Seyed Dawood Sajjadi Torshizi, Maryam Tanha, Jianping Pan
Chaotic deployment of Wireless Local Area Networks (WLANs) in dense urban areas is one of the common issues of many Internet Service Providers (ISPs) and Wi-Fi users. It results in a substantial reduction of the throughput and impedes the balanced distribution of bandwidth among the users. Most of these networks are managed independently and there is no cooperation among them. Moreover, the conventional association mechanism that selects the Access Points (APs) with the strongest Received Signal Strength Indicator (RSSI) aggravates this situation. In this paper, we present a versatile near-optimal solution for the fair bandwidth distribution over virtualized WLANs through dynamic association control. The proposed scheme is called ACO-PF, which is developed on top of Ant Colony Optimization (ACO) as a meta-heuristic technique to provide Proportional Fairness (PF) among the greedy clients. In fact, it presents a generic and centralized solution for ISPs that are using a common, virtualized or overlapped WLAN infrastructure for serving their customers. We have evaluated the efficacy of ACO-PF through numerical analysis versus popular existing schemes for both downlink and uplink scenarios. Our proposed technique has less complexity in terms of the implementation and running time for largescale WLANs and it can be easily developed and customized for different objective functions. In addition, it is implemented in a testbed environment to investigate the key challenges of real deployment scenarios.
{"title":"Meta-Heuristic Solution for Dynamic Association Control in Virtualized Multi-Rate WLANs","authors":"Seyed Dawood Sajjadi Torshizi, Maryam Tanha, Jianping Pan","doi":"10.1109/LCN.2016.53","DOIUrl":"https://doi.org/10.1109/LCN.2016.53","url":null,"abstract":"Chaotic deployment of Wireless Local Area Networks (WLANs) in dense urban areas is one of the common issues of many Internet Service Providers (ISPs) and Wi-Fi users. It results in a substantial reduction of the throughput and impedes the balanced distribution of bandwidth among the users. Most of these networks are managed independently and there is no cooperation among them. Moreover, the conventional association mechanism that selects the Access Points (APs) with the strongest Received Signal Strength Indicator (RSSI) aggravates this situation. In this paper, we present a versatile near-optimal solution for the fair bandwidth distribution over virtualized WLANs through dynamic association control. The proposed scheme is called ACO-PF, which is developed on top of Ant Colony Optimization (ACO) as a meta-heuristic technique to provide Proportional Fairness (PF) among the greedy clients. In fact, it presents a generic and centralized solution for ISPs that are using a common, virtualized or overlapped WLAN infrastructure for serving their customers. We have evaluated the efficacy of ACO-PF through numerical analysis versus popular existing schemes for both downlink and uplink scenarios. Our proposed technique has less complexity in terms of the implementation and running time for largescale WLANs and it can be easily developed and customized for different objective functions. In addition, it is implemented in a testbed environment to investigate the key challenges of real deployment scenarios.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"35 1","pages":"253-261"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89933621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
One primary component of OpenFlow switches is a pipeline of flow tables. Flows are directed through the pipeline by looking up a matched rule in each table. Sequentially, Packet matching starts at table 0 and continues to additional tables of the pipeline if necessary. The lookup stops when one flow entry is matched or the end of pipeline is reached. Though effective, this manner of processing is not efficient when popular rules are installed in back tables. If frequently matched rules appear earlier in the pipeline, the procedure of lookup and comparison can be improved. Unfortunately, a simple sorting algorithm is not feasible. In this paper, we formalize the problem of reducing lookup times, which is proven to be NP-hard. A heuristic approach, MILE(migrating flow rules), is proposed to minimize the average number of lookups. Experimental results show that MILE is able to reduce table lookups by 50%.
{"title":"An Efficiency Pipeline Processing Approach for OpenFlow Switch","authors":"Zhenwei Wu, Yong Jiang, Shu Yang","doi":"10.1109/LCN.2016.43","DOIUrl":"https://doi.org/10.1109/LCN.2016.43","url":null,"abstract":"One primary component of OpenFlow switches is a pipeline of flow tables. Flows are directed through the pipeline by looking up a matched rule in each table. Sequentially, Packet matching starts at table 0 and continues to additional tables of the pipeline if necessary. The lookup stops when one flow entry is matched or the end of pipeline is reached. Though effective, this manner of processing is not efficient when popular rules are installed in back tables. If frequently matched rules appear earlier in the pipeline, the procedure of lookup and comparison can be improved. Unfortunately, a simple sorting algorithm is not feasible. In this paper, we formalize the problem of reducing lookup times, which is proven to be NP-hard. A heuristic approach, MILE(migrating flow rules), is proposed to minimize the average number of lookups. Experimental results show that MILE is able to reduce table lookups by 50%.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"16 1","pages":"204-207"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87847269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless Sensor Networks (WSNs) equipped with directional communication and sensing devices provide a high level of tunability needed in optimizing their performance in critical applications. Such devices and nodes, however, remain prone to failure when operating in the field. In this paper we formalize a problem, called directional breach path detection reliability (DIR-BPDREL), that quantifies the ability of such networks to jointly detect and report unauthorized traversal through a network when communication and sensing devices fail independently of each other. We adopt a framework for deriving lower and upper bounds on exact reliability solutions, and develop efficient algorithms for optimizing the computations using pathset and cutset structures of the given network. The algorithms process separate communication and sensing graphs to ensure joint detection and reporting of intrusion events from multiple possible entry-exit sides. The obtained numerical results give insight into the effect of various design parameters on network wide performance.
{"title":"Breach Path Reliability for Directional Sensor Networks","authors":"Mohammed Elmorsy, E. Elmallah","doi":"10.1109/LCN.2016.65","DOIUrl":"https://doi.org/10.1109/LCN.2016.65","url":null,"abstract":"Wireless Sensor Networks (WSNs) equipped with directional communication and sensing devices provide a high level of tunability needed in optimizing their performance in critical applications. Such devices and nodes, however, remain prone to failure when operating in the field. In this paper we formalize a problem, called directional breach path detection reliability (DIR-BPDREL), that quantifies the ability of such networks to jointly detect and report unauthorized traversal through a network when communication and sensing devices fail independently of each other. We adopt a framework for deriving lower and upper bounds on exact reliability solutions, and develop efficient algorithms for optimizing the computations using pathset and cutset structures of the given network. The algorithms process separate communication and sensing graphs to ensure joint detection and reporting of intrusion events from multiple possible entry-exit sides. The obtained numerical results give insight into the effect of various design parameters on network wide performance.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"12 1","pages":"371-379"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87400564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Luciana B. Abiuzi, Cecília A. C. César, C. Ribeiro
The pattern of mobile nodes movement and node removals or additions cause frequent and unpredictable changes in the topology of mobile ad hoc networks. Network performance can thus vary significantly under different mobility models, as well as from the variation in parameters of a given mobility model, such as node movement speed and number of nodes in the network. Hence, the efficiency of a network depends not only on its control protocols, but also on its topology. In this paper, we first compare the impact that mobility parameter variations produces on typical network metrics - routing packets generated, routing overhead and route discovery average delay - in networks with and without topology control. Results from experiments in a wireless network simulator show that, in networks with topology control using 2 or 3 hops for route discovery depending on the node degree, the number of routing packets decreases, therefore improving the operation and efficiency of the network. Based on these results, a local adaptive self-configuration LMST topology control was then proposed and analysed, producing better results as the network size increases.
{"title":"A-LMST: An Adaptive LMST Local Topology Control Algorithm for Mobile Ad Hoc Networks","authors":"Luciana B. Abiuzi, Cecília A. C. César, C. Ribeiro","doi":"10.1109/LCN.2016.34","DOIUrl":"https://doi.org/10.1109/LCN.2016.34","url":null,"abstract":"The pattern of mobile nodes movement and node removals or additions cause frequent and unpredictable changes in the topology of mobile ad hoc networks. Network performance can thus vary significantly under different mobility models, as well as from the variation in parameters of a given mobility model, such as node movement speed and number of nodes in the network. Hence, the efficiency of a network depends not only on its control protocols, but also on its topology. In this paper, we first compare the impact that mobility parameter variations produces on typical network metrics - routing packets generated, routing overhead and route discovery average delay - in networks with and without topology control. Results from experiments in a wireless network simulator show that, in networks with topology control using 2 or 3 hops for route discovery depending on the node degree, the number of routing packets decreases, therefore improving the operation and efficiency of the network. Based on these results, a local adaptive self-configuration LMST topology control was then proposed and analysed, producing better results as the network size increases.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"20 1","pages":"168-171"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75905380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we propose a Fragmentation-based Multipath Routing (FMR) model for Software Defined Networks (SDNs) to enable attack-resilient data transfer. With the use of erasure encoding to fragment a message, the fragments are routed along multiple paths such that no intermediate node receives enough fragments required for message decoding. This ensures that, any intruder on a compromised node does not infer the original data from the received fragments. We develop an optimization programming formulation of the problem to choose reliable paths that provide resilience to attacks. Using FMR, the SDN controller dynamically routes the data fragments along a set of most reliable paths to achieve multipath diversity and hence improve data availability at the destination even in the presence of an attack. We carry out performance studies and demonstrate the effectiveness of our approach in terms of weighted path reliability and blocking performance.
{"title":"Fragmentation-Based Multipath Routing for Attack Resilience in Software Defined Networks","authors":"Purnima Murali Mohan, Teng Joon Lim, G. Mohan","doi":"10.1109/LCN.2016.98","DOIUrl":"https://doi.org/10.1109/LCN.2016.98","url":null,"abstract":"In this paper, we propose a Fragmentation-based Multipath Routing (FMR) model for Software Defined Networks (SDNs) to enable attack-resilient data transfer. With the use of erasure encoding to fragment a message, the fragments are routed along multiple paths such that no intermediate node receives enough fragments required for message decoding. This ensures that, any intruder on a compromised node does not infer the original data from the received fragments. We develop an optimization programming formulation of the problem to choose reliable paths that provide resilience to attacks. Using FMR, the SDN controller dynamically routes the data fragments along a set of most reliable paths to achieve multipath diversity and hence improve data availability at the destination even in the presence of an attack. We carry out performance studies and demonstrate the effectiveness of our approach in terms of weighted path reliability and blocking performance.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"55 1","pages":"583-586"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81262303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Thomas Lukaseder, Leonard Bradatsch, Benjamin Erb, R. V. D. Heijden, F. Kargl
The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present, CUBIC is suggested otherwise.
{"title":"A Comparison of TCP Congestion Control Algorithms in 10G Networks","authors":"Thomas Lukaseder, Leonard Bradatsch, Benjamin Erb, R. V. D. Heijden, F. Kargl","doi":"10.1109/LCN.2016.121","DOIUrl":"https://doi.org/10.1109/LCN.2016.121","url":null,"abstract":"The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present, CUBIC is suggested otherwise.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"14 1","pages":"706-714"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90554723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Maurice Leclaire, Stephan M. Günther, Marten Lienen, Maximilian Riemensberger, G. Carle
Coded packet networks allow for proactive injection of redundant packets to compensate for packet loss. Link metrics are usually based on the estimated transmission counter (ETX). This metric is used to determine the expected number of coded packets needed, but does not make guarantees for a specific decoding probability. In this paper we show that relying on the ETX metric leads to a surprisingly high probability that decoding is not possible. Based on this result, we derive a redundancy scheme to allow for an adjustable decoding probability. In a third step, we extend this scheme to also consider the reliability of link quality estimates themselves. We provide a numerically stable and hardware-accelerated implementation of our redundancy scheme, and compare all approaches in a simulated environment. Finally, we show the effect of the new redundancy scheme on different transport layer protocols in a wireless setup with random linear network coding.
{"title":"Rate-Adaptive Link Quality Estimation for Coded Packet Networks","authors":"Maurice Leclaire, Stephan M. Günther, Marten Lienen, Maximilian Riemensberger, G. Carle","doi":"10.1109/LCN.2016.124","DOIUrl":"https://doi.org/10.1109/LCN.2016.124","url":null,"abstract":"Coded packet networks allow for proactive injection of redundant packets to compensate for packet loss. Link metrics are usually based on the estimated transmission counter (ETX). This metric is used to determine the expected number of coded packets needed, but does not make guarantees for a specific decoding probability. In this paper we show that relying on the ETX metric leads to a surprisingly high probability that decoding is not possible. Based on this result, we derive a redundancy scheme to allow for an adjustable decoding probability. In a third step, we extend this scheme to also consider the reliability of link quality estimates themselves. We provide a numerically stable and hardware-accelerated implementation of our redundancy scheme, and compare all approaches in a simulated environment. Finally, we show the effect of the new redundancy scheme on different transport layer protocols in a wireless setup with random linear network coding.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"54 1","pages":"732-740"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91051491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A wireless sensor network (WSN) typically involves deploying multiple nodes in an area to measure environmental parameters. WSNs are getting enveloped within the realm of IoT which significantly increases their scale of deployment. The end-objective of deploying a sensor network is to get valuable data about a region irrespective of the physical configuration used for measurement. We propose an Adaptive Data-centric Clustering algorithm for Sensor networks (ADCS), a hierarchical algorithm where user-specific data requirements are factored into the clustering decisions. Specifically, similarity in parameter variations are used as a criteria for optimization. We have deployed an eKo-based sensor network in north-eastern India to measure environmental parameters as part of a precision agriculture application. Data from this network is used to develop models to rigorously compare the performance of three variants of ADCS: ADCS-DB, ADCS-KM and ADCS-AG and arrive at useful recommendations for deployment planning.
{"title":"Adaptive Data-Centric Clustering with Sensor Networks for Energy Efficient IoT Applications","authors":"Sanat Sarangi, S. Pappula","doi":"10.1109/LCN.2016.68","DOIUrl":"https://doi.org/10.1109/LCN.2016.68","url":null,"abstract":"A wireless sensor network (WSN) typically involves deploying multiple nodes in an area to measure environmental parameters. WSNs are getting enveloped within the realm of IoT which significantly increases their scale of deployment. The end-objective of deploying a sensor network is to get valuable data about a region irrespective of the physical configuration used for measurement. We propose an Adaptive Data-centric Clustering algorithm for Sensor networks (ADCS), a hierarchical algorithm where user-specific data requirements are factored into the clustering decisions. Specifically, similarity in parameter variations are used as a criteria for optimization. We have deployed an eKo-based sensor network in north-eastern India to measure environmental parameters as part of a precision agriculture application. Data from this network is used to develop models to rigorously compare the performance of three variants of ADCS: ADCS-DB, ADCS-KM and ADCS-AG and arrive at useful recommendations for deployment planning.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"77 1","pages":"398-405"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89536521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Within Content Delivery Networks (CDNs), users are typically geographically load-balanced across multiple servers in order to provide better performance and locality - users are assigned to the content servers close to them. One approach to user-server assignment is the use of IP anycast, where all the content servers use the same IP address. A user request is then routed to the server closest to the user, determined by the routing protocols such as BGP. However, there are problems associated with this anycast-based approach. IP anycast is generally incapable of updating or redirecting users to a different (better) server without breaking already established TCP sessions. Moreover, the CDN operators do not have much control on where to redirect the users - it is completely controlled by Internet routing. In this paper we present our Man-In-the-Middle Anycast (MIMA) architecture, a novel anycast-based design that leverages Network Functions Virtualization (NFV) and Software Defined Networking (SDN) techniques to enable flexible and efficient user-server assignment. We demonstrate that the MIMA architecture is capable of performing flexible user-server assignment and offloading during times of high demand, such as flash crowd events that are becoming more common in a media-focused Internet. These capabilities offered by MIMA provide CDN operators a higher degree of flexibility in network management and content provisioning by enabling flexible user-server assignment.
