Argumentation-based fault diagnosis for home networks

Home networks are a fast growing market but managing them is a difficult task, and diagnosing faults is even more challenging. Current fault management tools provide comprehensive information about the network and the devices but it is left to the user to interpret and reason about the data and experiment in order to find the cause of a problem. Home users may not have motivation or time to learn the required skills. Furthermore current tools adopt a closed approach which hardcodes a knowledge base, making them hard to update and extend. This paper proposes an open fault management framework for home networks, whose goal is to simplify network troubleshooting for non-expert users. The framework is based on assumption-based argumentation that is an AI technique for knowledge representation and reasoning. With the underlying argumentation theory, we can easily capture and model the diagnosis procedures of network administrators. The framework is rule-based and extensible, allowing new rules to be added into the knowledge base and diagnostic strategies to be updated on the fly.The framework can also utilise external knowledge and make distributed diagnosi

Improved Caching Strategies for Publish/Subscribe Internet Networking

MEng thesisThe systemic structure of TCP/IP is outdated; a new scheme for data transportation is needed in order to make the internet more adaptive to modern demands of mobility, information-driven demand, ever-increasing quantity of users and data, and performance requirements. While an information centric networking system addresses these issues, one required component for publish subscribe or content-addressed internet networking systems to work properly is an improved caching system. This allows the publish subscribe internet networking to dynamically route packets to mobile users, as an improvement over pure hierarchical or pure distributed caching systems. To this end, I proposed, implemented, and analyzed the workings of a superdomain caching system. The superdomain caching system is a hybrid of hierarchical and dynamic caching systems designed to continue reaping the benefits of the caching system for mobile users (who may move between neighboring domains in the midst of a network transaction) while minimizing the latency inherent in any distributed caching system to improve upon the content-addressed system

Reducing Latency in Internet Access Links with Mechanisms in Endpoints and within the Network

Excessive and unpredictable end-to-end latency is a major problem for today’s Internet performance, affecting a range of applications from real-time multimedia to web traffic. This is mainly attributed to the interaction between the TCP congestion control mechanism and the unmanaged large buffers deployed across the Internet. This dissertation investigates transport and link layer solutions to solve the Internet’s latency problem on the access links. These solutions operate on the sender side, within the network or use signaling between the sender and the network based on Explicit Congestion Notification (ECN). By changing the sender’s reaction to ECN, a method proposed in this dissertation reduces latency without harming link utilization. Real-life experiments and simulations show that this goal is achieved while maintaining backward compatibility and being gradually deployable on the Internet. This mechanism’s fairness to legacy traffic is further improved by a novel use of ECN within the network

Reducing Internet Latency : A Survey of Techniques and their Merit

Bob Briscoe, Anna Brunstrom, Andreas Petlund, David Hayes, David Ros, Ing-Jyh Tsang, Stein Gjessing, Gorry Fairhurst, Carsten Griwodz, Michael WelzlPeer reviewedPreprin

Leveraging Commodity Photonics to Reduce Datacenter Network Latency

Most datacenter network (DCN) designs focus on maximizing bisection bandwidth rather than minimizing server-to-server latency. They are, therefore, ill-suited for important latency-sensitive applications, such as high performance computing, realtime analytic systems and high-frequency financial trading. Although there are a number of existing approaches to reduce network latency, they are only partially effective, workload dependent, and often require network protocol changes. In this thesis, we explore architectural approaches to building a low-latency DCN and introduce Quartz, a new optical design element consisting of a full mesh of switches connected by an optical ring. We can reduce the network latency of a hierarchical or random network by replacing portions of it with a Quartz ring. Our analysis shows that, in a standard 3-tier DCN, replacing high port-count core switches with Quartz can significantly reduce switching delays, and replacing groups of top-of-rack and aggregation switches with Quartz can significantly reduce congestion-related delays from cross-traffic. We overcome the complexity of wiring a complete mesh by using low-cost optical multiplexers that enable us to efficiently implement a logical mesh as a physical ring. We evaluate our performance using both simulations and a small working prototype. Our evaluation results confirm our analysis, and demonstrate that it is possible to build low-latency DCNs using inexpensive commodity elements without significant concessions to cost, scalability, or wiring complexity

Flexible Application-Layer Multicast in Heterogeneous Networks

This work develops a set of peer-to-peer-based protocols and extensions in order to provide Internet-wide group communication. The focus is put to the question how different access technologies can be integrated in order to face the growing traffic load problem. Thereby, protocols are developed that allow autonomous adaptation to the current network situation on the one hand and the integration of WiFi domains where applicable on the other hand

Treatment-Based Classi?cation in Residential Wireless Access Points

IEEE 802.11 wireless access points (APs) act as the central communication hub inside homes, connecting all networked devices to the Internet. Home users run a variety of network applications with diverse Quality-of-Service requirements (QoS) through their APs. However, wireless APs are often the bottleneck in residential networks as broadband connection speeds keep increasing. Because of the lack of QoS support and complicated configuration procedures in most off-the-shelf APs, users can experience QoS degradation with their wireless networks, especially when multiple applications are running concurrently. This dissertation presents CATNAP, Classification And Treatment iN an AP , to provide better QoS support for various applications over residential wireless networks, especially timely delivery for real-time applications and high throughput for download-based applications. CATNAP consists of three major components: supporting functions, classifiers, and treatment modules. The supporting functions collect necessary flow level statistics and feed it into the CATNAP classifiers. Then, the CATNAP classifiers categorize flows along three-dimensions: response-based/non-response-based, interactive/non-interactive, and greedy/non-greedy. Each CATNAP traffic category can be directly mapped to one of the following treatments: push/delay, limited advertised window size/drop, and reserve bandwidth. Based on the classification results, the CATNAP treatment module automatically applies the treatment policy to provide better QoS support. CATNAP is implemented with the NS network simulator, and evaluated against DropTail and Strict Priority Queue (SPQ) under various network and traffic conditions. In most simulation cases, CATNAP provides better QoS supports than DropTail: it lowers queuing delay for multimedia applications such as VoIP, games and video, fairly treats FTP flows with various round trip times, and is even functional when misbehaving UDP traffic is present. Unlike current QoS methods, CATNAP is a plug-and-play solution, automatically classifying and treating flows without any user configuration, or any modification to end hosts or applications

Smartphone traffic characteristics and context dependencies

Smartphone traffic contributes a considerable amount to Internet traffic. The increasing popularity of smartphones in recent reports suggests that smartphone traffic has been growing 10 times faster than traffic generated from fixed networks. However, little is known about the characteristics of smartphone traffic. A few recent studies have analyzed smartphone traffic and given some insight into its characteristics. However, many questions remain inadequately answered. This thesis analyzes traffic characteristics and explores some important issues related to smartphone traffic. An application on the Android platform was developed to capture network traffic. A user study was then conducted where 39 participants were given HTC Magic phones with data collection applications installed for 37 days. The collected data was analyzed to understand the workload characteristics of smartphone traffic and study the relationship between participant contexts and smartphone usage. The collected dataset suggests that even in a small group of participants a variety of very different smartphone usage patterns occur. Participants accessed different types of Internet content at different times and under different circumstances. Differences between the usage of Wi-Fi and cellular networks for individual participants are observed. Download-intensive activities occurred more frequently over Wi-Fi networks. Dependencies between smartphone usage and context (where they are, who they are with, at what time, and over which physical interface) are investigated in this work. Strong location dependencies on an aggregate and individual user level are found. Potential relationships between times of the day and access patterns are investigated. A time-of-day dependent access pattern is observed for some participants. Potential relationships between movement and proximity to other users and smartphone usage are also investigated. The collected data suggests that moving participants used map applications more. Participants generated more traffic and primarily downloaded apps when they were alone. The analyses performed in this thesis improve basic understanding and knowledge of smartphone use in different scenarios

