In the current Internet-based systems, there are many problems using anonymity of the network
communication such as personal information leak and crimes using the Internet systems. This is because
the TCP/IP protocol used in Internet systems does not have the user identification information on the
communication data, and it is difficult to supervise the user performing the above acts immediately. As a
solution for solving the above problem, there is the approach of Policy-based Network Management
(PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication
control of every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the
whole LAN by locating the communication control mechanisms on the course between network servers and
clients. The second is the scheme of managing the whole LAN by locating the communication control
mechanisms on clients. As the second scheme, we have been studied theoretically about the Destination
Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system
management, we intend to realize the policy-based Internet system management finally. In the DACS
Scheme, the inspection is not done about compatibility to cloud environment with virtualization technology
that spreads explosively. As the result, the coverage of the DACS Scheme is limited only in physical
environment now. In this study, we inspect compatibility of the DACS Scheme for the cloud environment
with virtualization technology, and enlarge coverage of this scheme. With it, the Virtual DACS Scheme
(vDACS Scheme) is established.
Current issues - International Journal of Network Security & Its Applications...IJNSA Journal
nternational Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
A Network and Position Proposal Scheme using a Link-16 based C3I SystemUniversity of Piraeus
The smart usage of hi-end military technological solutions in daily activities makes people life better. This paper describes a network and position proposal scheme in respect of technical networking and positioning information. A Link-16 based Command, Control, Communication and Intelligence (C3I) system is established among the mobile devices. Each device knows its geographical position using its GPS. A network along with a possible good position for user’s service is proposed, fulfilling his/her requirements for comfortable work.
Analysis of IT Monitoring Using Open Source Software Techniques: A ReviewIJERD Editor
The Network administrators usually rely on generic and built-in monitoring tools for network
security. Ideally, the network infrastructure is supposed to have carefully designed strategies to scale up
monitoring tools and techniques as the network grows, over time. Without this, there can be network
performance challenges, downtimes due to failures, and most importantly, penetration attacks. These can lead to
monetary losses as well as loss of reputation. Thus, there is a need for best practices to monitor network
infrastructure in an agile manner. Network security monitoring involves collecting network packet data,
segregating it among all the 7 OSI layers, and applying intelligent algorithms to get answers to security-related
questions. The purpose is to know in real-time what is happening on the network at a detailed level, and
strengthen security by hardening the processes, devices, appliances, software policies, etc. The Multi Router
Traffic Grapher, or just simply MRTG, is free software for monitoring and measuring the traffic load
on network links. It allows the user to see traffic load on a network over time in graphical form.
An effective attack preventing routing approach in speed network in manetseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Cloud network management model a novel approach to manage cloud trafficijccsa
Cloud is in the air. More and More companies and personals are connecting to cloud with so many variety
of offering provided by the companies. The cloud services are based on Internet i.e. TCP/IP. The paper
discusses limitations of one of the main existing network management protocol i.e. Simple Network
Management Protocol (SNMP) with respect to the current network conditions. The network traffic is
growing at a high speed. When we talk about the networked environment of cloud, the monitoring tool
should be capable of handling the traffic tribulations efficiently and represent a correct scenario of the
network condition. The proposed Model ‘Cloud Network Management Model (CNMM)’ provides a
comprehensive solution to manage the growing traffic in cloud and trying to improve communication of
manager and agents as in SNMP (the traditional TCP/IP network management protocol). Firstly CNMM
concentrates on reduction of packet exchange between manager and agent. Secondly it eliminates the
counter problems exist in SNMP by having periodic updates from agent without querying by the manager.
For better management we are including managers using virtualized technology. CNMM is a proposed
model with efficient communication, secure packet delivery and reduced traffic. Though the proposed
model supposed to manage the cloud traffic in a better and efficient way, the model is still a theoretical
study, its implementation and results are yet to discover. The model however is the first step towards
development of supported algorithms and protocol. Our further study will concentrate on development of
supported algorithms.
Current issues - International Journal of Network Security & Its Applications...IJNSA Journal
nternational Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
A Network and Position Proposal Scheme using a Link-16 based C3I SystemUniversity of Piraeus
The smart usage of hi-end military technological solutions in daily activities makes people life better. This paper describes a network and position proposal scheme in respect of technical networking and positioning information. A Link-16 based Command, Control, Communication and Intelligence (C3I) system is established among the mobile devices. Each device knows its geographical position using its GPS. A network along with a possible good position for user’s service is proposed, fulfilling his/her requirements for comfortable work.
Analysis of IT Monitoring Using Open Source Software Techniques: A ReviewIJERD Editor
The Network administrators usually rely on generic and built-in monitoring tools for network
security. Ideally, the network infrastructure is supposed to have carefully designed strategies to scale up
monitoring tools and techniques as the network grows, over time. Without this, there can be network
performance challenges, downtimes due to failures, and most importantly, penetration attacks. These can lead to
monetary losses as well as loss of reputation. Thus, there is a need for best practices to monitor network
infrastructure in an agile manner. Network security monitoring involves collecting network packet data,
segregating it among all the 7 OSI layers, and applying intelligent algorithms to get answers to security-related
questions. The purpose is to know in real-time what is happening on the network at a detailed level, and
strengthen security by hardening the processes, devices, appliances, software policies, etc. The Multi Router
Traffic Grapher, or just simply MRTG, is free software for monitoring and measuring the traffic load
on network links. It allows the user to see traffic load on a network over time in graphical form.
An effective attack preventing routing approach in speed network in manetseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Cloud network management model a novel approach to manage cloud trafficijccsa
Cloud is in the air. More and More companies and personals are connecting to cloud with so many variety
of offering provided by the companies. The cloud services are based on Internet i.e. TCP/IP. The paper
discusses limitations of one of the main existing network management protocol i.e. Simple Network
Management Protocol (SNMP) with respect to the current network conditions. The network traffic is
growing at a high speed. When we talk about the networked environment of cloud, the monitoring tool
should be capable of handling the traffic tribulations efficiently and represent a correct scenario of the
network condition. The proposed Model ‘Cloud Network Management Model (CNMM)’ provides a
comprehensive solution to manage the growing traffic in cloud and trying to improve communication of
manager and agents as in SNMP (the traditional TCP/IP network management protocol). Firstly CNMM
concentrates on reduction of packet exchange between manager and agent. Secondly it eliminates the
counter problems exist in SNMP by having periodic updates from agent without querying by the manager.
For better management we are including managers using virtualized technology. CNMM is a proposed
model with efficient communication, secure packet delivery and reduced traffic. Though the proposed
model supposed to manage the cloud traffic in a better and efficient way, the model is still a theoretical
study, its implementation and results are yet to discover. The model however is the first step towards
development of supported algorithms and protocol. Our further study will concentrate on development of
supported algorithms.
MACHINE LEARNING FOR QOE PREDICTION AND ANOMALY DETECTION IN SELF-ORGANIZING ...ijwmn
Existing mobile networking systems lack the level of intelligence, scalability, and autonomous adaptability
required to optimally enable next-generation networks like 5G and beyond, which are expected to be Self -
Organizing Networks (SONs). It is anticipated that machine learning (ML) will be instrumental in designing
future “x”G SON networks with their demanding Quality of Experience (QoE) requirements. This paper
evaluates a methodology that uses supervised machine learning to predict the QoE level of the end user
experiences and uses this information to detect anomalous behavior of dysfunctional network nodes
(eNodeBs/base stations) in self-organizing mobile networks. An end-to-end network scenario is created using
the network simulator ns-3, where end users interact with a remote host that is accessed over the Internet to
run the most commonly used applications like file downloads and uploads and the resulting output is used as
a dataset to implement ML algorithms for QoE prediction and eNodeB (eNB) anomaly detection. Three ML
algorithms were implemented and compared to study their effectiveness and the scalability of the
methodology. In the test network, an accuracy score greater than 99% is achieved using the ML algorithms.
As suggested by the ns-3 simulation the use of ML for QoE prediction will help network operators understand
end-user needs and identify network elements that are failing and need attention and recovery.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Impact of Packet Inter-arrival Time Features for Online Peer-to-Peer (P2P) Cl...IJECEIAES
Identification of bandwidth-heavy Internet traffic is important for network administrators to throttle high-bandwidth application traffic. Flow features based classification have been previously proposed as promising method to identify Internet traffic based on packet statistical features. The selection of statistical features plays an important role for accurate and timely classification. In this work, we investigate the impact of packet inter-arrival time feature for online P2P classification in terms of accuracy, Kappa statistic and time. Simulations were conducted using available traces from University of Brescia, University of Aalborg and University of Cambridge. Experimental results show that the inclusion of inter-arrival time (IAT) as an online feature increases simulation time and decreases classification accuracy and Kappa statistic.
A COOPERATIVE LOCALIZATION METHOD BASED ON V2I COMMUNICATION AND DISTANCE INF...IJCNCJournal
Relative positions are recent solutions to overcome the limited accuracy of GPS in urban environment.
Vehicle positions obtained using V2I communication are more accurate because the known roadside unit
(RSU) locations help predict errors in measurements over time. The accuracy of vehicle positions depends
more on the number of RSUs; however, the high installation cost limits the use of this approach. It also
depends on nonlinear localization nature. They were neglected in several research papers. In these studies,
the accumulated errors increased with time due to the linearity localization problem. In the present study,
a cooperative localization method based on V2I communication and distance information in vehicular
networks is proposed for improving the estimates of vehicles’ initial positions. This method assumes that
the virtual RSUs based on mobility measurements help reduce installation costs and facilitate in handling
fault environments. The extended Kalman filter algorithm is a well-known estimator in nonlinear problem,
but it requires well initial vehicle position vector and adaptive noise in measurements. Using the proposed
method, vehicles’ initial positions can be estimated accurately. The experimental results confirm that the
proposed method has superior accuracy than existing methods, giving a root mean square error of
approximately 1 m. In addition, it is shown that virtual RSUs can assist in estimating initial positions in
fault environments.
Visualization of Computer Forensics Analysis on Digital EvidenceMuhd Mu'izuddin
- This is my first article, its for my Final Year Project for Bachelor's of Computer Science (Systems and Networking)
- It also will be uploaded into CyberSecurity Malaysia E-Bulletin for 2017
Network Monitoring and Traffic Reduction using Multi-Agent TechnologyEswar Publications
In this paper the algorithms which could improve Transmission band and Network Traffic reduction for computer network has been shown. Problem solving is an area with which many Multiagent-based applications are concerned. Multiagent systems are computational systems in which several agents interact or work together to achieve some purposes. It includes distributed solutions to problems, solving distributed problems and distributed techniques for problem solving. Multiagent using for maximizing group performance with planning, execution, monitoring, communication and coordination. This paper also addresses some critical issues in developing
Multi agent-based traffic control and monitoring systems, such as interoperability, flexibility, and extendibility. Finally, several future research directions toward the successful deployment of Multiagent technology in traffic control and monitoring systems are discussed.
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel
interested in obtaining knowledge in securing communication devices/infrastructure. This research
provides a framework that can be used in an organization to eliminate digital anomalies through network
forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also
enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
Optimizing On Demand Weight -Based Clustering Using Trust Model for Mobile Ad...ijasuc
Mobile ad hoc networks are growing in popularity due to the explosive growth of modern
devices with wireless capability such as laptop, mobile phones, PDA, etc., makes the application more
challenging. The mobile nodes are vulnerable to security attacks. To protect the ad hoc network it is
essential to evaluate the trust worthiness. The proposed TWCA is similar to WCA in terms of cluster
formation and cluster head election. However, in WCA security features are not included. The proposed
TWCA is a cluster based trust evaluation, in which the mobile nodes are grouped into clusters with one
cluster head. It establishes trust relationship for the cluster based on the previous transaction result. The
simulation result confirms the efficiency of our scheme than the WCA and SEMC.
A Multipath Connection Model for Traffic MatricesIJERA Editor
Peer-to-Peer (P2P) applications have witnessed an increasing popularity in recent years, which brings new challenges to network management and traffic engineering (TE). As basic input information, P2P traffic matrices are of significant importance for TE. Because of the excessively high cost of direct measurement. In this paper,A multipath connection model for traffic matrices in operational networks. Media files can share the peer to peer, the localization ratio of peer to peer traffic. This evaluates its performance using traffic traces collected from both the real peer to peer video-on-demand and file-sharing applications. The estimation of the general traffic matrices (TM) then used for sending the media file without traffic. Share the media file, source to destination traffic is not occur. So it give high performance and short time process.
TREND-BASED NETWORKING DRIVEN BY BIG DATA TELEMETRY FOR SDN AND TRADITIONAL N...ijngnjournal
Organizations face a challenge of accurately analyzing network data and providing automated action
based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and
improve the performance of the network services, but organizations use different network management
tools to understand and visualize the network traffic with limited abilities to dynamically optimize the
network. This research focuses on the development of an intelligent system that leverages big data
telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web
application for effortless management of all subsystems, and the system and application developed in
this research demonstrate the true potential for a scalable system capable of effectively benchmarking
the network to set the expected behavior for comparison and trend analysis. Moreover, this research
provides a proof of concept of how trend analysis results are actioned in both a traditional network and
a software-defined network (SDN) to achieve dynamic, automated load balancing.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
DESIGN AND IMPLEMENTATION OF A TRUST-AWARE ROUTING PROTOCOL FOR LARGE WSNSIJNSA Journal
The domain of Wireless Sensor Networks (WSNs) applications is increasing widely over the last few years. As this new type of networking is characterized by severely constrained node resources, limited network resources and the requirement to operate in an ad hoc manner, implementing security functionality to protect against adversary nodes becomes a challenging task. In this paper, we present a trust-aware, location-based routing protocol which protects the WSN against routing attacks, and also supports large-scale WSNs deployments. The proposed solution has been shown to efficiently detect and avoid malicious nodes and has been implemented in state-of-the-art sensor nodes for a real-life test-bed. This work focuses on the assessment of the implementation cost and on the lessons learned through the design, implementation and validation process.
A review on software defined network security risks and challengesTELKOMNIKA JOURNAL
Software defined network is an emerging network architecture that separates the traditional
integrated control logic and data forwarding functionality into different planes, namely the control plane and
data forwarding plane. The data plane does an end-to-end data delivery. And the control plane does
the actual network traffic forwarding and routing between different network segments. In software defined
network the networking infrastructure layer is where the entire networking device, such as switches and
routers are connected with the separate controller layer with the help of standard called OpenFlow
protocol. The OpenFlow is a standard protocol that allows different vendor devices like juniper, cisco and
huawei switches to be connected to the controller. The centralization of the software defined network
(SDN) controller makes the network more flexible, manageable and dynamic, such as provisioning of
bandwidth, dynamic scale out and scale in compared to the traditional communication network, however,
the centralized SDN controller is more vulnerable to security risks such as DDOS and flow rule poisoning
attack. In this paper, we will explore the architectures, the principles of software defined network and
security risks associated with the centralized SDN controller and possible ways to mitigate these risks.
Anew approach to broadcast in wormhole routed three-dimensional networks is proposed. One of the most
important process in communication and parallel computer is broadcast approach.. The approach of this
case of Broadcasting is to send the message from one source to all destinations in the network which
corresponds to one-to-all communication. Wormhole routing is a fundamental routing mechanism in
modern parallel computers which is characterized with low communication latency. We show how to apply
this approach to 3-D meshes. Wormhole routing is divided the packets into set of FLITS (flow control
digits). The first Flit of the packet (Header Flit) is containing the destination address and all subsets flits
will follow the routing way of the header Flit. In this paper, we consider an efficient algorithm for
broadcasting on an all-port wormhole-routed 3D mesh with arbitrary size. We introduce an efficient
algorithm, Y-Hamiltonian Layers Broadcast(Y-HLB). In this paper the behaviors of this algorithm were
compared to the previous results, our paradigm reduces broadcast latency and is simpler. In this paper our
simulation results show the average of our proposed algorithm over the other algorithms that presented.
SIMPLIFIED CBA CONCEPT AND EXPRESS CHOICE METHOD FOR INTEGRATED NETWORK MANAG...IJCNCJournal
The process of choosing and integrating a network management system (NMS) to an existing computer
network became a big question due to the complexity of used technologies and the variety of NMS options.
Most of computer networks are being developed according to their internal rules in cloud environments.
The use of NMS requires not only infrastructural changes, consequently increasing the cost of integration
and maintenance, but also increases the risk of potential failures. In this paper, conception and method of
express choice to implement and integrate a network management system are presented. Review of basic
methods of cost analysis for IT systems is presented. The simplified conception of cost benefits analysis
(CBA) is utilized as a basis of the offered method. A final estimation is based on three groups of
parameters: parameters of expected integration risk evaluation, expected effect and level of completed
management tasks. The explanation of the method is provided via example.
Minimum Physical Hop (MPH) has been proposed as a peer selection algorithm for decreasing inter-AS (Autonomous System) traffic volume in P2P live streaming. In MPH, a newly joining peer selects a peer whose physical hop count (i.e., the number of ASes traversed on the content delivery path) from it is the minimum as its providing peer. However, MPH shows high inter-AS traffic volume when the number of joining peers is large. In this paper, we propose IMPH that tries to further decrease the inter-AS traffic volume by distributing peers with one logical hop count (i.e., the number of peers or origin streaming servers (OSSes) traversed on the content delivery path from an OSS to the peer) to many ASes and encouraging the following peers to find their providing peers within the same AS. Numerical examples show that IMPH achieves at the maximum of 64% lower inter-AS traffic volume than MPH.
MACHINE LEARNING FOR QOE PREDICTION AND ANOMALY DETECTION IN SELF-ORGANIZING ...ijwmn
Existing mobile networking systems lack the level of intelligence, scalability, and autonomous adaptability
required to optimally enable next-generation networks like 5G and beyond, which are expected to be Self -
Organizing Networks (SONs). It is anticipated that machine learning (ML) will be instrumental in designing
future “x”G SON networks with their demanding Quality of Experience (QoE) requirements. This paper
evaluates a methodology that uses supervised machine learning to predict the QoE level of the end user
experiences and uses this information to detect anomalous behavior of dysfunctional network nodes
(eNodeBs/base stations) in self-organizing mobile networks. An end-to-end network scenario is created using
the network simulator ns-3, where end users interact with a remote host that is accessed over the Internet to
run the most commonly used applications like file downloads and uploads and the resulting output is used as
a dataset to implement ML algorithms for QoE prediction and eNodeB (eNB) anomaly detection. Three ML
algorithms were implemented and compared to study their effectiveness and the scalability of the
methodology. In the test network, an accuracy score greater than 99% is achieved using the ML algorithms.
As suggested by the ns-3 simulation the use of ML for QoE prediction will help network operators understand
end-user needs and identify network elements that are failing and need attention and recovery.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Impact of Packet Inter-arrival Time Features for Online Peer-to-Peer (P2P) Cl...IJECEIAES
Identification of bandwidth-heavy Internet traffic is important for network administrators to throttle high-bandwidth application traffic. Flow features based classification have been previously proposed as promising method to identify Internet traffic based on packet statistical features. The selection of statistical features plays an important role for accurate and timely classification. In this work, we investigate the impact of packet inter-arrival time feature for online P2P classification in terms of accuracy, Kappa statistic and time. Simulations were conducted using available traces from University of Brescia, University of Aalborg and University of Cambridge. Experimental results show that the inclusion of inter-arrival time (IAT) as an online feature increases simulation time and decreases classification accuracy and Kappa statistic.
A COOPERATIVE LOCALIZATION METHOD BASED ON V2I COMMUNICATION AND DISTANCE INF...IJCNCJournal
Relative positions are recent solutions to overcome the limited accuracy of GPS in urban environment.
Vehicle positions obtained using V2I communication are more accurate because the known roadside unit
(RSU) locations help predict errors in measurements over time. The accuracy of vehicle positions depends
more on the number of RSUs; however, the high installation cost limits the use of this approach. It also
depends on nonlinear localization nature. They were neglected in several research papers. In these studies,
the accumulated errors increased with time due to the linearity localization problem. In the present study,
a cooperative localization method based on V2I communication and distance information in vehicular
networks is proposed for improving the estimates of vehicles’ initial positions. This method assumes that
the virtual RSUs based on mobility measurements help reduce installation costs and facilitate in handling
fault environments. The extended Kalman filter algorithm is a well-known estimator in nonlinear problem,
but it requires well initial vehicle position vector and adaptive noise in measurements. Using the proposed
method, vehicles’ initial positions can be estimated accurately. The experimental results confirm that the
proposed method has superior accuracy than existing methods, giving a root mean square error of
approximately 1 m. In addition, it is shown that virtual RSUs can assist in estimating initial positions in
fault environments.
Visualization of Computer Forensics Analysis on Digital EvidenceMuhd Mu'izuddin
- This is my first article, its for my Final Year Project for Bachelor's of Computer Science (Systems and Networking)
- It also will be uploaded into CyberSecurity Malaysia E-Bulletin for 2017
Network Monitoring and Traffic Reduction using Multi-Agent TechnologyEswar Publications
In this paper the algorithms which could improve Transmission band and Network Traffic reduction for computer network has been shown. Problem solving is an area with which many Multiagent-based applications are concerned. Multiagent systems are computational systems in which several agents interact or work together to achieve some purposes. It includes distributed solutions to problems, solving distributed problems and distributed techniques for problem solving. Multiagent using for maximizing group performance with planning, execution, monitoring, communication and coordination. This paper also addresses some critical issues in developing
Multi agent-based traffic control and monitoring systems, such as interoperability, flexibility, and extendibility. Finally, several future research directions toward the successful deployment of Multiagent technology in traffic control and monitoring systems are discussed.
