Multipath TCP (MPTCP) is a backward compatible extension of Transmission Control Protocol (TCP) designed to let an application send data over several TCP connections, usually called subflows. MPTCP presents several opportunities over legacy TCP, especially when these subflows follow disjoint paths: for instance bandwidth aggregation or seamless mobility across networks. While MPTCP is built as an extension of TCP, the scope of the modifications qualifies it almost as a new protocol. This means traditional TCP tools are not enough to analyze MPTCP performance. We thus develop and present an open source application able to analyze MPTCP specific metrics such as the aggregated goodput or inter-subflow retransmissions.
{"title":"Passive analysis for multipath TCP","authors":"Matthieu Coudron","doi":"10.1145/3340422.3343638","DOIUrl":"https://doi.org/10.1145/3340422.3343638","url":null,"abstract":"Multipath TCP (MPTCP) is a backward compatible extension of Transmission Control Protocol (TCP) designed to let an application send data over several TCP connections, usually called subflows. MPTCP presents several opportunities over legacy TCP, especially when these subflows follow disjoint paths: for instance bandwidth aggregation or seamless mobility across networks. While MPTCP is built as an extension of TCP, the scope of the modifications qualifies it almost as a new protocol. This means traditional TCP tools are not enough to analyze MPTCP performance. We thus develop and present an open source application able to analyze MPTCP specific metrics such as the aggregated goodput or inter-subflow retransmissions.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122375815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A software-based network emulator is widely used for performance evaluation of communication software and protocols thanks to lower cost and higher extensibility compared with a hardware-based approach. However, NetEm, which is a popular software-based network emulator in Linux, suffers from inaccurate emulation capability on high speed networks. The DPDK-based network emulator (DEMU) is a promising tool to address this problem, but it does not support packet loss emulation. In this paper, we design and implement the Gilbert-Elliott packet loss model on DEMU. Through experiments of TCP performance on a 10 Gigabit network environment, we demonstrate that (1) the proposed method accurately controls the packet loss ratio and burstiness, and (2) the TCP offload engine mechanism can degrade packet loss accuracy. Consequently, the accuracy of DEMU is 305 times higher than that of NetEm for random packet loss emulation.
{"title":"An Accurate Packet Loss Emulation on a DPDK-based Network Emulator","authors":"Kanon Sasaki, Takahiro Hirofuchi, Saneyasu Yamaguchi, Ryousei Takano","doi":"10.1145/3340422.3343635","DOIUrl":"https://doi.org/10.1145/3340422.3343635","url":null,"abstract":"A software-based network emulator is widely used for performance evaluation of communication software and protocols thanks to lower cost and higher extensibility compared with a hardware-based approach. However, NetEm, which is a popular software-based network emulator in Linux, suffers from inaccurate emulation capability on high speed networks. The DPDK-based network emulator (DEMU) is a promising tool to address this problem, but it does not support packet loss emulation. In this paper, we design and implement the Gilbert-Elliott packet loss model on DEMU. Through experiments of TCP performance on a 10 Gigabit network environment, we demonstrate that (1) the proposed method accurately controls the packet loss ratio and burstiness, and (2) the TCP offload engine mechanism can degrade packet loss accuracy. Consequently, the accuracy of DEMU is 305 times higher than that of NetEm for random packet loss emulation.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114778073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hiroshi Abe, K. Shima, Daisuke Miyamoto, Y. Sekiya, Tomohiro Ishihara, Kazuya Okada, Ryo Nakamura, S. Matsuura
Network administrators usually collect and store logs generated by servers, networks, and security appliances so that when network trouble and/or security incidents occur, they can identify the source of the problem by investigating the contents of the logs. The size of the system needed to store and search the log messages tends to increase as the size of the managed network becomes large. A fast log storage and search system called Hayabusa was previously proposed that optimizes a time-dimensional search operation. In this paper, we propose a simple distributed system that adds scalability to the existing Hayabusa system. The evaluation results show that the Distributed Hayabusa system consisting of 10 servers (with multiple worker processes on each server) is 36 times faster than a standalone Hayabusa system. The time required to perform a full-text search over 14.4 billion data records is only about 7 s, which is sufficiently low for the daily operations of administrators managing a very-large-scale network.
{"title":"Distributed Hayabusa: Scalable Syslog Search Engine Optimized for Time-Dimensional Search","authors":"Hiroshi Abe, K. Shima, Daisuke Miyamoto, Y. Sekiya, Tomohiro Ishihara, Kazuya Okada, Ryo Nakamura, S. Matsuura","doi":"10.1145/3340422.3343636","DOIUrl":"https://doi.org/10.1145/3340422.3343636","url":null,"abstract":"Network administrators usually collect and store logs generated by servers, networks, and security appliances so that when network trouble and/or security incidents occur, they can identify the source of the problem by investigating the contents of the logs. The size of the system needed to store and search the log messages tends to increase as the size of the managed network becomes large. A fast log storage and search system called Hayabusa was previously proposed that optimizes a time-dimensional search operation. In this paper, we propose a simple distributed system that adds scalability to the existing Hayabusa system. The evaluation results show that the Distributed Hayabusa system consisting of 10 servers (with multiple worker processes on each server) is 36 times faster than a standalone Hayabusa system. The time required to perform a full-text search over 14.4 billion data records is only about 7 s, which is sufficiently low for the daily operations of administrators managing a very-large-scale network.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"397 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124696416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Kumar, C. Hota, Arvind Mahindru, Lalita Bhanu Murthy Neti
Android is currently the most popular smartphone platform which occupied 88% of global sale by the end of 2nd quarter 2018. With the popularity of these applications, it is also inviting cybercriminals to develop malware application for accessing important information from smartphones. The major objective of cybercriminals to develop Malware apps or Malicious apps to threaten the organization privacy data, user privacy data, and device integrity. Early identification of such malware apps can help the android user to save private data and device integrity. In this study, features extracted from intermediate code representations obtained using decompilation of APK file are used for providing requisite input data to develop the models for predicting android malware applications. These models are trained using extreme learning with multiple kernel functions ans also compared with the model trained using most frequently used classifiers like linear regression, decision tree, polynomial regression, and logistic regression. This paper also focuses on the effectiveness of data sampling techniques for balancing data and feature selection methods for selecting right sets of significant uncorrelated metrics. The high-value of accuracy and AUC confirm the predicting capability of data sampling, sets of metrics, and training algorithms to malware and normal applications.
{"title":"Android Malware Prediction Using Extreme Learning Machine with Different Kernel Functions","authors":"L. Kumar, C. Hota, Arvind Mahindru, Lalita Bhanu Murthy Neti","doi":"10.1145/3340422.3343639","DOIUrl":"https://doi.org/10.1145/3340422.3343639","url":null,"abstract":"Android is currently the most popular smartphone platform which occupied 88% of global sale by the end of 2nd quarter 2018. With the popularity of these applications, it is also inviting cybercriminals to develop malware application for accessing important information from smartphones. The major objective of cybercriminals to develop Malware apps or Malicious apps to threaten the organization privacy data, user privacy data, and device integrity. Early identification of such malware apps can help the android user to save private data and device integrity. In this study, features extracted from intermediate code representations obtained using decompilation of APK file are used for providing requisite input data to develop the models for predicting android malware applications. These models are trained using extreme learning with multiple kernel functions ans also compared with the model trained using most frequently used classifiers like linear regression, decision tree, polynomial regression, and logistic regression. This paper also focuses on the effectiveness of data sampling techniques for balancing data and feature selection methods for selecting right sets of significant uncorrelated metrics. The high-value of accuracy and AUC confirm the predicting capability of data sampling, sets of metrics, and training algorithms to malware and normal applications.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128523351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kai Otsuki, Yusuke Aoki, Ryohei Banno, Kazuyuki Shudo
Bitcoin has a low transaction throughput. In order to allow for an increase of this throughput without increasing orphan blocks, decreasing the block propagation time is important. One of the techniques to improve its block propagation time is to utilize relay networks. However, the effects of utilizing relay networks is not apparent. Existing studies and measurements on relay networks have not focused on the effect of relay networks on the individual miners. Moreover, the relation between the degree of the effect and relay network utilization rate is unknown. Herein, we performed simulations while finely changing the proportion of nodes utilizing a relay network. Moreover we quantitatively evaluated the effect of relay networks on the entire Bitcoin network and individual miners. Results show that the propagation time decrease to approximately 77% of the original value if the utilization rate is set to 3%. This rate is close to the actual utilization rate of relay network "Falcon". We also found that the probability of blocks created by utilizing nodes to become orphan blocks is surprisingly smaller than that of the non-utilizing nodes. Even in the worst case, the value of utilizing nodes is 15% of the value of non-utilizing nodes.