{"title":"Man-In-the-Middle Anycast (MIMA): CDN User-Server Assignment Becomes Flexible","authors":"Jeffrey Lai, Q. Fu","doi":"10.1109/LCN.2016.74","DOIUrl":"https://doi.org/10.1109/LCN.2016.74","url":null,"abstract":"Within Content Delivery Networks (CDNs), users are typically geographically load-balanced across multiple servers in order to provide better performance and locality - users are assigned to the content servers close to them. One approach to user-server assignment is the use of IP anycast, where all the content servers use the same IP address. A user request is then routed to the server closest to the user, determined by the routing protocols such as BGP. However, there are problems associated with this anycast-based approach. IP anycast is generally incapable of updating or redirecting users to a different (better) server without breaking already established TCP sessions. Moreover, the CDN operators do not have much control on where to redirect the users - it is completely controlled by Internet routing. In this paper we present our Man-In-the-Middle Anycast (MIMA) architecture, a novel anycast-based design that leverages Network Functions Virtualization (NFV) and Software Defined Networking (SDN) techniques to enable flexible and efficient user-server assignment. We demonstrate that the MIMA architecture is capable of performing flexible user-server assignment and offloading during times of high demand, such as flash crowd events that are becoming more common in a media-focused Internet. These capabilities offered by MIMA provide CDN operators a higher degree of flexibility in network management and content provisioning by enabling flexible user-server assignment.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"2 1","pages":"451-459"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87944563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Botnet threats include a plethora of possible attacks ranging from distributed denial of service (DDoS), to drive-by-download malware distribution and spam. While for over two decades, techniques have been proposed for either improving accuracy or speeding up the detection of attacks, much of the damage is done by the time attacks are contained. In this work we take a new direction which aims to predict forthcoming attacks (i.e. before they occur), providing early warnings to network administrators who can then prepare to contain them as soon as they manifest or simply quarantine hosts. Our approach is based on modelling the Botnet infection sequence as a Markov chain with the objective of identifying behaviour that is likely to lead to attacks. We present the results of applying a Markov model to real world Botnets' data, and show that with this approach we are successfully able to predict more than 98% of attacks from a variety of Botnet families with a very low false alarm rate.
{"title":"The Early Bird Gets the Botnet: A Markov Chain Based Early Warning System for Botnet Attacks","authors":"Zainab Abaid, D. Sarkar, M. Kâafar, Sanjay Jha","doi":"10.1109/LCN.2016.17","DOIUrl":"https://doi.org/10.1109/LCN.2016.17","url":null,"abstract":"Botnet threats include a plethora of possible attacks ranging from distributed denial of service (DDoS), to drive-by-download malware distribution and spam. While for over two decades, techniques have been proposed for either improving accuracy or speeding up the detection of attacks, much of the damage is done by the time attacks are contained. In this work we take a new direction which aims to predict forthcoming attacks (i.e. before they occur), providing early warnings to network administrators who can then prepare to contain them as soon as they manifest or simply quarantine hosts. Our approach is based on modelling the Botnet infection sequence as a Markov chain with the objective of identifying behaviour that is likely to lead to attacks. We present the results of applying a Markov model to real world Botnets' data, and show that with this approach we are successfully able to predict more than 98% of attacks from a variety of Botnet families with a very low false alarm rate.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"10 1","pages":"61-68"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86596828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: