Biblio

In today's world computer communication is used almost everywhere and majority of them are connected to the world's largest network, the Internet. There is danger in using internet due to numerous cyber-attacks which are designed to attack Confidentiality, Integrity and Availability of systems connected to the internet. One of the most prominent threats to computer networking is Distributed Denial of Service (DDoS) Attack. They are designed to attack availability of the systems. Many users and ISPs are targeted and affected regularly by these attacks. Even though new protection technologies are continuously proposed, this immense threat continues to grow rapidly. Most of the DDoS attacks are undetectable because they act as legitimate traffic. This situation can be partially overcome by using Intrusion Detection Systems (IDSs). There are advanced attacks where there is no proper documented way to detect. In this paper authors present a Machine Learning (ML) based DDoS detection mechanism with improved accuracy and low false positive rates. The proposed approach gives inductions based on signatures previously extracted from samples of network traffic. Authors perform the experiments using four distinct benchmark datasets, four machine learning algorithms to address four of the most harmful DDoS attack vectors. Authors achieved maximum accuracy and compared the results with other applicable machine learning algorithms.

The distribution of video contents generated by Content Providers (CPs) significantly contributes to increase the congestion within the networks of Internet Service Providers (ISPs). To alleviate this problem, CPs can serve a portion of their catalogues to the end users directly from servers (i.e., the caches) located inside the ISP network. Users served from caches perceive an increased QoS (e.g., average retrieval latency is reduced) and, for this reason, caching can be considered a form of traffic prioritization. Hence, since the storage of caches is limited, its subdivision among several CPs may lead to discrimination. A static subdivision that assignes to each CP the same portion of storage is a neutral but ineffective appraoch, because it does not consider the different popularities of the CPs' contents. A more effective strategy consists in dividing the cache among the CPs proportionally to the popularity of their contents. However, CPs consider this information sensitive and are reluctant to disclose it. In this work, we propose a protocol based on Shamir Secret Sharing (SSS) scheme that allows the ISP to calculate the portion of cache storage that a CP is entitled to receive while guaranteeing network neutrality and resource efficiency, but without violating its privacy. The protocol is executed by the ISP, the CPs and a Regulator Authority (RA) that guarantees the actual enforcement of a fair subdivision of the cache storage and the preservation of privacy. We perform extensive simulations and prove that our approach leads to higher hit-rates (i.e., percentage of requests served by the cache) with respect to the static one. The advantages are particularly significant when the cache storage is limited.

The explosive growth of mobile traffic in the Internet makes content delivery a challenging issue to cope with. To promote efficiency of content distribution and reduce network cost, Internet Service Providers (ISPs) and content providers (CPs) are motivated to cooperatively work. As a clean-slate solution, nowadays Information-Centric Networking architectures have been proposed and widely researched, where the thought of in-network caching, especially edge caching, can be applied to mobile wireless networks to fundamentally address this problem. Considered the profit split issue between ISPs and CPs and the influence of content popularity is largely ignored, in this paper, we propose a Stackelberg-based optimal network profit split scheme for content delivery in information-centric wireless networks. Simulation results show that the performance of our proposed model is comparable to its centralized solution and obviously superior to current ISP-CP cooperative schemes without considering cache deployment in the network.

Multicast distribution employs the model of many-to-many so that it is a more efficient way of data delivery compared to traditional one-to-one unicast distribution, which can benefit many applications such as media streaming. However, the lack of security features in its nature makes multicast technology much less popular in an open environment such as the Internet. Internet Service Providers (ISPs) take advantage of IP multicast technology's high efficiency of data delivery to provide Internet Protocol Television (IPTV) to their users. But without the full control on their networks, ISPs cannot collect revenue for the services they provide. Secure Internet Group Management Protocol (SIGMP), an extension of Internet Group Management Protocol (IGMP), and Group Security Association Management Protocol (GSAM), have been proposed to enforce receiver access control at the network level of IP multicast. In this paper, we analyze operational details and issues of both SIGMP and GSAM. An examination of the performance of both protocols is also conducted.

Software defined networks (SDNs) represent new centralized network architecture that facilitates the deployment of services, applications and policies from the upper layers, relatively the management and control planes to the lower layers the data plane and the end user layer. SDNs give several advantages in terms of agility and flexibility, especially for mobile operators and for internet service providers. However, the implementation of these types of networks faces several technical challenges and security issues. In this paper we will focus on SDN's security issues and we will propose the implementation of a centralized security layer named AM-SecP. The proposed layer is linked vertically to all SDN layers which ease packets inspections and detecting intrusions. The purpose of this architecture is to stop and to detect malware infections, we do this by denying services and tunneling attacks without encumbering the networks by expensive operations and high calculation cost. The implementation of the proposed framework will be also made to demonstrate his feasibility and robustness.

The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks, emerge as areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.

Nowadays, Internet Service Providers (ISPs) have been depending on Deep Packet Inspection (DPI) approaches, which are the most precise techniques for traffic identification and classification. However, constructing high performance DPI approaches imposes a vigilant and an in-depth computing system design because the demands for the memory and processing power. Membership query data structures, specifically Bloom filter (BF), have been employed as a matching check tool in DPI approaches. It has been utilized to store signatures fingerprint in order to examine the presence of these signatures in the incoming network flow. The main issue that arise when employing Bloom filter in DPI approaches is the need to use k hash functions which, in turn, imposes more calculations overhead that degrade the performance. Consequently, in this paper, a new design and implementation for a DPI approach have been proposed. This DPI utilizes a membership query data structure called Cuckoo filter (CF) as a matching check tool. CF has many advantages over BF like: less memory consumption, less false positive rate, higher insert performance, higher lookup throughput, support delete operation. The achieved experiments show that the proposed approach offers better performance results than others that utilize Bloom filter.

Trusted routing is a hot spot in network security. Lots of efforts have been made on trusted routing validation for Interior Gateway Protocols (IGP), e.g., using Public Key Infrastructure (PKI) to enhance the security of protocols, or routing monitoring systems. However, the former is limited by further deployment in the practical Internet, the latter depends on a complete, accurate, and fresh knowledge base-this is still a big challenge (Internet Service Providers (ISPs) are not willing to leak their routing policies). In this paper, inspired by the idea of centrally controlling in Software Defined Network (SDN), we propose a CENtrally Trusted Routing vAlidation framework, named CENTRA, which can automated collect routing information, centrally detect anomaly and deliver secure routing policy. We implement the proposed framework using NETCONF as the communication protocol and YANG as the data model. The experimental results reveal that CENTRA can detect and block anomalous routing in real time. Comparing to existing secure routing mechanism, CENTRA improves the detection efficiency and real-time significantly.

The growth of the Internet has made IPv4 addresses a scarce resource. Due to slow IPv6 deployment, IANA-level IPv4 address exhaustion was reached before the world could transition to an IPv6-only Internet. The continuing need for IPv4 reachability will only be supported by IPv4 address sharing. This paper reviews ISP-level address sharing mechanisms, which allow Internet service providers to connect multiple customers who share a single IPv4 address. Some mechanisms come with severe and unpredicted consequences, and all of them come with tradeoffs. We propose a novel classification, which we apply to existing mechanisms such as NAT444 and DS-Lite and proposals such as 4rd, MAP, etc. Our tradeoff analysis reveals insights into many problems including: abuse attribution, performance degradation, address and port usage efficiency, direct intercustomer communication, and availability.