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel
interested in obtaining knowledge in securing communication devices/infrastructure. This research
provides a framework that can be used in an organization to eliminate digital anomalies through network
forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also
enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
Optimizing On Demand Weight -Based Clustering Using Trust Model for Mobile Ad...ijasuc
Mobile ad hoc networks are growing in popularity due to the explosive growth of modern
devices with wireless capability such as laptop, mobile phones, PDA, etc., makes the application more
challenging. The mobile nodes are vulnerable to security attacks. To protect the ad hoc network it is
essential to evaluate the trust worthiness. The proposed TWCA is similar to WCA in terms of cluster
formation and cluster head election. However, in WCA security features are not included. The proposed
TWCA is a cluster based trust evaluation, in which the mobile nodes are grouped into clusters with one
cluster head. It establishes trust relationship for the cluster based on the previous transaction result. The
simulation result confirms the efficiency of our scheme than the WCA and SEMC.
A Multipath Connection Model for Traffic MatricesIJERA Editor
Peer-to-Peer (P2P) applications have witnessed an increasing popularity in recent years, which brings new challenges to network management and traffic engineering (TE). As basic input information, P2P traffic matrices are of significant importance for TE. Because of the excessively high cost of direct measurement. In this paper,A multipath connection model for traffic matrices in operational networks. Media files can share the peer to peer, the localization ratio of peer to peer traffic. This evaluates its performance using traffic traces collected from both the real peer to peer video-on-demand and file-sharing applications. The estimation of the general traffic matrices (TM) then used for sending the media file without traffic. Share the media file, source to destination traffic is not occur. So it give high performance and short time process.
TREND-BASED NETWORKING DRIVEN BY BIG DATA TELEMETRY FOR SDN AND TRADITIONAL N...ijngnjournal
Organizations face a challenge of accurately analyzing network data and providing automated action
based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and
improve the performance of the network services, but organizations use different network management
tools to understand and visualize the network traffic with limited abilities to dynamically optimize the
network. This research focuses on the development of an intelligent system that leverages big data
telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web
application for effortless management of all subsystems, and the system and application developed in
this research demonstrate the true potential for a scalable system capable of effectively benchmarking
the network to set the expected behavior for comparison and trend analysis. Moreover, this research
provides a proof of concept of how trend analysis results are actioned in both a traditional network and
a software-defined network (SDN) to achieve dynamic, automated load balancing.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
DESIGN AND IMPLEMENTATION OF A TRUST-AWARE ROUTING PROTOCOL FOR LARGE WSNSIJNSA Journal
The domain of Wireless Sensor Networks (WSNs) applications is increasing widely over the last few years. As this new type of networking is characterized by severely constrained node resources, limited network resources and the requirement to operate in an ad hoc manner, implementing security functionality to protect against adversary nodes becomes a challenging task. In this paper, we present a trust-aware, location-based routing protocol which protects the WSN against routing attacks, and also supports large-scale WSNs deployments. The proposed solution has been shown to efficiently detect and avoid malicious nodes and has been implemented in state-of-the-art sensor nodes for a real-life test-bed. This work focuses on the assessment of the implementation cost and on the lessons learned through the design, implementation and validation process.
A review on software defined network security risks and challengesTELKOMNIKA JOURNAL
Software defined network is an emerging network architecture that separates the traditional
integrated control logic and data forwarding functionality into different planes, namely the control plane and
data forwarding plane. The data plane does an end-to-end data delivery. And the control plane does
the actual network traffic forwarding and routing between different network segments. In software defined
network the networking infrastructure layer is where the entire networking device, such as switches and
routers are connected with the separate controller layer with the help of standard called OpenFlow
protocol. The OpenFlow is a standard protocol that allows different vendor devices like juniper, cisco and
huawei switches to be connected to the controller. The centralization of the software defined network
(SDN) controller makes the network more flexible, manageable and dynamic, such as provisioning of
bandwidth, dynamic scale out and scale in compared to the traditional communication network, however,
the centralized SDN controller is more vulnerable to security risks such as DDOS and flow rule poisoning
attack. In this paper, we will explore the architectures, the principles of software defined network and
security risks associated with the centralized SDN controller and possible ways to mitigate these risks.
Anew approach to broadcast in wormhole routed three-dimensional networks is proposed. One of the most
important process in communication and parallel computer is broadcast approach.. The approach of this
case of Broadcasting is to send the message from one source to all destinations in the network which
corresponds to one-to-all communication. Wormhole routing is a fundamental routing mechanism in
modern parallel computers which is characterized with low communication latency. We show how to apply
this approach to 3-D meshes. Wormhole routing is divided the packets into set of FLITS (flow control
digits). The first Flit of the packet (Header Flit) is containing the destination address and all subsets flits
will follow the routing way of the header Flit. In this paper, we consider an efficient algorithm for
broadcasting on an all-port wormhole-routed 3D mesh with arbitrary size. We introduce an efficient
algorithm, Y-Hamiltonian Layers Broadcast(Y-HLB). In this paper the behaviors of this algorithm were
compared to the previous results, our paradigm reduces broadcast latency and is simpler. In this paper our
simulation results show the average of our proposed algorithm over the other algorithms that presented.
SIMPLIFIED CBA CONCEPT AND EXPRESS CHOICE METHOD FOR INTEGRATED NETWORK MANAG...IJCNCJournal
The process of choosing and integrating a network management system (NMS) to an existing computer
network became a big question due to the complexity of used technologies and the variety of NMS options.
Most of computer networks are being developed according to their internal rules in cloud environments.
The use of NMS requires not only infrastructural changes, consequently increasing the cost of integration
and maintenance, but also increases the risk of potential failures. In this paper, conception and method of
express choice to implement and integrate a network management system are presented. Review of basic
methods of cost analysis for IT systems is presented. The simplified conception of cost benefits analysis
(CBA) is utilized as a basis of the offered method. A final estimation is based on three groups of
parameters: parameters of expected integration risk evaluation, expected effect and level of completed
management tasks. The explanation of the method is provided via example.
Minimum Physical Hop (MPH) has been proposed as a peer selection algorithm for decreasing inter-AS (Autonomous System) traffic volume in P2P live streaming. In MPH, a newly joining peer selects a peer whose physical hop count (i.e., the number of ASes traversed on the content delivery path) from it is the minimum as its providing peer. However, MPH shows high inter-AS traffic volume when the number of joining peers is large. In this paper, we propose IMPH that tries to further decrease the inter-AS traffic volume by distributing peers with one logical hop count (i.e., the number of peers or origin streaming servers (OSSes) traversed on the content delivery path from an OSS to the peer) to many ASes and encouraging the following peers to find their providing peers within the same AS. Numerical examples show that IMPH achieves at the maximum of 64% lower inter-AS traffic volume than MPH.
PERFORMANCES OF ORTHOGONAL WAVELET DIVISION MULTIPLEX (OWDM) SYSTEM UNDER AWG...IJCNCJournal
Orthogonal Wavelet Division Multiplexing (OWDM) has been considered as an alternative of Orthogonal
Frequency Division Multiplexing (OFDM) in the recent years. OWDM has lower computational complexity
and higher flexibility compared to its OFDM counterpart. The core component of OWDM is wavelet.
Wavelet has been a much investigated and applied topic in digital image processing for a long time.
Recently, it has drawn considerable attention of the researchers working in communication field. In this
work we investigate the performances of OWDM under different channel conditions. We consider three
channel conditions namely Additive White Gaussian Noise (AWGN), Rayleigh, Ricean, and frequency
selective. We consider a number of wavelets namely Haar, Daubechies, Biorthogonal, Reverse
Biorthogonal, Coiflets, and Symlets in OWDM design. For system model we choose Digital Video
Broadcasting-Terrestrial (DVB-T). Originally DVB-T system was designed based on OFDM. In this work
we use OWDM instead. The simulation results show OWDM outperforms OFDM in terms of bit error rate
(BER), noise resiliency, and peak-to-average ration. The results also show that the Haar wavelet based
OWDM outperforms other wavelets based OWDM system under all three considered three channel
conditions.
Efficient management of bandwidth in wireless networks is a critical factor for a successful communication system. Special features of wireless networks such user mobility and growth of wireless applications and their high bandwidth intensity create a major challenge to utilize bandwidth resources optimally. In this research, we propose a model for an adaptable network bandwidth management method that combines bandwidth reservation and bandwidth adaptation to reduce call blocking and dropping probabilities. The model is an integer program that determines whether or not to accept new calls and decides how to allocate bandwidth optimally in a way to maximize user satisfaction. The results of a simulation study show that the proposed method outperforms an existing method with respect to key performance measures such as call blocking and dropping probabilities and call time survivability. This survivability indicator is a new measure that is introduced for the first time in this paper. We also present a second tradeoff model to allow the network manager to control call dropping probability. The results of a second simulation study show that network users are better off if a zero call dropping policy is adopted as proposed in the first model.
GEOGRAPHIC MAPS CLASSIFICATION BASED ON L*A*B COLOR SYSTEMIJCNCJournal
Today any geographic information system (GIS) layers became vital part of any GIS system , and
consequently , the need for developing automatic approaches to extract GIS layers from different image
maps like digital maps or satellite images is very important.
Map classification can be defined as an image processing technique which creates thematic maps from
scanned paper maps or remotely sensed images. Each resultant theme will represent a GIS layer of the
images.
A new proposed approach to extract GIS layers (classes) automatically based on L*A*B colorsystem
selected from ( A and B ) is proposed in this paper, our experiments shows that the hsi color space gives
better than L*A*B.
GAME THEORY BASED INTERFERENCE CONTROL AND POWER CONTROL FOR D2D COMMUNICATIO...IJCNCJournal
With the current development of mobile communication services, people need personal communication of
high speed, excellent service, high quality and low latency,however, limited spectrum resources become
the most important factor to hamper improvement of cellular systems. As big amount of data traffic will
cause greater local consumption of spectrum resources, future networks are required to have appropriate
techniques to better support such forms of communication. D2D (Device-to-device) communication
technology in a cellular network makes full use of spectrum resources underlaying, reduces the load of the
base station, minimizes transmit power of the terminals and the base stations, thereby enhances the overall
throughput of the networks. Due to the use of multiplexing D2D UE (User equipment) resources and
spectrum, and the interference caused by the sharing of resources between adjacent cells, it has become a
major factor affecting coexisting of cellular subscribers and D2D users. When D2D communication
multiplexes the uplink resources, the base-stations are easily to be disturbed; when the downlink resources
are multiplexed, the users of downlink are susceptible to interference. In order to build a high-efficient
mobile network, we can meet the QoS requirements by controlling the power to suppress the interference
between the base station and a terminal user.
A wireless network consists of a set of wireless nodes forming the network. The bandwidth allocation scheme used in wireless networks should automatically adapt to the network’s environments, where issues such as mobility are highly variable. This paper proposes a method to distribute the bandwidth for wireless network nodes depending on dynamic methodology;this methodology uses intelligent clustering techniques that depend on the student’s distribution at the university campus, rather than the classical allocation methods. We propose a clustering-based approach to solve the dynamic bandwidth allocation problem in wireless networks, enabling wireless nodes to adapt their bandwidth allocation according to the changing number of expected users over time. The proposed solution allows the optimal online bandwidth allocation based on the data extracted from the lectures timetable, and fed to the wireless network control nodes, allowing them to adapt to their environment. The environment data is processed and clustered using the KMeans clustering algorithm to identify potential peak times for every wireless node. The proposed solution feasibility is tested by applying the approach to a case study, at the Arab American University campus wireless network.
LIGHT FIDELITY (LI-FI) BASED INDOOR COMMUNICATION SYSTEMIJCNCJournal
Indoor wireless communication is an essential part of next generation wireless communication system.For
an indoor communication number of users and their device are increasing very rapidly so as a result
capacity of frequency spectrum to accommodate further users in future is limited and also it would be
difficult for service providers to provide more user reliable and high speed communication so this short
come can be solve in future by using Li-Fi based indoor communication system. Li-Fi which is an emerging
branch of optical wireless communication can be useful in future as a replacement and backup of Wireless
Fidelity (Wi-Fi)for indoor communication because it can provide high data rate of transmission along with
high capacity to utilize more users as its spectrum bandwidth is much broader than the radio spectrum. In
this paper we will look at the different aspects of the Li-Fi based indoor communication system,summarizes
some of the research conducted so far andwe will also proposed a Li-Fi based communication model
keeping in mind coverage area for multiple user and evaluate its performance under different scenarios .
OMT: A DYNAMIC AUTHENTICATED DATA STRUCTURE FOR SECURITY KERNELSIJCNCJournal
We introduce a family of authenticated data structures — Ordered Merkle Trees (OMT) — and illustrate
their utility in security kernels for a wide variety of sub-systems. Specifically, the utility of two types of
OMTs: a) the index ordered merkle tree (IOMT) and b) the range ordered merkle tree (ROMT), are
investigated for their suitability in security kernels for various sub-systems of Border Gateway Protocol
(BGP), the Internet’s inter-autonomous system routing infrastructure. We outline simple generic security
kernel functions to maintain OMTs, and sub-system specific security kernel functionality for BGP subsystems
(like registries, autonomous system owners, and BGP speakers/routers), that take advantage of
OMTs.
SIMULATING CORTICAL MAPS FOR ATTENTION SHIFT IN AUTISMIJCNCJournal
Autism is a pervasive neuro-developmental disorder, primarily encompassing difficulties in the social,
language, and communicative domains. Because autism is a spectrum disorder, it affects each individual
differently and has varying degrees. There are three core aspects of impairment based upon the Diagnostic
and Statistical Manual of Mental Disorders (DSM-IV), namely impairment in socialization, impairment in
communication, and restricted repetitive activities or interests. This work describes the experiment aims at
expressing autistic traits through the use of self-organizing map. Works related to simulating autism
through self-organizing map is limited. This work compare and contrast the difference in attention index
for normal learning and marred attention shift learning ability. It was found that the attention index of
normal learning is 9 times better marred attention shift for both random and pre-fixed input data. In the
marred attention shift context, neurons adapt more towards the mean of both sources combined under
marred context while some neurons adapt towards mean of one source under normal context. The normal
learning ability produces maps with neurons orienting towards mean values of combined stimuli source.
Impairment in learning ability produces similar cortical maps compared to normal learning ability. The
major difference is in the attention index.
A proposal to enhance cellular and wifiIJCNCJournal
WiFi offloading is becoming one of the key enablers to help the network operators dealing with the exponentially growing demand of mobile data. The idea of using WiFi to offload data traffic from cellular network has proposed for many years. However, the interoperability issue between the two networks needs to be enhanced so that WiFi can efficiently supplement for the cellular network in case of congestion or outage. In this paper, we propose a novel network roaming and selection scheme based on 3GPP TS 24.312 and IEEE 802.11k, u standards to enhance cellular and WiFi interworking. The proposed scheme is aimed at enhancing the network roaming and selection so that WiFi network can serve as a supplement and backup access network for the cellular not only for congestion control but also in case of unexpected network failure event. We also model and evaluate the proposed scheme in a typical HetNet with interworking WiFi access points and cellular base stations. The simulation result shows that our proposed scheme quickly detects unexpected network failure event and assists active UEs to perform handoff to preferable alternative point of access. As a result, service disruption is substantially reduced and quality of experience (downlink/uplink’s throughput) is improved. Therefore, our proposed scheme can be used for a more reliable HetNet in terms of congestion control and disruption tolerance.
FLEXIBLE VIRTUAL ROUTING FUNCTION DEPLOYMENT IN NFV-BASED NETWORK WITH MINIMU...IJCNCJournal
In a conventional network, most network devices, such as routers, are dedicated devices that do not
have much variation in capacity. In recent years, a new concept of Network Functions
Virtualisation (NFV) has come into use. The intention is to implement a variety of network functions
with software on general-purpose servers and this allows the network operator to select any
capabilities and locations of network functions without any physical constraints.
This paper focuses on the deployment of NFV-based routing functions which are one of critical
virtual network functions, and present the algorithm of virtual routing function allocation that
minimize the total network cost. In addition, this paper presents the useful allocation policy of
virtual routing functions, based on an evaluation with a ladder-shaped network model. This policy
takes the ratio of the cost of a routing function to that of a circuit and traffic distribution in the
network into consideration. Furthermore, this paper shows that there are cases where the use of
NFV-based routing functions makes it possible to reduce the total network cost dramatically, in
comparison to a conventional network, in which it is not economically viable to distribute smallcapacity
routing functions
PROPOSED A HETEROGENEOUS CLUSTERING ALGORITHM TO IMPROVE QOS IN WSNIJCNCJournal
In this article it has presented leach extended hierarchical 3-level clustered heterogeneous and dynamics
algorithm. On suggested protocol (LEH3LA) with planning of selected auction cluster head, and
alternative cluster head node, problem of delay on processing, processing of selecting members, decrease
of expenses, and energy consumption, decrease of sending message, and receiving messages inside the
clusters, selecting of cluster heads in large sensor networks were solved. This algorithm uses hierarchical
heterogeneous network (3-levels), collective intelligence, and intra-cluster interaction for communications.
Also it will solve the problems of sending data in Multi-BS mobile networks, expanding inter-cluster
networks, overlap cluster, genesis orphan nodes, boundary change dynamically clusters, using backbone
networks, cloud sensor. Using sleep/wake scheduling algorithm or TDMA-schedule alternative cluster head
node provides redundancy, and fault tolerance. Local processing in cluster head nodes, and alternative
cluster head, intra-cluster and inter-cluster communications such as Multi-HOP cause increase on
processing speed, and sending data intra-cluster and inter-cluster. Decrease of overhead network, and
increase the load balancing among cluster heads. Using encapsulation of data method, by cluster head
nodes, energy consumption decrease during sending data. Also by improving quality of service (QoS) in
CBRP, LEACH, 802.15.4, decrease of energy consumption in sensors, cluster heads and alternative cluster
head nodes, cause increase on lift time of sensor networks.
Mobile paymentmethodbased on public keyIJCNCJournal
Mobile payment is defined as mobile money, which is considered as an attractive alternative for cash,
cheque, or credit. In this paper we propose a new secure mobile paymentmethod. This method is
summarized in three processes: firstly, the authentication process, which involves the authentication phases
for the applied customers. Secondly, the member recognition process which tests and ensures the customer
membership by the market server. Finally, payment processwhich will be done by ciphering the customer
information using public-key encryption cryptosystem (RSA), to be submitted over an insecure network to
the market server. Actually, this mobile payment methodis more efficient than otherpayment methods since
the customer can pay from his/her own mobilephone without any extra cost and effort. The RSA public-key
encryption system ensures the security of the proposed method. However, to prevent a brute force attack,
the choice of the key size becomes crucial.
ADAPTIVE MULTI-TENANCY POLICY FOR ENHANCING SERVICE LEVEL AGREEMENT THROUGH R...IJCNCJournal
The appearance of infinite computing resources that available on demand and fast enough to adapt with
load surges makes Cloud computing favourable service infrastructure in IT market. Core feature in Cloud
service infrastructures is Service Level Agreement (SLA) that led seamless service at high quality of service
to client. One of the challenges in Cloud is providing heterogeneous computing services for the clients.
With the increasing number of clients/tenants in the Cloud, unsatisfied agreement is becoming a critical
factor. In this paper, we present an adaptive resource allocation policy which attempts to improve
accountable in Cloud SLA while aiming for enhancing system performance. Specifically, our allocation
incorporates dynamic matching SLA rules to deal with diverse processing requirements from
tenants.Explicitly, it reduces processing overheadswhile achieving better service agreement. Simulation
experiments proved the efficacy of our allocation policy in order to satisfy the tenants; and helps improve
reliable computing.
CONGESTION AWARE LINK COST ROUTING FOR MANETSIJCNCJournal
Due to the dynamic topology, self-configuration and decentralized nature of Mobile Ad hoc Network
(MANET), it provides many benefits in wireless networks and is easy to deploy. But the transmission of
data over ad hoc networks has elevated many technical issues for successful routing. Congestion is one of
the important issues which cause performance degradation of a network, due to long delay and high packet
loss. This paper proposes a Congestion aware Link Cost Routing for MANET where the protocol finds a
path with optimized linked cost based on SNR, Link delay, and the and remaining battery power. Along
with this optimization, in this protocol, every node finds its congestion status and participates in the route
discovery on the basis of its status. Data forwarding is also done based on the congestion status at the time
of forwarding. The protocol results in better performance in terms of packet delivery fraction, end to end
delay, throughput, and packet drop when compared to existing protocols.
Fuzzy based clustering and energy efficientIJCNCJournal
Underwater Wireless Sensor Network (UWSN) is a particular kind of sensor networks which is
characterized by using acoustic channels for communication. UWSN is challenged by great issues specially
the energy supply of sensor node which can be wasted rapidly by several factors. The most proposed
routing protocols for terrestrial sensor networks are not adequate for UWSN, thus new design of routing
protocols must be adapted to this constrain. In this paper we propose two new clustering algorithms based
on Fuzzy C-Means mechanisms. In the first proposition, the cluster head is elected initially based on the
closeness to the center of the cluster, then the node having the higher residual energy elects itself as a
cluster head. All non-cluster head nodes transmit sensed data to the cluster head. This latter performs data
aggregation and transmits the data directly to the base station. The second algorithm uses the same
principle in forming clusters and electing cluster heads but operates in multi-hop mode to forward data
from cluster heads to the underwater sink (uw-sink). Furthermore the two proposed algorithms are tested
for static and dynamic deployment. Simulation results demonstrate the effectiveness of the proposed
algorithms resulting in an extension of the network lifetime.
