On Application Layer DDoS Attack Detection in High-Speed Encrypted Networks

Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer making it even harder to detect attacker’s activity without decrypting users network traffic and violating their privacy. In this paper, we present a method which allows us to timely detect various applicationlayer attacks against a computer network. We focus on detection of the attacks that utilize encrypted protocols by applying an anomaly-detection-based approach to statistics extracted from network packets. Since network traffic decryption can violate ethical norms and regulations on privacy, the detection method proposed analyzes network traffic without decryption. The method involves construction of a model of normal user behavior by analyzing conversations between a server and clients. The algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available. Once the model has been built, it can be applied to detect various types of application-layer denial-of- service attacks. The proposed technique is evaluated with realistic end user network traffic generated in our virtual network environment. Evaluation results show that these attacks can be properly detected, while the number of false alarms remains very low

Quality of service and dynamic scheduling for traffic engineering in next generation networks

Nykyisin Internet-operaattorit tuottavat palveluja, jotka ovat sidoksissa verkon suorituskykyyn. Palvelut tunnistetaan niihin liittyvien parametrien mukaan, jotka jaottelevat pakettiliikenteen verkon solmujen kautta. Näitä parametreja kutsutaan palvelun laaduksi (QoS). Tulevaisuudessa tietoliikenneverkoissa aikakriittinen liikenne, kuten ääntä (IP-puhelut, VoIP) ja videokuvaa sisältävä liikenne tulee lisääntymään. Palvelun laatua tarvitaan takaamaan aikakriittisten liikenteiden toiminta tietoverkoissa.Menetelmät, jotka perustuvat pakettien merkitsemiseen, ovat yksinkertaisia ja skaalautuvia. Jonotusmenettelyjä käytetään takaamaan erityyppisten liikenteiden palvelun laatu. Palvelun laadun tuottamisessa sovelletaan jonotusmenettelyjä tietoverkkojen reititykseen. Jarmo Siltanen tutki väitöskirjassaan liikenteen hallintaa ja jonotusalgoritmien toimintaa. Tutkimuksessa esitetyt mallit sallivat operaattorin valita painotuksen jokaiselle luokalle, jotta tuotto maksimoituu ilman, että asiakkaan palvelun laatu huononee.Today, the Internet provides an access to services that have strict requirements for network performance. Each of these services may be characterized with parameters that specify its packet transmission across a set of nodes in the network. Collectively, these parameters are usually referred to as Quality-of-Service (QoS). Quality of Service is important in modern networks for several reasons. Critical applications, such as real-time audio and video, should be given priority over less critical ones, such as file transferring and web surfing. Next Generation Networks have to provide support to a number of different types of traffic, each with it's own particular characteristics and Quality of Service parameters including e.g. guaranteed bandwidth, jitter and latency.One of the key points in providing QoS is the implemented queuing policy at a routing node. The set of queuing policies, which are used to guarantee the required QoS, has been considered in number of works. However, if a queuing discipline has input parameters then in most cases static configuration is used. An adaptive approach can more effectively share processing resources providing the required QoS and improving a provider’s functioning in a certain manner.This dissertation has presented a scheduling model that optimizes the revenue and bandwidth of the network. The proposed algorithms ensure more bandwidth for the users paying more for the connection (i.e. higher service class) than those paying less. A good rate allocation mechanism should not only be fair, but should also allocate the available bandwidth in such a way that the overall utility of the users is maximized. Most of the work is based upon analysis of the different simulations and the corresponding results

Analysis of approaches to Internet traffic generation for cyber security research and excercise

Because of the severe global security threat of malwares, vulnerabilities and attacks against networked systems cyber-security research, training and exercises are required for achieving cyber resilience of organizations. Especially requirement for organizing cyber security exercises has become more and more relevant for companies or government agencies. Cyber security research, training and exercise require closed Internet like environment and generated Internet traffic. JAMK University of Applied Sciences has built a closed Internet-like network called Realistic Global Cyber Environment (RGCE). The traffic generation software for the RGCE is introduced in this paper. This paper describes different approaches and use cases to Internet traffic generation. Specific software for traffic generation is created, to which no existing traffic generation solutions were suitable

On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks

Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer making it even harder to detect attacker’s activity without decrypting users network traffic and violating their privacy. In this paper, we present a method which allows us to timely detect various applicationlayer attacks against a computer network. We focus on detection of the attacks that utilize encrypted protocols by applying an anomaly-detection-based approach to statistics extracted from network packets. Since network traffic decryption can violate ethical norms and regulations on privacy, the detection method proposed analyzes network traffic without decryption. The method involves construction of a model of normal user behavior by analyzing conversations between a server and clients. The algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available. Once the model has been built, it can be applied to detect various types of application-layer denial-of- service attacks. The proposed technique is evaluated with realistic end user network traffic generated in our virtual network environment. Evaluation results show that these attacks can be properly detected, while the number of false alarms remains very low.peerReviewe

