The phenomenon of data explosion represents a severe challenge for the upcoming big data era.However,the current Internet architecture is insufficient for dealing with a huge amount of traffic owing to an increase in ...The phenomenon of data explosion represents a severe challenge for the upcoming big data era.However,the current Internet architecture is insufficient for dealing with a huge amount of traffic owing to an increase in redundant content transmission and the end-point-based communication model.Information-centric networking(ICN)is a paradigm for the future Internet that can be utilized to resolve the data explosion problem.In this paper,we focus on content-centric networking(CCN),one of the key candidate ICN architectures.CCN has been studied in various network environments with the aim of relieving network and server burden,especially in name-based forwarding and in-network caching functionalities.This paper studies the effect of several caching strategies in the CCN domain from the perspective of network and server overhead.Thus,we comprehensively analyze the in-network caching performance of CCN under several popular cache replication methods(i.e.,cache placement).We evaluate the performance with respect to wellknown Internet traffic patterns that follow certain probabilistic distributions,such as the Zipf/Mandelbrot–Zipf distributions,and flashcrowds.For the experiments,we developed an OPNET-based CCN simulator with a realistic Internet-like topology.展开更多
The rapid development of Internet of Things(IoT)technology has brought great convenience to people’s life.However,the security protection capability of IoT is weak and vulnerable.Therefore,more protection needs to be...The rapid development of Internet of Things(IoT)technology has brought great convenience to people’s life.However,the security protection capability of IoT is weak and vulnerable.Therefore,more protection needs to be done for the security of IoT.The paper proposes an intrusion detection method for IoT based on multi GBDT feature reduction and hierarchical traffic detection model.Firstly,GBDT is used to filter the features of IoT traffic data sets BoT-IoT and UNSW-NB15 to reduce the traffic feature dimension.At the same time,in order to improve the reliability of feature filtering,this paper constructs multiple GBDT models to filter the features of multiple sub data sets,and comprehensively evaluates the filtered features to find out the best alternative features.Then,two neural networks are trained with the two data sets after dimensionality reduction,and the traffic will be detected with the trained neural network.In order to improve the efficiency of traffic detection,this paper proposes a hierarchical traffic detection model,which can reduce the computational cost and time cost of detection process.Experiments show that the multi GBDT dimensionality reduction method can obtain better features than the traditional PCA dimensionality reduction method.Besides,the use of dual data sets improves the comprehensiveness of the IoT intrusion detection system,which can detect more types of attacks,and the hierarchical traffic model improves the detection efficiency of the system.展开更多
Extensive investigation has been performed in location-centric or geocast routing protocols for reliable and efficient dissemination of information in Vehicular Adhoc Networks (VANETs). Various location-centric rout...Extensive investigation has been performed in location-centric or geocast routing protocols for reliable and efficient dissemination of information in Vehicular Adhoc Networks (VANETs). Various location-centric routing protocols have been suggested in literature for road safety ITS applications considering urban and highway traffic environment. This paper characterizes vehicular environments based on real traffic data and investigates the evolution of location-centric data dissemination. The current study is carded out with three main objectives: (i) to analyze the impact of dynamic traffic environment on the design of data dissemination techniques, (ii) to characterize location-centric data dissemination in terms of functional and qualitative behavior of protocols, properties, and strengths and weaknesses, and (iii) to find some future research directions in information dissemination based on location. Vehicular traffic environments have been classified into three categories based on physical characteristics such as speed, inter-vehicular distance, neighborhood stability, traffic volume, etc. Real traffic data is considered to analyze on-road traffic environments based on the measurement of physical parameters and weather conditions. Design issues are identified in incorporating physical parameters and weather conditions into data dissemination. Functional and qualitative characteristics of location-centric techniques are explored considering urban and highway environments. Comparative analysis of location-centric techniques is carded out for both urban and highway environments individually based on some unique and common characteristics of the environments. Finally, some future research directions are identified in the area based on the detailed investigation of traffic environments and location-centric data dissemination techniques.展开更多
The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves stora...The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system (such as Hadoop, ZFS, etc.) and open cloud computing platform (such as OpenStack, CloudStack, and Eucalyptus, etc.), it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit (TIFA) with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.展开更多
