Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990680
Haiyang Qian, D. Medhi, Kishor S. Trivedi
As online service providers utilize cloud computing to host their services, they are challenged by evaluating the quality of experience and designing redirection strategies in this complicated environment. We propose a hierarchical modeling approach that can easily combine all components of this environment. Identifying interactions among the components is the key to construct such models. In this particular environment, we first construct four sub-models: an outbound bandwidth model, a cloud computing availability model, a latency model and a cloud computing response time model. Then we use a redirection strategy graph to glue them together. We also introduce an all-in-one barometer to ease the evaluation. The numeric results show that our model serves as a very useful analytical tool for online service providers to evaluate cloud computing providers and design redirection strategies.
{"title":"A hierarchical model to evaluate quality of experience of online services hosted by cloud computing","authors":"Haiyang Qian, D. Medhi, Kishor S. Trivedi","doi":"10.1109/INM.2011.5990680","DOIUrl":"https://doi.org/10.1109/INM.2011.5990680","url":null,"abstract":"As online service providers utilize cloud computing to host their services, they are challenged by evaluating the quality of experience and designing redirection strategies in this complicated environment. We propose a hierarchical modeling approach that can easily combine all components of this environment. Identifying interactions among the components is the key to construct such models. In this particular environment, we first construct four sub-models: an outbound bandwidth model, a cloud computing availability model, a latency model and a cloud computing response time model. Then we use a redirection strategy graph to glue them together. We also introduce an all-in-one barometer to ease the evaluation. The numeric results show that our model serves as a very useful analytical tool for online service providers to evaluate cloud computing providers and design redirection strategies.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126127474","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990709
I. Ullah, G. Doyen, Grégory Bonnet, D. Gaïti
In recent years, Peer-to-Peer (P2P) architectures have emerged as a scalable, low cost and easily deployable solution for live video streaming applications. In these systems, the load of video transmission is distributed over end-hosts by enabling them to relay the content to each other. Since end-hosts are controlled by users, their behavior directly impact the performance of the system. To understand it, massive measurement campaigns covering large-scale systems and long time periods have been performed. In this paper, we gathered and synthesized results obtained through these measurements and propose a Bayesian network that captures and integrates all of them into a synthetic model. We apply this model to the anticipation of peer departures which is an important challenge toward the performance improvement of these systems and especially churn resilience. The validation of our proposal is performed through intensive simulations that consider a streaming system composed of thousand users over two hundred days. We especially study two deployment scenarios: a system-scale one and a local one. We also compare our proposal with two standard estimators and we show under which conditions an estimator outperforms the others.
{"title":"User behavior anticipation in P2P live video streaming systems through a Bayesian network","authors":"I. Ullah, G. Doyen, Grégory Bonnet, D. Gaïti","doi":"10.1109/INM.2011.5990709","DOIUrl":"https://doi.org/10.1109/INM.2011.5990709","url":null,"abstract":"In recent years, Peer-to-Peer (P2P) architectures have emerged as a scalable, low cost and easily deployable solution for live video streaming applications. In these systems, the load of video transmission is distributed over end-hosts by enabling them to relay the content to each other. Since end-hosts are controlled by users, their behavior directly impact the performance of the system. To understand it, massive measurement campaigns covering large-scale systems and long time periods have been performed. In this paper, we gathered and synthesized results obtained through these measurements and propose a Bayesian network that captures and integrates all of them into a synthetic model. We apply this model to the anticipation of peer departures which is an important challenge toward the performance improvement of these systems and especially churn resilience. The validation of our proposal is performed through intensive simulations that consider a streaming system composed of thousand users over two hundred days. We especially study two deployment scenarios: a system-scale one and a local one. We also compare our proposal with two standard estimators and we show under which conditions an estimator outperforms the others.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127510422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990540
C. Yew, H. Lutfiyya
Trust plays an important role in decision making especially in cases of uncertainty and incomplete information. There are many challenges to trust calculation. In this paper, we identify the challenges and offer a middleware solution. Our solution consists of a SCOUT middleware and a SCOUT client (Trust Calculator) that can be used by an application to facilitate trust calculation. As validation, a scenario is implemented. The scenario consists of service selection based on trust calculated by our proposed solution.
{"title":"A middleware-based approach to supporting trust-based service selection","authors":"C. Yew, H. Lutfiyya","doi":"10.1109/INM.2011.5990540","DOIUrl":"https://doi.org/10.1109/INM.2011.5990540","url":null,"abstract":"Trust plays an important role in decision making especially in cases of uncertainty and incomplete information. There are many challenges to trust calculation. In this paper, we identify the challenges and offer a middleware solution. Our solution consists of a SCOUT middleware and a SCOUT client (Trust Calculator) that can be used by an application to facilitate trust calculation. As validation, a scenario is implemented. The scenario consists of service selection based on trust calculated by our proposed solution.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127121931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990582
S. Wahle, T. Magedanz, S. Fox, Eamonn Power
Resource federation is a concept for sharing information and communication technology (ICT) resources beyond administrative domains. The aim is to implement some common service drawing upon the resources committed by participating organizations. This concept is currently applied in a number of projects to provide large scale experimental facilities serving Future Internet research and development. In this paper we show how federated distributed resources can be described in terms of a common information model to support distributed resource management and Future Internet experimentation.
{"title":"Heterogeous resource description and management in generic resource federation frameworks","authors":"S. Wahle, T. Magedanz, S. Fox, Eamonn Power","doi":"10.1109/INM.2011.5990582","DOIUrl":"https://doi.org/10.1109/INM.2011.5990582","url":null,"abstract":"Resource federation is a concept for sharing information and communication technology (ICT) resources beyond administrative domains. The aim is to implement some common service drawing upon the resources committed by participating organizations. This concept is currently applied in a number of projects to provide large scale experimental facilities serving Future Internet research and development. In this paper we show how federated distributed resources can be described in terms of a common information model to support distributed resource management and Future Internet experimentation.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132328762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990687
David Breitgand, Amir Epstein
Elastic services comprise multiple virtualized resources that can be added and deleted on demand to match variability in the workload. A Service owner profiles the service to determine its most appropriate sizing under different workload conditions. This variable sizing is formalized through a service level agreement (SLA) between the service owner and the cloud provider. The Cloud provider obtains maximum benefit when it succeeds to fully allocate the resource set demanded by the elastic service subject to its SLA. Failure to do so may result in SLA breach and financial losses to the provider. We define a novel combinatorial optimization problem called elastic services placement problem (ESPP) to maximize the provider's benefit from SLA compliant placement. We observe that ESPP extends the generalized assignment problem (GAP), which is a well studied combinatorial optimization problem. However, ESPP turns out to be considerably harder to solve as it does not admit a constant factor approximation. We show that using a simple transformation, ESPP can be presented as a multi-unit combinatorial auction. We further present a column generation method to obtain near optimal solutions for ESPP for large data centers where exact solutions cannot be obtained in a reasonable amount of time using a direct integer programming formulation. We demonstrate the feasibility of our approach through an extensive simulation study. Our results show that we are capable of consistently obtaining good solutions in a time efficient manner. Moreover, if one is willing to trade precision to gain in computation time, our method allows to explicitly manage this tradeoff.
{"title":"SLA-aware placement of multi-virtual machine elastic services in compute clouds","authors":"David Breitgand, Amir Epstein","doi":"10.1109/INM.2011.5990687","DOIUrl":"https://doi.org/10.1109/INM.2011.5990687","url":null,"abstract":"Elastic services comprise multiple virtualized resources that can be added and deleted on demand to match variability in the workload. A Service owner profiles the service to determine its most appropriate sizing under different workload conditions. This variable sizing is formalized through a service level agreement (SLA) between the service owner and the cloud provider. The Cloud provider obtains maximum benefit when it succeeds to fully allocate the resource set demanded by the elastic service subject to its SLA. Failure to do so may result in SLA breach and financial losses to the provider. We define a novel combinatorial optimization problem called elastic services placement problem (ESPP) to maximize the provider's benefit from SLA compliant placement. We observe that ESPP extends the generalized assignment problem (GAP), which is a well studied combinatorial optimization problem. However, ESPP turns out to be considerably harder to solve as it does not admit a constant factor approximation. We show that using a simple transformation, ESPP can be presented as a multi-unit combinatorial auction. We further present a column generation method to obtain near optimal solutions for ESPP for large data centers where exact solutions cannot be obtained in a reasonable amount of time using a direct integer programming formulation. We demonstrate the feasibility of our approach through an extensive simulation study. Our results show that we are capable of consistently obtaining good solutions in a time efficient manner. Moreover, if one is willing to trade precision to gain in computation time, our method allows to explicitly manage this tradeoff.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128768989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990507
J. O. Fitó, Jordi Guitart
Nowadays Cloud computing is recognized as the most emerging computing paradigm. Because of its promising benefits, every day more and more enterprises are relying on Cloud systems. Furthermore, new Cloud business models are appearing, most of them within the SaaS marketplace, which fully depend on PaaS and IaaS providers. In any case, the expectation from businesses that IT (Cloud) services and infrastructures should bring them closer to the achievement of their Business-Level Objectives (BLOs) is spreading. Due to this fact, the presence in Cloud providers of a self-management of Cloud services and infrastructures driven by business-level aspects is mandatory. In this direction, the Business-Driven IT Management (BDIM) discipline has been evolving as the most promising way in the sense of aligning IT (low-level) management decisions with business-level objectives coming from providers themselves, as well as from their users. In this paper, we expose several BDIM challenges on the Cloud computing paradigm. Consequently, we outline key issues for the inclusion of BDIM-related features into the core operation of Cloud providers.
{"title":"Initial thoughts on business-driven IT management challenges in Cloud computing providers","authors":"J. O. Fitó, Jordi Guitart","doi":"10.1109/INM.2011.5990507","DOIUrl":"https://doi.org/10.1109/INM.2011.5990507","url":null,"abstract":"Nowadays Cloud computing is recognized as the most emerging computing paradigm. Because of its promising benefits, every day more and more enterprises are relying on Cloud systems. Furthermore, new Cloud business models are appearing, most of them within the SaaS marketplace, which fully depend on PaaS and IaaS providers. In any case, the expectation from businesses that IT (Cloud) services and infrastructures should bring them closer to the achievement of their Business-Level Objectives (BLOs) is spreading. Due to this fact, the presence in Cloud providers of a self-management of Cloud services and infrastructures driven by business-level aspects is mandatory. In this direction, the Business-Driven IT Management (BDIM) discipline has been evolving as the most promising way in the sense of aligning IT (low-level) management decisions with business-level objectives coming from providers themselves, as well as from their users. In this paper, we expose several BDIM challenges on the Cloud computing paradigm. Consequently, we outline key issues for the inclusion of BDIM-related features into the core operation of Cloud providers.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115296942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990698
B. Dalmazo, Weverton Cordeiro, A. L. R. D. Sousa, Juliano Araujo Wickboldt, R. C. Lunardi, R. Santos, L. Gaspary, L. Granville, C. Bartolini, M. Hickey
There is an intuitive notion that the costs associated with project support actions, currently deemed too high and increasing, are directly related to the effort spent during their development and test phases. Despite the importance of systematically characterizing and understanding this relationship, little has been done in this realm mainly due to the lack of proper tooling for both sharing information between IT project phases and learning from past experiences. To tackle this issue, in this paper we propose a solution that, leveraging existing IT project lifecycle data, is able to predict support costs. The solution has been evaluated through a case study based on the ISBSG dataset, producing correct estimates for more than 80% of the assessed scenarios1.
{"title":"Leveraging IT project lifecycle data to predict support costs","authors":"B. Dalmazo, Weverton Cordeiro, A. L. R. D. Sousa, Juliano Araujo Wickboldt, R. C. Lunardi, R. Santos, L. Gaspary, L. Granville, C. Bartolini, M. Hickey","doi":"10.1109/INM.2011.5990698","DOIUrl":"https://doi.org/10.1109/INM.2011.5990698","url":null,"abstract":"There is an intuitive notion that the costs associated with project support actions, currently deemed too high and increasing, are directly related to the effort spent during their development and test phases. Despite the importance of systematically characterizing and understanding this relationship, little has been done in this realm mainly due to the lack of proper tooling for both sharing information between IT project phases and learning from past experiences. To tackle this issue, in this paper we propose a solution that, leveraging existing IT project lifecycle data, is able to predict support costs. The solution has been evaluated through a case study based on the ISBSG dataset, producing correct estimates for more than 80% of the assessed scenarios1.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123792513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990647
M. Grégr, P. Matoušek, M. Svéda, Tomas Podermanski
Network monitoring is an essential task of network management. Information obtained by monitoring devices gives a real picture of the network in production including transmitted data volumes, top hosts, a list of frequently used applications etc. Deep analysis of data collected by monitoring can reveal network attacks or detect misuse of network services. In addition, Data Retention Act requires each ISP to track user's activities. Protocol IPv6 puts new challenges for network administrators in the context of user identification. Unlike IPv4, an IPv6 address no longer uniquely identifies a user or PC. IPv6 address can be randomly generated and keeps changing in time. PCs with IPv6 stack can also communicate via predefined tunnels over IPv4 infrastructure. That tunneled traffic mostly bypasses network security implemented via firewalls. In this paper, we identify major monitoring and security issues of IPv6 connectivity and propose a solution based on SNMP and Netflow data that helps to uniquely identify users. The solution requires an extended set of monitoring data to be collected from network devices. We present a new data structure based on extended Netflow records. Feasibility of the approach is demonstrated on the Brno University of Technology (BUT) campus network.
{"title":"Practical IPv6 monitoring-challenges and techniques","authors":"M. Grégr, P. Matoušek, M. Svéda, Tomas Podermanski","doi":"10.1109/INM.2011.5990647","DOIUrl":"https://doi.org/10.1109/INM.2011.5990647","url":null,"abstract":"Network monitoring is an essential task of network management. Information obtained by monitoring devices gives a real picture of the network in production including transmitted data volumes, top hosts, a list of frequently used applications etc. Deep analysis of data collected by monitoring can reveal network attacks or detect misuse of network services. In addition, Data Retention Act requires each ISP to track user's activities. Protocol IPv6 puts new challenges for network administrators in the context of user identification. Unlike IPv4, an IPv6 address no longer uniquely identifies a user or PC. IPv6 address can be randomly generated and keeps changing in time. PCs with IPv6 stack can also communicate via predefined tunnels over IPv4 infrastructure. That tunneled traffic mostly bypasses network security implemented via firewalls. In this paper, we identify major monitoring and security issues of IPv6 connectivity and propose a solution based on SNMP and Netflow data that helps to uniquely identify users. The solution requires an extended set of monitoring data to be collected from network devices. We present a new data structure based on extended Netflow records. Feasibility of the approach is demonstrated on the Brno University of Technology (BUT) campus network.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122655798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990552
C. Olariu, Mícheál Ó Foghlú, Philip Perry, L. Murphy
The increasing number of users demanding voice and data communication through cellular networks has driven the need for higher network throughput rates and lower latency. LTE femtocells address this pressing problem by offloading cellular service providers networks and increase both coverage and capacity for their users. Assuming a wired DSL backhaul for these femtocells, this paper shows simulations exploring a case where the DSLAM represents the main bottleneck when the cellular network operator and the DSL provider do not collaborate. This paper introduces the concept of Intermediary Mean Opinion Score which may be employed at femtocell gateways to isolate network problems and feed into customer experience management. We also propose and investigate a technique of mapping the human audio recency into the MOS calculation. Results are presented to illustrate the information that can be extracted from a lightweight monitor in the network.
{"title":"VoIP quality monitoring in LTE femtocells","authors":"C. Olariu, Mícheál Ó Foghlú, Philip Perry, L. Murphy","doi":"10.1109/INM.2011.5990552","DOIUrl":"https://doi.org/10.1109/INM.2011.5990552","url":null,"abstract":"The increasing number of users demanding voice and data communication through cellular networks has driven the need for higher network throughput rates and lower latency. LTE femtocells address this pressing problem by offloading cellular service providers networks and increase both coverage and capacity for their users. Assuming a wired DSL backhaul for these femtocells, this paper shows simulations exploring a case where the DSLAM represents the main bottleneck when the cellular network operator and the DSL provider do not collaborate. This paper introduces the concept of Intermediary Mean Opinion Score which may be employed at femtocell gateways to isolate network problems and feed into customer experience management. We also propose and investigate a technique of mapping the human audio recency into the MOS calculation. Results are presented to illustrate the information that can be extracted from a lightweight monitor in the network.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115158788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-05-23DOI: 10.1109/INM.2011.5990539
S. Roschke, Feng Cheng, C. Meinel
Modern attacks are using sophisticated and innovative techniques. The utilization of cryptography, self-modified code, and integrated attack frameworks provide more possibilities to circumvent most existing perimeter security approaches, such as firewalls and IDS. Even Application Layer Gateways (ALG) which enforce the most restrictive network access can be exploited by using advanced attack techniques. In this paper, we propose a new attack for circumventing ALGs. By using polymorphic and encrypted shellcode, multiple shellcode stages, protocol compliant and encrypted shell tunneling, and reverse channel discovery techniques, we are able to effectively bypass ALGs. The proposed attack consists of four phases with certain requirements and results. We implemented the initial shellcode as well as the different stages and conducted the practical attack using an existing ALG. The possibility to prevent this attack with existing approaches is discussed and further research in the area of perimeter security and log management is motivated.
{"title":"BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes","authors":"S. Roschke, Feng Cheng, C. Meinel","doi":"10.1109/INM.2011.5990539","DOIUrl":"https://doi.org/10.1109/INM.2011.5990539","url":null,"abstract":"Modern attacks are using sophisticated and innovative techniques. The utilization of cryptography, self-modified code, and integrated attack frameworks provide more possibilities to circumvent most existing perimeter security approaches, such as firewalls and IDS. Even Application Layer Gateways (ALG) which enforce the most restrictive network access can be exploited by using advanced attack techniques. In this paper, we propose a new attack for circumventing ALGs. By using polymorphic and encrypted shellcode, multiple shellcode stages, protocol compliant and encrypted shell tunneling, and reverse channel discovery techniques, we are able to effectively bypass ALGs. The proposed attack consists of four phases with certain requirements and results. We implemented the initial shellcode as well as the different stages and conducted the practical attack using an existing ALG. The possibility to prevent this attack with existing approaches is discussed and further research in the area of perimeter security and log management is motivated.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134223091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: