152 research outputs found

    Public Review - A Cooperative Uplink Power Control Scheme for Elastic Data Services in Wireless CDMA Systems

    Get PDF
    This is a paper that is actually an excellent illustration of how CCR differs from more traditional publications, and also one for which I am glad to have the opportunity to write a public review that hopefully can shed some light on the reasons behind its acceptance. Don’t get me wrong, this is not a paper that I regret seeing in CCR, but this is paper that most likely would not have been accepted in most other publications, including conferences and workshops, at least not in its first submission. The focus of the paper is on resource management on the uplink of a CDMA wireless system, and in particular the combination of an admission control algorithm and a cooperative power control algorithm that maximize a utility function across admitted mobiles while taking QoS requirements into account. The topic is arguably important given the growing presence of CDMA wireless systems and the emergence of new standards such EVDO-1X Rev. A, which offer a range of new options allowing the use of independent transmission policies by mobile devices rather than always subjecting them to tight control from the base station. Understanding, if, when, and how such flexibility can be beneficial or harmful is an interesting and timely research area

    On the Robustness of Router-based Denial-of-Service (DoS) Defense Systems

    Get PDF
    This paper focuses on router-based defense mechanisms, and whether they can provide effective solutions to network Denial-of-Service (DoS) attacks. Router-based defenses operate either on traffic aggregates or on individual flows, and have been shown, either alone or in combination with other schemes, e.g., traceback, to be reasonably effective against certain types of basic attacks. Those attacks are, however, relatively brute-force, and usually accompanied by either significant increases in congestion, and/or traffic patterns that are easily identified. It is, therefore, unclear if router-based solutions are viable in the presence of more diverse or sophisticated attacks. As a result, even if incorporating defense mechanisms in the routers themselves has obvious advantages, such schemes have not seen wide deployments. Our ultimate goal is to determine whether it is possible to build router-based defense mechanisms that are effective against a wide range of attacks. This paper describes a first phase of this effort aimed at identifying weaknesses in existing systems. In particular, the paper demonstrates that aggregate defense systems can be readily circumvented, even by a single attacker, through minor modifications of its flooding patterns. Flow-based defenses fare slightly better, but can still be easily fooled by a small number of attackers generating transient flooding patterns. The findings of the paper provide insight into possible approaches for designing better and more robust router-based defense systems

    Aggregation and Conformance in Differentiated Service Networks: A Case Study

    Get PDF
    The Differentiated Service (Diff-Serv) architecture [1] advocates a model based on different “granularity” at network edges and within the network. In particular, core routers are only required to act on a few aggregates that are meant to offer a pre-defined set of service levels. The use of aggregation raises a number of questions for end-to-end services, in particular when crossing domain boundaries where policing actions may be applied. This paper focuses on the impact of such policing actions in the context of individual and bulk services built on top of the Expedited Forwarding (EF) [7] per-hop-behavior (PHB). The findings of this investigation confirm and quantify the expected need for reshaping at network boundaries, and identify a number of somewhat unexpected behaviors. Recommendations are also made for when reshaping is not available

    Individual QoS versus aggregate QoS: A loss performance study

    Get PDF
    This paper explores the differences that can exist between individual and aggregate loss guarantees in an environment where guarantees are only provided at an aggregate level. The focus is on understanding which traffic parameters are responsible for inducing possible deviations and to what extent. In addition, we seek to evaluate the level of additional resources, e.g., bandwidth or buffer, required to ensure that all individual loss measures remain below their desired target. This paper\u27s contributions are in developing analytical models that enable the evaluation of individual loss probabilities in settings where only aggregate losses are controlled, and in identifying traffic parameters that have a major influence on the differences between individual and aggregate losses. The latter allows us to further construct tools and guidelines that are able to determine what kind of traffic can be safely multiplexed in practice into a common service class