DataBio Deliverable D4.4 – Service Documentation

The public deliverable D4.4 describes the software components and processes (here called pipelines as the processes mostly consist of Big Data volumes streaming through successive processing steps) to be utilized by the DataBio Platform and pilots. The pilot services were tested through two phases, Trial 1 and Trial 2 of the project. Most of the components were used in both Trials with some updates in their features for Trial 2. In addition, this deliverable reports which components were deployed in each pilot and the development platform that the pilots tested their Big Data solutions on. The document aggregates information dispersed among various deliverables (namely [REF-01] - [REF-06]). The aim of this deliverable is to create a comprehensive overview of DataBio technical results. The objective of WP4 “DataBio Platform with Pilot Support” was to configure and adopt Big Data technologies for agriculture, forestry, and fishery. The work package together with WP5 “Earth Observation and Geospatial Data and Services”, established a platform for the development of bioeconomy applications. The software and dataset repository DataBio Hub is a central resource of the platform. In doing so, WP4 supported the DataBio pilots in their needs for Big Data technologies. This deliverable starts with an overview of DataBio building blocks such as platform architecture, software components, datasets, models that offer functionalities primarily for services in the domains of agriculture, forestry, and fishery. Then follows the exploitation for the identification of cross reusable (sub) pipelines (“design patterns”) that can be used across the pilots of the project and can be applied to other domains. The pipelines are one of the major exploitable assets of DataBio. The generic sections of the deliverable are concluded by Chapter 4 that explains the integration of different components into a pipeline and the services that are provided per pilot. The main results for the pilot services and the component updates, from a technological aspect, for both trials 1 and 2 are presented. The concluding chapter outlines the main findings, lessons learned and emerging examples of best practices. The deliverable comprises contributions from the following tasks: • T4.1: DataBio Architecture Requirements • T4.2: Advanced Visualization Services • T4.3: Predictive Analytics and Machine Learning • T4.4: Real-time Analytics and Stream Processing • T4.5: Big Data Variety Management, Storage, Linked Data and Queries • T4.6: Big Data Acquisition and Curation with Security/Privacy Support • T5.1: EO Subsystem and Components • T5.2: EO Data Discovery and Data Management & Acquisition Services • T5.3: EO Data Processing, Extraction, Conversion and Fusion Services • T5.5: Meteo Data Managemen

DataBio Deliverable D4.4 – Service Documentation

The public deliverable D4.4 describes the software components and processes (here called pipelines as the processes mostly consist of Big Data volumes streaming through successive processing steps) to be utilized by the DataBio Platform and pilots. The pilot services were tested through two phases, Trial 1 and Trial 2 of the project. Most of the components were used in both Trials with some updates in their features for Trial 2. In addition, this deliverable reports which components were deployed in each pilot and the development platform that the pilots tested their Big Data solutions on. The document aggregates information dispersed among various deliverables (namely [REF-01] - [REF-06]). The aim of this deliverable is to create a comprehensive overview of DataBio technical results. The objective of WP4 “DataBio Platform with Pilot Support” was to configure and adopt Big Data technologies for agriculture, forestry, and fishery. The work package together with WP5 “Earth Observation and Geospatial Data and Services”, established a platform for the development of bioeconomy applications. The software and dataset repository DataBio Hub is a central resource of the platform. In doing so, WP4 supported the DataBio pilots in their needs for Big Data technologies. This deliverable starts with an overview of DataBio building blocks such as platform architecture, software components, datasets, models that offer functionalities primarily for services in the domains of agriculture, forestry, and fishery. Then follows the exploitation for the identification of cross reusable (sub) pipelines (“design patterns”) that can be used across the pilots of the project and can be applied to other domains. The pipelines are one of the major exploitable assets of DataBio. The generic sections of the deliverable are concluded by Chapter 4 that explains the integration of different components into a pipeline and the services that are provided per pilot. The main results for the pilot services and the component updates, from a technological aspect, for both trials 1 and 2 are presented. The concluding chapter outlines the main findings, lessons learned and emerging examples of best practices. The deliverable comprises contributions from the following tasks: • T4.1: DataBio Architecture Requirements • T4.2: Advanced Visualization Services • T4.3: Predictive Analytics and Machine Learning • T4.4: Real-time Analytics and Stream Processing • T4.5: Big Data Variety Management, Storage, Linked Data and Queries • T4.6: Big Data Acquisition and Curation with Security/Privacy Support • T5.1: EO Subsystem and Components • T5.2: EO Data Discovery and Data Management & Acquisition Services • T5.3: EO Data Processing, Extraction, Conversion and Fusion Services • T5.5: Meteo Data ManagementpublishedVersio