Biblio

In the Internet of Things (IoT), it is feasible to interconnect networks of different devices and all these different devices, such as smartphones, sensor devices, and vehicles, are controlled according to a particular user. These different devices are delivered and accept the information on the network. This thing is to motivate us to do work on IoT and the devices used are sensor nodes. The validation of data delivery completely depends on the checks of count data forwarding in each node. In this research, we propose the Link Hop Value-based Intrusion Detection System (L-IDS) against the blackhole attack in the IoT with the assist of WSN. The sensor nodes are connected to other nodes through the wireless link and exchange data routing, as well as data packets. The LHV value is identified as the attacker's presence by integrating the data delivery in each hop. The LHV is always equivalent to the Actual Value (AV). The RPL routing protocol is used IPv6 to address the concept of routing. The Routing procedure is interrupted by an attacker by creating routing loops. The performance of the proposed L-IDS is compared to the RPL routing security scheme based on existing trust. The proposed L-IDS procedure is validating the presence of the attacker at every source to destination data delivery. and also disables the presence of the attacker in the network. Network performance provides better results in the existence of a security scheme and also fully represents the inoperative presence of black hole attackers in the network. Performance metrics show better results in the presence of expected IDS and improve network reliability.

In recent years, ICN (Information-Centric Networking) has been under the spotlight as a network that mainly focuses on transmitted and received data rather than on the hosts that transmit and receive data. Generally, the communication networks such as ICNs are required to be robust against network failures caused by attacks and disasters. One of the metrics for the robustness of conventional host-centric networks, e.g., TCP/IP network, is reachability between nodes in the network after network failures, whereas the key metric for the robustness of ICNs is content availability. In this paper, we focus on an arbitrary ICN network and derive the content availability for a given probability of node removal. Especially, we analytically obtain the average content availability over an entire network in the case where just a single path from a node to a repository, i.e., contents server, storing contents is available and where multiple paths to the repository are available, respectively. Furthermore, through several numerical evaluations, we investigate the effect of the structure of network topology as well as the pattern and scale of the network failures on the content availability in ICN. Our findings include that, regardless of patterns of network failures, the content availability is significantly improved by caching contents at routers and using multiple paths, and that the content availability is more degraded at cluster-based node removal compared with random node removal.

A full-duplex self-recovery optical fibre transport system is proposed on the basis of a novel passive single-line bidirectional optical add/drop multiplexer (SBOADM). This system aims to achieve an access network with low complexity and network protection capability. Polarisation division multiplexing technique, optical double-frequency application and wavelength reuse method are also employed in the transport system to improve wavelength utilisation efficiency and achieve colourless optical network unit. When the network comprises a hybrid tree-ring topology, the downstream signals can be bidirectionally transmitted and the upstream signals can continuously be sent back to the central office in the reverse pathways due to the remarkable routing function of the SBOADM. Thus, no complicated optical multiplexer/de-multiplexer components or massive optical switches are required in the transport system. If a fibre link failure occurs in the ring topology, then the blocked network connections can be recovered by switching only a single optical switch preinstalled in the remote node. Simulation results show that the proposed architecture can recover the network function effectively and provide identical transmission performance to overcome the impact of a breakpoint in the network. The proposed transport system presents remarkable flexibility and convenience in expandability and breakpoint self-recovery.

Although OpenFlow-based SDN networks make it easier to design and test new protocols, when you think of clean slate architectures, their use is quite limited because the parameterization of its flows resides primarily in TCP/IP protocols. Besides, despite the many benefits that SDN offers, some aspects have not yet been adequately addressed, such as management plane activities, network startup, and options for connecting the data plane to the control plane. Based on these issues and limitations, this work presents a bootstrap protocol for SDN-based networks, which allows, beyond the network topology discovery, automatic configuration of an inband control plane. The protocol is designed to act only on layer two, in an autonomous, distributed and deterministic way, with low overhead and has the intent to be the basement for the implementation of other management plane related activities. A formal specification of the protocol is provided. In addition, an analytical model was created to preview the number of required messages to establish the control plane. According to this model, the proposed protocol presents less overhead than similar de-facto protocols used to topology discovery in SDN networks.

Network adversaries, such as malicious transit autonomous systems (ASes), have been shown to be capable of partitioning the Bitcoin's peer-to-peer network via routing-level attacks; e.g., a network adversary exploits a BGP vulnerability and performs a prefix hijacking attack (viz. Apostolaki et al. [3]). Due to the nature of BGP operation, such a hijacking is globally observable and thus enables immediate detection of the attack and the identification of the perpetrator. In this paper, we present a stealthier attack, which we call the EREBUS attack, that partitions the Bitcoin network without any routing manipulations, which makes the attack undetectable to control-plane and even to data-plane detectors. The novel aspect of EREBUS is that it makes the adversary AS a natural man-in-the-middle network of all the peer connections of one or more targeted Bitcoin nodes by patiently influencing the targeted nodes' peering decision. We show that affecting the peering decision of a Bitcoin node, which is believed to be infeasible after a series of bug patches against the earlier Eclipse attack [29], is possible for the network adversary that can use abundant network address resources (e.g., spoofing millions of IP addresses in many other ASes) reliably for an extended period of time at a negligible cost. The EREBUS attack is readily available for large ASes, such as Tier-1 and large Tier-2 ASes, against the vast majority of 10K public Bitcoin nodes with only about 520 bit/s of attack traffic rate per targeted Bitcoin node and a modest (e.g., 5-6 weeks) attack execution period. The EREBUS attack can be mounted by nation-state adversaries who would be willing to execute sophisticated attack strategies patiently to compromise cryptocurrencies (e.g., control the consensus, take down a cryptocurrency, censor transactions). As the attack exploits the topological advantage of being a network adversary but not the specific vulnerabilities of Bitcoin core, no quick patches seem to be available. We discuss that some naive solutions (e.g., whitelisting, rate-limiting) are ineffective and third-party proxy solutions may worsen the Bitcoin's centralization problem. We provide some suggested modifications to the Bitcoin core and show that they effectively make the EREBUS attack significantly harder; yet, their non-trivial changes to the Bitcoin's network operation (e.g., peering dynamics, propagation delays) should be examined thoroughly before their wide deployment.

The mechanism of peers randomly choosing logical neighbors without any knowledge about underlying physical topology can cause a delay overhead in information propagation which makes the system vulnerable to double spend attacks. This paper introduces a proximity-aware extensions to the current Bitcoin protocol, named Master Node Based Clustering (MNBC). The ultimate purpose of the proposed protocol is to improve the information propagation delay in the Bitcoin network.

Mobile Ad hoc Network (MANET) is one of the emerging technologies to communicate between nodes and its decentralized structure, self-configuring nature are the few properties of this Ad hoc network. Due to its undefined structure, it has found its usage in the desired and temporary communication network. MANET has many routing protocols governing it and due to its changing topology, there can be many issues arise in recent times. Problems like no central node, limited energy, and the quality of service, performance, design issues, and security challenges have been bugging the researchers. The black hole attacks are the kind that cause ad hoc network to be at loss of information and make the source to believe that it has the actual least distance path to the destination, but in real scenario the packets do not get forwarded to neighbouring nodes. In this paper, we have discussed different solutions over the past years to deal with such attacks. A summary of the schemes with their results and drawbacks in terms of performance metrics is also given.

In modern high-performance computing (HPC) systems, network congestion is an important factor that contributes to performance degradation. However, how network congestion impacts application performance is not fully understood. As Aries network, a recent HPC network architecture featuring a dragonfly topology, is equipped with network counters measuring packet transmission statistics on each router, these network metrics can potentially be utilized to understand network performance. In this work, by experiments on a large HPC system, we quantify the impact of network congestion on various applications' performance in terms of execution time, and we correlate application performance with network metrics. Our results demonstrate diverse impacts of network congestion: while applications with intensive MPI operations (such as HACC and MILC) suffer from more than 40% extension in their execution times under network congestion, applications with less intensive MPI operations (such as Graph500 and HPCG) are mostly not affected. We also demonstrate that a stall-to-flit ratio metric derived from Aries network counters is positively correlated with performance degradation and, thus, this metric can serve as an indicator of network congestion in HPC systems.

