174 research outputs found
Joint Bandwidth Assignment and Routing for Power Saving on Large File Transfer with Time Constraints
The increase in network traffic in recent years has led to increased power consumption. Accordingly, many studies have tried to reduce the energy consumption of network devices. Various types of data have become available in large quantities via large high-speed computer networks. Time-constrained file transfer is receiving much attention as an advanced service. In this model, a request must be completed within a user-specified deadline or rejected if the requested deadline cannot be met. Some bandwidth assignment and routing methods to accept more requests have been proposed. However, these existing methods do not consider energy consumption. Herein, we propose a joint bandwidth assignment and routing method that reduces energy consumption for time-constrained large file transfer. The bandwidth assignment method reduces the power consumption of mediate node, typically router, by waiting for requests and transferring several requests at the same time. The routing method reduces the power consumption by selecting the path with the least predicted energy consumption. Finally, we evaluate the proposed method through simulation experiments
A dynamic traffic sharing with minimal administration on multihomed networks
Multihomed network is one of the most efficient configuration to improve the response time of network services. However, it is hard to introduce or manage because the existing configuration methods have several problems in that they require much technical skill, involve administrative over-burden for the administrator and so on. In this paper, we propose a dynamic traffic sharing technique and suitable backbone selection metrics to address some of these problems. Using the proposed technique, an appropriate backbone can be selected per connection with minimal technical skill and low administrative cost. In addition, the proposed metrics performs more efficient traffic sharing as compared to others techniques that were investigated </p
A MAC-address Relaying NAT Router for Host Identification from Outside of Internal Network
IPv4アドレスの枯渇問題の軽減策の1つとして,NAT(Network Address Translation)がある.NATは複数の内部ホストが1つのグローバルIPアドレスを共用できるため,必要なグローバルIPアドレスの数を節約できる.しかし,外部ネットワーク側では個々の内部ホストを識別できないため,たとえば外部ネットワーク側でアクセス制御を行うと,1台の内部ホストが外部ネットワークに対するアクセス許可を受けただけで他の内部ホストまで外部ネットワークにアクセス可能な状態になるなどの問題が生じる.そこで,本論文ではデータリンク層での送信元識別子である送信元MACアドレスが基本的にはレイヤ2機器のMACアドレス学習機能にしか使われていない点に着目し,内部ホストから送信されたフレームに含まれる送信元MACアドレスをそのまま外部ネットワーク側に中継する機能を持つNATルータを提案する.本提案に基づいて試作したNATルータを評価した結果,MACアドレスに基づいて内部ホストを個別にアクセス制御でき,また十分なスループットが得られることを確認した.As an alleviation method against IPv4 address exhaustion problem, NAT (Network Address Translation) has been commonly used. Since NAT allows many internal hosts to share one single global IP address, it can save the number of required global IP addresses. However, with NAT, each internal host cannot be identified from the external network. Consequently, if access control system on external network would permit network access from one internal host, it automatically would permit all network access from any other internal hosts as well, for example. In this paper, we propose a NAT router with MAC address relaying function that copies the source MAC address of receiving frames sent by internal hosts into frames sent to the external network since source MAC addresses, which are the sender identifiers in data link layer, are basically unused except for MAC address learning function of layer 2 switches. According to the results of experiments, we confirmed that the prototype NAT router with MAC address relaying function allows access to external networks by internal hosts to be controlled individually based on MAC address and obtains high throughput as well
Design and Implementation of a DMARC Verification Result Notification System
Damages caused by spoofed e-mails as sent from a bank, a public organization and so on become serious social problems. In such e-mails attackers forge the sender address to defraud receivers of their personal and/or secret information. As a countermeasure against spoofed e-mails, sender domain authentication methods such as SPF and DKIM are frequently utilized. However, since most spoofed e-mails do not include DKIM signature in their e-mail header, those e-mails cannot be authenticated by the conventional system. Additionally DKIM has a problem that cannot determine whether the attached signature is legitimate. In this paper, we propose a method to detect spoofed e-mails and alert the user without DKIM signature by utilizing DMARC and implement a system that sends DMARC verification results to receivers. By utilizing this system, the users can obtain alerts for spoofed e-mails that the existing systems cannot warn
Detecting Suspicious Behavior of SDN Switches by Statistics Gathering with Time
In Software Defined Network (SDN), the networks are vulnerable to attacks by compromised switches, since it often used programmable software switches are vulnerable than traditional hardware switches. Although several countermeasures against compromised switches have been proposed, the accuracy of detecting malicious behavior depends on the performance of network statistics gathering by a controller. In this paper, we propose an approach to verify the consistency of forwarding state using simultaneously network statistics gathering from the switch by accurate time scheduling. Our method enables to detect attacks by compromised switches without being influenced by the performance of statistics gathering by the controller. Our method utilizes moving average thus our method mitigates the effect on the verification accuracy from the impact of switches performance such as the error of scheduling. In addition, we implemented the proposed method with Mininet, and we confirmed that our method is able to verify without depending on the performance of statistic-gathering by the controller
A protection method against massive error mails caused by sender spoofed spam mails
Wide spread of spam mails is one of the most serious problems on e-mail environment. Particularly, spam mails with a spoofed sender address should not be left alone, since they make the mail server corresponding to the spoofed address be overloaded with massive error mails generated by the spam mails, and since they waste a lot of network and computer resources. In this paper, we propose a protection method of the mail server against such massive error mails. This method introduces an additional mail server that mainly deals with the error mails in order to reduce the load of the original mail server. This method also provide a function that refuses error mails to these two mail servers to save the network and computer resources
A Method of Dynamic Interconnection of VLANs for Large Scale VLAN Environment
VLAN (Virtual LAN) is a technology which can configure logical networks independent of the physi cal network structure. With VLAN, users in common spaces (such as meeting rooms) can access to their department networks temporarily because changing of logical network structure is achieved only by con figuration of VLAN switches. However, in the general configuration method, because VLANs are managed statically by admin istrators, various problems such as high adminis trative cost and conflict or insufficiency of VLAN IDs may arise especially in large scale organiza tions where VLANs are managed by each depart ment. To solve these problems, we propose a method which provides an interconnection between a tem porary configured VLAN in a common space and a VLAN of a user’s department. In the proposed method, a user in a common space can access to his/her department network seamlessly by convert ing a temporary VLAN-ID in the common space and a VLAN-ID used in his/her department each other automatically. The effectiveness of the pro posed method is confirmed by the experiment on the actual network using VLAN managers, VLAN ID converters and authentication servers based on the proposed method. </p
- …