Mining and visualizing uncertain data objects and named data networking traffics by fuzzy self-organizing map

Uncertainty is widely spread in real-world data. Uncertain data-in computer science-is typically found in the area of sensor networks where the sensors sense the environment with certain error. Mining and visualizing uncertain data is one of the new challenges that face uncertain databases. This paper presents a new intelligent hybrid algorithm that applies fuzzy set theory into the context of the Self-Organizing Map to mine and visualize uncertain objects. The algorithm is tested in some benchmark problems and the uncertain traffics in Named Data Networking (NDN). Experimental results indicate that the proposed algorithm is precise and effective in terms of the applied performance criteria.Peer ReviewedPostprint (published version

Securing and enhancing routing protocols for mobile ad hoc networks

1. CONTEXTO1.1. MANETMANET (Mobile and Ad hoc NETworks) (Redes móviles sin cables) son redes formadas por nodos móviles. Se comunican sin cables i lo hacen de manera 'ad hoc'. En este tipo de redes, los protocolos de enrutamiento tienen que ser diferentes de los utilizados en redes fijas.Hoy en día, existen protocolos de enrutamiento capaces de operar en este tipo de redes. No obstante, son completamente inseguras y confían en que los nodos no actuarán de manera malintencionada. En una red donde no se puede contar con la presencia de servidores centrales, se necesita que los nodos puedan comunicarse sin el riesgo de que otros nodos se hagan pasar por aquellos con quien quieren comunicarse. En una red donde todo el mundo es anónimo conceptos como identidad y confianza deben ser redefinidos.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) es un protocolo de enrutamiento reactivo para redes MANET. Esto significa que AODV no hace nada hasta que un nodo necesita transmitir un paquete a otro nodo para el cual no tiene ruta. AODV sólo mantiene rutas entre nodos que necesitan comunicarse. Sus mensajes no contienen información de toda la ruta, solo contienen información sobre el origen i el destino. Por lo tanto los mensajes de AODV tienen tamaño constante independientemente del numero de nodos de la ruta. Utiliza números de secuencia para especificar lo reciente que es una ruta (en relación con otra), lo cual garantiza ausencia de 'loops' (bucles).En AODV, un nodo realiza un descubrimiento de ruta haciendo un 'flooding' de la red con un mensaje llamado 'Route Request' (RREQ). Una vez llega a un nodo que conoce la ruta pedida responde con un 'Route Reply' (RREP) que viaja de vuelta al originador del RREQ. Después de esto, todos los nodos de la ruta descubierta conocen las rutas hacia los dos extremos de la ruta.2. CONTRIBUTIONS2.1. SAODVSAODV (Secure Ad hoc On-Demand Distance Vector) es una extensión de AODV que protege el mecanismo de descubrimiento de ruta. Proporciona funcionalidades de seguridad como ahora integridad i autenticación.Se utilizan firmas digitales para autenticar los campos de los mensajes que no son modificados en ruta y cadenas de hash para proteger el 'hop count' (que es el único campo que se modifica en ruta).2.2. SAKMSAKM (Simple Ad hoc Key Management) proporciona un sistema de gestión de llaves que hace posible para cada nodo obtener las llaves públicas de los otros nodos de la red. Además, permite que cada nodo pueda verificar la relación entre la identidad de un nodo y la llave pública de otro.Esto se consigue a través del uso de direcciones estadísticamente únicas y criptográficamente verificables.2.2.1. Verificación pospuestaEl método 'verificación pospuesta' permite tener rutas pendientes de verificación. Estas serán verificadas cuando el procesador disponga de tiempo para ello y (en cualquier caso) antes de que esas rutas deban ser utilizadas para transmitir paquetes.2.3. Detección de atajosCuando un protocolo de enrutamiento para redes MANET realiza un descubrimiento de ruta, no descubre la ruta más corta sino la ruta a través de la cual el mensaje de petición de ruta viajó más rápidamente. Además, debido a que los nodos son móviles, la ruta que era la más corta en el momento del descubrimiento puede dejar de ser-lo en breve. Esto causa un retraso de transmisión mucho mayor de lo necesario y provoca muchas más colisiones de paquetes.Para evitar esto, los nodos podrían realizar descubrimientos de atajos periódicos para las rutas que están siendo utilizadas. Este mismo mecanismo puede ser utilizado para 'recuperar' rutas que se han roto.1. BACKGROUND1.1. MANETMANET (Mobile and Ad hoc NETworks) are networks formed by nodes that are mobile. They use wireless communication to speak among them and they do it in an ad hoc manner. In this kind of networks, routing protocols have to be different than from the ones used for fixed networks. In addition, nodes use the air to communicate, so a lot of nodes might hear what a node transmits and there are messages that are lost due to collisions.Nowadays, routing in such scenario has been achieved. Nevertheless, if it has to be broadly used, it is necessary to be able to do it in a secure way. In a network where the existance of central servers cannot be expected, it is needed that nodes will be able to communicate without the risk of malicious nodes impersonating the entities they want to communicate with. In a network where everybody is anonymous, identity and trust need to be redefined.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) protocol is a reactive routing protocol for ad hoc and mobile networks. That means that AODV does nothing until a node needs to transmit a packet to a node for which it does not know a route. In addition, it only maintains routes between nodes which need to communicate. Its routing messages do not contain information about the whole route path, but only about the source and the destination. Therefore, routing messages have a constant size, independently of the number of hops of the route. It uses destination sequence numbers to specify how fresh a route is (in relation to another), which is used to grant loop freedom.In AODV, a node does route discovery by flooding the network with a 'Route Request' message (RREQ). Once it reaches a node that knows the requested route, it replies with a 'Route Reply' message (RREP) that travels back to the originator of the RREQ. After this, all the nodes of the discovered path have routes to both ends of the path. 2. CONTRIBUTIONS2.1. SAODVThe Secure Ad hoc On-Demand Distance Vector (SAODV) is an extension of the AODV routing protocol that can be used to protect the route discovery mechanism providing security features like integrity and authentication.Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the non-mutable fields of the messages, and hash chains to secure the hop count information (the only mutable information in the messages).The information relative to the hash chains and the signatures is transmitted with the AODV message as an extension message.2.2. SAKMSimple Ad hoc Key Management (SAKM) provides a key management system that makes it possible for each ad hoc node to obtain public keys from the other nodes of the network. Further, each ad hoc node is capable of securely verifying the association between the identity of a given ad hoc node and the public key of that node.This is achieved by using statistically unique and cryptographically verifiable address.2.2.1. Delayed VerificationDelayed verification allows to have route entries and route entry deletions in the routing table that are pending of verification. They will be verified whenever the node has spared processor time or before these entries should be used to forward data packages.2.3. Short Cut DetectionWhen a routing protocol for MANET networks does a route discovery, it does not discover the shortest route but the route through which the route request flood traveled faster. In addition, since nodes are moving, a route that was the shortest one at discovery time might stop being so in quite a short period of time. This causes, not only a much bigger end-to-end delay, but also more collisions and a faster power consumption.In order to avoid all the performance loss due to these problems, nodes could periodically discover shortcuts to the active routes that can be used with any destination vector routing protocol. The same mechanism can be used also as a bidirectional route recovery mechanism.Postprint (published version

Securing and enhancing routing protocols for mobile ad hoc networks

1. CONTEXTO1.1. MANETMANET (Mobile and Ad hoc NETworks) (Redes móviles sin cables) son redes formadas por nodos móviles. Se comunican sin cables i lo hacen de manera 'ad hoc'. En este tipo de redes, los protocolos de enrutamiento tienen que ser diferentes de los utilizados en redes fijas.Hoy en día, existen protocolos de enrutamiento capaces de operar en este tipo de redes. No obstante, son completamente inseguras y confían en que los nodos no actuarán de manera malintencionada. En una red donde no se puede contar con la presencia de servidores centrales, se necesita que los nodos puedan comunicarse sin el riesgo de que otros nodos se hagan pasar por aquellos con quien quieren comunicarse. En una red donde todo el mundo es anónimo conceptos como identidad y confianza deben ser redefinidos.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) es un protocolo de enrutamiento reactivo para redes MANET. Esto significa que AODV no hace nada hasta que un nodo necesita transmitir un paquete a otro nodo para el cual no tiene ruta. AODV sólo mantiene rutas entre nodos que necesitan comunicarse. Sus mensajes no contienen información de toda la ruta, solo contienen información sobre el origen i el destino. Por lo tanto los mensajes de AODV tienen tamaño constante independientemente del numero de nodos de la ruta. Utiliza números de secuencia para especificar lo reciente que es una ruta (en relación con otra), lo cual garantiza ausencia de 'loops' (bucles).En AODV, un nodo realiza un descubrimiento de ruta haciendo un 'flooding' de la red con un mensaje llamado 'Route Request' (RREQ). Una vez llega a un nodo que conoce la ruta pedida responde con un 'Route Reply' (RREP) que viaja de vuelta al originador del RREQ. Después de esto, todos los nodos de la ruta descubierta conocen las rutas hacia los dos extremos de la ruta.2. CONTRIBUTIONS2.1. SAODVSAODV (Secure Ad hoc On-Demand Distance Vector) es una extensión de AODV que protege el mecanismo de descubrimiento de ruta. Proporciona funcionalidades de seguridad como ahora integridad i autenticación.Se utilizan firmas digitales para autenticar los campos de los mensajes que no son modificados en ruta y cadenas de hash para proteger el 'hop count' (que es el único campo que se modifica en ruta).2.2. SAKMSAKM (Simple Ad hoc Key Management) proporciona un sistema de gestión de llaves que hace posible para cada nodo obtener las llaves públicas de los otros nodos de la red. Además, permite que cada nodo pueda verificar la relación entre la identidad de un nodo y la llave pública de otro.Esto se consigue a través del uso de direcciones estadísticamente únicas y criptográficamente verificables.2.2.1. Verificación pospuestaEl método 'verificación pospuesta' permite tener rutas pendientes de verificación. Estas serán verificadas cuando el procesador disponga de tiempo para ello y (en cualquier caso) antes de que esas rutas deban ser utilizadas para transmitir paquetes.2.3. Detección de atajosCuando un protocolo de enrutamiento para redes MANET realiza un descubrimiento de ruta, no descubre la ruta más corta sino la ruta a través de la cual el mensaje de petición de ruta viajó más rápidamente. Además, debido a que los nodos son móviles, la ruta que era la más corta en el momento del descubrimiento puede dejar de ser-lo en breve. Esto causa un retraso de transmisión mucho mayor de lo necesario y provoca muchas más colisiones de paquetes.Para evitar esto, los nodos podrían realizar descubrimientos de atajos periódicos para las rutas que están siendo utilizadas. Este mismo mecanismo puede ser utilizado para 'recuperar' rutas que se han roto.1. BACKGROUND1.1. MANETMANET (Mobile and Ad hoc NETworks) are networks formed by nodes that are mobile. They use wireless communication to speak among them and they do it in an ad hoc manner. In this kind of networks, routing protocols have to be different than from the ones used for fixed networks. In addition, nodes use the air to communicate, so a lot of nodes might hear what a node transmits and there are messages that are lost due to collisions.Nowadays, routing in such scenario has been achieved. Nevertheless, if it has to be broadly used, it is necessary to be able to do it in a secure way. In a network where the existance of central servers cannot be expected, it is needed that nodes will be able to communicate without the risk of malicious nodes impersonating the entities they want to communicate with. In a network where everybody is anonymous, identity and trust need to be redefined.1.2. AODVAd Hoc On-Demand Vector Routing (AODV) protocol is a reactive routing protocol for ad hoc and mobile networks. That means that AODV does nothing until a node needs to transmit a packet to a node for which it does not know a route. In addition, it only maintains routes between nodes which need to communicate. Its routing messages do not contain information about the whole route path, but only about the source and the destination. Therefore, routing messages have a constant size, independently of the number of hops of the route. It uses destination sequence numbers to specify how fresh a route is (in relation to another), which is used to grant loop freedom.In AODV, a node does route discovery by flooding the network with a 'Route Request' message (RREQ). Once it reaches a node that knows the requested route, it replies with a 'Route Reply' message (RREP) that travels back to the originator of the RREQ. After this, all the nodes of the discovered path have routes to both ends of the path. 2. CONTRIBUTIONS2.1. SAODVThe Secure Ad hoc On-Demand Distance Vector (SAODV) is an extension of the AODV routing protocol that can be used to protect the route discovery mechanism providing security features like integrity and authentication.Two mechanisms are used to secure the AODV messages: digital signatures to authenticate the non-mutable fields of the messages, and hash chains to secure the hop count information (the only mutable information in the messages).The information relative to the hash chains and the signatures is transmitted with the AODV message as an extension message.2.2. SAKMSimple Ad hoc Key Management (SAKM) provides a key management system that makes it possible for each ad hoc node to obtain public keys from the other nodes of the network. Further, each ad hoc node is capable of securely verifying the association between the identity of a given ad hoc node and the public key of that node.This is achieved by using statistically unique and cryptographically verifiable address.2.2.1. Delayed VerificationDelayed verification allows to have route entries and route entry deletions in the routing table that are pending of verification. They will be verified whenever the node has spared processor time or before these entries should be used to forward data packages.2.3. Short Cut DetectionWhen a routing protocol for MANET networks does a route discovery, it does not discover the shortest route but the route through which the route request flood traveled faster. In addition, since nodes are moving, a route that was the shortest one at discovery time might stop being so in quite a short period of time. This causes, not only a much bigger end-to-end delay, but also more collisions and a faster power consumption.In order to avoid all the performance loss due to these problems, nodes could periodically discover shortcuts to the active routes that can be used with any destination vector routing protocol. The same mechanism can be used also as a bidirectional route recovery mechanism

El ensamblador... pero si es muy fácil: guia supuestamente poco dolorosa a la programación del IA-32 (i386) (sintaxis AT&T)

Libro para aprender ensamblador de los Intel de 32 bits. Lo escribí para mis alumnos de Telecomunicaciones de la Universidad Politécnica de Cataluña. El PDF del libro está disponible en la antigua página web de la assignatura (junto con los códigos de ejemplo) en: https://people.ac.upc.edu/guerrero/fo/fo.html Pero comprar la versión impresa da puntos kármicos. ;-) EnPostprint (published version

A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks

In Content-Centric Networks (CCNs) as a possible future Internet, new kinds of attacks and security challenges – from Denial of Service (DoS) to privacy attacks – will arise. An efficient and effective security mechanism is required to secure content and defense against unknown and new forms of attacks and anomalies. Usually, clustering algorithms would fit the requirements for building a good anomaly detection system. K-means is a popular anomaly detection method to classify data into different categories. However, it suffers from the local convergence and sensitivity to selection of the cluster centroids. In this paper, we present a novel fuzzy anomaly detection system that works in two phases. In the first phase – the training phase – we propose an hybridization of Particle Swarm Optimization (PSO) and K-means algorithm with two simultaneous cost functions as well-separated clusters and local optimization to determine the optimal number of clusters. When the optimal placement of clusters centroids and objects are defined, it starts the second phase. In this phase – the detection phase – we employ a fuzzy approach by the combination of two distance-based methods as classification and outlier to detect anomalies in new monitoring data. Experimental results demonstrate that the proposed algorithm can achieve to the optimal number of clusters, well-separated clusters, as well as increase the high detection rate and decrease the false positive rate at the same time when compared to some other well-known clustering algorithms

A Secure Cluster-Based Multipath Routing Protocol for WMSNs

The new characteristics of Wireless Multimedia Sensor Network (WMSN) and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images) as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature) in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption

An ANFIS-based cache replacement method for mitigating cache pollution attacks in Named Data Networking

Named Data Networking (NDN) is a candidate next-generation Internet architecture designed to overcome the fundamental limitations of the current IP-based Internet, in particular strong security. The ubiquitous in-network caching is a key NDN feature. However, pervasive caching strengthens security problems namely cache pollution attacks including cache poisoning (i.e., introducing malicious content into caches as false-locality) and cache pollution (i.e., ruining the cache locality with new unpopular content as locality-disruption). In this paper, a new cache replacement method based on Adaptive Neuro-Fuzzy Inference System (ANFIS) is presented to mitigate the cache pollution attacks in NDN. The ANFIS structure is built using the input data related to the inherent characteristics of the cached content and the output related to the content type (i.e., healthy, locality-disruption, and false-locality). The proposed method detects both false-locality and locality-disruption attacks as well as a combination of the two on different topologies with high accuracy, and mitigates them efficiently without very much computational cost as compared to the most common policies

A hybrid multiobjective RBF-PSO method for mitigating DoS attacks in Named Data Networking

Named Data Networking (NDN) is a promising network architecture being considered as a possible replacement for the current IP-based (host-centric) Internet infrastructure. NDN can overcome the fundamental limitations of the current Internet, in particular, Denial-of-Service (DoS) attacks. However, NDN can be subject to new type of DoS attacks namely Interest flooding attacks and content poisoning. These types of attacks exploit key architectural features of NDN. This paper presents a new intelligent hybrid algorithm for proactive detection of DoS attacks and adaptive mitigation reaction in NDN. In the detection phase, a combination of multiobjective evolutionary optimization algorithm with PSO in the context of the RBF neural network has been applied in order to improve the accuracy of DoS attack prediction. Performance of the proposed hybrid approach is also evaluated successfully by some benchmark problems. In the adaptive reaction phase, we introduced a framework for mitigating DoS attacks based on the misbehaving type of network nodes. The evaluation through simulations shows that the proposed intelligent hybrid algorithm (proactive detection and adaptive reaction) can quickly and effectively respond and mitigate DoS attacks in adverse conditions in terms of the applied performance criteria

El ensamblador... pero si es muy fácil: guia supuestamente poco dolorosa a la programación del IA-32 (i386) (sintaxis AT&T)

Libro para aprender ensamblador de los Intel de 32 bits. Lo escribí para mis alumnos de Telecomunicaciones de la Universidad Politécnica de Cataluña. El PDF del libro está disponible en la antigua página web de la assignatura (junto con los códigos de ejemplo) en: https://people.ac.upc.edu/guerrero/fo/fo.html Pero comprar la versión impresa da puntos kármicos. ;-) E