Policy Based QoS support using BGP Routing

Abstract -Routing protocols are important to exchange routing information between neighboring routers. Such information is Key words: BGP, QoS, Autonomous System (AS) Introduction Current Internet architecture is based on the Best Effort (BE) model, where packets can be dropped indiscriminately in the event of congestion. Such architecture attempts to deliver all traffic as soon as possible within the limits of its abilities, but without any guarantee about throughput, delay, packet loss, etc. Though such a model works well for certain traditional applications such as FTP, E-mail and less QoS constrained applications, it can be intolerable for newly emerged real-time, multimedia applications such as Internet Telephony (VoIP), Video-Conferencing and Video on-Demand, as well as future services. Hence, with massive deployment of Internet based applications in recent years and the need to manage them efficiently, current Internet structure needs a major shift from the BE model to a service oriented model with support for desired QoS. Current research in this direction is focused towards providing better than BE service over the Internet through a new architecture. Also the new architecture should be both scalable and guarantee end-to-end QoS for different services/applications while supporting different levels of performance. Current Internet architecture lacks standardization while deployed across various domains, hence affecting end-to-end QoS significantly. In this paper our effort is to find a scalable and uniform solution mainly addressing routing and its effect on end to end QoS. In this regard, we consider current inter-domain routing based on BGP as the central component and develop an algorithm allowing QoS domains to be easily identified and enable policy based routing to support QoS for various applications. One of the main objectives in setting up an end-to-end path for any service over the Internet is providing support for its service requirements to achieve necessary QoS, and such tasks are difficult to achieve through current Internet architecture. In this regard, our algorithm is designed to address such heterogeneous service parameter requirements for different services between ASs, and tries to find a viable solution by integrating network policies with routing and traffic engineering objectives. We mainly focus on Inter-domain traffic engineering issues in resolving the policy requirements of different services. In doing so, we have identified and addressed two core problems in the Internet today in relation to QoS

Mahalanobis Distance Map Approach for Anomaly Detection

Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction and classification of the incoming network traffic. GSAD model is based on a pattern recognition technique used in image processing. It analyses the correlations between various payload features and uses Mahalanobis Distance Map (MDM) to calculate the difference between normal and abnormal network traffic. We focus on the detection of generic attacks, shell code attacks, polymorphic attacks and polymorphic blending attacks. We evaluate accuracy of GSAD model experimentally on the real-world attacks dataset created at Georgia Institute of Technology. We conducted preliminary experiments on the DARPA 99 dataset to evaluate the accuracy of feature reduction

Hybrid Tree-rule Firewall for High Speed Data Transmission

Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates faster than traditional firewalls, keeping track of the state of network connections using hashing functions incurs extra computational overhead. In order to reduce this overhead, we propose a hybrid Tree-rule firewall in this paper. This hybrid scheme takes advantages of both Tree-rule firewalls and traditional listed-rule firewalls. The GUIs of our Tree-rule firewalls are utilized to provide a means for users to create conflict-free firewall rules, which are organized in a tree structure and called 'tree rules'. These tree rules are later converted into listed rules that share the merit of being conflict-free. Finally, in decision making, the listed rules are used to verify against packet header information. The rules which have matched with most packets are moved up to the top positions by the core firewall. The mechanism applied in this hybrid scheme can significantly improve the functional speed of a firewall

Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm

Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a mutual information based algorithm that analytically selects the optimal feature for classification. This mutual information based feature selection algorithm can handle linearly and nonlinearly dependent data features. Its effectiveness is evaluated in the cases of network intrusion detection. An Intrusion Detection System (IDS), named Least Square Support Vector Machine based IDS (LSSVM-IDS), is built using the features selected by our proposed feature selection algorithm. The performance of LSSVM-IDS is evaluated using three intrusion detection evaluation datasets, namely KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results show that our feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods

FairEdge: A Fairness-Oriented Task Offloading Scheme for Iot Applications in Mobile Cloudlet Networks