Resource Orchestration in Softwarized Networks

Network softwarization is an emerging research area that is envisioned to revolutionize the way network infrastructure is designed, operated, and managed today. Contemporary telecommunication networks are going through a major transformation, and softwarization is recognized as a crucial enabler of this transformation by both academia and industry. Softwarization promises to overcome the current ossified state of Internet network architecture and evolve towards a more open, agile, flexible, and programmable networking paradigm that will reduce both capital and operational expenditures, cut-down time-to-market of new services, and create new revenue streams. Software-Defined Networking (SDN) and Network Function Virtualization (NFV) are two complementary networking technologies that have established themselves as the cornerstones of network softwarization. SDN decouples the control and data planes to provide enhanced programmability and faster innovation of networking technologies. It facilitates simplified network control, scalability, availability, flexibility, security, cost-reduction, autonomic management, and fine-grained control of network traffic. NFV utilizes virtualization technology to reduce dependency on underlying hardware by moving packet processing activities from proprietary hardware middleboxes to virtualized entities that can run on commodity hardware. Together SDN and NFV simplify network infrastructure by utilizing standardized and commodity hardware for both compute and networking; bringing the benefits of agility, economies of scale, and flexibility of data centers to networks. Network softwarization provides the tools required to re-architect the current network infrastructure of the Internet. However, the effective application of these tools requires efficient utilization of networking resources in the softwarized environment. Innovative techniques and mechanisms are required for all aspects of network management and control. The overarching goal of this thesis is to address several key resource orchestration challenges in softwarized networks. The resource allocation and orchestration techniques presented in this thesis utilize the functionality provided by softwarization to reduce operational cost, improve resource utilization, ensure scalability, dynamically scale resource pools according to demand, and optimize energy utilization

Community-Based Intrusion Detection

Today, virtually every company world-wide is connected to the Internet. This wide-spread connectivity has given rise to sophisticated, targeted, Internet-based attacks. For example, between 2012 and 2013 security researchers counted an average of about 74 targeted attacks per day. These attacks are motivated by economical, financial, or political interests and commonly referred to as “Advanced Persistent Threat (APT)” attacks. Unfortunately, many of these attacks are successful and the adversaries manage to steal important data or disrupt vital services. Victims are preferably companies from vital industries, such as banks, defense contractors, or power plants. Given that these industries are well-protected, often employing a team of security specialists, the question is: How can these attacks be so successful? Researchers have identified several properties of APT attacks which make them so efficient. First, they are adaptable. This means that they can change the way they attack and the tools they use for this purpose at any given moment in time. Second, they conceal their actions and communication by using encryption, for example. This renders many defense systems useless as they assume complete access to the actual communication content. Third, their actions are stealthy — either by keeping communication to the bare minimum or by mimicking legitimate users. This makes them “fly below the radar” of defense systems which check for anomalous communication. And finally, with the goal to increase their impact or monetisation prospects, their attacks are targeted against several companies from the same industry. Since months can pass between the first attack, its detection, and comprehensive analysis, it is often too late to deploy appropriate counter-measures at businesses peers. Instead, it is much more likely that they have already been attacked successfully. This thesis tries to answer the question whether the last property (industry-wide attacks) can be used to detect such attacks. It presents the design, implementation and evaluation of a community-based intrusion detection system, capable of protecting businesses at industry-scale. The contributions of this thesis are as follows. First, it presents a novel algorithm for community detection which can detect an industry (e.g., energy, financial, or defense industries) in Internet communication. Second, it demonstrates the design, implementation, and evaluation of a distributed graph mining engine that is able to scale with the throughput of the input data while maintaining an end-to-end latency for updates in the range of a few milliseconds. Third, it illustrates the usage of this engine to detect APT attacks against industries by analyzing IP flow information from an Internet service provider. Finally, it introduces a detection algorithm- and input-agnostic intrusion detection engine which supports not only intrusion detection on IP flow but any other intrusion detection algorithm and data-source as well