Pub Date : 2024-08-10DOI: 10.1007/s10922-024-09847-3
Cheemaladinne Kondaiah, A. R. Pais, Routhu Srinivasa Rao
{"title":"Enhanced Malicious Traffic Detection in Encrypted Communication Using TLS Features and a Multi-class Classifier Ensemble","authors":"Cheemaladinne Kondaiah, A. R. Pais, Routhu Srinivasa Rao","doi":"10.1007/s10922-024-09847-3","DOIUrl":"https://doi.org/10.1007/s10922-024-09847-3","url":null,"abstract":"","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-08-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141920337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-09DOI: 10.1007/s10922-024-09846-4
Andre Flaiban, Taufik Abrão
{"title":"Performance of Massive MIMO Aided by Reflective Intelligent Surfaces","authors":"Andre Flaiban, Taufik Abrão","doi":"10.1007/s10922-024-09846-4","DOIUrl":"https://doi.org/10.1007/s10922-024-09846-4","url":null,"abstract":"","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141921501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"On the Deployment Problem of Multiple Drones in Millimeter Wave Systems","authors":"Hazim Shakhatreh, Wa’ed Al-Dagamseh, Samah Albasheer, Khaled Bani-Hani, Khaled Hayajneh","doi":"10.1007/s10922-024-09849-1","DOIUrl":"https://doi.org/10.1007/s10922-024-09849-1","url":null,"abstract":"","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141927779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-08DOI: 10.1007/s10922-024-09850-8
Shuyu Lyu, Xinfa Dai, Zhong Ma, Yi Gao, Zhekun Hu
{"title":"Modeling and Controller Design of a Cloud-Based Control Switching System in an Uncertain Network Environment","authors":"Shuyu Lyu, Xinfa Dai, Zhong Ma, Yi Gao, Zhekun Hu","doi":"10.1007/s10922-024-09850-8","DOIUrl":"https://doi.org/10.1007/s10922-024-09850-8","url":null,"abstract":"","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141928376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-08DOI: 10.1007/s10922-024-09853-5
Arijit Dutta, Luis Miguel Samaniego Campoverde, M. Tropea, F. De Rango
{"title":"A Comprehensive Review of Recent Developments in VANET for Traffic, Safety & Remote Monitoring Applications","authors":"Arijit Dutta, Luis Miguel Samaniego Campoverde, M. Tropea, F. De Rango","doi":"10.1007/s10922-024-09853-5","DOIUrl":"https://doi.org/10.1007/s10922-024-09853-5","url":null,"abstract":"","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141926154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-07DOI: 10.1007/s10922-024-09851-7
Amir Bannoura, Hamid Chekenbah, Frank Meyer, Suhail Odeh, Rafik Lasri
The rapid growth of Internet of Things (IoT) technologies led to an increase in the demand of connected devices around the world. Today, these devices are integrated in several applications and solutions. Therefore, providing a smooth and simple approach for their integration is essential to extend their popularity and wide adaptation. However, there is a high level of complexity to be considered especially when it comes to wireless communication and deployment to the field. These devices are deployed part of wireless sensor networks, which increase the complexity of their operation and integration. In this paper, we focus on the integration of IoT devices in wireless networks for smart home applications. We present an overview of the challenges in designing and developing the firmware. As well, we suggest several testing use-cases to verify that the firmware we are deploying is stable and ready to be introduced to the market. Also, we consider some diagnostic metrics to identify the issues that could degrade the functionality of the devices. Finally, we propose an algorithmic approach based on Fuzzy Logic to improve the integration of IoT devices into the wireless sensor networks using intelligent decision-making techniques to mitigate the challenges and deployment limitations.
{"title":"Overcoming Real-World IoT Deployment Challenges with Enhanced Fuzzy Logic Decision Algorithms","authors":"Amir Bannoura, Hamid Chekenbah, Frank Meyer, Suhail Odeh, Rafik Lasri","doi":"10.1007/s10922-024-09851-7","DOIUrl":"https://doi.org/10.1007/s10922-024-09851-7","url":null,"abstract":"<p>The rapid growth of Internet of Things (IoT) technologies led to an increase in the demand of connected devices around the world. Today, these devices are integrated in several applications and solutions. Therefore, providing a smooth and simple approach for their integration is essential to extend their popularity and wide adaptation. However, there is a high level of complexity to be considered especially when it comes to wireless communication and deployment to the field. These devices are deployed part of wireless sensor networks, which increase the complexity of their operation and integration. In this paper, we focus on the integration of IoT devices in wireless networks for smart home applications. We present an overview of the challenges in designing and developing the firmware. As well, we suggest several testing use-cases to verify that the firmware we are deploying is stable and ready to be introduced to the market. Also, we consider some diagnostic metrics to identify the issues that could degrade the functionality of the devices. Finally, we propose an algorithmic approach based on Fuzzy Logic to improve the integration of IoT devices into the wireless sensor networks using intelligent decision-making techniques to mitigate the challenges and deployment limitations.</p>","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141936986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-02DOI: 10.1007/s10922-024-09848-2
Nikola Gavric, Guru Prasad Bhandari, Andrii Shalaginov
The Internet of Things (IoT) is omnipresent, exposing a large number of devices that often lack security controls to the public Internet. In the modern world, many everyday processes depend on these devices, and their service outage could lead to catastrophic consequences. There are many Deep Packet Inspection (DPI) based intrusion detection systems (IDS). However, their linear computational complexity induced by the event-driven nature poses a power-demanding obstacle in resource-constrained IoT environments. In this paper, we shift away from the traditional IDS as we introduce a novel and lightweight framework, relying on a time-driven algorithm to detect Distributed Denial of Service (DDoS) attacks by employing Machine Learning (ML) algorithms leveraging the newly engineered features containing system and network utilization information. These features are periodically generated, and there are only ten of them, resulting in a low and constant algorithmic complexity. Moreover, we leverage IoT-specific patterns to detect malicious traffic as we argue that each Denial of Service (DoS) attack leaves a unique fingerprint in the proposed set of features. We construct a dataset by launching some of the most prevalent DoS attacks against an IoT device, and we demonstrate the effectiveness of our approach with high accuracy. The results show that standalone IoT devices can detect and classify DoS and, therefore, arguably, DDoS attacks against them at a low computational cost with a deterministic delay.
物联网(IoT)无处不在,它将大量往往缺乏安全控制的设备暴露在公共互联网上。在现代社会中,许多日常流程都依赖于这些设备,它们的服务中断可能会导致灾难性后果。目前有许多基于深度包检测(DPI)的入侵检测系统(IDS)。然而,在资源有限的物联网环境中,由事件驱动性质引起的线性计算复杂性构成了耗电障碍。在本文中,我们摒弃了传统的 IDS,引入了一种新颖的轻量级框架,依靠时间驱动算法来检测分布式拒绝服务(DDoS)攻击,采用机器学习(ML)算法,利用新设计的包含系统和网络利用率信息的特征。这些特征会定期生成,而且只有十个,因此算法复杂度低且恒定。此外,我们还利用物联网特有的模式来检测恶意流量,因为我们认为每次拒绝服务(DoS)攻击都会在提议的特征集中留下独特的指纹。我们通过对物联网设备发起一些最普遍的 DoS 攻击来构建数据集,并以高准确度证明了我们方法的有效性。结果表明,独立的物联网设备能够以较低的计算成本和确定的延迟检测到 DoS 并对其进行分类,因此也可以说是 DDoS 攻击。
{"title":"Towards Resource-Efficient DDoS Detection in IoT: Leveraging Feature Engineering of System and Network Usage Metrics","authors":"Nikola Gavric, Guru Prasad Bhandari, Andrii Shalaginov","doi":"10.1007/s10922-024-09848-2","DOIUrl":"https://doi.org/10.1007/s10922-024-09848-2","url":null,"abstract":"<p>The Internet of Things (IoT) is omnipresent, exposing a large number of devices that often lack security controls to the public Internet. In the modern world, many everyday processes depend on these devices, and their service outage could lead to catastrophic consequences. There are many Deep Packet Inspection (DPI) based intrusion detection systems (IDS). However, their linear computational complexity induced by the event-driven nature poses a power-demanding obstacle in resource-constrained IoT environments. In this paper, we shift away from the traditional IDS as we introduce a novel and lightweight framework, relying on a time-driven algorithm to detect Distributed Denial of Service (DDoS) attacks by employing Machine Learning (ML) algorithms leveraging the newly engineered features containing system and network utilization information. These features are periodically generated, and there are only ten of them, resulting in a low and constant algorithmic complexity. Moreover, we leverage IoT-specific patterns to detect malicious traffic as we argue that each Denial of Service (DoS) attack leaves a unique fingerprint in the proposed set of features. We construct a dataset by launching some of the most prevalent DoS attacks against an IoT device, and we demonstrate the effectiveness of our approach with high accuracy. The results show that standalone IoT devices can detect and classify DoS and, therefore, arguably, DDoS attacks against them at a low computational cost with a deterministic delay.</p>","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141882802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-31DOI: 10.1007/s10922-024-09843-7
Zbigniew Kotulski, Tomasz Nowak, Mariusz Sepczuk, Krzysztof Bocianiak, Tomasz Pawlikowski, Aleksandra Podlasek, Jean-Philippe Wary
Competing service providers in the cloud environment ensure services are delivered under the promised security requirements. It is crucial for mobile services where user’s movement results in the service’s migration between edge servers or clouds in the Continuum. Maintaining service sovereignty before, during, and after the migration is a real challenge, especially when the service provider has committed to ensuring its quality following the Service Level Agreement. In this paper, we present the main challenges mobile service providers face in a cloud environment to guarantee the required level of security and digital sovereignty as described in the Security Service Level Agreement, with emphasis on challenges resulting from the service migration between the old and new locations. We present the security and sovereignty context intended for migration and the steps of the migration algorithm. We also analyze three specific service migration cases for three vertical industries with different service quality requirements.
{"title":"Keeping Verticals’ Sovereignty During Application Migration in Continuum","authors":"Zbigniew Kotulski, Tomasz Nowak, Mariusz Sepczuk, Krzysztof Bocianiak, Tomasz Pawlikowski, Aleksandra Podlasek, Jean-Philippe Wary","doi":"10.1007/s10922-024-09843-7","DOIUrl":"https://doi.org/10.1007/s10922-024-09843-7","url":null,"abstract":"<p>Competing service providers in the cloud environment ensure services are delivered under the promised security requirements. It is crucial for mobile services where user’s movement results in the service’s migration between edge servers or clouds in the Continuum. Maintaining service sovereignty before, during, and after the migration is a real challenge, especially when the service provider has committed to ensuring its quality following the Service Level Agreement. In this paper, we present the main challenges mobile service providers face in a cloud environment to guarantee the required level of security and digital sovereignty as described in the Security Service Level Agreement, with emphasis on challenges resulting from the service migration between the old and new locations. We present the security and sovereignty context intended for migration and the steps of the migration algorithm. We also analyze three specific service migration cases for three vertical industries with different service quality requirements.</p>","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141863798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-30DOI: 10.1007/s10922-024-09844-6
Birglang Bargayary, Nabajyoti Medhi
Integrating Software-Defined Networking (SDN) with the Internet of Things (IoT) simplifies the management of IoT devices; however, it introduces security challenges. Adversaries may manipulate forwarding rules to redirect communication, compromising user security. Additionally, the centralized nature of SDN-enabled IoT networks poses a single point of failure during master controller failure. To address these issues, we present SDBlock-IoT, a distributed SDN architecture based on blockchain technology. This ensures increased resiliency in the event of master controller failure. Our proposed model considers response time and resource utilization of equal controllers, ensuring the most suitable controller assumes the role of master controller. We enhance the integrity of OpenFlow forwarding rules through the Smart Agent and SC, which validate whether a flow is registered on the blockchain or not. The Smart Agent verifies forwarding rules for every new flow request. We conducted experiments on hardware SDN switches using a Ryu OpenFlow controller and a private blockchain, demonstrating the effectiveness of our approach. Evaluation results indicate that SDBlock-IoT outperforms existing solutions in terms of flow verification time, controller recovery time, CPU utilization, and transaction costs.
将软件定义网络(SDN)与物联网(IoT)集成可简化物联网设备的管理,但也带来了安全挑战。攻击者可能会操纵转发规则来重定向通信,从而危及用户安全。此外,启用了 SDN 的物联网网络的集中特性会在主控制器故障时造成单点故障。为了解决这些问题,我们提出了基于区块链技术的分布式 SDN 架构 SDBlock-IoT。这可确保在主控制器失效时提高弹性。我们提出的模型考虑了同等控制器的响应时间和资源利用率,确保最合适的控制器承担主控制器的角色。我们通过智能代理(Smart Agent)和 SC 来增强 OpenFlow 转发规则的完整性,它们可验证流量是否已在区块链上注册。智能代理会验证每个新流量请求的转发规则。我们使用 Ryu OpenFlow 控制器和私有区块链在硬件 SDN 交换机上进行了实验,证明了我们方法的有效性。评估结果表明,SDBlock-IoT 在流量验证时间、控制器恢复时间、CPU 利用率和交易成本方面都优于现有解决方案。
{"title":"SDBlock-IoT: A Blockchain-Enabled Software-Defined Multicontroller Architecture to Safeguard OpenFlow Tables","authors":"Birglang Bargayary, Nabajyoti Medhi","doi":"10.1007/s10922-024-09844-6","DOIUrl":"https://doi.org/10.1007/s10922-024-09844-6","url":null,"abstract":"<p>Integrating Software-Defined Networking (SDN) with the Internet of Things (IoT) simplifies the management of IoT devices; however, it introduces security challenges. Adversaries may manipulate forwarding rules to redirect communication, compromising user security. Additionally, the centralized nature of SDN-enabled IoT networks poses a single point of failure during master controller failure. To address these issues, we present SDBlock-IoT, a distributed SDN architecture based on blockchain technology. This ensures increased resiliency in the event of master controller failure. Our proposed model considers response time and resource utilization of equal controllers, ensuring the most suitable controller assumes the role of master controller. We enhance the integrity of OpenFlow forwarding rules through the Smart Agent and SC, which validate whether a flow is registered on the blockchain or not. The Smart Agent verifies forwarding rules for every new flow request. We conducted experiments on hardware SDN switches using a Ryu OpenFlow controller and a private blockchain, demonstrating the effectiveness of our approach. Evaluation results indicate that SDBlock-IoT outperforms existing solutions in terms of flow verification time, controller recovery time, CPU utilization, and transaction costs.</p>","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141863797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-08DOI: 10.1007/s10922-024-09837-5
Gourav Prateek Sharma, Wouter Tavernier, Didier Colle, Mario Pickavet, Jetmir Haxhibeqiri, Jeroen Hoebeke, Ingrid Moerman
Proprietary communication technologies for time-critical communication in industrial environments are being gradually replaced by Time-sensitive Networking (TSN)-enabled Ethernet. Furthermore, attempts have been made to bring TSN features into wireless networks so that the flexibility of wireless networks can be utilized, and the end-to-end timings for Time-Triggered (TT) streams can be guaranteed. Given a mixed wired-wireless network, the scheduling problem should be solved for a set of TT stream requests. In this paper, we formulate the no-wait scheduling problem for mixed wired-wireless networks as a Mixed Integer Linear Programming (MILP) model with the objective of minimizing the flowspan. We also propose a relaxation of the original MILP in the form of a 2-stage MILP formulation. Next, a scalable approach based on the greedy heuristic is proposed to solve the problem for realistic-size networks. Evaluation results show that the greedy heuristic is suitable for realistic problem sizes where the MILP-based approach is found to be practically infeasible. Furthermore, the impact of wireless requests on the performance of the greedy heuristic is reported.
{"title":"End-to-End No-wait Scheduling for Time-Triggered Streams in Mixed Wired-Wireless Networks","authors":"Gourav Prateek Sharma, Wouter Tavernier, Didier Colle, Mario Pickavet, Jetmir Haxhibeqiri, Jeroen Hoebeke, Ingrid Moerman","doi":"10.1007/s10922-024-09837-5","DOIUrl":"https://doi.org/10.1007/s10922-024-09837-5","url":null,"abstract":"<p>Proprietary communication technologies for time-critical communication in industrial environments are being gradually replaced by Time-sensitive Networking (TSN)-enabled Ethernet. Furthermore, attempts have been made to bring TSN features into wireless networks so that the flexibility of wireless networks can be utilized, and the end-to-end timings for Time-Triggered (TT) streams can be guaranteed. Given a mixed wired-wireless network, the scheduling problem should be solved for a set of TT stream requests. In this paper, we formulate the no-wait scheduling problem for mixed wired-wireless networks as a Mixed Integer Linear Programming (MILP) model with the objective of minimizing the flowspan. We also propose a relaxation of the original MILP in the form of a 2-stage MILP formulation. Next, a scalable approach based on the greedy heuristic is proposed to solve the problem for realistic-size networks. Evaluation results show that the greedy heuristic is suitable for realistic problem sizes where the MILP-based approach is found to be practically infeasible. Furthermore, the impact of wireless requests on the performance of the greedy heuristic is reported.</p>","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":3.6,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141566756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}