Mobile cloud computing has emerged as a promising paradigm to facilitate computation-intensive and delay-sensitive mobile applications. Computation offloading services at the edge mobile cloud environment are provided by small-scale cloud infrastructures such as cloudlets. While offloading tasks to in-proximity cloudlets enjoys benefits of lower latency and smaller energy consumption, new issues related to the cloudlets are rising. For instance, unbalanced task distribution and huge load gaps among heterogeneous mobile cloudlets are becoming challenging with respect to network dynamics and distributed task offloading. In this paper, we propose 'FairEdge', a Fairness-oriented computation offloading scheme to enable balanced task distribution for mobile Edge cloudlet networks. By integrating the balls-and-bins theory with fairness index, our solution promotes effective load balancing with limited information at low computation cost. The evaluation results from extensive simulations and experiments with real-world datasets show that FairEdge outperforms conventional task offloading methods, it can achieve a network fairness up to 0.85 and reduce the unbalanced task offload by 50%

A three layer policy-based architecture supporting internet quality of service (QoS)

University of Technology, Sydney. Faculty of Information Technology.NO FULL TEXT AVAILABLE. Access is restricted indefinitely. The hardcopy may be available for consultation at the UTS Library.NO FULL TEXT AVAILABLE. Access is restricted indefinitely. ----- The success of the Internet has brought a tremendous growth in business, education, research, etc., over the last four decades. With the dramatic advances in multimedia technologies and the increasing popularity of real-time applications, recently Quality of Service (QoS) support in the Internet has been in great demand. But end-to-end QoS still remains a big issue for service providers and other network operators in the Internet due to Best Effort mechanism offered by current Internet architecture. Current Internet is viewed as a connection of Autonomous System (AS) domains where each of these AS domains control traffic routing in their own domain based on their own policies. These policies are defined to benefit the AS domains without consideration on other AS domains which may result in policy conflicts while establishing a flow to achieve certain degree of QoS on an end-to-end basis. This thesis presents a three-layer policy based architecture which is designed to support end-to-end QoS for real-time applications such as VoIP along with other applications in the Internet. The objectives of the architecture are to address the following issues and deploy them on an incremental basis on the current Internet. • Traffic flow management and resource monitoring • QoS Area identification • Traffic engineering and load balancing • Policy based routing Management of traffic flows and monitoring of resources are supported in the architecture by obtaining statistics on inter domain resources through the use of Border Gateway Protocol (BGP) announcements between neighboring domains. Identification of QoS enabled domains across the Internet and routing traffic through them improves overall QoS for various applications. This function is supported in our architecture by applying policy routing for QoS sensitive applications. Since traffic engineering is important to improve end-to-end QoS, the architecture tries to balance traffic flows between various domains through policy co-ordination mechanism. The mechanism uses an approximation technique to balance any traffic parameter conflict between neighboring domains and improve overall QoS for services. Applications requiring bounded QoS then adhere to certain traffic policies while setting up QoS paths between end domains. The architecture uses BGP based policy decisions mechanism using special community attribute called policy attribute to compute optimized routing paths. This is apart from standard policy mechanisms used by BGP. We integrate the above mentioned functions in our architecture which provides a scalable solution to improve QoS from source AS to destination AS across the Internet. Proper resource management plays an important role in supporting multiple users with multiple service requirements and one way of achieving this is through tuning various parameters involved with traffic engineering. Our architecture is based upon a hierarchical resource management scheme which distributes the control of network functions at three different levels. Such resource management, within and between AS domains, are supported through the hierarchical grouping of various architectural components. Our architecture also addresses the issue of policy conflict between AS domains using a policy co-ordination algorithm where we use an approximation technique to determine the best possible resource management strategy and obtaining the right value for QoS parameters between end nodes. Hence our proposed architecture is integrated and is aimed at improving end-to-end QoS for various services in the Internet

Policy Based Network Architecture in Support for Guaranteed

Current Internet architecture is based on the Best Effort (BE) model, where packets can be dropped indiscriminately in the event of congestion. Though such a model works well for certain traditional applications such as FTP, E-mail and less QoS constrained applications, it can be intolerable for newly emerged real-time, multimedia applications such as Internet Telephony, Video-Conferencing and Video on-Demand. Such applications have a strict demand for high bandwidth, low delay and low jitter. Current research is focused towards providing better than BE services over the Internet thereby providing a better Internet architecture which is scalable and will enable end-to-end QoS. This paper is based on the on-going research activities being carried out by various researchers in the area of QoS and proposes a Policy Based Network (PBN) for the next generation Internet