The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain ...The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain an advantage against attacks.However,early botnet detection is challenging because of continuous malware mutations,the adoption of sophisticated obfuscation techniques,and the massive volume of data.The literature addresses botnet detection by modeling the behavior of malware spread,the classification of malicious traffic,and the analysis of traffic anomalies.This article details ANTE,a system for ANTicipating botnEt signals based on machine learning algorithms.The system adapts itself to different scenarios and detects different types of botnets.It autonomously selects the most appropriate Machine Learning(ML)pipeline for each botnet and improves the classification before an attack effectively begins.The system evaluation follows trace-driven experiments and compares ANTE results to other relevant results from the literature over four representative datasets:ISOT HTTP Botnet,CTU-13,CICDDoS2019,and BoT-IoT.Results show an average detection accuracy of 99.06%and an average bot detection precision of 100%.展开更多
It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide preci...It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide precise and recommending services.Meanwhile,Internet service providers(ISPs)or local network providers also have strong requirements to collect PIIs for finer-grained traffic control and security services.However,it is a challenge to locate PIIs accurately in the massive data of network traffic just like looking a needle in a haystack.In this paper,we address this challenge by presenting an efficient and light-weight approach,namely TPII,which can locate and track PIIs from the HTTP layer rebuilt from raw network traffics.This approach only collects three features from HTTP fields as users'behaviors and then establishes a tree-based decision model to dig PIIs efficiently and accurately.Without any priori knowledge,TPII can identify any types of PIIs from any mobile applications,which has a broad vision of applications.We evaluate the proposed approach on a real dataset collected from a campus network with more than 13k users.The experimental results show that the precision and recall of TPII are 91.72%and 94.51%respectively and a parallel implementation of TPII can achieve 213 million records digging and labelling within one hour,reaching near to support 1Gbps wirespeed inspection in practice.Our approach provides network service providers a practical way to collect PIIs for better services.展开更多
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2014R1A1A2057796)and(2015R1D1A1A01059049)
文摘The phenomenon of data explosion represents a severe challenge for the upcoming big data era.However,the current Internet architecture is insufficient for dealing with a huge amount of traffic owing to an increase in redundant content transmission and the end-point-based communication model.Information-centric networking(ICN)is a paradigm for the future Internet that can be utilized to resolve the data explosion problem.In this paper,we focus on content-centric networking(CCN),one of the key candidate ICN architectures.CCN has been studied in various network environments with the aim of relieving network and server burden,especially in name-based forwarding and in-network caching functionalities.This paper studies the effect of several caching strategies in the CCN domain from the perspective of network and server overhead.Thus,we comprehensively analyze the in-network caching performance of CCN under several popular cache replication methods(i.e.,cache placement).We evaluate the performance with respect to wellknown Internet traffic patterns that follow certain probabilistic distributions,such as the Zipf/Mandelbrot–Zipf distributions,and flashcrowds.For the experiments,we developed an OPNET-based CCN simulator with a realistic Internet-like topology.
文摘The rapid development of Internet of Things(IoT)technology has brought great convenience to people’s life.However,the security protection capability of IoT is weak and vulnerable.Therefore,more protection needs to be done for the security of IoT.The paper proposes an intrusion detection method for IoT based on multi GBDT feature reduction and hierarchical traffic detection model.Firstly,GBDT is used to filter the features of IoT traffic data sets BoT-IoT and UNSW-NB15 to reduce the traffic feature dimension.At the same time,in order to improve the reliability of feature filtering,this paper constructs multiple GBDT models to filter the features of multiple sub data sets,and comprehensively evaluates the filtered features to find out the best alternative features.Then,two neural networks are trained with the two data sets after dimensionality reduction,and the traffic will be detected with the trained neural network.In order to improve the efficiency of traffic detection,this paper proposes a hierarchical traffic detection model,which can reduce the computational cost and time cost of detection process.Experiments show that the multi GBDT dimensionality reduction method can obtain better features than the traditional PCA dimensionality reduction method.Besides,the use of dual data sets improves the comprehensiveness of the IoT intrusion detection system,which can detect more types of attacks,and the hierarchical traffic model improves the detection efficiency of the system.
文摘Extensive investigation has been performed in location-centric or geocast routing protocols for reliable and efficient dissemination of information in Vehicular Adhoc Networks (VANETs). Various location-centric routing protocols have been suggested in literature for road safety ITS applications considering urban and highway traffic environment. This paper characterizes vehicular environments based on real traffic data and investigates the evolution of location-centric data dissemination. The current study is carded out with three main objectives: (i) to analyze the impact of dynamic traffic environment on the design of data dissemination techniques, (ii) to characterize location-centric data dissemination in terms of functional and qualitative behavior of protocols, properties, and strengths and weaknesses, and (iii) to find some future research directions in information dissemination based on location. Vehicular traffic environments have been classified into three categories based on physical characteristics such as speed, inter-vehicular distance, neighborhood stability, traffic volume, etc. Real traffic data is considered to analyze on-road traffic environments based on the measurement of physical parameters and weather conditions. Design issues are identified in incorporating physical parameters and weather conditions into data dissemination. Functional and qualitative characteristics of location-centric techniques are explored considering urban and highway environments. Comparative analysis of location-centric techniques is carded out for both urban and highway environments individually based on some unique and common characteristics of the environments. Finally, some future research directions are identified in the area based on the detailed investigation of traffic environments and location-centric data dissemination techniques.
基金the National Key Basic Research and Development (973) Program of China (Nos. 2012CB315801 and 2011CB302805)the National Natural Science Foundation of China A3 Program (No. 61161140320) and the National Natural Science Foundation of China (No. 61233016)Intel Research Councils UPO program with title of security Vulnerability Analysis based on Cloud Platform with Intel IA Architecture
文摘The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system (such as Hadoop, ZFS, etc.) and open cloud computing platform (such as OpenStack, CloudStack, and Eucalyptus, etc.), it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit (TIFA) with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.
基金This work was supported by National Council for Scientific and Technological Development(CNPq/Brazil)grants#309129/2017-6 and#432204/2018-0,by Sao Paulo Research Foundation(FAPESP)+2 种基金grant#2018/23098-0,by the Coordination for the Improvement of Higher Education Personnel CAPES/Brazilgrants#88887.501287/2020-00 and#88887.509309/2020–00by the National Teaching and Research Network(RNP)by the GT-Periscope project.
文摘The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain an advantage against attacks.However,early botnet detection is challenging because of continuous malware mutations,the adoption of sophisticated obfuscation techniques,and the massive volume of data.The literature addresses botnet detection by modeling the behavior of malware spread,the classification of malicious traffic,and the analysis of traffic anomalies.This article details ANTE,a system for ANTicipating botnEt signals based on machine learning algorithms.The system adapts itself to different scenarios and detects different types of botnets.It autonomously selects the most appropriate Machine Learning(ML)pipeline for each botnet and improves the classification before an attack effectively begins.The system evaluation follows trace-driven experiments and compares ANTE results to other relevant results from the literature over four representative datasets:ISOT HTTP Botnet,CTU-13,CICDDoS2019,and BoT-IoT.Results show an average detection accuracy of 99.06%and an average bot detection precision of 100%.
基金supported by the National Natural Science Foundation of China(Grant Nos.61672101,U1636119.6186603S,61962059)2018 College Students’Innovation and Entrepreneurship Training Program(D2018127)。
文摘It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide precise and recommending services.Meanwhile,Internet service providers(ISPs)or local network providers also have strong requirements to collect PIIs for finer-grained traffic control and security services.However,it is a challenge to locate PIIs accurately in the massive data of network traffic just like looking a needle in a haystack.In this paper,we address this challenge by presenting an efficient and light-weight approach,namely TPII,which can locate and track PIIs from the HTTP layer rebuilt from raw network traffics.This approach only collects three features from HTTP fields as users'behaviors and then establishes a tree-based decision model to dig PIIs efficiently and accurately.Without any priori knowledge,TPII can identify any types of PIIs from any mobile applications,which has a broad vision of applications.We evaluate the proposed approach on a real dataset collected from a campus network with more than 13k users.The experimental results show that the precision and recall of TPII are 91.72%and 94.51%respectively and a parallel implementation of TPII can achieve 213 million records digging and labelling within one hour,reaching near to support 1Gbps wirespeed inspection in practice.Our approach provides network service providers a practical way to collect PIIs for better services.
