Abstract—Applying data buffers at relay nodes significantly improves the outage performance in relay networks, but the performance gain is often at the price of long packet delays. In this paper, a novel relay selection scheme with significantly
reduced packet delay is proposed. The outage probability and average packet delay of the proposed scheme under different channel scenarios are analyzed. Simulation results are also given to verify the analysis. The analytical and simulation results show that, compared with non-buffer-aided relay selection schemes, the proposed scheme has not only significant gain in outage performance but also similar average packet delay when the channel SNR is high enough, making it an attractive scheme
Abstract—This paper presents a unique probing scheme, a rate adjustment algorithm, and a modified excursion detection algorithm (EDA) for estimating the available bandwidth (ABW) of an end-to-end network path more accurately and less intrusively. The proposed algorithm is based on the well known concept of
self-induced congestion and it features a unique probing train structure in which there is a region where packets are sampled more frequently than in other regions. This high-density region enables our algorithm to find the turning point more accurately. When the dynamic ABW is outside of this region, we readjust the
lower rate and upper rate of the packet stream to fit the dynamic ABW into that region.We appropriately adjust the range between the lower rate and the upper rate using spread factors, which enables us to keep the number of packets low and we are thus able to measure the ABW less intrusively. Finally, to detect the ABW
from the one-way queuing delay, we present a modified EDA from PathChirps’ original EDA to better deal with sudden increase and decrease in queuing delays due to cross traffic burstiness. For the experiments, an Android OS-based device was used to measure the ABW over a commercial 4G/LTE mobile network of a Japanese mobile operator, as well as real testbed measurements were conducted over fixed and WLAN network. Simulations and experimental results show that our algorithm can achieve ABW estimations in real time and outperforms other stat-of-the-art
measurement algorithms in terms of accuracy, intrusiveness, and convergence time.
Abstract—Networks are getting larger and more complex, yet administrators rely on rudimentary tools such as ping and traceroute to debug problems. We propose an automated and systematic approach for testing and debugging networks called
“Automatic Test Packet Generation” (ATPG). ATPG reads router configurations and generates a device-independent model. The model is used to generate a minimum set of test packets to (minimally) exercise every link in the network or (maximally) exercise every rule in the network. Test packets are sent periodically, and detected failures trigger a separate mechanism to localize the fault. ATPG can detect both functional (e.g., incorrect firewall rule) and performance problems (e.g., congested queue). ATPG complements but goes beyond earlier work in static checking (which cannot detect liveness or performance faults) or fault localization (which only localize faults given liveness results). We describe our prototype ATPG implementation and results on two real-world data sets: Stanford University’s backbone network and
Internet2. We find that a small number of test packets suffices to test all rules in these networks: For example, 4000 packets can cover all rules in Stanford backbone network, while 54 are enough to cover all links. Sending 4000 test packets 10 times per second consumes less than 1% of link capacity. ATPG code and the data sets are publicly available.
Abstract— In this era due to unbelievable development in internet, various online attacks has been increased. From all such attacks most popular attack is phishing. This attacks are done for extracting confidential information such as banking information, passwords from unsuspecting victims for fraud purposes. Confidential data can’t be directly uploaded on website since it is risky. Here in this paper data is encrypted in video and visual cryptography for login purpose in our online database system for providing more security .
Proxy Mobile IPv6 (PMIPv6) allows a mobile node to communicate directly to its peers while changing the currently used IP address. This mode of operation is called route optimization (RO). In the RO process, the peer node learns a binding between the home address and its current temporary care-of-address. Many schemes have been proposed to support RO in PMIPv6. However, these schemes do not consider the out-of-sequence problem, which may happen between the existing path and the newly established RO path. In this paper, we propose a scheme to solve the out-of-sequence problem with low cost. In our scheme, we use the additional packet sequence number and the time information when the problem occurs. We then run experiments on a reliable packet transmission (RPT) laboratory testbed to evaluate the performance of the proposed scheme, and compare it with the well-known RO-supported PMIPv6 and the out-of-sequence time period scheme. The experimental results show that for most of the cases, our proposed scheme guarantees RPT by preventing the out-of-sequence problem.
ABSTRACT : We investigate the cooperation among energy prosumers (unied energy provider and consumer) through the energy packet network (EPN) paradigm, which represents both the ow of work that requires energy, and the ow of energy itself, in terms of discrete units. This paper details a stochastic model of EPNs, which is inspired from a branch of queuing theory called G-networks. The model allows us to
compute the equilibrium state of a system that includes energy storage units, energy transmission networks, and energy consumers, together with the intermittent energy sources. The model is then used to show how the ow of work and energy in the system can be optimized for certain utility functions that consider both the needs of the consumers, and the desire to maintain some reserve energy for potential future needs.
ABSTRACT A feature of the Internet of Things (IoT) is that some users in the system need to be served quickly for small packet transmission. To address this requirement, a new multiple-input multiple-output non-orthogonal multiple access (MIMO-NOMA) scheme is designed in this paper, where one user is served with its quality of service requirement strictly met, and the other user is served opportunistically by using the
NOMA concept. The novelty of this new scheme is that it confronts the challenge that the existing MIMONOMA schemes rely on the assumption that users' channel conditions are different, a strong assumption which may not be valid in practice. The developed precoding and detection strategies can effectively create a signicant difference between the users' effective channel gains, and therefore, the potential of NOMA can be realized even if the users' original channel conditions are similar. Analytical and numerical results are provided to demonstrate the performance of the proposed MIMO-NOMA scheme.
The architecture of two-tiered sensor networks, where storage nodes serve as an intermediate tier between sensors and a sink for storing data and processing queries, has been widely adopted because of the benefits of power and storage saving for sensors as well as the efficiency of query processing. However, the importance of storage nodes also makes them attractive to attackers. In this paper, we propose SafeQ, a protocol that prevents attackers from gaining information from both sensor collected data and sink issued queries. SafeQ also allows a sink to detect compromised storage nodes when they misbehave. To preserve privacy, SafeQ uses a novel technique to encode both data and queries such that a storage node can correctly process encoded queries over encoded data without knowing their values. To preserve integrity, we propose two schemes—one using Merkle hash trees and another using a new data structure called neighborhood chains—to generate integrity verification information so that a sink can use this information to verify whether the result of a query contains exactly the data items that satisfy the query. To improve performance, we propose an optimization technique using Bloom filters to reduce the communication cost between sensors and storage nodes.
Because the Internet has been widely applied in various fields, more and more network security issues emerge and catch people’s attention. However, adversaries often hide themselves by spoofing their own IP addresses and then launch attacks.
For this reason, researchers have proposed a lot of traceback schemes to trace the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others combine packetmarking with packet logging and therefore create hybrid IP traceback schemes demanding less storage but requiring a longer search. In this paper, we propose a new hybrid IP traceback scheme with efficient packet logging aiming to have a fixed storage requirement for each router (under 320 KB, according to CAIDA’s skitter data set) in packet logging without
the need to refresh the logged tracking information and to achieve zero false positive and false negative rates in attack-path reconstruction. In addition, we use a packet’s marking field to censor attack traffic on its upstream routers. Lastly, we simulate and analyze our scheme, in comparison with other related research, in the following aspects: storage requirement, computation, and accuracy.
The scalability limitations of BGP have been a major concern lately. An important aspect of this issue is the rate of routing updates (churn) that BGP routers must process. This paper presents an analysis of the evolution of churn in four networks at the backbone of the Internet over a period of seven years and eight months, using BGP update traces from the RouteViews project. The churn rate varies widely over time and between networks. Instead of descriptive “black-box” statistical analysis, we take an exploratory data analysis approach attempting to understand the reasons behind major observed characteristics of the churn time series. We find that duplicate announcements are a major churn contributor, responsible for most large spikes. Remaining spikes are mostly caused by routing incidents that affect a large number of prefixes simultaneously. More long-term intense periods of churn, on the other hand, are caused by misconfigurations or other special events at or close to the monitored autonomous system (AS). After filtering pathologies and effects that are not related to the long-term evolution of churn, we analyze the remaining “baseline” churn and find that it is increasing at a rate that is similar to the growth of the number of ASs.
Efficient and effective full-text retrieval in unstructured peer-to-peer networks remains a challenge in the research community. First, it is difficult, if not impossible, for unstructured P2P systems to effectively locate items with guaranteed recall. Second, existing schemes to improve search success rate often rely on replicating a large number of item replicas across the wide area network, incurring a large amount of communication and storage costs. In this paper, we propose BloomCast, an efficient and effective full-text retrieval scheme, in unstructured P2P networks. By leveraging a hybrid P2P protocol, BloomCast replicates the items uniformly at random across the P2P networks, achieving a guaranteed recall at a communication cost of Þ, where N is the size of the network. Furthermore, by casting Bloom Filters instead of the raw documents across the network, BloomCast significantly reduces the communication and storage costs for replication. We demonstrate the power of BloomCast design through both mathematical proof and comprehensive simulations based on the query logs from a major commercial search engine and NIST TREC WT10G data collection. Results show that BloomCast achieves an average query recall of 91 percent, which outperforms the existing WP algorithm by 18 percent, while BloomCast greatly reduces the search latency for query processing by 57 percent
Compromised machines are one of the key security threats on the Internet; they are often used to launch various security attacks such as spamming and spreading malware, DDoS, and identity theft. Given that spamming provides a key economic incentive for attackers to recruit the large number of compromised machines, we focus on the detection of the compromised machines in a network that are involved in the spamming activities, commonly known as spam zombies. We develop an effective spam zombie detection system named SPOT by monitoring outgoing messages of a network. SPOT is designed based on a powerful statistical tool called Sequential Probability Ratio Test, which has bounded false positive and false negative error rates. Our evaluation studies based on a two-month email trace collected in a large U.S. campus network show that SPOT is an effective and efficient system in automatically detecting compromised machines in a network. In addition, we also compare the performance of SPOT with two other spam zombie detection algorithms based on the number and percentage of spam messages originated or forwarded by internal machines, respectively, and show that SPOT outperforms these two detection algorithms.
This paper introduces several novel load-balancing algorithms for distributing Session Initiation Protocol (SIP) requests to a cluster of SIP servers. Our load balancer improves both throughput and response time versus a single node while exposing a single interface to external clients. We present the design, implementation, and evaluation of our system using a cluster of Intel x86 machines running Linux. We compare our algorithms to several well-known approaches and present scalability results for up to 10 nodes. Our best algorithm, Transaction Least-Work-Left (TLWL), achieves its performance by integrating several features: knowledge of the SIP protocol, dynamic estimates of back-end server load, distinguishing transactions from calls, recognizing variability in call length, and exploiting differences in processing costs for different SIP transactions. By combining these features, our algorithm provides finer-grained load balancing than standard approaches, resulting in throughput improvements of up to 24% and response-time improvements of up to two orders of magnitude. We present a detailed analysis of occupancy to show how our algorithms significantly reduce response time.
Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the dynamic nature of its network infrastructure. Among these attacks, routing attacks have received considerable attention since it could cause the most devastating damage to MANET. Even though there exist several intrusion response techniques to mitigate such critical attacks, existing solutions typically attempt to isolate malicious nodes based on binary or nai¨ve fuzzy response decisions.
However, binary responses may result in the unexpected network partition, causing additional damages to the network infrastructure, and nai¨ve fuzzy responses could lead to uncertainty in countering routing attacks in MANET. In this paper, we propose a risk-aware response mechanism to systematically cope with the identified routing attacks. Our risk-aware approach is based on an extended Dempster-Shafer mathematical theory of evidence introducing a notion of importance factors. In addition, our experiments demonstrate the effectiveness of our approach with the consideration of several performance metrics.
Peer-to-peer overlay networks are widely used in distributed systems. P2P networks can be divided into two categories: structured peer-to-peer networks in which peers are connected by a regular topology, and unstructured peer-to-peer networks in which the topology is arbitrary. The objective of this work is to design a hybrid peer-to-peer system for distributed data sharing which combines the advantages of both types of Peer-to-peer networks and minimizes their disadvantages. Consistency maintenance is propagating the updates from a primary file to its replica. Adaptive consistency maintenance algorithm (ACMA) maintains that periodically polls the file owner to update the file due to minimum number of replicas consistency overhead is very low. Top Caching (TC) algorithm helps to boost the system performance and to build a fully distributed cache for most popular information. Our caching scheme can deliver lower query delay, better load balance and higher cache hit ratios. It effectively relieves the over-caching problems for the most popular objects.
Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multitier design wherein the web server runs the application front-end logic and data are outsourced to a database or file server. In this paper, we present Double Guard, an IDS system that models the network behavior of user sessions across both the front-end web server and the back-end database. By monitoring both web and subsequent database requests, we are able to ferret out attacks that independent IDS would not be able to identify. Furthermore, we quantify the limitations of any multitier IDS in terms of training sessions and functionality coverage. We implemented Double Guard using an Apache web server with MySQL and lightweight virtualization. We then collected and processed real-world traffic over a 15-day period of system deployment in both dynamic and static web applications. Finally, using DoubleGuard, we were able to expose a wide range of attacks with 100 percent accuracy while maintaining 0 percent false positives for static web services and 0.6 percent false positives for dynamic web services.
For real-time video broadcast where multiple users are interested in the same content, mobile-to-mobile cooperation can be utilized to improve delivery efficiency and reduce network utilization. Under such cooperation, however, real-time video transmission requires end-to-end delay bounds. Due to the inherently stochastic nature of wireless fading channels, deterministic delay bounds are prohibitively difficult to guarantee. For a scalable video structure, an alternative is to provide statistical guarantees using the concept of effective capacity/bandwidth by deriving quality of service exponents for each video layer. Using this concept, we formulate the resource allocation problem for general multi-hop multicast network flows and derive the optimal solution that minimizes the total energy consumption while guaranteeing a statistical end-to-end delay bound on each network path. A method is described to compute the optimal resource allocation at each node in a distributed fashion. Furthermore, we propose low complexity approximation algorithms for energy-efficient flow selection from the set of directed acyclic graphs forming the candidate network flows. The flow selection and resource allocation process is adapted for each video frame according to the channel conditions on the network links. Considering different network topologies, results demonstrate that the proposed resource allocation and flow selection algorithms provide notable performance gains with small optimality gaps at a low computational cost.
The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We also discuss a proof-of- concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experiments.
There is a need of continuous monitoring of vitalparameters of patient at critical
situation. The current scenario in hospital has a digital display for such parameters
which is observed by nurse. For such monitoring a dedicated person(nurse) is required. But looking at the growing population this ratio of one nurse per patient would be aconsiderable probable in future. So manually monitoring the patient should be replaced by some other method. Online monitoring has attracted considerable attraction for many years. It includes the applications which are not only limited up to industrial process monitoring and control but has been extended up to civilian application areas like healthcare application, home automation, traffic control etc. This paper discusses the feasibility of Instant Notification System in Heterogeneous Sensor Network with Deployment of XMPP Protocol for medical application. The system aims to provide an environment which enables medical practitioners to distantly monitor various vital parameters of patients. For academic purpose we have limited this system for use of monitoring patients’ body temperature and blood pressure. The proposed system collects data from various heterogeneous sensor networks – for example: patients’ body temperature, and blood pressure - converts it to a standard packet and provides the facility to send it over a network using Extensible Messaging and Presence Protocol (XMPP)- (in more common terms Instant Messaging (IM)). Use of heterogeneous sensor networks (HSN) provides the much required platform independence, while XMPP enables the instant notification