Real-Time Video Content Popularity Detection Based on Mean Change Point Analysis

Video content is responsible for more than 70% of the global IP traffic. Consequently, it is important for content delivery infrastructures to rapidly detect and respond to changes in content popularity dynamics. In this paper, we propose the employment of on-line change point (CP) analysis to implement real-time, autonomous and low-complexity video content popularity detection. Our proposal, denoted as real-time change point detector (RCPD), estimates the existence, the number and the direction of changes on the average number of video visits by combining: (i) off-line and on-line CP detection algorithms; (ii) an improved time-series segmentation heuristic for the reliable detection of multiple CPs; and (iii) two algorithms for the identification of the direction of changes. The proposed detector is validated against synthetic data, as well as a large database of real YouTube video visits. It is demonstrated that the RCPD can accurately identify changes in the average content popularity and the direction of change. In particular, the success rate of the RCPD over synthetic data is shown to exceed 94% for medium and large changes in content popularity. Additionally,the dynamic time warping distance, between the actual and the estimated changes, has been found to range between20sampleson average, over synthetic data, to52samples, in real data.The rapid responsiveness of the RCPD is instrumental in the deployment of real-time, lightweight load balancing solutions, as shown in a real example

Denial of Service Attacks Detection in Software-Defined Wireless Sensor Networks

Software-defined networking (SDN) is a promising technology to overcome many challenges in wireless sensor networks (WSN), particularly with respect to flexibility and reuse. Conversely, the centralization and the planes' separation turn SDNs vulnerable to new security threats in the general context of distributed denial of service (DDoS) attacks. State-of-the-art approaches to identify DDoS do not always take into consideration restrictions in typical WSNs e.g., computational complexity and power constraints, while further performance improvement is always a target. The objective of this work is to propose a lightweight but very efficient DDoS attack detection approach using change point analysis. Our approach has a high detection rate and linear complexity, so that it is suitable for WSNs. We demonstrate the performance of our detector in software-defined WSNs of 36 and 100 nodes with varying attack intensity (the number of attackers ranges from 5% to 20% of nodes). We use change point detectors to monitor anomalies in two metrics: the data packets delivery rate and the control packets overhead. Our results show that with increasing intensity of attack, our approach can achieve a detection rate close to100% and that the type of attack can also be inferred

Centralized and Distributed Intrusion Detection for Resource Constrained Wireless SDN Networks

Software-defined networking (SDN) was devised to simplify network management and automate infrastructure sharing in wired networks. These benefits motivated the application of SDN in wireless sensor networks to leverage solutions for complex applications. However, some of the core SDN traits turn the networks prone to denial of service attacks (DoS). There are proposals in the literature to detect DoS in wireless SDN networks, however, not without shortcomings: there is little focus on resource constraints, high detection rates have been reported only for small networks, and the detection is disengaged from the identification of the type of the attack or the attacker. Our work targets these shortcomings by introducing a lightweight, online change point detector to monitor performance metrics that are impacted when the network is under attack. A key novelty is that the proposed detector is able to operate in either centralized or distributed mode. The centralized detector has very high detection rates and can further distinguish the type of the attack (from a list of known attacks). On the other hand, the distributed detector provides information that allows to identify the nodes launching the attack. Our proposal is tested over IEEE 802.15.4 networks. The results show detection rates exceeding $96\%$ in networks of 36 and 100 nodes and identification of the type of the attack with a probability exceeding $0.89$ when using the centralized approach. Additionally, for some types of attack it was possible to pinpoint the attackers with an identification probability over $0.93$ when using distributed detectors