Software Defined Networking (SDN) is a promising network architecture that aims at providing high flexibility through the separation between network logic (control plane) and forwarding functions (data plane). This separation provides logical centralization of controllers, global network overview, ease of programmability, and a range of new SDN-compliant services. In recent years, the adoption of SDN in enterprise networks has been constantly increasing. In the meantime, new challenges arise in different levels such as scalability, management, and security. In this paper, we elaborate on complex security issues in the current SDN architecture. Especially, reconnaissance attack where attackers generate traffic for the goal of exploring existing services, assets, and overall network topology. To eliminate reconnaissance attack in SDN environment, we propose SDN-based solution by utilizing distributed firewall application, security policy, and OpenFlow counters. Distributed firewall application is capable of tracking the flow based on pre-defined states that would monitor the connection to sensitive nodes toward malicious activity. We utilize Mininet to simulate the testing environment. We are able to detect and mitigate this type of attack at early stage and in average around 7 second.

To accommodate the rapidly changing Internet requirements, Information-Centric Networking (ICN) was recently introduced as a promising architecture for the future Internet. One of the ICN primary features is `in-network caching'; due to its ability to minimize network traffic and respond faster to users' requests. Therefore, various caching algorithms have been presented that aim to enhance the network performance using different measures, such as cache hit ratio and cache hit distance. Choosing a caching strategy is critical, and an adequate replacement strategy is also required to decide which content should be dropped. Thus, in this paper, we propose a content replacement scheme for ICN, called Randomized LFU that is implemented with respect to content popularity taking the time complexity into account. We use Abilene and Tree network topologies in our simulation models. The proposed replacement achieves encouraging results in terms of the cache hit ratio, inner hit, and hit distance and it outperforms FIFO, LRU, and Random replacement strategies.

Due to the harsh environment and energy limitation, maintaining efficient communication is crucial to the lifetime of Underwater Sensor Networks (UWSN). Named Data Networking (NDN), one of future network architectures, begins to be applied to UWSN. Although Underwater Named Data Networking (UNDN) performs well in data transmission, it still faces some security threats, such as the Denial-of-Service (DoS) attacks caused by Interest Flooding Attacks (IFAs). In this paper, we present a new type of DoS attacks, named as Synergetic Denial-of-Service (SDoS). Attackers synergize with each other, taking turns to reply to malicious interests as late as possible. SDoS attacks will damage the Pending Interest Table, Content Store, and Forwarding Information Base in routers with high concealment. Simulation results demonstrate that the SDoS attacks quadruple the increased network traffic compared with normal IFAs and the existing IFA detection algorithm in UNDN is completely invalid to SDoS attacks. In addition, we analyze the infection problem in UNDN and propose a defense method Trident based on carefully designed adaptive threshold, burst traffic detection, and attacker identification. Experiment results illustrate that Trident can effectively detect and resist both SDoS attacks and normal IFAs. Meanwhile, Trident can robustly undertake burst traffic and congestion.

Due to the network topology high dynamic changes, the number of ground users and the impact of uneven traffic, the load difference between SDN-based satellite network controllers varies widely, which will cause network performance such as network delay and throughput to drop dramatically. Aiming at the above problems, a multi-controller optimized deployment strategy of satellite network based on SDN was proposed. First, the controller's load state is divided into four types: overload state, high load state, normal state, and idle state; second, when a controller in the network is idle, the switch under its jurisdiction is migrated to the adjacent low load controller and turn off the controller to reduce waste of resources. When the controller is in a high-load state and an overload state, consider both the controller and the switch, and migrate the high-load switch to the adjacent low-load controller. Balance the load between controllers, improve network performance, and improve network performance and network security. Simulation results show that the method has an average throughput improvement of 2.7% and a delay reduction of 3.1% compared with MCDALB and SDCLB methods.

Software-defined networks (SDN), through their programmability, significantly increase network resilience by enabling dynamic reconfiguration of network topologies in response to faults and potentially malicious attacks detected in real-time. Another key trend in network softwarization is cloud-native software, which, together with SDN, will be an integral part of the core of future 5G networks. In SDN, the control plane forms the "brain" of the software-defined network and is typically implemented as a set of distributed controller replicas to avoid a single point of failure. Distributed consensus algorithms are used to ensure agreement among the replicas on key data even in the presence of faults. Security is also a critical concern in ensuring that attackers cannot compromise the SDN control plane; byzantine fault tolerance algorithms can provide protection against compromised controller replicas. However, while reliability/availability and security form key attributes of resilience, they are typically modeled separately in SDN, without consideration of the potential impacts of their interaction. In this paper we present an initial framework for a model that unifies reliability, availability, and security considerations in distributed consensus. We examine – via simulation of our model – some impacts of the interaction between accidental faults and malicious attacks on SDN and suggest potential mitigations unique to cloud-native software.

Research on the design of data center infrastructure is increasing, both from academia and industry, due to the rapid development of cloud-based applications such as search engines, social networks, and large-scale computing. On a large scale, data centers can consist of hundreds to thousands of servers that require systems with high-performance requirements and low downtime. To meet the network's needs in a dynamic data center, infrastructure of applications and services are growing. It takes a process of designing a network topology so that it can guarantee availability and security. One way to surmount this is by implementing the zero trust security model based on micro-segmentation. Zero trust is a security idea based on the principle of "never trust, always verify" in which no concepts of trust and untrust in network traffic. The zero trust security model implemented network traffic in the form of untrust. Micro-segmentation is a way to achieve zero trust by dividing a network into smaller logical segments to restrict the traffic. In this research, data center network performance based on software-defined networking with zero trust security model using micro-segmentation has been evaluated using a testbed simulation of Cisco Application Centric Infrastructure by measuring the round trip time, jitter, and packet loss during experiments. Performance evaluation results show that micro-segmentation adds an average round trip time of 4 μs and jitter of 11 μs without packet loss so that the security can be improved without significantly affecting network performance on the data center.

Adversarial models are well-established for cryptographic protocols, but distributed real-time protocols have requirements that these abstractions are not intended to cover. The IEEE/IEC 61850 standard for communication networks and systems for power utility automation in particular not only requires distributed processing, but in case of the generic object oriented substation events and sampled value (GOOSE/SV) protocols also hard real-time characteristics. This motivates the desire to include both quality of service (QoS) and explicit network topology in an adversary model based on a π-calculus process algebraic formalism based on earlier work. This allows reasoning over process states, placement of adversarial entities and communication behaviour. We demonstrate the use of our model for the simple case of a replay attack against the publish/subscribe GOOSE/SV subprotocol, showing bounds for non-detectability of such an attack.

In this article, the security problem in cyber-physical systems (CPSs) against denial-of-service (DoS) attacks is studied from the perspectives of the designs of communication topology and distributed controller. To resist the DoS attacks, a new construction algorithm of the k-connected communication topology is developed based on the proposed necessary and sufficient criteria of the k-connected graph. Furthermore, combined with the k-connected topology, a distributed event-triggered controller is designed to guarantee the consensus of CPSs under mode-switching DoS (MSDoS) attacks. Different from the existing distributed control schemes, a new technology, that is, the extended Laplacian matrix method, is combined to design the distributed controller independent on the knowledge and the dwell time of DoS attack modes. Finally, the simulation example illustrates the superiority and effectiveness of the proposed construction algorithm and a distributed control scheme.

The wireless technology has knocked the door of tremendous usage and popularity in the last few years along with a high growth rate for new applications in the networking domain. Mobile Ad hoc Networks (MANETs) is solitary most appealing, alluring and challenging field where in the participating nodes do not require any active, existing and centralized system or rigid infrastructure for execution purpose and thus nodes have the moving capability on arbitrary basis. Radio range nodes directly communicate with each other through the wireless links whereas outside range nodes uses relay principle for communication. Though it is a rigid infrastructure less environment and has high growth rate but security is a major concern and becomes vital part of providing hostile free environment for communication. The MANET imposes several prominent challenges such as limited energy reserve, resource constraints, highly dynamic topology, sharing of wireless medium, energy inefficiency, recharging of the batteries etc. These challenges bound to make MANET more susceptible, more close to attacks and weak unlike the wired line networks. Theresearch paperismainly focused on two aspects, one is computation termination of cluster head algorithm and another is use of finite state machine for attacks identification.

VANET is one of most emerging and unique topics among the scientist and researcher. Due to its mobility, high dynamic nature and frequently changing topology not predictable, mobility attracts too much to researchers academic and industry person. In this paper, characteristics of VANET ate discussed along with its architecture, proposed work and its ends simulation with results. There are many nodes in VANET and to avoid the load on every node, clustering is applied in VANET. VANET possess the high dynamic network having continuous changing in the topology. For stability of network, a good clustering algorithm is required for enhancing the network productivity. In proposed work, a novel approach has been proposed to make cluster in VANET network and detect malicious node of network for security network.

The Internet of Things (IoT) integrates the Internet and electronic devices belonging to different domains, such as smart home automation, industrial processes, military applications, health, and environmental monitoring. Usually, IoT devices have limited resources and Low Power and Lossy Networks (LLNs) are being used to interconnect such devices. Routing Protocol for Low-Power and Lossy Networks (RPL) is one of the preferred routing protocols for this type of network, since it was specially developed for LLNs, also known as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN). In this paper the most well-known routing attacks against 6LoWPAN networks were studied and implemented through simulation, conducting a behavioral analysis of network components (resources, topology, and data traffic) under attack condition. In order to achieve a better understanding on how attacks in 6LoWPAN work, we first conducted a study on 6LoWPAN networks and RPL protocol functioning. Furthermore, we also studied a series of well-known routing attacks against this type of Wireless Sensor Networks and these attacks were then simulated using Cooja simulator provided by Contiki operating system. The results obtained after the simulations are discussed along with other previous researches. This analysis may be of real interest when it comes to identify indicators of compromise for each type of attack and appropriate countermeasures for prevention and detection of these attacks.

A secure multi-party batch matrix multiplication problem (SMBMM) is considered, where the goal is to allow a master to efficiently compute the pairwise products of two batches of massive matrices, by distributing the computation across S servers. Any X colluding servers gain no information about the input, and the master gains no additional information about the input beyond the product. A solution called Generalized Cross Subspace Alignment codes with Noise Alignment (GCSA- NA) is proposed in this work, based on cross-subspace alignment codes. The state of art solution to SMBMM is a coding scheme called polynomial sharing (PS) that was proposed by Nodehi and Maddah-Ali. GCSA-NA outperforms PS codes in several key aspects - more efficient and secure inter-server communication, lower latency, flexible inter-server network topology, efficient batch processing, and tolerance to stragglers.

Vehicular Ad Hoc Networks (VANETs) have a strategic goal to achieve service delivery in roads and smart cities, considering the integration and communication between vehicles, sensors and fixed road-side components (routers, gateways and services). VANETs have singular characteristics such as fast mobile nodes, self-organization, distributed network and frequently changing topology. Despite the recent evolution of VANETs, security, data integrity and users privacy information are major concerns, since attacks prevention is still open issue. One of the most dangerous attacks in VANETs is the Sybil, which forges false identities in the network to disrupt compromise the communication between the network nodes. Sybil attacks affect the service delivery related to road safety, traffic congestion, multimedia entertainment and others. Thus, VANETs claim for security mechanism to prevent Sybil attacks. Within this context, this paper proposes a mechanism, called SyDVELM, to detect Sybil attacks in VANETs based on artificial intelligence techniques. The SyDVELM mechanism uses Extreme Learning Machine (ELM) with occasional features of vehicular nodes, minimizing the identification time, maximizing the detection accuracy and improving the scalability. The results suggest that the suitability of SyDVELM mechanism to mitigate Sybil attacks and to maintain the service delivery in VANETs.

Coupling regular topologies with optimized routing algorithms is key in pushing the performance of interconnection networks of HPC systems. In this paper we present Dmodc, a fast deterministic routing algorithm for Parallel Generalized Fat-Trees (PGFTs) which minimizes congestion risk even under massive topology degradation caused by equipment failure. It applies a modulo-based computation of forwarding tables among switches closer to the destination, using only knowledge of subtrees for pre-modulo division. Dmodc allows complete re-routing of topologies with tens of thousands of nodes in less than a second, which greatly helps centralized fabric management react to faults with high-quality routing tables and no impact to running applications in current and future very large-scale HPC clusters. We compare Dmodc against routing algorithms available in the InfiniBand control software (OpenSM) first for routing execution time to show feasibility at scale, and then for congestion risk under degradation to demonstrate robustness. The latter comparison is done using static analysis of routing tables under random permutation (RP), shift permutation (SP) and all-to-all (A2A) traffic patterns. Results for Dmodc show A2A and RP congestion risks similar under heavy degradation as the most stable algorithms compared, and near-optimal SP congestion risk up to 1% of random degradation.

In recent years, integration of Passive Optical Net-work(PON) and WiMAX (Worldwide Interoperability Microwave Access Network) network is attracting huge interest among many researchers. The continuous demand for large bandwidths with wider coverage area are the key drivers to this technology. This integration has led to high speed and cost efficient solution for internet accessibility. This paper investigates the issues related to traffic grooming, routing and resource allocation in the hybrid networks. The Elastic Optical Network forms Backbone and is integrated with WiMAX. In this novel approach, traffic grooming is carried out using light trail technique to minimize the bandwidth blocking ratio and also reduce the network resource consumption. The simulation is performed on different network topologies, where in the traffic is routed through three modes namely the pure Wireless Network, the Wireless-Optical/Optical-Wireless Network, the pure Optical Network keeping the network congestion in mind. The results confirm reduction in bandwidth blocking ratio in all the given networks coupled with minimum network resource utilization.

The steady decline of IP transit prices in the past two decades has helped fuel the growth of traffic demands in the Internet ecosystem. Despite the declining unit pricing, bandwidth costs remain significant due to ever-increasing scale and reach of the Internet, combined with the price disparity between the Internet's core hubs versus remote regions. In the meantime, cloud providers have been auctioning underutilized computing resources in their marketplace as spot instances for a much lower price, compared to their on-demand instances. This state of affairs has led the networking community to devote extensive efforts to cloud-assisted networks - the idea of offloading network functionality to cloud platforms, ultimately leading to more flexible and highly composable network service chains.We initiate a critical discussion on the economic and technological aspects of leveraging cloud-assisted networks for Internet-scale interconnections and data transfers. Namely, we investigate the prospect of constructing a large-scale virtualized network provider that does not own any fixed or dedicated resources and runs atop several spot instances. We construct a cloud-assisted overlay as a virtual network provider, by leveraging third-party cloud spot instances. We identify three use case scenarios where such approach will not only be economically and technologically viable but also provide performance benefits compared to current commercial offerings of connectivity and transit providers.

Security is one of the more challenging problem for wireless Ad-Hoc networks specially in MANT due their features like dynamic topology, no centralized infrastructure, open architecture, etc. that make its more prone to different attacks. These attacks can be passive or active. The passive attack it hard to detect it in the network because its targets the confidential of data packet by eavesdropping on it. Therefore, the privacy preservation for data packets payload which it transmission over MANET has been a major part of concern. especially for safety-sensitive applications such as, privacy conference meetings, military applications, etc. In this paper it used symmetric cryptography to provide privacy for data packet by proposed modified AES based on five proposed which are: Key generation based on multi chaotic system, new SubByte, new ShiftRows, Add-two-XOR, Add-Shiftcycl.