Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406175
Neeraj Asthana, Tom Chefalas, A. Karve, A. Segal, Mahika Dubey, Sai Zeng
The rapidly increasing complexity and scale of hybrid cloud environments requires improved service management capabilities in orchestration and automation. Current methods focus on provisioning infrastructure but lack functionality for consistently enabling and performing operational activities on managed services. We propose a data-driven approach to dynamically generate Orchestration Engine plugins from service descriptor metadata. Our approach extends Orchestration Engines by representing managed services as code within reusable blueprints in order to accelerate service deployments and ease management activities. In our work, we provide a data model and system architecture to allow service providers to easily author and publish resource definitions for a wide range of public and private services. These definitions may be combined into solution blueprints, forming a declarative and reusable representation of a managed workload. After provisioning a workload, administrators can view service instance data and invoke operational activities. For evaluation, we describe the authoring and orchestration of a hybrid cloud workload and discuss the strengths of our solution versus current methods.
{"title":"A declarative approach for service enablement on hybrid cloud orchestration engines","authors":"Neeraj Asthana, Tom Chefalas, A. Karve, A. Segal, Mahika Dubey, Sai Zeng","doi":"10.1109/NOMS.2018.8406175","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406175","url":null,"abstract":"The rapidly increasing complexity and scale of hybrid cloud environments requires improved service management capabilities in orchestration and automation. Current methods focus on provisioning infrastructure but lack functionality for consistently enabling and performing operational activities on managed services. We propose a data-driven approach to dynamically generate Orchestration Engine plugins from service descriptor metadata. Our approach extends Orchestration Engines by representing managed services as code within reusable blueprints in order to accelerate service deployments and ease management activities. In our work, we provide a data model and system architecture to allow service providers to easily author and publish resource definitions for a wide range of public and private services. These definitions may be combined into solution blueprints, forming a declarative and reusable representation of a managed workload. After provisioning a workload, administrators can view service instance data and invoke operational activities. For evaluation, we describe the authoring and orchestration of a hybrid cloud workload and discuss the strengths of our solution versus current methods.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75428483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406187
Xiaotong Wang, Lanlan Rui, Hui Guo, Xue-song Qiu
With the development of Internet of Things, there are more and more devices and applications at the edge of the smart grid. To enhance the quality of service, further processing of the smart grid to achieve load balancing is regarded as a critical step. The most interesting element in smart grid communications is data itself regardless of the data source. The emergency of Content-Centric network (CCN) just meets the demands and addresses the problems. First we model the smart grid with Content-Centric Network, and concentrate on the edge communication. Then we propose a load-aware potential-based routing (LAPBR) algorithm and evaluate its performances. The simulations results demonstrate the stability and robustness of LAPBR.
{"title":"Load-aware potential-based routing for the edge communication of smart grid with content-centric network","authors":"Xiaotong Wang, Lanlan Rui, Hui Guo, Xue-song Qiu","doi":"10.1109/NOMS.2018.8406187","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406187","url":null,"abstract":"With the development of Internet of Things, there are more and more devices and applications at the edge of the smart grid. To enhance the quality of service, further processing of the smart grid to achieve load balancing is regarded as a critical step. The most interesting element in smart grid communications is data itself regardless of the data source. The emergency of Content-Centric network (CCN) just meets the demands and addresses the problems. First we model the smart grid with Content-Centric Network, and concentrate on the edge communication. Then we propose a load-aware potential-based routing (LAPBR) algorithm and evaluate its performances. The simulations results demonstrate the stability and robustness of LAPBR.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74522485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406149
Shinnazar Seytnazarov, Young-Tak Kim
Currently available aggregation-enabled wireless local area network (WLAN) implementations do not apply aggregate MAC protocol data unit (A-MPDU) aggregation to real-time voice over Internet protocol (VoIP) traffic because of its strict end-to-end delay requirements. When the number of VoIP sessions in WLAN increases, both mobile station (MS) and access point (AP) face heavy voice packet losses leading to unacceptable quality of service (QoS). Therefore, VoIP capacity of aggregation-enabled WLANs like IEEE 802.11n and 802.11ac is very limited under currently available implementations. In this paper, we propose a QoS-aware adaptive A-MPDU aggregation scheduler for enhanced VoIP capacity over aggregation-enabled WLANs, which adaptively applies A-MPDU aggregation to voice traffic at both MS and AP nodes, considering dynamic contention in WLAN, delay in backbone network, and end-to-end QoS requirements of real-time voice traffic. Performance evaluations of the proposed scheme showed that it can achieve as much as 5.3 times bigger capacity compared to the existing implementations, while delivering all voice packets to destination with less than 150ms end-to-end delay and less than 50ms average jitter.1
目前可用的支持聚合的无线局域网(WLAN)实现由于对端到端时延的严格要求,无法将聚合MAC协议数据单元(A-MPDU)聚合应用于实时VoIP (voice over Internet protocol)业务。当无线局域网的VoIP会话数量增加时,移动站(MS)和接入点(AP)都会面临严重的语音包丢失,从而导致无法接受的服务质量(QoS)。因此,在目前可用的实现下,IEEE 802.11n和802.11ac等支持聚合的wlan的VoIP容量非常有限。在本文中,我们提出了一种QoS感知的自适应a - mpdu聚合调度器,用于在支持聚合的WLAN上增强VoIP容量,该调度器考虑到WLAN中的动态争用、骨干网的延迟以及实时语音流量的端到端QoS要求,自适应地将a - mpdu聚合应用于MS和AP节点的语音流量。性能评估表明,与现有实现相比,该方案可以实现高达5.3倍的容量,同时以小于150ms的端到端延迟和小于50ms的平均抖动将所有语音数据包传输到目的地
{"title":"QoS-aware adaptive A-MPDU aggregation scheduler for enhanced VoIP capacity over aggregation-enabled WLANs","authors":"Shinnazar Seytnazarov, Young-Tak Kim","doi":"10.1109/NOMS.2018.8406149","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406149","url":null,"abstract":"Currently available aggregation-enabled wireless local area network (WLAN) implementations do not apply aggregate MAC protocol data unit (A-MPDU) aggregation to real-time voice over Internet protocol (VoIP) traffic because of its strict end-to-end delay requirements. When the number of VoIP sessions in WLAN increases, both mobile station (MS) and access point (AP) face heavy voice packet losses leading to unacceptable quality of service (QoS). Therefore, VoIP capacity of aggregation-enabled WLANs like IEEE 802.11n and 802.11ac is very limited under currently available implementations. In this paper, we propose a QoS-aware adaptive A-MPDU aggregation scheduler for enhanced VoIP capacity over aggregation-enabled WLANs, which adaptively applies A-MPDU aggregation to voice traffic at both MS and AP nodes, considering dynamic contention in WLAN, delay in backbone network, and end-to-end QoS requirements of real-time voice traffic. Performance evaluations of the proposed scheme showed that it can achieve as much as 5.3 times bigger capacity compared to the existing implementations, while delivering all voice packets to destination with less than 150ms end-to-end delay and less than 50ms average jitter.1","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88815758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406255
Mariusz Słabicki, Gopika Premsankar, M. D. Francesco
Large-scale Internet of Things (IoT) deployments demand long-range wireless communications, especially in urban and metropolitan areas. LoRa is one of the most promising technologies in this context due to its simplicity and flexibility. Indeed, deploying LoRa networks in dense IoT scenarios must achieve two main goals: efficient communications among a large number of devices and resilience against dynamic channel conditions due to demanding environmental settings (e.g., the presence of many buildings). This work investigates adaptive mechanisms to configure the communication parameters of LoRa networks in dense IoT scenarios. To this end, we develop FLoRa, an open-source framework for end-to-end LoRa simulations in OMNeT++. We then implement and evaluate the Adaptive Data Rate (ADR) mechanism built into LoRa to dynamically manage link parameters for scalable and efficient network operations. Extensive simulations show that ADR is effective in increasing the network delivery ratio under stable channel conditions, while keeping the energy consumption low. Our results also show that the performance of ADR is severely affected by a highly-varying wireless channel. We thereby propose an improved version of the original ADR mechanism to cope with variable channel conditions. Our proposed solution significantly increases both the reliability and the energy efficiency of communications over a noisy channel, almost irrespective of the network size. Finally, we show that the delivery ratio of very dense networks can be further improved by using a network-aware approach, wherein the link parameters are configured based on the global knowledge of the network.
{"title":"Adaptive configuration of lora networks for dense IoT deployments","authors":"Mariusz Słabicki, Gopika Premsankar, M. D. Francesco","doi":"10.1109/NOMS.2018.8406255","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406255","url":null,"abstract":"Large-scale Internet of Things (IoT) deployments demand long-range wireless communications, especially in urban and metropolitan areas. LoRa is one of the most promising technologies in this context due to its simplicity and flexibility. Indeed, deploying LoRa networks in dense IoT scenarios must achieve two main goals: efficient communications among a large number of devices and resilience against dynamic channel conditions due to demanding environmental settings (e.g., the presence of many buildings). This work investigates adaptive mechanisms to configure the communication parameters of LoRa networks in dense IoT scenarios. To this end, we develop FLoRa, an open-source framework for end-to-end LoRa simulations in OMNeT++. We then implement and evaluate the Adaptive Data Rate (ADR) mechanism built into LoRa to dynamically manage link parameters for scalable and efficient network operations. Extensive simulations show that ADR is effective in increasing the network delivery ratio under stable channel conditions, while keeping the energy consumption low. Our results also show that the performance of ADR is severely affected by a highly-varying wireless channel. We thereby propose an improved version of the original ADR mechanism to cope with variable channel conditions. Our proposed solution significantly increases both the reliability and the energy efficiency of communications over a noisy channel, almost irrespective of the network size. Finally, we show that the delivery ratio of very dense networks can be further improved by using a network-aware approach, wherein the link parameters are configured based on the global knowledge of the network.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91373774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406116
Song Wang, K. G. Chavez, K. Sithamparanathan, Paul Zanna
Zodiac-FX is the first OpenFlow switch designed to sit on a desk, not in a datacenter. In this demo, we present Zodiac-FX the world's smallest OpenFlow Software Defined Network Switch. Our main objective is to showcase the usage and functionalities of Zodiac-FX in handling OpenFlow protocol. We will also demonstrate SDN sEcure COntrol and Data Plane (SECOD), an SDN secure controller algorithm to detect and defend SDN against DoS attacks. We will demonstrate Zodiac-FX and SECOD value via experiments within real traffic and Denial- of-Service (DoS) attacks allowing the audience to interact with the complete toolkit system.
{"title":"The smallest software defined network testbed in the world: Performance and security","authors":"Song Wang, K. G. Chavez, K. Sithamparanathan, Paul Zanna","doi":"10.1109/NOMS.2018.8406116","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406116","url":null,"abstract":"Zodiac-FX is the first OpenFlow switch designed to sit on a desk, not in a datacenter. In this demo, we present Zodiac-FX the world's smallest OpenFlow Software Defined Network Switch. Our main objective is to showcase the usage and functionalities of Zodiac-FX in handling OpenFlow protocol. We will also demonstrate SDN sEcure COntrol and Data Plane (SECOD), an SDN secure controller algorithm to detect and defend SDN against DoS attacks. We will demonstrate Zodiac-FX and SECOD value via experiments within real traffic and Denial- of-Service (DoS) attacks allowing the audience to interact with the complete toolkit system.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80758472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406295
Georgios Kaiafas, Georgios Varisteas, S. Lagraa, R. State, Duy Cu Nguyen, Thorsten Ries, M. Ourdane
Anomaly detection on security logs is receiving more and more attention. Authentication events are an important component of security logs, and being able to produce trustful and accurate predictions minimizes the effort of cyber-experts to stop false attacks. Observed events are classified into Normal, for legitimate user behavior, and Malicious, for malevolent actions. These classes are consistently excessively imbalanced which makes the classification problem harder; in the commonly used Los Alamos dataset, the malicious class comprises only 0.00033% of the total. This work proposes a novel method to extract advanced composite features, and a supervised learning technique for classifying authentication logs trustfully; the models are Random Forest, LogitBoost, Logistic Regression, and ultimately Majority Voting which leverages the predictions of the previous models and gives the final prediction for each authentication event. We measure the performance of our experiments by using the False Negative Rate and False Positive Rate. In overall we achieve 0 False Negative Rate (i.e. no attack was missed), and on average a False Positive Rate of 0.0019.