THE DEVELOPMENT AND STUDY OF THE METHODS AND ALGORITHMS FOR THE CLASSIFICATIO...IJCNCJournal
This paper represents the results of the research, which have allowed us to develop a hybrid
approach to the processing, classification, and control of traffic routes. The approach enables to
identify traffic flows in the virtual data center in real-time systems. Our solution is based on the
methods of data mining and machine learning, which enable to classify traffic more accurately
according to more criteria and parameters. As a practical result, the paper represents the
algorithmic solution of the classification of the traffic flows of cloud applications and services
embodied in a module for the controller of the software-defined network. This solution enables to
increase the efficiency of handling user requests to cloud applications and reduce the response
time, which has a positive effect on the quality of service in the network of the virtual data center
SELF-ORGANIZATION AND AUTONOMOUS NETWORK SURVEYIJNSA Journal
The autonomic network gathers several aspects of Self-organization, which is depicted, into different
autonomous function such as the Self- configuration, the Self-optimization, the Self-repair, the Selfprotection, and the Self-cure. The latter is considered as one of the autonomous functions wished of a system network, which could be described by autonomous behavior is realized by structures of the control
loops and loop of control.
Trend-Based Networking Driven by Big Data Telemetry for Sdn and Traditional N...josephjonse
Organizations face a challenge of accurately analyzing network data and providing automated action based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and improve the performance of the network services, but organizations use different network management tools to understand and visualize the network traffic with limited abilities to dynamically optimize the network. This research focuses on the development of an intelligent system that leverages big data telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web application for effortless management of all subsystems, and the system and application developed in this research demonstrate the true potential for a scalable system capable of effectively benchmarking the network to set the expected behavior for comparison and trend analysis. Moreover, this research provides a proof of concept of how trend analysis results are actioned in both a traditional network and a software-defined network (SDN) to achieve dynamic, automated load balancing.
Trend-Based Networking Driven by Big Data Telemetry for Sdn and Traditional N...josephjonse
Organizations face a challenge of accurately analyzing network data and providing automated action based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and improve the performance of the network services, but organizations use different network management tools to understand and visualize the network traffic with limited abilities to dynamically optimize the network. This research focuses on the development of an intelligent system that leverages big data telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web application for effortless management of all subsystems, and the system and application developed in this research demonstrate the true potential for a scalable system capable of effectively benchmarking the network to set the expected behavior for comparison and trend analysis. Moreover, this research provides a proof of concept of how trend analysis results are actioned in both a traditional network and a software-defined network (SDN) to achieve dynamic, automated load balancing
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...INFOGAIN PUBLICATION
Using cloud services, anyone can remotely store their data and can have the on-demand high quality applications and services from a shared pool of computing resources, without the burden of local data storage and maintenance. Cloud is a commonplace for storing data as well as sharing of that data. However, preserving the privacy and maintaining integrity of data during public auditing remains to be an open challenge. In this paper, we introducing a third party auditor (TPA), which will keep track of all the files along with their integrity. The task of TPA is to verify the data, so that the user will be worry-free. Verification of data is done on the aggregate authenticators sent by the user and Cloud Service Provider (CSP). For this, we propose a secure cloud storage system which supports privacy-preserving public auditing and blockless data verification over the cloud
HOST AND NETWORK SECURITY by ThesisScientist.comProf Ansari
Network management means different things to different people. In some cases, it involves a solitary network consultant monitoring network activity with an outdated protocol analyzer. In other cases, network management involves a distributed database, auto polling of network devices, and high-end workstations generating real-time graphical views of network topology changes and traffic. In general, network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks.
The underlying fabric for communication among intelligent
agents will in many cases be provided by telecommunication
networks. But telecommunication networks have been seen as
a natural domain for the investigation and application of
intelligent agents’ technology as it emerged from the area of
Distributed Artificial Intelligence (DAI). Telecommunication
network administrations are vast organizations dedicated to
operating and managing networks with broad functional
segmentations: telephone network outside plant, switching and
transmission plants, public network, all supporting different
layers of specialized customer or service networks. These
networks are organized into multiple physical and logical
layers built with large quantities of repeated network elements
and sub network structures. All these elements need to be
configured, monitored, and controlled. In the future, this will
preferably be done by automated operation support systems
and without substantial human intervention.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
Response time optimization for vulnerability management system by combining ...IJECEIAES
The growth of information and communication technology has made the internet network have many users. On the other side, this increases cybercrime and its risks. One of the main attack targets is network weakness. Therefore, cyber security is required, which first does a network scan to stop the attack. Points of vulnerability on the network can be discovered using scanning techniques. Furthermore, mitigation or recovery measures can be implemented. However, it needs a short response time and high accuracy while scanning to reduce the level of damage caused by cyber-attacks. In this paper, the proposed method improves the performance of a vulnerability management system based on network and port scanning by combining the benchmarking and scenario planning models. On a network scanning to discover open ports on a subnet, Masscan can achieve response times of less than 2 seconds, and on scenario planning for detection on a single host by Nmap can reach less than 4 seconds. It was combining both models obtained an adequate optimization response time. The total response time is less than 6 seconds.
Blockchain Enforced Attribute based Access Control with ZKP for Healthcare Se...IJCNCJournal
The relationship between doctors and patients is reinforced through the expanded communication channels provided by remote healthcare services, resulting in heightened patient satisfaction and loyalty. Nonetheless, the growth of these services is hampered by security and privacy challenges they confront. Additionally, patient electronic health records (EHR) information is dispersed across multiple hospitals in different formats, undermining data sovereignty. It allows any service to assert authority over their EHR, effectively controlling its usage. This paper proposes a blockchain enforced attribute-based access control in healthcare service. To enhance the privacy and data-sovereignty, the proposed system employs attribute-based access control, zero-knowledge proof (ZKP) and blockchain. The role of data within our system is pivotal in defining attributes. These attributes, in turn, form the fundamental basis for access control criteria. Blockchain is used to keep hospital information in public chain but EHR related data in private chain. Furthermore, EHR provides access control by using the attributed based cryptosystem before they are stored in the blockchain. Analysis shows that the proposed system provides data sovereignty with privacy provision based on the attributed based access control.
EECRPSID: Energy-Efficient Cluster-Based Routing Protocol with a Secure Intru...IJCNCJournal
A revolutionary idea that has gained significance in technology for Internet of Things (IoT) networks backed by WSNs is the " Energy-Efficient Cluster-Based Routing Protocol with a Secure Intrusion Detection" (EECRPSID). A WSN-powered IoT infrastructure's hardware foundation is hardware with autonomous sensing capabilities. The significant features of the proposed technology are intelligent environment sensing, independent data collection, and information transfer to connected devices. However, hardware flaws and issues with energy consumption may be to blame for device failures in WSN-assisted IoT networks. This can potentially obstruct the transfer of data. A reliable route significantly reduces data retransmissions, which reduces traffic and conserves energy. The sensor hardware is often widely dispersed by IoT networks that enable WSNs. Data duplication could occur if numerous sensor devices are used to monitor a location. Finding a solution to this issue by using clustering. Clustering lessens network traffic while retaining path dependability compared to the multipath technique. To relieve duplicate data in EECRPSID, we applied the clustering technique. The multipath strategy might make the provided protocol more dependable. Using the EECRPSID algorithm, will reduce the overall energy consumption, minimize the End-to-end delay to 0.14s, achieve a 99.8% Packet Delivery Ratio, and the network's lifespan will be increased. The NS2 simulator is used to run the whole set of simulations. The EECRPSID method has been implemented in NS2, and simulated results indicate that comparing the other three technologies improves the performance measures.
Analysis and Evolution of SHA-1 Algorithm - Analytical TechniqueIJCNCJournal
A 160-bit (20-byte) hash value, sometimes called a message digest, is generated using the SHA-1 (Secure Hash Algorithm 1) hash function in cryptography. This value is commonly represented as 40 hexadecimal digits. It is a Federal Information Processing Standard in the United States and was developed by the National Security Agency. Although it has been cryptographically cracked, the technique is still in widespread usage. In this work, we conduct a detailed and practical analysis of the SHA-1 algorithm's theoretical elements and show how they have been implemented through the use of several different hash configurations.
Optimizing CNN-BiGRU Performance: Mish Activation and Comparative AnalysisIJCNCJournal
Deep learning is currently extensively employed across a range of research domains. The continuous advancements in deep learning techniques contribute to solving intricate challenges. Activation functions (AF) are fundamental components within neural networks, enabling them to capture complex patterns and relationships in the data. By introducing non-linearities, AF empowers neural networks to model and adapt to the diverse and nuanced nature of real-world data, enhancing their ability to make accurate predictions across various tasks. In the context of intrusion detection, the Mish, a recent AF, was implemented in the CNN-BiGRU model, using three datasets: ASNM-TUN, ASNM-CDX, and HOGZILLA. The comparison with Rectified Linear Unit (ReLU), a widely used AF, revealed that Mish outperforms ReLU, showcasing superior performance across the evaluated datasets. This study illuminates the effectiveness of AF in elevating the performance of intrusion detection systems.
An Hybrid Framework OTFS-OFDM Based on Mobile Speed EstimationIJCNCJournal
The Future wireless communication systems face the challenging task of simultaneously providing high-quality service (QoS) and broadband data transmission, while also minimizing power consumption, latency, and system complexity. Although Orthogonal Frequency Division Multiplexing (OFDM) has been widely adopted in 4G and 5G systems, it struggles to cope with a significant delay and Doppler spread in high mobility scenarios. To address these challenges, a novel waveform named Orthogonal Time Frequency Space (OTFS). Designers aim to outperform OFDM by closely aligning signals with the channel behaviour. In this paper, we propose a switching strategy that empowers operators to select the most appropriate waveform based on an estimated speed of the mobile user. This strategy enables the base station to dynamically choose the waveform that best suits the mobile user’s speed. Additionally, we suggest retaining an Integrated Sensing and Communication (ISAC) radar approach for accurate Doppler estimation. This provides precise information to facilitate the waveform selection procedure. By leveraging the switching strategy and harnessing the Doppler estimation capabilities of an ISAC radar.Our proposed approach aims to enhance the performance of wireless communication systems in high mobility cases. Considering the complexity of waveform processing, we introduce an optimized hybrid system that combines OTFS and OFDM, resulting in reduced complexity while still retaining performance benefits.This hybrid system presents a promising solution for improving the performance of wireless communication systems in higher mobility.The simulation results validate the effectiveness of our approach, demonstrating its potential advantages for future wireless communication systems. The effectiveness of the proposed approach is validated by simulation results as it will be illustrated.
Enhanced Traffic Congestion Management with Fog Computing - A Simulation-Base...IJCNCJournal
Accurate latency computation is essential for the Internet of Things (IoT) since the connected devices generate a vast amount of data that is processed on cloud infrastructure. However, the cloud is not an optimal solution. To overcome this issue, fog computing is used to enable processing at the edge while still allowing communication with the cloud. Many applications rely on fog computing, including traffic management. In this paper, an Intelligent Traffic Congestion Mitigation System (ITCMS) is proposed to address traffic congestion in heavily populated smart cities. The proposed system is implemented using fog computing and tested in a crowdedCairo city. The results obtained indicate that the execution time of the simulation is 4,538 seconds, and the delay in the application loop is 49.67 seconds. The paper addresses various issues, including CPU usage, heap memory usage, throughput, and the total average delay, which are essential for evaluating the performance of the ITCMS. Our system model is also compared with other models to assess its performance. A comparison is made using two parameters, namely throughput and the total average delay, between the ITCMS, IOV (Internet of Vehicle), and STL (Seasonal-Trend Decomposition Procedure based on LOESS). Consequently, the results confirm that the proposed system outperforms the others in terms of higher accuracy, lower latency, and improved traffic efficiency.
Rendezvous Sequence Generation Algorithm for Cognitive Radio Networks in Post...IJCNCJournal
Recent natural disasters have inflicted tremendous damage on humanity, with their scale progressively increasing and leading to numerous casualties. Events such as earthquakes can trigger secondary disasters, such as tsunamis, further complicating the situation by destroying communication infrastructures. This destruction impedes the dissemination of information about secondary disasters and complicates post-disaster rescue efforts. Consequently, there is an urgent demand for technologies capable of substituting for these destroyed communication infrastructures. This paper proposes a technique for generating rendezvous sequences to swiftly reconnect communication infrastructures in post-disaster scenarios. We compare the time required for rendezvous using the proposed technique against existing methods and analyze the average time taken to establish links with the rendezvous technique, discussing its significance. This research presents a novel approach enabling rapid recovery of destroyed communication infrastructures in disaster environments through Cognitive Radio Network (CRN) technology, showcasing the potential to significantly improve disaster response and recovery efforts. The proposed method reduces the time for the rendezvous compared to existing methods, suggesting that it can enhance the efficiency of rescue operations in post-disaster scenarios and contribute to life-saving efforts.
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
May 2024, Volume 16, Number 3 - The International Journal of Computer Network...IJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
May_2024 Top 10 Read Articles in Computer Networks & Communications.pdfIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
April 2024 - Top 10 Read Articles in Computer Networks & CommunicationsIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
High Performance NMF Based Intrusion Detection System for Big Data IOT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
ESTABLISHMENT OF VIRTUAL POLICY BASED NETWORK MANAGEMENT SCHEME BY LOAD EXPERIMENTS IN VIRTUAL ENVIRONMENT
1. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
DOI: 10.5121/ijcnc.2016.8313 181
ESTABLISHMENT OF VIRTUAL POLICY BASED
NETWORK MANAGEMENT SCHEME BY LOAD
EXPERIMENTS IN VIRTUAL ENVIRONMENT
Kazuya Odagiri1
, Shogo Shimizu2
and Naohiro Ishii 3
1
Sugiyama Jogakuen University, Aichi, 2
Gakushuin Women’s College, Tokyo and
3
Aichi Institute of Technology, Aichi, Japan
ABSTRACT
In the current Internet-based systems, there are many problems using anonymity of the network
communication such as personal information leak and crimes using the Internet systems. This is because
the TCP/IP protocol used in Internet systems does not have the user identification information on the
communication data, and it is difficult to supervise the user performing the above acts immediately. As a
solution for solving the above problem, there is the approach of Policy-based Network Management
(PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication
control of every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the
whole LAN by locating the communication control mechanisms on the course between network servers and
clients. The second is the scheme of managing the whole LAN by locating the communication control
mechanisms on clients. As the second scheme, we have been studied theoretically about the Destination
Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system
management, we intend to realize the policy-based Internet system management finally. In the DACS
Scheme, the inspection is not done about compatibility to cloud environment with virtualization technology
that spreads explosively. As the result, the coverage of the DACS Scheme is limited only in physical
environment now. In this study, we inspect compatibility of the DACS Scheme for the cloud environment
with virtualization technology, and enlarge coverage of this scheme. With it, the Virtual DACS Scheme
(vDACS Scheme) is established.
KEYWORDS
policy-based network management, DACS Scheme
1. INTRODUCTION
The current Internet system is a distributed autonomous system, and does not perform the unified
safety and effective operation. When the Internet system is accessed by the user that does not
understand structure of the Internet system very much, there are many problems using anonymity
of the network communication, such as personal information leak and crimes using the Internet
systems. The news of the information leak in the big company is sometimes reported through the
mass media. On the other hand, the study for the purpose of putting the whole Internet system
into the integrated management state is not performed now. Therefore, we aim at the realization
of the secure and effective operative Internet system by promoting the study of the Internet Policy
Based Network Management (Internet PBNM) under the long view. The Internet PBNM is the
concept that we have proposed than before, and is the management scheme for managing the
whole Internet system by applying the thinking of PBNM to it. In Figure 1, the image of Internet
PBNM is described.
2. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
182
Specific
administrative
organization
(1)Movable and Connectable
(2)Use depending on
policy information
Application
of
policy information
Data Center
Policy Information
Managemnt Server
Ladder in a
network attack
(Prevention)×××× ××××
Personal
information
Leak
(Prevention)
Network (Org. A) Network (Org. B)
Client cmputer
of a user
Client cmputer
of a user
Client cmputer
in org. A
Figure 1 Internet PBNM
The study of the Internet PBNM has four steps as follows.
• (Step1) Study on the PBNM managing the network of the specific organization
• (Step2) Study on the PBNM managing the network group in the plural organizations
• (Step3) Study on the PBNM managing the network group in the local domain that is
within a constant range
• (Step4) Study on the PBNM finally establishing Internet PBNM
In this paper, the study of the final stages in (Step1) is described. After the completion of this
study, we are going to shift to (Step2). The existing PBNM realizes the network management of
the own organization based on network policy and security policy. It manages the whole network
of the specific organization through communication control (access control, encryption of the
communication, quality of service). The existing PBNM is standardized in plural organizations
such as Internet Engineering Task Force (IETF), Distributed Management Task Force (DMTF),
Telecoms and Internet converged Services and protocols for Advanced Network (TISPAN) of
European Telecommunications Standards Institute (ETSI), International Telecommunication
Union Telecommunication Standardization Sector (ITU-T). However, when we aim at the
realization of Internet PBNM by extending this existing PBNM, it becomes the required condition
that a specific administrative organization manages the network which other organizations hold.
The existing PBNM is the scheme that places the Policy Enforcement point (PEP) for
communication control on the course of a network. Therefore, the administrative organization
must change the other organization’s network equipment. Then, the following problems occur.
(a) Outbreak of the additional cost by the change of the network equipment
(b) Network topology change by application of the existing PBNM
(c) Limits on security policy and network policy which is caused by the network equipment
change by the administrative organization.
For the realization of Internet PBNM by application of the existing PBNM, these problems
become a big hindrance. Because the problem of (c) becomes fatal especially, it becomes
impossible to apply the existing PBNM to all organizations on Internet system. The authors
decided to take the different approach. To be concrete, they aimed at the Internet PBNM by
3. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
183
realization of the PBNM scheme that does not need the network equipment change. As an initial
stage, they performed the study of (Step1). First, they established the scheme placing the software
PEP only to the physical client that is named Destination Addressing Control Scheme (DACS
Scheme). The DACS Scheme controls the specific organization’s network by communication
control on the client. Because this DACS Scheme is the method to manage the physical clients
distributed on the network, the inspection is not done about the compatibility to cloud
environment with the virtualization technology that spreads explosively. As the result, the
coverage of the DACS Scheme is limited only in physical environment now. In this study, we
inspect the compatibility of the DACS Scheme for the cloud environment with virtualization
technology, and enlarge the coverage of this scheme. With it, we assume that the Virtual DACS
Scheme (vDACS Scheme) is established. After it, we will start the study of (Step2). The rest of
this paper is organized as follows. Section 2 shows past works of the network management
including the existing PBNM. In Section 3, we describe the mechanisms and effectiveness of the
DACS scheme. In Section 4, the vDACS Scheme is established through functional experiment
and processing load experiment.
2. MOTIVATION AND RELATED WORKS
In the current Internet system, the problems using anonymity of the network communication such
as personal information leak and crimes using the Internet system occur. Because the TCP/IP
protocol used in Internet system does not have the user identification information on the
communication data, it is difficult to supervise the user performing the above acts immediately.
As the studies and technologies for Internet system management other than TCP/IP [1][2], many
technologies are studied as follow examples.
(1)Domain name system (DNS) [3]
(2)Routing protocol
(2-a) Interior gateway protocol (IGP) such as Routing information protocol (RIP) [4] and Open
shortest path first (OSPF) [5]
(2-b) Exterior gateway protocol (EGP) such as Border Gateway Protocol (BGP) [6]
(3) Fire wall (F/W) [7]
(4) Network address translation (NAT) [8] / Network address port translation (NAPT) [9]
(5) Load balancing [10][11]
(6) Virtual private network (VPN) [12][13]
(7) Public key infrastructure (PKI) [14]
(8) Server virtualization [15]
Except these studies, various studies are performed elsewhere. However, they are for managing
the specific part of the Internet system, and have no purpose of solving the above problems. As a
study for solving the above problems, the study area about PBNM exists. This is a scheme of
managing a whole LAN through communication control every user. Because this PBNM
manages a whole LAN by making anonymous communication non-anonymous, it becomes
possible to identify the user who steals personal information and commits a crime swiftly and
easily. Therefore, by applying this policy- based thinking, we have studied about the policy-based
Internet system management. In policy-based network management, there are two types scheme.
The first scheme is the scheme described in Figure 2. The standardization of this scheme is
performed in various organizations. In IETF, a framework of PBNM [16] was established.
Standards about each element constituting this framework are as follows. As a model of control
information stored in the server called Policy Repository, Policy Core Information model (PCIM)
[17] was established. After it, PCMIe [18] was established by extending the PCIM. To describe
them in the form of Lightweight Directory Access Protocol (LDAP), Policy Core LDAP Schema
4. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
184
(PCLS) [19] was established. As a protocol to distribute the control information stored in Policy
Repository or decision result from the PDP to the PEP, Common Open Policy Service (COPS)
[20] was established. Based on the difference in distribution method, COPS usage for RSVP
(COPS-RSVP) [21] and COPS usage for Provisioning (COPS-PR) [22] were established. RSVP
is an abbreviation for Resource Reservation Protocol. The COPS-RSVP is the method as follows.
After the PEP having detected the communication from a user or a client application, the PDP
makes a judgmental decision for it. The decision is sent and applied to the PEP, and the PEP adds
the control to it. The COPS-PR is the method of distributing the control information or decision
result to the PEP before accepting the communication.
Figure 2 Principle in First Scheme
Next, in DMTF, a framework of PBNM called Directory-enabled Network (DEN) was
established. Like the IETF framework, control information is stored in the server storing control
information called Policy Server which is built by using the directory service such as LDAP [23],
and is distributed to network servers and networking equipment such as switch and router. As the
result, the whole LAN is managed. The model of control information used in DEN is called
Common Information Model (CIM), the schema of the CIM(CIM Schema Version 2.30.0)[24]
was opened. The CIM was extended to support the DEN, and was incorporated in the framework
of DEN. In addition, Resource and Admission Control Subsystem (RACS) [25] was established
in Telecoms and Internet converged Services and protocols for Advanced Network (TISPAN) of
European Telecommunications Standards Institute (ETSI), and Resource and Admission Control
Functions (RACF) [26] was established in International Telecommunication Union
Telecommunication Standardization Sector (ITU-T).
Figure 3 Essential Principle
5. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
185
However, all the frameworks explained above are based on the principle shown in Figure 2.
Essential principle is described in Figure 3. To be concrete, in the point called PDP (Policy
Decision Point), judgment such as permission and non-permission for communication pass is
performed based on policy information. The judgment is notified and transmitted to the point
called the PEP, which is the mechanism such as VPN mechanism, router and firewall located on
the network path among hosts such as servers and clients. Based on that judgment, the control is
added for the communication that is going to pass by. The principle of the second scheme is
described in Figure 4 [27][28][29]. By locating the communication control mechanisms on the
clients, the whole LAN is managed. Because this scheme controls the network communications
on each client, the processing load is low. However, because the communication control
mechanisms need to be located on each client, the work load becomes heavy. When it is thought
that Internet system is managed by using these two schemes, it is difficult to apply the first
scheme to Internet system management practically. This is why the communication control
mechanism needs to be located on the course between network servers and clients without
exception.
Figure 4 Principle in Second Scheme
On the other hand, the second scheme locates the communication controls mechanisms on each
client. That is, the software for communication control is installed on each client. So, by devising
the installing mechanism letting users install software to the client easily, it becomes possible to
apply the second scheme to Internet system management. Furthermore, this point is dissolved
naturally when this scheme spread widely generally and the DACS Client becomes installed
normally.
The studies of the second scheme are as follows.
(1) Suggestion of the principle in the DACS Scheme [27]
(2) Additional access control function for preventing the access from the physical client that does
not have the PEP on it. [28]
(3) Processing load simulation in controlling a large number of physical clients [30]
(4) Software development for realization of the DACS Scheme [29]
(5) Operation and management system in the DACS Scheme [31]
However, the following problems are pointed out in the above study processes.
(d) Operation cost for placing the DACS Client on the physical client
(e) Guarantee of the DACS Client’s placement on the physical client
(f) The network topology change that may occur at the time of an application of existing PBNM
In this study, we solve these problems by letting the DACS Scheme to recent trend of the client
virtualization in company and university network. In other words, we establish Virtual DACS
Scheme. In Section 2 related works and technologies are performed. In Section 3, the existing
6. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
186
DACS Scheme is explained. In section 4, explanation and evaluation of the vDACS Scheme are
described. In Section V, conclusion of this study and directionality of the future study are
described.
3. EXISTING DACS SCHEME
3.1 BASIC PRINCIPLE OF THE DACS SCHEME
Figure 5 Basic Principle of the DACS Scheme
Figure 5 shows the basic principle of the network services by the DACS Scheme. At the timing
of the (a) or (b) as shown in the following, the DACS rules (rules defined by the user unit) are
distributed from the DACS Server to the DACS Client.
(a) At the time of a user logging in the client.
(b) At the time of a delivery indication from the system administrator.
According to the distributed DACS rules, the DACS Client performs (1) or (2)
operation as shown in the following. Then, communication control of the client is performed for
every login user.
(1) Destination information on IP Packet, which is sent from application program, is changed.
(2) IP Packet from the client, which is sent from the application program to the outside of the
client, is blocked.
An example of the case (1) is shown in Figure 5. In Figure 5, the system administrator can
distribute a communication of the login user to the specified server among servers A, B or C.
Moreover, the case (2) is described. For example, when the system administrator wants to forbid
a user to use MUA (Mail User Agent), it will be performed by blocking IP Packet with the
specific destination information.
In order to realize the DACS Scheme, the operation is done by a DACS Protocol as shown in
Figure 6. As shown by (1) in Figure 6, the distribution of the DACS rules is performed on
communication between the DACS Server and the DACS Client, which is arranged at the
application layer. The application of the DACS rules to the DACS Control is shown by (2) in
Figure 6. The steady communication control, such as a modification of the destination
information or the communication blocking is performed at the network layer as shown by (3) in
Figure 6.
7. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
187
Figure 6 Layer Setting of the DACS Scheme
The communication control on every user was given. However, it may be better to perform
communication control on every client instead of every user. For example, it is the case where
many and unspecified users use a computer room, which is controlled. In this section, the method
of communication control on every client is described, and the coexistence method with the
communication control on every user is considered. When a user logs in to a client, the IP address
of the client is transmitted to the DACS Server from the DACS Client. Then, if the DACS rules
corresponding to IP address, is registered into the DACS Server side, it is transmitted to the
DACS Client. Then, communication control for every client can be realized by applying to the
DACS Control. In this case, it is a premise that a client uses a fixed IP address. However, when
using DHCP service, it is possible to carry out the same control to all the clients linked to the
whole network or it’s subnetwork for example.
Figure 7 Creating the DACS rules on the DACS Server
When using communication control on every user and every client, communication control may
conflict. In that case, a priority needs to be given. The judgment is performed in the DACS Server
side as shown in Figure 7. Although not necessarily stipulated, the network policy or security
policy exists in the organization such as a university (1). The priority is decided according to the
policy (2). In (a), priority is given for the user's rule to control communication by the user unit. In
(b), priority is given for the client's rule to control communication by the client unit. In (c), the
user's rule is the same as the client's rule. As the result of comparing the conflict rules, one rule is
determined respectively. Those rules and other rules not overlapping are gathered, and the DACS
rules are created (3). The DACS rules are transmitted to the DACS Client. In the DACS Client
side, the DACS rules are applied to the DACS Control. The difference between the user's rule and
the client's rule is not distinguished.
8. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
188
3.2 SECURITY MECHANISM OF THE DACS SCHEME
In this section, the security function of the DACS Scheme is described. The communication is
tunneled and encrypted by use of SSH. By using the function of port forwarding of SSH, it is
realized to tunnel and encrypt the communication between the network server and the, which
DACS Client is installed in. Normally, to communicate from a client application to a network
server by using the function of port forwarding of SSH, local host (127.0.0.1) needs to be
indicated on that client application as a communicating server. The transparent use of a client,
which is a characteristic of the DACS Scheme, is failed. The transparent use of a client means
that a client can be used continuously without changing setups when the network system is
updated. The function that doesn't fail the transparent use of a client is needed. The mechanism of
that function is shown in Figure 8.The changed point on network server side is shown as follows
in comparison with the existing DACS Scheme.
Figure 8 Extend Security Function
SSH Server is located and activated, and communication except SSH is blocked. In Figure 8 the
DACS rules are sent from the DACS Server to the DACS Client (a). By the DACS Client that
accepts the DACS rules, the DACS rules are applied to the DACS Control in the DACS Client (b).
The movement to here is same as the existing DACS Scheme. After functional extension, as
shown in (c) of Figure 8 the DACS rules are applied to the DACS SControl. Communication
control is performed in the DACS SControl with the function of SSH. By adding the extended
function, selecting the tunneled and encrypted or not tunneled and encrypted communication is
done for each network service. When communication is not tunneled and encrypted,
communication control is performed by the DACS Control as shown in (d) of Figure 8. When
communication is tunneled and encrypted, destination of the communication is changed by the
DACS Control to localhost as shown in (e) of Figure 8. After that, by the DACS STCL, the
communicating server is changed to the network server and tunneled and encrypted
communication is sent as shown in (g) of Figure 8, which are realized by the function of port
forwarding of SSH. In the DACS rules applied to the DACS Control, localhost is indicated as the
destination of communication. In the DACS rules applied to the DACS SControl, the network
server is indicated as the destination of communication. As the functional extension explained in
the above, the function of tunneling and encrypting communication is realized in the state of
being suitable for the DACS Scheme, that is, with the transparent use of a client. Then, by
changing the content of the DACS rules applied to the DACS Control and the DACS SControl, it
is realized to distinguish the control in the case of tunneling and encrypting or not tunneling and
encrypting by a user unit. By tunneling and encrypting the communication for one network
service from all users, and blocking the untunneled and decrypted communication for that
network service, the function of preventing the communication for one network service from the
client, which DACS Client is not installed in is realized. Moreover, even if the communication to
the network server from the client, which DACS Client is not installed in is permitted, each user
can select whether the communication is tunneled and encrypted or not. The function of
preventing information interception is realized.
9. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
189
3.3 SPECIFICATION OF THE DACS SYSTEM
(a) Communications between the DACS Server and the DACS Client
The Communications between the DACS Server and the DACS Client were realized by the
communications through a socket in TCP/IP.
(b) Communication control on the client computer
In this study, the DACS Client working on windows XP was implemented. The functions of the
destination NAT and packet filtering required as a part of the DACS Control were implemented
by using Winsock2 SPI of Microsoft. As it is described in Figure 9 Winsock2 SPI is a new layer
which is created between the existing Winsock API and the layer under it. To be concrete, though
connect() is performed when the client application accesses the server, the processes of
destination NAT for the communication from the client application are built in WSP connect()
which is called in connect(). In addition, though accept() is performed on the client when the
communication to the client is accepted, the function of packet filtering is implemented in
WSPaccept() which is called in accept().
Figure 9 Winsock2 SPI
(c) VPN communication
The client software for the VPN communication, that is, the DACS SControl was realized by
using the port forward function of the Putty. When the communication from the client is
supported by the VPN communication, first, the destination of this communication is changed to
the localhost. After that, the putty accepts the communication, and sends the VPN communication
by using the port forward function.
3.4 POINTS OF SOFTWARE SPECIFICATIONS
The characteristic of the DACS System’s implementation is the coping processes at the time of
conflicting the relation between communication control every user and communication control
every client. At this point, by using algorithm shown in Figure 10, the DACS System is
implemented. First, as Action 1, the judgment table for client control is searched. If the IP address
of the client exists in this table, Action 2 is performed. If not, Action 3 is performed. When
Action 2 is performed, the control rules every client are searched and extracted from the IP
address rule table which has control rules every client (every IP address). When Action 3 is
performed, the judgment table for user control is searched. If the user logging in the client exists
in this table, Action 4 is performed. If not, status 1 showing “no applicable rule” is returned.
When Action 4 is performed, the Figure 4 Principle in Second Scheme
10. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
190
Figure 10 Used Algorism
4. ESTABLISHMENT OF THE VDACS SCHEME
To confirm the possibility of the wDACS Scheme, we performed functional experiments. By the
experiments, we confirmed that the software for the existing DACS Scheme could be operated in
cloud environment.
4.1 Experiment System
In Figure 11, the experiment system used in this study was described. Two virtual servers which
placed VMWare ESXi 5.1 were prepared. Each virtual server was constructed as follows.
(1) Virtual Server 1 (CPU:2.8GHz 4Core×1 Memory:16GB)
Virtualization software:VMWareESXi5.1
Virtual machine A:
Operating System (CentOS6.5)
Software for DACS Server
Virtual machine B:
Operating System (CentOS6.5)
Authentication server (OpenLDAP2.4)
Virtual machine C:
Operating System (CentOS6.5)
Windows domain server (Samba3.6)
Virtual router for a gateway (Vyatta6.6:64bit)
(2) Virtual Server 2 (CPU:2.6GHz 4Core×1 Memory:16GB)
Virtualization software:VMWareESXi5.1
Each virtual machine (5 virtual machine):
Operating System (Windows XP Pro)
Software for DACS Client
Virtual router for a gateway (Vyatta6.6:64bit)
11. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
191
Because we assumed that the service based on this scheme would be offered in the cloud
environment, we prepared the experimental environment which each virtual router on each virtual
server was connected by IPsec VPN each other.
The DACS Server was located on the virtual machine A (VM A) in the virtual server 1. The
DACS Client was located on each virtual client in the virtual server 2, and the DACS Client was
located on the CentOS in each virtual client. The policy information was sent and received
through the VPN connected by two virtual routers on each virtual server.
VM(Virtual Machine)
Virtual Server1111
認証サーバ認証サーバ認証サーバ認証サーバDACS
Server
(vm1)
Windows
ドメインサーバドメインサーバドメインサーバドメインサーバ
Virtual Server1
DACS
Client
DACS
Client
Virtual
Client
Virtual
Router
(Vyatta)
Virtual
Router
(Vyatta)
DACS
Client
IPsec VPN
VM A VM B VM C
Figure 11 Experiment system
4.2 CONTENT OF THE FUNCTIONAL EXPERIMENT
By using the experiment system in Figure 11, we performed the experiments about two functions
as follows.
(a) User authentication function
In this experimental system, the Windows OS (XP Pro) is used as an operating system on each
virtual machine in the virtual server 2. In addition, because we intend to release the software
developed to realize this scheme, we adopt the user authentication mechanism by free software.
To be concrete, user authentication processes are performed between the clients on the virtual
server 2 and the DACS Server on the virtual server1. About this point, we could confirm the
movement normally.
• (Server1) OpenLDAP server for managing user accounts
• (Server2) Samba server for building a windows domain
(b) Delivery function of policy information
After the process (a), the policy information is sent and received through the VPN connected by
two virtual routers on each virtual server. About this process, two cases of movement experiments
are performed as follows.
• (Case1) One virtual machine was operated on the virtual server 2.
• (Case2) Some virtual machines (Five virtual machines) were operated on the virtual
server 2.
12. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
192
4.3 RESULT OF FUNCTIONAL EXPERIMENT
The communication log was shown in Figure 12.
Figure.12 Communication log
As the result, we could confirm that the DACS Scheme to manage a physical client
conventionally was operated in cloud environment.
4.4 RESULT OF PROCESSING LOAD EXPERIMENT
Next, by using the experiment system, we measured the processing load to occur on the DACS
Server side that is performed by concurrent delivery process of policy information between the
DACS Server and the DACS Clients. To be concrete, by using 100 virtual clients, we measured
the maximum value of the CPU processing speed on the virtual machine A on the virtual server 1.
Because we could not place all virtual clients on virtual server 2 by the limitation of server
resources, some virtual machines were located on virtual server 1.
The measure was carried out by using the standard tool of VMWare ESXi. Because we confirmed
the consumption of the memory at that time, there was no problem at this point in particular.
The number of measurement is ten times. The maximum value of the CPU processing speed of
each time is described in the Figure 13. The average value of ten times was 55.9MHz.
Figure 13 Maximum value of the CPU processing speed
As reference materials, we listed the graph on the result of the measurement from the first to fifth
in Figure 14.
Figure 14 Graph of Maximum value (1th-5th
13. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
193
Then, the graph on the result of the measurement from the sixth to tenth was also listed in Figure
15.
Figure 15 Graph of Maximum value (6th-10th)
Though we explain it for sense, Figure 15 and 16 mentioned above is the figure which was made
based on the hard copy of VMWare ESXi tool. The processing load to occur on the DACS Server
side was the low value than prior expectation This value is approximately a one-50th of the CPU
performance (2.8GHz) of virtual server 1 which placed DACS Server. Though network
environment of the experiment system was different from the real network environment, the
DACS Sever may tolerate the concurrent processing from the virtual clients of around
5,000(50*100) theoretically. About this point, we intend to do additional experiment after having
prepared for additional experiment facilities. If possible, we want to carry out the processing load
experiment with number as close as possible to 5,000 mentioned above. Because we could
confirm association between the CPU processing performance of the server machine with the
DACS Server and the number of client machine with the DACS Client to some extent, we
thought that the vDACS Scheme was established.
5. CONCLUSIONS
In this study, we established the vDACS Scheme. Because the existing DACS Scheme was the
scheme to manage physical clients, we inspected compatibility of the DACS Scheme for the
virtual environment and enlarged coverage of the scheme. To be concrete, after we confirmed that
the software for the existing DACS Scheme could be operated with no problem functionally,
processing load experiment was performed by using experiment system. As the result, we
confirmed that the software moved on the virtual environment normally and the DACS Sever
accepted accesses of 100 virtual clients in the range of CPU processing speed of the 55.9MH
degree. As future works, we will perform additional processing load experiment by using more
clients if possible with the client of around 5,000.
ACKNOWLEDGEMENTS
This work was supported by JSPS KAKENHI Grant Number 26730037. We express the will of
thanks here.
REFERENCES
[1] V. Cerf and E. Kahn, "A Protocol for Packet Network Interconnection," IEEE Trans. on Commn, vol.
COM-22, pp. 637-648, May 1974.
[2] B. M. Leiner, R. Core, J. Postel, and D. Milis, "The DARPA Internet Protocol Suite," IEEE
Commun.Magazine, vol. 23 pp. 29-34 March 1985.
14. International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.3, May 2016
194
[3] P. Mockapetris and K. J. Dunlap. "Development of the domain name system," SIGCOMM'88, 1988.
[4] http://tools.ietf.org/html/rfc2453 [retrieved: 2, 2014]
[5] http://www.ietf.org/rfc/rfc2328.txt [retrieved: 2, 2014]
[6] http://tools.ietf.org/html/rfc4271 [retrieved: 2, 2014]
[7] A. X. Liu and M. G. Gouda, "Diverse Firewall Design," IEEE Trans. on Parallel and Distributed
Systems, vol. 19, Issue. 9, pp. 1237-1251, Sept. 2008.
[8] http://tools.ietf.org/html/rfc1631 [retrieved: 2, 2014]
[9] M. S. Ferdous, F. Chowdhury, and J. C. Acharjee, "An Extended Algorithm to Enhance the
Performance of the Current NAPT," Int. Conf. on Information and Communication Technology
(ICICT '07), pp. 315-318, March 2007.
[10] S. K. Das, D. J. Harvey, and R. Biswas, “Parallel processing of adaptive meshes with load
balancing,” IEEE Tran.on Parallel and Distributed Systems, vol. 12, no. 12, pp. 1269-1280, Dec 2002.
[11] J. Aweya, M. Ouellette, D. Y. Montuno, B. Doray, and K. Felske, “An adaptive load balancing
scheme for web servers,” Int.,J.of Network Management., vol. 12, no. 1, pp. 3-39, Jan/Feb 2002.
[12] C. Metz, “The latest in virtual private networks: part I,” IEEE Internet Computing, vol. 7, no. 1, pp.
87-91, 2003.
[13] C. Metz, “The latest in VPNs: part II,” IEEE Internet Computing, vol. 8, no. 3, pp. 60-65, 2004.
[14] R. Perlman, "An overview of PKI trust models," IEEE Network, vol. 13, issue 6, pp. 38-43,
Nov/Dec 1999.
[15] A. Singh, M. Korupolu, and D. Mohapatra, "Server-storage virtualization: Integration and load
balancing in data centers," Int. Conf. for High Performance Computing, Networking, Storage and
Analysis, pp. 1-12, Nov. 2008.
[16] R. Yavatkar et al., "A Framework for Policy-based Admission Control," IETF RFC 2753, 2000.
[17] B. Moore et al., "Policy Core Information Model -- Version 1 Specification," IETF RFC 3060, 2001.
[18] B. Moore, "Policy Core Information Model (PCIM) Extensions," IETF 3460, 2003.
[19] J. Strassner et al., " Policy Core Lightweight Directory Access Protocol (LDAP) Schema," IETF RFC
3703, 2004.
[20] D. Durham et al., "The COPS (Common Open Policy Service) Protocol, " IETF RFC 2748, 2000.
[21] S. Herzog et al., "COPS usage for RSVP", IETF RFC 2749, 2000.
[22] K. Chan et al., "COPS Usage for Policy Provisioning (COPS-PR), " IETF RFC 3084, 2001.
[23] M. Wahl et al., "Lightweight Directory Access Protocol (v3)," IETF RFC 2251, 1997.
[24] CIM Schema: Version 2.30.0, 2011.
[25] ETSI ES 282 003: Telecoms and Internet converged Services and protocols for Advanced Network
(TISPAN); Resource and Admission Control Subsystem (RACS); Functional Architecture, June
2006.
[26] ETSI ES 283 026: Telecommunications and Internet Converged Services and Protocols for Advanced
Networking (TISPAN); Resource and Admission Control; Protocol for QoS reservation information
exchange between the Service Policy Decision Function (SPDF) and the Access-Resource and
Admission Control Function (A-RACF) in the Resource and Protocol specifica-tion", April 2006.
[27] K. Odagiri,R. Yaegashi,M. Tadauchi, and N.Ishii, "Efficient Network Management System with
DACS Scheme : Management with communication control, " Int. J. of Computer Science and
Network Security, vol. 6, no. 1, pp. 30-36, January, 2006.
[28] K. Odagiri,R. Yaegashi,M. Tadauchi, and N.Ishii, "Secure DACS Scheme," Journal of Network
and Computer Applications," Elsevier, vol. 31, Issue 4, pp. 851-861, November 2008.
[29] K. Odagiri, S. Shimizu, R. Yaegashi, M. Takizawa, and N. Ishii, "DACS System Implementation
Method to Realize the Next Generation Policy-based Network Management Scheme," Proc. of Int.
Conf. on Advanced Information Networking and Applications (AINA 2010), Perth, Australia, Japan,
IEEE Computer Society, pp. 348-354, May 2010.
[30] K. Odagiri, G. D. Marco, R. Yaegashi, M. Tadauchi, N. Ishii "The Processing Workload Evaluation
in two Network Management Models of IP Networks, " Journal of Convergence Information
Technology, Volume 4, Number 3, pp.7-16, September 2009.
[31] K. Odagiri, S. Shimizu, N. Ishii, "Technical points in the implementation of the support system for
operation and management of DACS system," Proc. of Int. Conf. on Networking and Services
(ICNS2013), IEEE Computer Society, pp.16-21, May, 2013.