Predicting expected TCP throughput using genetic algorithm

Predicting the expected throughput of TCP is important for several aspects such as e.g. determining handover criteria for future multihomed mobile nodes or determining the expected throughput of a given MPTCP subflow for load-balancing reasons. However, this is challenging due to time varying behavior of the underlying network characteristics. In this paper, we present a genetic-algorithm-based prediction model for estimating TCP throughput values. Our approach tries to find the best matching combination of mathematical functions that approximate a given time series that accounts for the TCP throughput samples using genetic algorithm. Based on collected historical datapoints about measured TCP throughput samples, our algorithm estimates expected throughput over time. We evaluate the quality of the prediction using different selection and diversity strategies for creating new chromosomes. Also, we explore the use of different fitness functions in order to evaluate the goodness of a chromosome. The goal is to show how different tuning on the genetic algorithm may have an impact on the prediction. Using extensive simulations over several TCP throughput traces, we find that the genetic algorithm successfully finds reasonable matching mathematical functions that allow to describe the TCP sampled throughput values with good fidelity. We also explore the effectiveness of predicting time series throughput samples for a given prediction horizon and estimate the prediction error and confidence.Peer ReviewedPostprint (author's final draft

Improving intrusion detection systems using data mining techniques

Recent surveys and studies have shown that cyber-attacks have caused a lot of damage to organisations, governments, and individuals around the world. Although developments are constantly occurring in the computer security field, cyber-attacks still cause damage as they are developed and evolved by hackers. This research looked at some industrial challenges in the intrusion detection area. The research identified two main challenges; the first one is that signature-based intrusion detection systems such as SNORT lack the capability of detecting attacks with new signatures without human intervention. The other challenge is related to multi-stage attack detection, it has been found that signature-based is not efficient in this area. The novelty in this research is presented through developing methodologies tackling the mentioned challenges. The first challenge was handled by developing a multi-layer classification methodology. The first layer is based on decision tree, while the second layer is a hybrid module that uses two data mining techniques; neural network, and fuzzy logic. The second layer will try to detect new attacks in case the first one fails to detect. This system detects attacks with new signatures, and then updates the SNORT signature holder automatically, without any human intervention. The obtained results have shown that a high detection rate has been obtained with attacks having new signatures. However, it has been found that the false positive rate needs to be lowered. The second challenge was approached by evaluating IP information using fuzzy logic. This approach looks at the identity of participants in the traffic, rather than the sequence and contents of the traffic. The results have shown that this approach can help in predicting attacks at very early stages in some scenarios. However, it has been found that combining this approach with a different approach that looks at the sequence and contents of the traffic, such as event- correlation, will achieve a better performance than each approach individually

Enhancing Channel Assignment Performance in Wireless Mesh Networks Through Interference Mitigation Functions

The notion of Total Interference Degree (TID) is traditionally used to estimate the intensity of prevalent interference in a Multi-RadioMulti-ChannelWirelessMesh Network (MRMC WMN). Numerous Channel Assignment (CA) approaches, linkscheduling algorithms and routing schemes have been proposed for WMNs which rely entirely on the concept of TID estimates. They focus on minimizing TID to create a minimal interference scenario for the network. In our prior works [1] and [2], we have questioned the efficacy of TID estimate and then proposed two reliable interference estimation metrics viz., Channel Distribution Across Links Cost (CDALcost) and Cumulative X-Link-Set Weight (CXLSwt). In this work, we assess the ability of these interference estimation metrics to replace TID as the interferenceminimizing factor in a CA scheme implemented on a grid MRMC WMN. We carry out a comprehensive evaluation on ns-3 and then conclude from the results that the performance of the network increases by 10-15% when the CA scheme uses CXLSwt as the underlying Interference Mitigation Function (IMF) when compared with CA using TID as IMF. We also confirm that CDALcost is not a better IMF than TID and CXLSwt.Comment: 6 Page

Real-time Intrusion Detection using Multidimensional Sequence-to-Sequence Machine Learning and Adaptive Stream Processing

A network intrusion is any unauthorized activity on a computer network. There are host-based and network-based Intrusion Detection Systems (IDS\u27s), of which there are each signature-based and anomaly-based detection methods. An anomalous network behavior can be defined as an intentional violation of the expected sequence of packets. In a real-time network-based IDS, incoming packets are treated as a stream of data. A stream processor takes any stream of data or events and extracts interesting patterns on the fly. This representation allows applying statistical anomaly detection using sequence prediction algorithms as well as using a stream processor to perform signature-based intrusion detection and sequence extraction from a stream of packets. In this thesis, a Multidimensional Sequence to Multidimensional Sequence (MSeq2MSeq) encoder-decoder model is proposed to predict sequences of packets and an adaptive and functionally auto-scaling stream processor: Wisdom is proposed to process streams of packets. The proposed MSeq2MSeq model trained on legitimate traffic is able to detect Neptune Denial of Service (DoS) attacks, and Port Scan probes with 100% detection rate using the DARPA 1999 dataset. A hybrid algorithm using Particle Swarm Optimization (PSO) and Bisection algorithms was developed to optimize Complex Event Processing (CEP) rules in Wisdom . Adaptive CEP rules optimized by the above algorithm was able to detect FTP Brute Force attack, Slow Header DoS attack, and Port Scan probe with 100% detection rate while processing over 2.5 million events per second. An adaptive and functionally auto-scaling IDS was built using the MSeq2MSeq model and Wisdom stream processor to detect and prevent attacks based on anomalies and signature in real-time. The proposed IDS adapts itself to obtain best results without human intervention and utilizes available system resources in functionally auto-scaling deployment. Results show that the proposed IDS detects FTP Brute Force attack, Slow Header DoS attack, HTTP Unbearable Load King (HULK) DoS attack, SQL Injection attack, Web Brute Force attack, Cross-site scripting attack, Ares Botnet attack, and Port Scan probe with a 100% detection rate in a real-time environment simulated from the CICIDS 2017 dataset

Flexible cross layer design for improved quality of service in MANETs

This thesis was submitted for the degree of Doctor of Philosophy and was awarded by Brunel UniversityMobile Ad hoc Networks (MANETs) are becoming increasingly important because of their unique characteristics of connectivity. Several delay sensitive applications are starting to appear in these kinds of networks. Therefore, an issue in concern is to guarantee Quality of Service (QoS) in such constantly changing communication environment. The classical QoS aware solutions that have been used till now in the wired and infrastructure wireless networks are unable to achieve the necessary performance in the MANETs. The specialized protocols designed for multihop ad hoc networks offer basic connectivity with limited delay awareness and the mobility factor in the MANETs makes them even more unsuitable for use. Several protocols and solutions have been emerging in almost every layer in the protocol stack. The majority of the research efforts agree on the fact that in such dynamic environment in order to optimize the performance of the protocols, there is the need for additional information about the status of the network to be available. Hence, many cross layer design approaches appeared in the scene. Cross layer design has major advantages and the necessity to utilize such a design is definite. However, cross layer design conceals risks like architecture instability and design inflexibility. The aggressive use of cross layer design results in excessive increase of the cost of deployment and complicates both maintenance and upgrade of the network. The use of autonomous protocols like bio-inspired mechanisms and algorithms that are resilient on cross layer information unavailability, are able to reduce the dependence on cross layer design. In addition, properties like the prediction of the dynamic conditions and the adaptation to them are quite important characteristics. The design of a routing decision algorithm based on Bayesian Inference for the prediction of the path quality is proposed here. The accurate prediction capabilities and the efficient use of the plethora of cross layer information are presented. Furthermore, an adaptive mechanism based on the Genetic Algorithm (GA) is used to control the flow of the data in the transport layer. The aforementioned flow control mechanism inherits GA’s optimization capabilities without the need of knowing any details about the network conditions, thus, reducing the cross layer information dependence. Finally, is illustrated how Bayesian Inference can be used to suggest configuration parameter values to the other protocols in different layers in order to improve their performance.National Foundation of Scholarships of Greece(I.K.Y.

Kevlar: A Mapping-Free Framework for Accurate Discovery of De Novo Variants.

De novo genetic variants are an important source of causative variation in complex genetic disorders. Many methods for variant discovery rely on mapping reads to a reference genome, detecting numerous inherited variants irrelevant to the phenotype of interest. To distinguish between inherited and de novo variation, sequencing of families (parents and siblings) is commonly pursued. However, standard mapping-based approaches tend to have a high false-discovery rate for de novo variant prediction. Kevlar is a mapping-free method for de novo variant discovery, based on direct comparison of sequences between related individuals. Kevlar identifies high-abundance k-mers unique to the individual of interest. Reads containing these k-mers are partitioned into disjoint sets by shared k-mer content for variant calling, and preliminary variant predictions are sorted using a probabilistic score. We evaluated Kevlar on simulated and real datasets, demonstrating its ability to detect both de novo single-nucleotide variants and indels with high accuracy

Data-aware workflow scheduling in heterogeneous distributed systems

Data transferring in scientific workflows gradually attracts more attention due to large amounts of data generated by complex scientific workflows will significantly increase the turnaround time of the whole workflow. It is almost impossible to make an optimal or approximate optimal scheduling for the end-to-end workflow without considering the intermediate data movement. In order to reduce the complexity of the workflow-scheduling problem, most researches done so far are constrained by many unrealistic assumptions, which result in non-optimal scheduling in practice. A constraint imposed by most researchers in their algorithms is that a computation site can only start the execution of other tasks after it has completed the execution of the current task and delivered the data generated by this task. We relax this constraint and allow overlap of execution and data movement in order to improve the parallelism of the tasks in the workflow. Furthermore, we generalize the conventional workflow to allow data to be staged in(out) from(to) remote data centers, design and implement an efficient data-aware scheduling strategy. The experimental results show that the turnaround time is reduced significantly in heterogeneous distributed systems by applying our scheduling strategy. To reduce the end-to-end workflow turnaround time, it is crucial to deliver the input, output and intermediate data as fast as possible. However, it is quite often that the throughput is much lower than expected while using single TCP stream to transfer data when the bandwidth of the network is not fully utilized. Multiple TCP streams will benefit the throughput. However, the throughput does not increase monotonically when increasing the number of parallel streams. Based on this observation, we propose to improve the existing throughput prediction models, design and implement a TCP throughput estimation and optimization service in the distributed systems to figure out the optimal configurations of TCP parallel streams. Experimental results show that the proposed estimation and optimization service can predict the throughput dynamically with high accuracy and the throughput can be increased significantly. Throughput optimization along with data-aware workflow scheduling allows us to minimize the end-to-end workflow turnaround time successfully