{"title":"Detecting malicious authentication events trustfully","authors":"Georgios Kaiafas, Georgios Varisteas, S. Lagraa, R. State, Duy Cu Nguyen, Thorsten Ries, M. Ourdane","doi":"10.1109/NOMS.2018.8406295","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406295","url":null,"abstract":"Anomaly detection on security logs is receiving more and more attention. Authentication events are an important component of security logs, and being able to produce trustful and accurate predictions minimizes the effort of cyber-experts to stop false attacks. Observed events are classified into Normal, for legitimate user behavior, and Malicious, for malevolent actions. These classes are consistently excessively imbalanced which makes the classification problem harder; in the commonly used Los Alamos dataset, the malicious class comprises only 0.00033% of the total. This work proposes a novel method to extract advanced composite features, and a supervised learning technique for classifying authentication logs trustfully; the models are Random Forest, LogitBoost, Logistic Regression, and ultimately Majority Voting which leverages the predictions of the previous models and gives the final prediction for each authentication event. We measure the performance of our experiments by using the False Negative Rate and False Positive Rate. In overall we achieve 0 False Negative Rate (i.e. no attack was missed), and on average a False Positive Rate of 0.0019.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83558289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406325
A. Yakubov, Wazen M. Shbair, Anders Wallbom, David Sanda, R. State
Public-Key Infrastructure (PKI) is the cornerstone technology that facilitates secure information exchange over the Internet. However, PKI is exposed to risks due to potential failures of Certificate Authorities (CAs) that may be used to issue unauthorized certificates for end-users. Many recent breaches show that if a CA is compromised, the security of the corresponding end-users will be in risk. As an emerging solution, Blockchain technology potentially resolves the problems of traditional PKI systems - in particular, elimination of single point-of-failure and rapid reaction to CAs shortcomings. Blockchain has the ability to store and manage digital certificates within a public and immutable ledger, resulting in a fully traceable history log. In this paper we designed and developed a blockchain-based PKI management framework for issuing, validating and revoking X.509 certificates. Evaluation and experimental results confirm that the proposed framework provides more reliable and robust PKI systems with modest maintenance costs.
{"title":"A blockchain-based PKI management framework","authors":"A. Yakubov, Wazen M. Shbair, Anders Wallbom, David Sanda, R. State","doi":"10.1109/NOMS.2018.8406325","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406325","url":null,"abstract":"Public-Key Infrastructure (PKI) is the cornerstone technology that facilitates secure information exchange over the Internet. However, PKI is exposed to risks due to potential failures of Certificate Authorities (CAs) that may be used to issue unauthorized certificates for end-users. Many recent breaches show that if a CA is compromised, the security of the corresponding end-users will be in risk. As an emerging solution, Blockchain technology potentially resolves the problems of traditional PKI systems - in particular, elimination of single point-of-failure and rapid reaction to CAs shortcomings. Blockchain has the ability to store and manage digital certificates within a public and immutable ledger, resulting in a fully traceable history log. In this paper we designed and developed a blockchain-based PKI management framework for issuing, validating and revoking X.509 certificates. Evaluation and experimental results confirm that the proposed framework provides more reliable and robust PKI systems with modest maintenance costs.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88531473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406244
Minh N. H. Nguyen, Nguyen H. Tran, M. A. Islam, Chuan Pham, Shaolei Ren, C. Hong
Installation of backup power supply plays a vital role in maintaining communication services which can save billions of dollars as well as human lives during natural disasters. Due to the higher capital and operational expense compared to public power, pooling and sharing the backup power supplies can be an economical solution since the backup power capacity can be sized based on the aggregate demand of co-located operators. However, how to pool and share the backup power at multi-operator cellular sites in a fair manner should be considered due to the limited capacity and high user demands. In this paper, we adopt the Nash Bargaining Solution (NBS) of a bargaining problem which can guarantee the fairness of backup power sharing and design a decentralized algorithm approach with limited information exchange among the operators. Our simulation demonstrates that the sharing the backup power reduces the average delay and requires less BS power consumption than the non-sharing approach, especially for high traffic load scenarios. In addition, we also extend the formulation with respect to admission control for very high traffic demand cases.
{"title":"Multi-operator backup power sharing in wireless base stations","authors":"Minh N. H. Nguyen, Nguyen H. Tran, M. A. Islam, Chuan Pham, Shaolei Ren, C. Hong","doi":"10.1109/NOMS.2018.8406244","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406244","url":null,"abstract":"Installation of backup power supply plays a vital role in maintaining communication services which can save billions of dollars as well as human lives during natural disasters. Due to the higher capital and operational expense compared to public power, pooling and sharing the backup power supplies can be an economical solution since the backup power capacity can be sized based on the aggregate demand of co-located operators. However, how to pool and share the backup power at multi-operator cellular sites in a fair manner should be considered due to the limited capacity and high user demands. In this paper, we adopt the Nash Bargaining Solution (NBS) of a bargaining problem which can guarantee the fairness of backup power sharing and design a decentralized algorithm approach with limited information exchange among the operators. Our simulation demonstrates that the sharing the backup power reduces the average delay and requires less BS power consumption than the non-sharing approach, especially for high traffic load scenarios. In addition, we also extend the formulation with respect to admission control for very high traffic demand cases.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90775537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406262
Martin Laštovička, Tomás Jirsík, Pavel Čeleda, Stanislav Špaček, Daniel Filakovsky
Operating system fingerprinting methods are well- known in the domain of static networks and managed environments. Yet few studies tackled this challenge in real networks, where users can bring and connect any device. We evaluate the performance of three OS fingerprinting methods on a large dataset collected from university wireless network. Our results show that method based on HTTP User-agents is the most accurate but can identify only low portion of the traffic. TCP/IP parameters method proved to be the opposite with high coverage but low accuracy. We also implemented a new method based on detection of communication to OS-specific domains. Its performance is comparable to the two established ones. Next, we discuss the impacts of traffic encryption and embracing new protocols such as IPv6 or HTTP/2.0 on OS fingerprinting. Our findings suggest that OS identification based on specific domain detection is viable and corresponds to the current directions of network traffic evolution, while methods based on TCP/IP parameters and User-agents will become ineffective in the future.
操作系统指纹识别方法在静态网络和管理环境领域是众所周知的。然而,很少有研究在用户可以携带和连接任何设备的真实网络中解决这一挑战。我们在从大学无线网络收集的大型数据集上评估了三种操作系统指纹识别方法的性能。我们的结果表明,基于HTTP user -agent的方法是最准确的,但只能识别一小部分流量。结果表明,TCP/IP参数法与之相反,覆盖率高,精度低。我们还实现了一种基于检测到os特定域的通信的新方法。其性能可与两款既有机型相媲美。接下来,我们将讨论流量加密和采用新协议(如IPv6或HTTP/2.0)对操作系统指纹的影响。我们的研究结果表明,基于特定域检测的操作系统识别是可行的,并且符合当前网络流量演变的方向,而基于TCP/IP参数和user -agent的方法将在未来变得无效。
{"title":"Passive os fingerprinting methods in the jungle of wireless networks","authors":"Martin Laštovička, Tomás Jirsík, Pavel Čeleda, Stanislav Špaček, Daniel Filakovsky","doi":"10.1109/NOMS.2018.8406262","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406262","url":null,"abstract":"Operating system fingerprinting methods are well- known in the domain of static networks and managed environments. Yet few studies tackled this challenge in real networks, where users can bring and connect any device. We evaluate the performance of three OS fingerprinting methods on a large dataset collected from university wireless network. Our results show that method based on HTTP User-agents is the most accurate but can identify only low portion of the traffic. TCP/IP parameters method proved to be the opposite with high coverage but low accuracy. We also implemented a new method based on detection of communication to OS-specific domains. Its performance is comparable to the two established ones. Next, we discuss the impacts of traffic encryption and embracing new protocols such as IPv6 or HTTP/2.0 on OS fingerprinting. Our findings suggest that OS identification based on specific domain detection is viable and corresponds to the current directions of network traffic evolution, while methods based on TCP/IP parameters and User-agents will become ineffective in the future.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90463497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406166
Tomás Jirsík, Pavel Čeleda
In today's complex computer networks, we are constantly facing a risk of data loss, system compromise, or intellectual property theft. The complexity of the networks hinders their effective defense. A Network-wide Cyber Situational Awareness (NwCSA) has been introduced to assist a network security administrator with network security. The concept, how-ever, faces several challenges that hinder an efficient application of the NwCSA in a real-world environment. The challenges include the overload of raw data, low speed of reaction, and a lack of context and unified view on a network. In this paper, we present a novel framework that faces above mentioned challenges. The framework leverages a distributed data stream processing system and methods for real-time big data processing. The framework is evaluated with respect to stated requirements on systems for NwCSA. Moreover, we present a prototype framework implementation and provide lessons learned from its real-world deployment.
{"title":"Toward real-time network-wide cyber situational awareness","authors":"Tomás Jirsík, Pavel Čeleda","doi":"10.1109/NOMS.2018.8406166","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406166","url":null,"abstract":"In today's complex computer networks, we are constantly facing a risk of data loss, system compromise, or intellectual property theft. The complexity of the networks hinders their effective defense. A Network-wide Cyber Situational Awareness (NwCSA) has been introduced to assist a network security administrator with network security. The concept, how-ever, faces several challenges that hinder an efficient application of the NwCSA in a real-world environment. The challenges include the overload of raw data, low speed of reaction, and a lack of context and unified view on a network. In this paper, we present a novel framework that faces above mentioned challenges. The framework leverages a distributed data stream processing system and methods for real-time big data processing. The framework is evaluated with respect to stated requirements on systems for NwCSA. Moreover, we present a prototype framework implementation and provide lessons learned from its real-world deployment.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76575305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: