Journal of Network and Systems Management最新文献

The threats of botnets are becoming a growing concern infecting more and more computers every day. Although botnets can be detected from their behavioral patterns, it is becoming more challenging to differentiate the behavior between the malicious traffic and the legitimate traffic as with the advancement of the technologies the malicious traffics are following the similar behavioral patterns of benign traffics. The detection of malicious traffic largely depends on the traffic features that are being used to feed in the detection process. Selecting the best features for effective botnet detection is the main contribution of this paper. At the very beginning, we show the impact of different features on botnet detection process. Then we propose several heuristics to select the best features from a handful of possible features. Some proposed heuristics are truly feature-based and some are group-based, thus generating different accuracy levels. We also analyze time complexity of each heuristic and provide a detailed performance analysis. As working with all combinations of a large number of features is not feasible, some heuristics work by grouping the features based on their similarity in patterns and checking all combinations within the groups of small number of features which improves the time complexity by a large margin. Through experiments we show the efficacy of the proposed feature selection heuristics. The result shows that some heuristics outperform state-of-the-art feature selection algorithms.

Cybersecurity has become an increasingly important field as cyber threats continue to grow in number and complexity. The NICE framework, developed by NIST, provides a structured approach to cybersecurity education. Despite the publication of cybersecurity frameworks, scenario design in cybersecurity is not yet governed by structured design principles, leading to ambiguous learning outcomes. This research uses the NICE framework to provide structure design and development of a cyber range and the relevant scenarios. The proposed methodology and research results can assist the scenario design in cybersecurity and as a methodological procedure for evaluation. Finally, the research provides a better understanding of the NICE framework and demonstrates how it can assist in creating practical cybersecurity scenarios.

The recent advancements in network systems, including Software-Defined Networking (SDN), Network Functions Virtualization (NFV), and cloud networking, have significantly enhanced network management. These technologies increase efficiency, reduce manual efforts, and improve agility in deploying new services. They also enable scalable network resources, facilitate handling demand surges, and provide efficient access to innovative solutions. Despite these advancements, the performance of interconnected nodes is still influenced by the heterogeneity of network infrastructure and the capabilities of physical links. This work introduces a comprehensive solution addressing these challenges through Intent-Based Networking (IBN). Our approach utilizes IBN for defining high-level service requirements (QoS) tailored to individual node specifications. Further, we integrate a Graph Neural Network (GNN) to model the network’s overlay topology and understand the behavior of nodes and links. This integration enables the translation of defined intents into optimal paths between end-to-end nodes, ensuring efficient path selection. Additionally, our system incorporates Deep Deterministic Policy Gradients (DDPG) for dynamic weight calculation of QoS metrics to adjust the link cost assigned to network paths based on performance metrics, ensuring the network adapts to the specified QoS intents. The proposed solution has been implemented as an IBN system design comprising an intent definition manager, a GNN model for optimal path selection, an Off-Platform Application (OPA) for policy creation, an assurance module consisting of the DDPG mechanism, and a real-time monitoring system. This design ensures continuous efficient path selection assurance, dynamically adapting to changing conditions and maintaining optimal service levels per the defined intents.

Augmented Reality (AR) applications can reshape our society enabling novel ways of interactions and immersive experiences in many fields. However, multi-user and collaborative AR applications pose several challenges. The expected user experience requires accurate position and orientation information for each device and precise synchronization of the respective coordinate systems in real-time. Unlike mobile phones or AR glasses running on battery with constrained resource capacity, cloud and edge platforms can provide the computing power for the core functions under the hood. In this paper, we propose a novel edge cloud based platform for multi-user AR applications realizing an essential coordination service among the users. The latency critical, computation intensive Simultaneous Localization And Mapping (SLAM) function is offloaded from the device to the edge cloud infrastructure. Our solution is built on open-source SLAM libraries and the Robot Operating System (ROS). Our contribution is threefold. First, we propose an extensible, edge cloud based AR architecture. Second, we develop a proof-of-concept prototype supporting multiple devices and building on an AI-based SLAM selection component. Third, a dedicated measurement methodology is described, including energy consumption aspects as well, and the overall performance of the system is evaluated via real experiments.

The use of Network Function Virtualization is constantly increasing in Cloud environments, especially for next-generation networks such as 5G. In this context, the definition of a deployment scheme defining for each Virtual Network Function (VNF) the appropriate server in order to meet the quality of service requirements. This problem is known in the literature as virtual fetwork function placement. However, proper deployment of VNFs on servers can minimize the number of servers used, but may increase service latency. In this article, we propose a multi-objective integer linear programming model to solve the problem of network function placement. The objective is to find the best compromise between minimizing end-to-end total latency for users and reducing the number of servers used, while ensuring that the maximum number of VNFs is connected in the network. Our proposal to solve the NP-hard problem involves developing an algorithm based on the Particle Swarm Optimization metaheuristic to obtain a polynomial time resolution. By performing tests on a simple VNF deployment problem, we validated the relevance of our optimization model and demonstrated the effectiveness of our algorithm. The results obtained showed that our method provides feasible solutions very close to the exact optimal solutions.

The Intelligent Transportation System protocol stack has revolutionized traffic efficiency and road safety applications in vehicular environments. This is due to the incorporation of the 802.11p standard in the 5.9 GHz band. This study introduces a novel architecture for vehicular communications. It employs Internet Protocol version 4 multicast over the 5.9 GHz band allocated for Intelligent Transportation Systems. The frequency band was designated by the European Telecommunications Standards Institute. Our proposed architecture addresses challenges in a specific urban use case. The use case involves a Level Crossing in Bordeaux. It focuses on the broadcast of Cooperative Awareness Message (CAM) and Decentralized Environmental Notification Message (DENM) to enhance road-user safety. To prevent accidents, we present an algorithm for CAM and DENM dissemination that ensures timely alerts for sudden vehicle blockage emergencies. Moreover, we introduce a comprehensive and optimized train braking strategy to further minimize accident risks. This strategy aims to provide efficient and timely train deceleration, allowing sufficient time for road users to clear the Level Crossing and mitigating the potential risk for collisions. We analyze End-to-End delay and Packet Reception Ratio to gauge our system’s performance. We also compare our edge-server-based architecture with cloud-based alternatives, showcasing improved latency and Packet Loss Rate in our approach. The obtained results illustrate the effectiveness of our edge-server-based architecture in the context of Intelligent Transportation Systems, particularly utilizing the 5.9 GHz band technology. The findings of this study provide a foundation for future deployments and improvements in urban environments, fostering safer and more reliable transportation systems.

In the context of Network Function Virtualization (NFV), Network Services (NS) are realized by interconnecting Virtual Network Functions (VNF) using Virtual Links (VL). Service dependability is an important characteristic of NSs. Service dependability includes service availability, reliability, and continuity attributes. The NFV framework brings new challenges to NS dependability because of the resource-sharing possibility, NS and VNF elasticity, and the dynamicity in the NFV environment. There has been a lot of work on the dependability of NSs in the context of NFV. Existing works address different dependability attributes and use different methods and mechanisms in the proposed solutions. Thus, it is difficult to evaluate and compare these solutions, determine the well-investigated areas, and identify gaps. In this paper, we investigate the state of the art for NS dependability in the context of NFV and survey existing solutions. We define a taxonomy that represents the different aspects of NS dependability and their relations in this context. We analyze 102 papers published in the past 5 years and map them to our proposed taxonomy to understand what is addressed in the proposed solution and how. We identify the gaps and discuss potential future work directions.

The development of Intrusion Detection Systems using Machine Learning techniques (ML-based IDS) has emerged as an important research topic in the cybersecurity field. However, there is a noticeable absence of systematic studies to comprehend the usability of such systems in real-world applications. This paper analyzes the impact of data preprocessing techniques on the performance of ML-based IDS using two public datasets, UNSW-NB15 and CIC-IDS2017. Specifically, we evaluated the effects of data cleaning, encoding, and normalization techniques on the performance of binary and multiclass intrusion detection models. This work investigates the impact of data preprocessing techniques on the performance of ML-based IDS and how the performance of different ML-based IDS is affected by data preprocessing techniques. To this end, we implemented a machine learning pipeline to apply the data preprocessing techniques in different scenarios to answer such questions. The findings analyzed using the Friedman statistical test and Nemenyi post-hoc test revealed significant differences in groups of data preprocessing techniques and ML-based IDS, according to the evaluation metrics. However, these differences were not observed in multiclass scenarios for data preprocessing techniques. Additionally, ML-based IDS exhibited varying performances in binary and multiclass classifications. Therefore, our investigation presents insights into the efficacy of different data preprocessing techniques for building robust and accurate intrusion detection models.

OpenFlow-compliant commodity switches face challenges in efficiently managing flow rules due to the limited capacity of expensive high-speed memories used to store them. The accumulation of inactive flows can disrupt ongoing communication, necessitating an optimized approach to flow rule timeouts. This paper proposes Delayed Dynamic Timeout (DDT), a Reinforcement Learning-based approach to dynamically adjust flow rule timeouts and enhance the utilization of a switch’s flow table(s) for improved efficiency. Despite the dynamic nature of network traffic, our DDT algorithm leverages advancements in Reinforcement Learning algorithms to adapt and achieve flow-specific optimization objectives. The evaluation results demonstrate that DDT outperforms static timeout values in terms of both flow rule match rate and flow rule activity. By continuously adapting to changing network conditions, DDT showcases the potential of Reinforcement Learning algorithms to effectively optimize flow rule management. This research contributes to the advancement of flow rule optimization techniques and highlights the feasibility of applying Reinforcement Learning in the context of SDN.

In an Internet of Things (IoT) environment, multiple objects usually interact with one another to meet a complex user’s request. This involves the composition of several atomic IoT services. Given a large number of functionally equivalent services with different Quality of Service (QoS) values, the service composition problem remains one of the main challenges in IoT environments. This paper presents a Discrete Adaptive Lion Optimization Algorithm (DALOA) to select IoT services in a composition process while considering global user QoS constraints. DALOA is based on the Lion Optimization Algorithm (LOA) and developed by combining several LOA operators, such as roaming, mating, and migration. First, DALOA divides the initial population into two sub-populations: pride and nomad, and each sub-population has its search strategies. Second, the roaming nomad process follows a random searching mode (strong exploration) to avoid being trapped in local optima. Third, the roaming pride searching mode represents strong local research, ensuring more efficient exploitation. Four, mating (mating pride, mating nomad) allows for information sharing between members of the same population. Finally, the migration operator is used to ensure population diversity by allowing information sharing between the pride and the nomad. The simulation results show that DALOA obtains the best compositional optimality and finds the near-optimal composition of the IoT services in a reasonable execution time compared to other approaches. Indeed, the combination of the previous operators provides a good trade-off between exploration and exploitation.