{"title":"Effects of a Simple Relay Network on the Bitcoin Network","authors":"Kai Otsuki, Yusuke Aoki, Ryohei Banno, Kazuyuki Shudo","doi":"10.1145/3340422.3343640","DOIUrl":"https://doi.org/10.1145/3340422.3343640","url":null,"abstract":"Bitcoin has a low transaction throughput. In order to allow for an increase of this throughput without increasing orphan blocks, decreasing the block propagation time is important. One of the techniques to improve its block propagation time is to utilize relay networks. However, the effects of utilizing relay networks is not apparent. Existing studies and measurements on relay networks have not focused on the effect of relay networks on the individual miners. Moreover, the relation between the degree of the effect and relay network utilization rate is unknown. Herein, we performed simulations while finely changing the proportion of nodes utilizing a relay network. Moreover we quantitatively evaluated the effect of relay networks on the entire Bitcoin network and individual miners. Results show that the propagation time decrease to approximately 77% of the original value if the utilization rate is set to 3%. This rate is close to the actual utilization rate of relay network \"Falcon\". We also found that the probability of blocks created by utilizing nodes to become orphan blocks is surprisingly smaller than that of the non-utilizing nodes. Even in the worst case, the value of utilizing nodes is 15% of the value of non-utilizing nodes.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"213 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133322678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The goal of this research is to estimate the data propagation time on the Bitcoin network. Using network coordinates, we estimate the communication latency between computers. Such latency estimation contributes future optimization of data propagation. In this research, we report an experiment on computing the network coordinates. In the current Bitcoin network, it is very difficult to acquire internode delay because the network topology is not available. In this study, we calculate the delay based on our topology estimation and describe the effectiveness of the network coordinates using various topology estimation parameters.
{"title":"Estimation of Data Propagation Time on the Bitcoin Network","authors":"Reiki Kanda, Kazuyuki Shudo","doi":"10.1145/3340422.3343641","DOIUrl":"https://doi.org/10.1145/3340422.3343641","url":null,"abstract":"The goal of this research is to estimate the data propagation time on the Bitcoin network. Using network coordinates, we estimate the communication latency between computers. Such latency estimation contributes future optimization of data propagation. In this research, we report an experiment on computing the network coordinates. In the current Bitcoin network, it is very difficult to acquire internode delay because the network topology is not available. In this study, we calculate the delay based on our topology estimation and describe the effectiveness of the network coordinates using various topology estimation parameters.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123339172","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Multicast is a one-to-many communication model that is important for video streaming like IPTV. However, multicast does not guarantee the reliability of data transfer, and packet loss beyond the performance of error correction mechanism introduce significant degradation of the quality of Multicast streaming. Monitoring quality of multicast streaming is difficult because a) generally intermediate multicast routers and switches do not maintain the fine-grained state about multicast flow and b) sampling QoS statistics from destination clients introduces significant operational overhead. Therefore, it is difficult to properly locate where packet losses happen and how severe they are. This paper proposes selective packet tagging based monitoring (SPTM) mechanism to detect and locate packet losses in real-time using a packet tagging technique in Software-Defined Network(SDN). The proposed system also re-calculates the Multicast Delivery Tree(MDT) upon the detection of packet losses in the tree links. The evaluation results show the feasibility of the proposed approach to detect, locate as well as recover the MDTs from the packet loss.
{"title":"Tagging based Packet Loss Detection and Recovery of IP Multicast in SDN","authors":"Siva Sairam Prasad Kodali, Prashanth Podili, Kotaro Kataoka","doi":"10.1145/3340422.3343637","DOIUrl":"https://doi.org/10.1145/3340422.3343637","url":null,"abstract":"Multicast is a one-to-many communication model that is important for video streaming like IPTV. However, multicast does not guarantee the reliability of data transfer, and packet loss beyond the performance of error correction mechanism introduce significant degradation of the quality of Multicast streaming. Monitoring quality of multicast streaming is difficult because a) generally intermediate multicast routers and switches do not maintain the fine-grained state about multicast flow and b) sampling QoS statistics from destination clients introduces significant operational overhead. Therefore, it is difficult to properly locate where packet losses happen and how severe they are. This paper proposes selective packet tagging based monitoring (SPTM) mechanism to detect and locate packet losses in real-time using a packet tagging technique in Software-Defined Network(SDN). The proposed system also re-calculates the Multicast Delivery Tree(MDT) upon the detection of packet losses in the tree links. The evaluation results show the feasibility of the proposed approach to detect, locate as well as recover the MDTs from the packet loss.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122274319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: