma
crescente aceitação das tecnologias de redes baseadas em software, tais
como funções de redes virtualizadas (NFV) e redes definidas por software
(SDN), encontramo-nos perante uma transformação na infraestrutura nas redes
de telecomunicações, assim como no modo como estas são geridas e
implementadas. Uma das alterações mais significativas é a mudança no paradigma
de computação na cloud, passando de uma implementação centralizada
para uma ramificada na direção das extremidades da rede. Este novo
ambiente, que possibilita uma plataforma de computação na extremidade da
rede, é denominado de Multi-Access Edge Computing (MEC). A principal característica
do MEC é fornecer computação móvel, armazenamento e recursos
de rede na extremidade da rede, permitindo que terminais móveis com
recursos limitados tenham acesso a aplicações exigentes em termos de latência
e computação. Na presente tese, é apresentada uma solução de arquitetura
MEC, que suporta ligações a redes de acesso heterogéneas, servindo
de plataforma para a implementação de serviços. Alguns cenários MEC foram
aplicados e avaliados na plataforma proposta, de forma a demonstrar as
vantagens da implementação MEC. Os resultados demonstram que a plataforma
proposta é significativamente mais rápida na execução computação intensiva,
maioritariamente devido à baixa latência, quando comparado com os
tradicionais datacenters centralizados, resultando numa poupança de energia
e redução de tráfego no backhaul.Mestrado em Engenharia Eletrónica e Telecomunicaçõe
Improving the Capabilities of Distributed Collaborative Intrusion Detection Systems using Machine Learning
The impact of computer networks on modern society cannot be estimated. Arguably, computer networks are one of the core enablers of the contemporary world. Large computer networks are essential tools which drive our economy, critical infrastructure, education and entertainment. Due to their ubiquitousness and importance, it is reasonable to assume that security is an intrinsic aspect of their design. Yet, due to how networks developed, the security of this communication medium is still an outstanding issue.
Proactive and reactive security mechanisms exist to cope with the security problems that arise when computer networks are used. Proactive mechanisms attempt to prevent malicious activity in a network. Prevention alone, however, is not sufficient: it is imprudent to assume that security cannot be bypassed. Reactive mechanisms are responsible for finding malicious activity that circumvents proactive security mechanisms. The most emblematic reactive mechanism for detecting intrusions in a network is known as a Network Intrusion Detection System (NIDS).
Large networks represent immense attack surfaces where malicious actors can conceal their intentions by distributing their activities. A single NIDS needs to process massive quantities of traffic to discover malicious distributed activities. As individual NIDS have limited resources and a narrow monitoring scope, large networks need to employ multiple NIDS. Coordinating the detection efforts of NIDS is not a trivial task and, as a result, Collaborative Intrusion Detection System (CIDSs) were conceived. A CIDS is a group of NIDSs that collaborate to exchange information that enables them to detect distributed malicious activities. CIDSs may coordinate NIDSs using different communication overlays.
From among the different communication overlays a CIDSs may use, a distributed one promises the most. Distributed overlays are scalable, dynamic, resilient and do not have a single point of failure. Distributed CIDSs, i.e., those using distributed overlays, are preferred in theory, yet not often deployed in practice. Several open issues exist that constraint the use of CIDSs in practice.
In this thesis, we propose solutions to address some of the outstanding issues that prevent distributed CIDSs from becoming viable in practice. Our contributions rely on diverse Machine Learning (ML) techniques and concepts to solve these issues. The thesis is structured around five main contributions, each developed within a dedicated chapter. Our specific contributions are as follows.
Dataset Generation
We survey the intrusion detection research field to analyze and categorize the datasets that are used to develop, compare, and test NIDSs as well as CIDSs. From the defects we found in the datasets, we develop a classification of dataset defects. With our classification of dataset issues, we develop concepts to create suitable datasets for training and testing ML based NIDSs and CIDSs. With our concepts, we injects synthetic attacks into real background traffic. The generated attacks replicate the properties of the background traffic to make attacks as indistinguishable as they can be from real traffic.
Intrusion Detection
We develop an anomaly-based NIDS capable of overcoming some of the limitations that NIDSs have when they are used in large networks. Our anomaly-based NIDS leverages autoencoders and dropout to create models of normality that accurately describe the behavior of large networks. Our NIDS scales to the number of analyzed features, can learn adequate normality models even when anomalies are present in the learning data, operates in real time, and is accurate with only minimal false positives.
Community Formation
We formulate concepts to build communities of NIDSs, coined community-based CIDSs, that implement centralized ML algorithms in a distributed environment. Community-based CIDSs detect distributed attacks through the use of ensemble learning. Ensemble learning is used to combine local ML models created by different communities to detect network-wide attacks that individual communities would otherwise struggle to detect.
Information Dissemination
We design a dissemination strategy specific to CIDSs. The strategy enables NIDSs to efficiently disseminate information to discover and infer when similar network events take place, potentially uncovering distributed attacks. In contrast to other dissemination strategies, our strategy efficiently encodes, aggregates, correlates, and shares network features while minimizing network overhead. We use Sketches to aggregate data and Bayesian Networks to deduce new information from the aggregation process.
Collusion Detection
We devise an evidence-based trust mechanism that detects if the NIDSs of a CIDS are acting honestly, according to the goals of the CIDS, or dishonestly. The trust mechanism uses the reliability of the sensors and Bayesian-like estimators to compute trust scores. From the trust scores, our mechanism is designed to detect not only single dishonest NIDSs but multiple coalitions of dishonest ones. A coalition is a coordinated group of dishonest NIDSs that lie to boost their trust scores, and to reduce the trust scores of others outside the group
Recommended from our members
Painting in Stone: The Symbolism of Colored Marbles in the Visual Arts and Literature from Antiquity until the Enlightenment
Colored marble has been used throughout the Mediterranean as a building material, architectural veneer, sculptural material, even a support for painting since at least the second century BC. This thesis examines the poetics and symbolism of marbles, as a medium more than a material, over many centuries along three predominant lines: as images of substance according to a pre-modern concept of matter and pre-modern notions of geology; marble's apparent ability to bear light due to its polish and occasional translucency; and the longue durée that colored marbles constituted a form of natural (hence divine) painting. The use of marble in architecture and sculpture, as well as its depiction in painting and its description in literature, is examined from the Augustan era up untnil the close of the seventeenth century. Examples range from Durham to Samarra, from Ottoman folklore to popular piety in Florida, from Etruscan tomb painting to installation art, but key monuments like Hagia Sophia and the Cornaro Chapel offer case studies for in-depth analysis