    On-line Estimation of Internet Path Performance: An Application Perspective

    Get PDF
    Estimating end-to-end packet loss on Internet paths is important not only to monitor network performance, but also to assist adaptive applications make the best possible use of available network resources. There has been significant prior work on measuring and modeling packet loss in the Internet, but most of those techniques do not focus on providing, real-time information and on assessing path performance from an application standpoint. In this paper, we present an on-line probing-based approach to estimate the loss performance of a netework path, and extend this estimate to infer the performance that an application using the path would see. The approach relies on a hidden Markov model constructed from performance estimates generated from probes, which is then used to predict path performance as an application would experience. The accuracy of the model is evaluated using a number of different metrics, including loss rate and loss burstiness. The sensitivity of the results to measurement and computational overhead is also investigated, and an extension of the base approach using a layered model is explored as a possible solution to capturing time-varying channel behavior while keeping computational complexity reasonably low. The results we present show that the approach is capable of generating accurate, real-time estimates of path performance, and of predicting the performance that applications would experience if routed on the path

    Multipath and Rate Stability

    Get PDF
    Originally Published In Proc. IEEE Globecom Conference - CQRM: Communication QoS, Reliability & Modeling Symposiu

    On Evaluating Loss Performance Deviation: A Simple Tool and Its Practical Applications

    Get PDF
    The focus of this paper is on developing and evaluating a practical methodology for determining if and when different types of traffic can be safely multiplexed within the same service class. The use of class rather than individual service guarantees offers many advantages in terms of scalability, but raises the concern that not all users within a class see the same performance. Understanding when and why a user will experience performance that differs significantly from that of other users in its class is, therefore, of importance. Our approach relies on an analytical model developed under a number of simplifying assumptions, which we test using several real traffic traces corresponding to different types of users. This testing is carried out primarily by means of simulation, to allow a comprehensive coverage of different configurations. Our findings establish that although the simplistic model does not accurately predict the absolute performance that individual users experience, it is quite successful and robust when it comes to identifying situations that can give rise to substantial performance deviations within a service class. As a result, it provides a simple and practical tool for rapidly characterizing real traffic profiles that can be safely multiplexed

    Application-Specific Path Switching: A Case Study for Streaming Video

    Get PDF
    The focus of this paper is on improving the quality of streaming video transmitted over the Internet. The approach we investigate assumes the availability of multiple paths between the source and the destination, and dynamically selects the best one. Although this is not a new concept, our contribution is in estimating the goodness of a path from the perspective of the video stream, instead of relying only on raw network performance measures. The paper starts by showing that the use of raw network performance data to control path switching decisions can often result in poor choices from an application perspective, and then proceeds to develop a practical approach for evaluating, in real-time, the performance of different paths in terms of video quality. Those estimates are used to continuously select the path that yields the best possible transmission conditions for video streaming applications. We demonstrate the feasibility and performance of the scheme through experiments involving different types of videos

    A Double Horizon Defense Design for Robust Regulation of Malicious Traffic

    Get PDF
    Deploying defense mechanisms in routers holds promises for protecting infrastructure resources such as link bandwidth or router buffers against network Denial-of-Service (DoS) attacks. However, in spite of their efficacy against bruteforce flooding attacks, existing router-based defenses often perform poorly when confronted to more sophisticated attack strategies. This paper presents the design and evaluation of a system aimed at identifying and containing a broad range of malicious traffic patterns. Its main feature is a double time horizon architecture, designed for effective regulation of attacking traffic at both short and long time scales. The short horizon component responds quickly to transient traffic surges that deviate significantly from regular (TCP) traffic, i.e., attackers that generate sporadic short bursts. Conversely, the long horizon mechanism enforces strict conformance with normal TCP behavior, but does so by considering traffic over longer time periods, and is therefore aimed at attackers that attempt to capture a significant amount of link bandwidth. The performance of the proposed system was tested extensively. Our findings suggest that the implementation cost of the system is reasonable, and that it is indeed efficient against various types of attacks while remaining transparent to normal TCP users
    • …