DOI: 10.3897/jucs.152399

Authors: Abdelhady Naguib, Abdulaziz Shehab

Abstract: The importance of localization algorithms is due to their uses in various wireless sensor network applications. A single anchor movement can be used to aid in localization to reduce the cost of using multiple anchors or equipping sensor nodes with GPS units, but the main challenge here is choosing the best path of movement while avoiding potential obstacles. This paper proposes a path planning algorithm called Square Spiral with Obstacle Avoidance (SQSPOA) which allows a mobile anchor node to track an optimal path while broadcasting its current coordinates to the unknown sensor nodes. During its movement, the mobile anchor node faces many obstacles that may hinder its mobility; but as a result of the superiority of the proposed algorithm the mobile anchor can avoid these obstacles while still broadcasting its coordinates to sensor nodes. The performance of the proposed algorithm was evaluated at the presence of variable-sized obstacles and was compared with recent path planning algorithms. Simulation results proved the superiority of the proposed algorithm with respect to localization error, percent of localized sensor node and trajectory length.

HTML

PDF

DOI: 10.3897/jucs.85703

Authors: Marko Zekan, Igor Tomičić, Markus Schatten

Abstract: Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems remains a concern. This is mostly because of the low-sample, imbalanced nature of realistic datasets, which make models challenging to train.Considering this, we applied a novel semi-supervised EC-GAN method for network flow classifi- cation of CIC-IDS-2017 dataset. EC-GAN uses synthetic data to aid the training of a supervised classifier on low-sample data. To achieve this, we modified the original EC-GAN to work with tabular data. In our approach, WCGAN-GP is used for synthetic tabular data generation, while a simple deep neural network is used for classification. The conditional nature of WCGAN-GP diminishes the class imbalance problem, while GAN itself solves the low-sample problem. This approach was successful in generating believable synthetic data, which was consequently used for training and testing the EC-GAN.To obtain our results, we trained a classifier on progressively smaller versions of the CIC-DIS-2017 dataset, first via a novel EC-GAN method and then in the conventional way, without the help of synthetic data. We then compared these two sets of results with another author’s results using accuracy, false positive rate, detection rate and macro F1 score as metrics. Our results showed that supervised classifier trained with EC-GAN can achieve significant results even when trained on as little as 25% of the original imbalanced dataset.

HTML

XML

PDF

DOI: 10.3897/jucs.80625

Authors: Derya Yiltas-Kaplan

Abstract: Software-defined networking (SDN) has emerged as a solution to the cumbersome structures of classical computer networks. It separates control and data planes to give independence to devices with respect to either traffic routing or network management. The two isolated planes communicate with each other via the help of software modules, which are located in an SDN controller, such as Floodlight, NOX, or Ryu. In this study, Floodlight is used and an SDN topology with 20 switches is constructed with Python code in Mininet. All algorithms have been coded with Java. The default routing algorithm in Floodlight is Dijkstra’s algorithm. Four different network optimization algorithms, namely Bellman-Ford, Ford-Fulkerson, Auction, and Dual Ascent algorithms, are utilized in ordinary network routing instead of Dijkstra’s algorithm. None of these four algorithms were used in SDN before and network implementations using Ford-Fulkerson, Auction, or Dual Ascent algorithms were scarce in the literature. The results are analyzed with multiple types of normalization on a new user interface communicating with Floodlight part via HTTP requests. There has not been a user interface that performs the same operations in Floodlight. In the future, this study may possibly be improved with considering normalization processes based on various proportions among the metric values and accounting the computational time of the algorithms.

HTML

XML

PDF

DOI: 10.3217/jucs-025-07-0788

Authors: Robin Mueller-Bady, Martin Kappes, Inmaculada Medina-Bulo, Francisco Palomo-Lozano

Abstract: In this paper, the applicability of heuristic methods for an automated and reactive optimization of network infrastructures in highly-dynamic communication networks is studied. With an increasing amount of (mobile) participants and at the same time significantly growing quality requirements in communication networks over the past years, optimization of communication infrastructures will become an inevitable challenge in providing a reliable and high-quality communication service. Mostly, changes in highly-dynamic networks, which may be planned or unplanned, happen swiftly, such that it is not possible to apply manual optimization. Thus, an automated and reactive optimization becomes necessary to address this problem. Two major issues arise from the optimization of highly-dynamic communication networks. First, the complexity of problems, which is either implied by the complex optimization problem or the number of different possibly concurrent goals subject to optimization. Second, the highly-dynamic optimization search space, where network topologies may change rapidly introducing severe challenges for the optimization process. Here, different evolutionary and greedy optimization heuristics for the optimal selection of monitors in communication networks are studied and compared. Monitor selection is a well-known, important, and complex (NP-hard) optimization problem, serving as a current and actual use case for the general concept of highly-dynamic communication network optimization. As the results show, two of three methods reliably provide solutions of sufficiently high quality in reasonable time, enabling the applicability of heuristic methods of optimization in highly-dynamic communication networks. Results of the experiments are obtained using state-of-the-art statistical methods for evaluation of (evolutionary) search heuristics on a set of 39 real-world and synthetic benchmark problem instances.

HTML

XML

PDF

DOI: 10.3217/jucs-022-09-1203

Authors: Jernej Tonejc, Sabrina Güttes, Alexandra Kobekova, Jaspreet Kaur

Abstract: In recent years, the volume and the complexity of data in Building Automation System networks have increased exponentially. As a result, a manual analysis of network traffic data has become nearly impossible. Even automated but supervised methods are problematic in practice since the large amount of data makes manual labeling, required to train the algorithms to differentiate between normal traffic and anomalies, impractical. This paper introduces a framework which allows the characterization of BACnet network traffic data by means of unsupervised machine learning techniques. Specifically, we use clustering, random forests, one-class support vector machines and support vector classifier, after a pre-processing step that includes principal components analysis for dimensionality reduction. We compare the effectiveness of the methods in detecting anomalies by performing experiments on BACnet network traffic data from various sources. We describe which of these unsupervised methods work best in specific scenarios since each method has its distinct advantages and disadvantages. In particular, we discuss which method is best suited to detect new types of anomalies (novelty detection), or which method most reliably and efficiently finds new attacks of a type that has been captured in the data previously.

HTML

XML

PDF

DOI: 10.3217/jucs-022-04-0521

Authors: Muneer Yassein, Yaser Khamayseh, Mai Abujazoh

Abstract: The security issue is essential and more challenging in Mobile Ad-Hoc Network (MANET) due to its characteristics such as, node mobility, self-organizing capability and dynamic topology. MANET is vulnerable to different types of attacks. One of possible attacks is black hole attack. Black hole attack occurs when a malicious node joins the network with the aim of intercepting data packets which are exchanged across the network and dropping them which affects the performance of the network and its connectivity. This paper proposes a new dataset (BDD dataset) for black hole intrusion detection systems which contributes to detect the black hole nodes in MANET. The proposed dataset contains a set of essential features to build an efficient learning model where these features are selected carefully using one of the feature selection techniques which is information gain technique J48 decision tree, Naïve Bayes (NB) and Sequential Minimal Optimization (SMO) classifiers are learned using training data of BDD dataset and the performance of these classifiers is evaluated using a learning machine tool Weka 3.7.11. The obtained performance results indicate that using the proposed dataset features succeeded in build an efficient learning model to train the previous classifiers to detect the black hole attack.

HTML

XML

PDF

DOI: 10.3217/jucs-021-09-1210

Authors: Libor Polčák, Barbora Franková

Abstract: Each clock has built-in deficiencies since the manufacturing process is not precise on atomic level. These inaccuracies cause each clock to drift in a unique way. Clock skew has been already studied and used to identify computers. Based on the previous research in clock-skew-based identification, this paper provides a summary of use cases and methods for clock-skew-based identification. Nevertheless, the main contribution of the paper is following: (1) A formal evaluation of the requirements for precise clock skew estimations. The formal approach is accompanied with an empirical study of 24,071 clock skew measurements. (2) A method that links IPv4 and IPv6 addresses of a single computer. (3) A scenario, during which a malicious attacker mimics clock skew of another computer and consequently, for example, penetrates through authentication mechanisms considered during previous research. (4) Even though the real network observations expose that current precision in clock skew estimation is not sufficient to uniquely identify devices in moderately-sized network, some IPv4 and IPv6 addresses can be linked based on unique clock skew shifts of a computer, for example caused by a running NTP daemon.

HTML

XML

PDF

DOI: 10.3217/jucs-020-13-1738

Authors: Davide Vega, Roc Meseguer, Felix Freitag, Sergio Ochoa

Abstract: Volunteer computing is a paradigm in which devices participating in a distributed environment share part of their resources to help others perform their activities. The effectiveness of this computing paradigm depends on the collaboration attitude adopted by the participating devices. Unfortunately for software designers it is not clear how to contribute with local resources to the shared environment without compromising resources that could then be required by the contributors. Therefore, many designers adopt a conservative position when defining the collaboration strategy to be embedded in volunteer computing applications. This position produces an underutilization of the devices’ local resources and reduces the effectiveness of these solutions. This article presents a study that helps designers understand the impact of adopting a particular collaboration attitude to contribute with local resources to the distributed shared environment. The study considers five collaboration strategies, which are analyzed in computing environments with both, abundance and scarcity of resources. The obtained results indicate that collaboration strategies based on effort-based incentives work better than those using contribution-based incentives. These results also show that the use of effort-based incentives does not jeopardize the availability of local resources for the local needs.

HTML

XML

PDF

DOI: 10.3217/jucs-018-06-0857

Authors: Jezabel Molina-Gil, Pino Caballero-Gil, Cándido Caballero-Gil

Abstract: A key aspect to ensure that Vehicular Ad-hoc NETworks (VANETS) work properly is the provision of reliable and real time information to users. In order to achieve this goal, on the one hand, nodes must cooperate actively in relaying the messages to reach as many users as possible to warn them about possible hazards. On the other hand, users should be able to rely on the received information, so they should be able to verify that the relayed network data are true. As distributed and decentralized networks, security problems such as prevention of false information injection, and detection of misbehaviour could be solved through cooperation among nodes. In this work we propose a set of countermeasures to prevent selfish behaviour and malicious attacks, making use of node revocation through cooperation enforcement mechanisms and isolation of malicious nodes from the network. The proper performance of the proposed techniques has been evaluated with many simulations, and the results show that the countermeasures described in this work increase not only efficiency but also security of communications.

HTML

XML

PDF

DOI: 10.3217/jucs-018-05-0599

Authors: Grzegorz Chmaj, Krzysztof Walkowiak

Abstract: Peer-to-Peer (P2P) computing (also called 'public-resource computing') is an effective approach to perform computation of large tasks. Currently used P2P computing systems (e.g., BOINC) are most often centrally managed, i.e., the final result of computations is created at a central node using partial results - what may be not efficient in the case when numerous participants are willing to download the final result. In this paper, we propose a novel approach to P2P computing systems. We assume that results can be delivered to all peers in a distributed way using three types of network flows: unicast, Peer-to-Peer and anycast. We describe our concept of the system architecture with a special focus on the decision strategies developed for system participants. Using our discrete realtime simulator we evaluate the proposed strategies in various scenarios and present a comprehensive analysis of obtained results. According to obtained results, the Peer-to-Peer flow provides lower operational cost of the computing system compared to unicast and anycast flows. Moreover, an appropriate selection of decision strategy can significantly reduce the operational cost.

HTML

XML

PDF

DOI: 10.3217/jucs-017-11-1605

Authors: Khaled Salah, Mojeeb-Al-Rhman Al-Khiaty, Rashad Ahmed, Adnan Mahdi

Abstract: Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.

HTML

XML

PDF

DOI: 10.3217/jucs-017-11-1550

Authors: Nabila Labraoui, Mourad Gueroui, Makhlouf Aliouat, Jonathan Petit

Abstract: In-network data aggregation has a great impact on the energy consumption in large-scale wireless sensor networks. However, the resource constraints and vulnerable deployment environments challenge the application of this technique in terms of security and efficiency. A compromised node may forge arbitrary aggregation value and mislead the base station into trusting a false reading. In this paper, we present RAHIM, a reactive defense to secure data aggregation scheme in cluster-based wireless sensor networks. The proposed scheme is based on a novel application of adaptive hierarchical level of monitoring providing accuracy of data aggregation result in lightweight manner, even if all aggregator nodes and a part of sensors are compromised in the network.

HTML

XML

PDF

DOI: 10.3217/jucs-017-06-0891

Authors: Yi-Li Huang, Fang-Yie Leu, Chao-Hong Chiu, I-Long Lin

Abstract: Recently, IEEE 802.16 Worldwide Interoperability for Microwave Access (WiMAX for short) has provided us with low-cost, high efficiency and high bandwidth network services. However, as with the WiFi, the radio wave transmission also makes the WiMAX face the wireless transmission security problem. To solve this problem, the IEEE802.16Std during its development stage defines the Privacy Key Management (PKM for short) authentication process which offers a one-way authentication. However, using a one-way authentication, an SS may connect to a fake BS. Mutual authentication, like that developed for PKMv2, can avoid this problem. Therefore, in this paper, we propose an authentication key management approach, called Diffie-Hellman-PKDS-based authentication method (DiHam for short), which employs a secret door asymmetric one-way function, Public Key Distribution System (PKDS for short), to improve current security level of facility authentication between WiMAX’s BS and SS. We further integrate the PKMv1 and the DiHam into a system, called PKM-DiHam (P-DiHam for short), in which the PKMv1 acts as the authentication process, and the DiHam is responsible for key management and delivery. By transmitting securely protected and well-defined parameters for SS and BS, the two stations can mutually authenticate each other. Messages including those conveying user data and authentication parameters can be then more securely delivered.

HTML

XML

PDF

DOI: 10.3217/jucs-016-10-1343

Authors: Lei Shu, Manfred Hauswirth, Yan Zhang, Jianhua Ma, Geyong Min, Yu Wang

Abstract: The use of multimedia sensor nodes can significantly enhance the capability of wireless sensor networks (WSNs) for event description. In a number of scenarios, e.g., an erupting volcano, the WSNs are not deployed to work for an extremely long time. Instead, the WSNs aim to deliver continuous and reliable multimedia data as much as possible within an expected lifetime. In this paper, we focus on the efficient gathering of multimedia data in WSNs within an expected lifetime. An adaptive scheme to dynamically adjust the transmission Radius and data generation Rate Adjustment (RRA) is proposed based on a cross layer design by considering the interaction among physical, network and transport layers. We first minimize the end-to-end transmission delay in WSNs while using the minimum data generation rate. In this phase, an optimal transmission radius can be derived. Then, using this transmission radius, we adaptively adjust the data generation rate to increase the amount of gathered data. Simulation results show that the proposed RRA strategy can effectively enhance the data gathering performance in wireless multimedia sensor networks (WMSNs) by dynamically adjusting the transmission radius of sensor nodes and the data generation rate of source nodes.

HTML

XML

PDF

DOI: 10.3217/jucs-015-09-2011

Authors: Ting Peng, Qinghua Zheng, Yinli Jin

Abstract: In Peer-to-Peer(P2P) streaming system, the multicasting tree construction method influences considerably on network load. Under current available strategies, network resources are not used economically, or network resource friendship and the flexibility can't be approached thoroughly. With the increasing application of Internet, network infrastructure itself becomes a precious resource, which should be performed effectively. In our implementation, network transmission delay between the peers is detected, used as practical performance metrics of the P2P streaming system. According to the metrics, network friendly tree is provided as overlay multicasting tree construction strategy for P2P streaming system. In this strategy, additional transmission delays are minimized as new peers enter. The simulation experiment presents that the proposed strategy network friendly tree works better than other contrasts. And the transmission performance improves significantly at minor additional cost.

HTML

XML

PDF

DOI: 10.3217/jucs-015-02-0488

Authors: Chin-Ling Chen

Abstract: This study has proposed a new detection method for DDoS attack traffic based on two-sample t-test. We first investigate the statistics of normal SYN arrival rate (SAR) and confirm it follows normal distribution. The proposed method identifies the attack by testing 1) the difference between incoming SAR and normal SAR, and 2) the difference between the number of SYN and ACK packets. The experiment results show that the possibilities of both false positives and false negatives are very low. The proposed mechanism is also demonstrated to have the capability of detecting DDoS attack quickly.

HTML

XML

PDF

DOI: 10.3217/jucs-014-07-1105

Authors: SungSoo Lee, HangKon Kim, ChongGun Kim

Abstract: A central characteristic of ad hoc mobile networks is the frequent changes of their topology. This is the source of many problems that need to be solved. AODV is an on-demand routing protocol for decreasing maintenance overhead in ad hoc networks. However, some path breaks can cause significant overhead and transmission delays. If the maintenance overhead of the ro uting table can be reduced, table -driven routing methods could be an efficient substitution. In this paper , we propose a knowledge discovery agent for an effective routing method that uses simple bit -map topology information. The agent node gathers topology knowledge and creates topology bit -map information. All available paths from a source to a destination can easily be calculate d using the bit-map. All the nodes in the network maintain the bit-map distributed from the agent, and use it for the source of routing. The performance and the correctness of the proposed agent method is verified by computer simulations.

HTML

XML

PDF

DOI: 10.3217/jucs-014-05-0625

Authors: Denis Collange, Jean-Laurent Costeux

Abstract: Quality of Experience (QoE) is a promising method to take into account the users' needs in design ing, monitoring and manag ing networks. However, there is a challenge in finding a quick and simple way to estimate th e QoE due to the diversity of needs , habits and customs. We propose a new empirical method to approximate it automatically from passive network measurements and we compare its pros and cons with usual techniques. We apply it, as an example , on ADSL traffic traces to estimate the QoE dependence on the loss rate for the most used applications . We analyze more precisely the correlations between packet losses and some traffic characteristics of TCP connections, the duration, the sizes and the inter-arrival. We define different thresholds on the loss rate for network management. A nd we propose a notion of sensitiveness to compare these correlations on different applications.

HTML

XML

PDF

DOI: 10.3217/jucs-013-02-0287

Authors: Leszek Borzemski

Abstract: In this paper we propose an application of data mining methods in the prediction of the availability and performance of Internet paths. We deploy a general decision-making method for advising the users in further usage of Internet path at particular time and date. The method is based on the clustering and tree classification data mining techniques. The usefulness of our method for prediction the Internet path behavior has been confirmed in real-life experiment. The active Internet measurements were performed to gather the end-to-end latency and packet routing information. The knowledge gathered has been analyzed using a professional data mining package via neural clustering and decision tree algorithms. The results show that the data mining can be efficiently used for the purpose of the forecasting the network behavior. We propose to build a network performance monitoring and prediction service based on proposed data mining procedure. We address our approach especially to the non-networkers of such networking frameworks as Grid and overlay networks who want to schedule their network activity but who want to be left free from networking issues to concentrate on their work.

HTML

XML

PDF

DOI: 10.3217/jucs-011-04-0495

Authors: Tomaso Forzi, Meikel Peters

Abstract: A well-functioning Knowledge Management is a competitive advantage for enterprises that act in co-operative and distributed networks with knowledge intensive production processes. A Knowledge Management approach that integrates both, hard factors (e.g. Information Technology) and soft factors (e.g., cultural aspects) for distributed and dynamic entrepreneurial (inter-organisational) networks is currently missing. This paper presents research findings of a project that is developing a methodology as well as an appropriate toolkit to support a service provider responsible for the KM within distributed entrepreneurial networks. The project integrates explicitly both new Information and Communication Technology driven organisational concepts, human-oriented approaches and existing KM methodologies and instruments.

HTML

XML

PDF

DOI: 10.3217/jucs-008-07-0698

Authors: Daniel Hong, Choong Hong, Yoo Hyoung, Dong-Sik Yun, Woo-Sung Kim

Abstract: ATM virtual path (VP) contains bundles of virtual channels (VCs). A VP layer network can be used as a server layer network of VC layer networks and each VC layer network can be a client layer. Therefore the effective provision of VC services can be achieved by a better routing scheme of the VP layer network. However, the traditional hierarchical routing scheme of PNNI signaling protocol does not provide the globally optimal route in hierarchical transport network due to its successive network partitioning and topology abstraction. We propose a new VP routing scheme suitable for a nation-wide hierarchical transport network and a network model suitable for the scalable VP network management system. The routing algorithm can provide the globally optimal route in the hierarchical network environment from the perspectives of maximization of network resource utilization and satisfaction of the end user s QoS requirement. In addition, we describe the implementation model of the ATM virtual path network management system (VP-NMS). Lastly, we show the routing performance evaluated in the High Speed Information Network (HSIN) of Korea Telecom.

HTML

XML

PDF

DOI: 10.3217/jucs-007-05-0355

Authors: John Buford

Abstract: Trends in telecommunications networks including network convergence, requirements for QoS and service level agreements, and open service architectures are impacting the service mangement systems and processes. New results in three areas of IP service management are described. The architecture of a new platform for service management is presented. This is the first reported service assurance platform to use ASP technology as its infrastructure. A new performance mangement suite is described. This suite currently supports measurement and reporting of web and stream servers and VoIP softswitches. Finally, a recent result in customer care automation for processing large volumes of email sent to a customer care center is reviewed.

HTML

XML

PDF