Detecting IP prefix hijack events using BGP activity and AS connectivity analysis

Alshamrani, Hussain Hameed

January 2017

The Border Gateway Protocol (BGP), the main component of core Internet connectivity, suffers vulnerability issues related to the impersonation of the ownership of IP prefixes for Autonomous Systems (ASes). In this context, a number of studies have focused on securing the BGP through several techniques, such as monitoring-based, historical-based and statistical-based behavioural models. In spite of the significant research undertaken, the proposed solutions cannot detect the IP prefix hijack accurately or even differentiate it from other types of attacks that could threaten the performance of the BGP. This research proposes three novel detection methods aimed at tracking the behaviour of BGP edge routers and detecting IP prefix hijacks based on statistical analysis of variance, the attack signature approach and a classification-based technique. The first detection method uses statistical analysis of variance to identify hijacking behaviour through the normal operation of routing information being exchanged among routers and their behaviour during the occurrence of IP prefix hijacking. However, this method failed to find any indication of IP prefix hijacking because of the difficulty of having raw BGP data hijacking-free. The research also proposes another detection method that parses BGP advertisements (announcements) and checks whether IP prefixes are announced or advertised by more than one AS. If so, events are selected for further validation using Regional Internet Registry (RIR) databases to determine whether the ASes announcing the prefixes are owned by the same organisation or different organisations. Advertisements for the same IP prefix made by ASes owned by different organisations are subsequently identified as hijacking events. The proposed algorithm of the detection method was validated using the 2008 YouTube Pakistan hijack event; the analysis demonstrates that the algorithm qualitatively increases the accuracy of detecting IP prefix hijacks. The algorithm is very accurate as long as the RIRs (Regional Internet Registries) are updated concurrently with hijacking detection. The detection method and can be integrated and work with BGP routers separately. Another detection method is proposed to detect IP prefix hijacking using a combination of signature-based (parsing-based) and classification-based techniques. The parsing technique is used as a pre-processing phase before the classification-based method. Some features are extracted based on the connectivity behaviour of the suspicious ASes given by the parsing technique. In other words, this detection method tracks the behaviour of the suspicious ASes and follows up with an analysis of their interaction with directly and indirectly connected neighbours based on a set of features extracted from the ASPATH information about the suspicious ASes. Before sending the extracted feature values to the best five classifiers that can work with the specifications of an implemented classification dataset, the detection method computes the similarity between benign and malicious behaviours to determine to what extent the classifiers can distinguish suspicious behaviour from benign behaviour and then detect the hijacking. Evaluation tests of the proposed algorithm demonstrated that the detection method was able to detect the hijacks with 96% accuracy and can be integrated and work with BGP routers separately.

004.6

Development of virtual network computing (VNC) environment for networking and enhancing user experience

Al-Malki, Dana Mohammed

January 2006

Virtual Network Computing (VNC) is a thin client developed by Real VNC Ltd, Formerly of Olivetti Research Ltd/AT&T labs Cambridge and can be used as a collaborative environment, therefore it has been chosen as the basis of this research study. The purpose of this thesis is to investigate and develop a VNC based environment over the network and to improve the users’ Quality of Experience (QoE) of using VNC between networked groups by the incorporation of videoconferencing with VNC and enhancing QoE in Mobile environments where the network status is far from ideal and is prone to disconnection. This thesis investigates the operation of VNC in different environments and scenarios such as wireless environments by investigating user and device mobility and ways to sustain their seamless connection when in motion. As part of the study I also researched all groups that implement VNC like universities, research groups and laboratories and virtual laboratories. In addition to that I identified the successful features and security measures in VNC in order to create a secure environment. This was achieved by pinpointing the points of strength and weakness in VNC as opposed to popular thin clients and remote control applications and analysing VNC according to conforming to several security measures. Furthermore, it is reasonable to say that the success of any scheme that attempts to deliver desirable levels of Quality of Service (QoS) of an effective application for the future Internet must be based, not only on the progress of technology, but on usersʹ requirements. For instance, a collaborative environment has not yet reached the desired expectation of its users since it is not capable of handling any unexpected events which can result from a sudden disconnection of a nomadic user engaged in an ongoing collaborative session; this is consequently associated with breaking the social dynamics of the group collaborating in the session. Therefore, I have concluded that knowing the social dynamics of application’s users as a group and their requirements and expectations of a successful experience can lead an application designer to exploit technology to autonomously support the initiating and maintaining of social interaction. Moreover, I was able to successfully develop a VNC based environment for networked groups that facilitates the administration of different remote VNC sessions. In addition to a prototype that uses videoconferencing in parallel to VNC to provide a better user’s QoE of VNC. The last part of the thesis was concerned with designing a framework to improve and assess QoE of all users in a collaborative environment where it can be especially applied in the presence of nomadic clients with their much frequent disconnections. I have designed a conceptual algorithm called Improved Collaborative Quality of Experience (IC‐QoE), an algorithm that aims to eliminate frustration and improve QoE of users in a collaborative session in the case of disconnections and examined its use and benefits in real world scenarios such as research teams and implemented a prototype to present the concepts of this algorithm. Finally, I have designed a framework to suggest ways to evaluate this algorithm.

004.6

Domesticating home networks

Brown, Anthony

January 2016

This thesis addresses the following question: How should domestic networks be reinvented to support self-management by domestic users? It takes a user-centred design approach to redesign the underlying domestic network infrastructure to better fit domestic users. The overall aim of this work is to create user-centred mechanisms to support self-management of domestic networks by domestic users. Two areas of the domestic network are studied in detail, user-centred mechanisms for domestic network infrastructure control and user-centred presentations of network data. User-centred mechanisms for domestic network infrastructure control are explored to improve Wi-Fi device association in domestic environments. A user-centred design approach is adopted to create a new method for sharing Wi-Fi credentials between devices, specifically tailored for domestic environments called MultiNet. The network performance impact of MultiNet is quantified using the standard metrics of throughput, latency, and jitter in a lab based experiment. MultiNet's usability is then compared to Wi-Fi Protected Setup in a lab based usability evaluation. These show that better Wi-Fi device association methods targeted for domestic environments can be built. It also shows that user-centred networking infrastructure can support self-management by domestic users. User-centred presentations of network data address the poor legibility of domestic networks hinders configuration and maintenance of them. A user-centred approach is adopted to design and construct a network data visualisation and annotation platform, HomeNetViewer. Through a series of deployments in real households the HomeNetViewer platform is used to explore user-centred presentations of network data to support the local negotiation of domestic network policy. HomeNetViewer improves domestic network legibility by enabling the construction of user-centred presentations of domestic network data. Additionally, it shows that users are comfortable annotating their network data using activities, applications, and users as a vocabulary. Together this highlights, with the correct user-centred tools, that domestic users are able to gain new insight into their networks to support self-management. HomeNetViewer also shows that manually annotating domestic traffic place an ongoing burden on the users. Automating user-centred presentations of network data are explored to address the burden the annotation process places on users. The use of enterprise traffic classification techniques to generate user-centred presentations of network data struggle to classify the data annotated by HomeNetViewer participants. It concludes by suggesting two ways in which these difficulties could be addressed in future work. Overall the domestic access point provides an important point of configuration, visibility and control over the domestic network infrastructure. This dissertation demonstrates that taking a user-centred design approach to reinventing the domestic network, to support self-management by users, can resolve the existing problems and merits further research and exploration by industry and standardisation bodies.

004.6

Allocation dynamique sur cloud IaaS : allocation dynamique d’infrastructure de SI sur plateforme de cloud avec maîtrise du compromis coûts/performances / Dynamic allocation on IaaS : SI Infrastructure dynamic allocation of cloud platform with control of compromise cost / performance

Michon, Etienne

05 June 2015

Dans le contexte du cloud computing, l'IaaS fournit des ressources de calcul virtualisées à la demande suivant un modèle de paiement à l'utilisation. Du point de vue de l'utilisateur, ce nouveau paradigme fournit un stock inépuisable de ressources, qui peuvent être dynamiquement demandées et relâchées. L'IaaS permet l'exécution de calculs scientifiques sur un budget de fonctionnement plutôt que sur un investissement initial important. L'ordonnancement sur une telle plateforme élastique constitue un défi important dans le grand nombre de tâches et de ressources à prendre en compte pour réaliser le provisioning, mais également dans le grand nombre de plateformes et de modèles économiques disponibles. Nous avons abordé ce problème en concevant un système de courtage côté client capable (1) d'automatiser le provisioning en fonction d'une stratégie sélectionnée par l'utilisateur et (2) de simuler l'exécution afin de fournir à l'utilisateur une estimation des coûts et temps qu'impliquent les différentes stratégies. Son architecture ouverte permet de s'adapter à un grand nombre de fournisseur de cloud et de stratégies de provisioning. Des expérimentations à grande échelle ont été menées sur plusieurs plateformes de clouds avec des applications de type bag-of-tasks et workflows. Elles montrent la capacité de nos outils à exécuter différents types de workloads sur des plateformes variés et à simuler avec une grande précision ces exécutions. / In the field of cloud computing, IaaS provide virtualized on-demand computing resources on a pay-per-use model. From the user point of view, the cloud provides an inexhaustible supply of resources, which can be dynamically claimed and released. IaaS is especially useful to execute scientific computations using operating budget instead of using a big initial investment. Provisioning the resources depending on the workload is an important challenge, especially regarding the big number of jobs and resoruces to take into account, but also the large amount of available platforms and economic model. We advocate the need for brokers on the client-side with two main capabilities: (1) automate the provisioning depending on the strategy selected by the user and (2) able to simulate an execution in order to provide the user with an estimation of the costs and times of his workload's execution. Many provisioning strategies and cloud providers can be used in this broker thanks to its open architecture. Large scale experiments have been conducted on many cloud platforms and show our tool's ability to execute different kind of workloads on various platforms and to simulate these executions with high accuracy.

IaaS

Courtier

Schlouder

Provisioning

IaaS

Cloud Broker

Schlouder

Provisioning

004.6

Simulation studies on effects of dual polarisation and directivity of antennas on the performance of MANETs

Sharma, R.

January 2014

In the purview of efficient communication in MANETs for enhanced data rates and reliable routing of information, this thesis deals with dual polarised directional antenna based communication. This thesis proposes a dual polarised directional communication based cross-layer solution to mitigate the problems of interference, exposed nodes, directional exposed nodes, and deafness, and to achieve efficient routing of information. At the physical layer of network protocol stack, this thesis proposes the use of dual polarised directional antenna for the mitigation of interference. Use of dual polarised directional communication at the physical layer calls for appropriate modifications in the functionality of MAC and network layers. At the MAC layer, the DPDA-MAC protocol proposed in this thesis achieves mitigation of the problems of exposed nodes, directional exposed nodes and deafness, by using dual polarised directional antenna at physical layer. At network layer, the DPDA-MRP protocol presented in this thesis facilitates the discovery of multiple routes between the source and destination nodes to route information in accordance with the desired dual polarised directional communication. To achieve efficient dual polarised directional communication and routing of information, it is essential to maintain well populated Neighbour Table (NT) and Routing Table (RT). This thesis proposes a novel Corruption Detection Pulse (CDP) based technique to handle corruption of broadcast packets such as Link ID and RREQ arising due to hidden node problem. Since the nodes participating in the formation of MANETs have limited battery energy, the protocols proposed in this thesis are featured with a provision for dynamic power control to achieve energy efficient communication. Nodes maintain Received Signal Strength Indicator (RSSI) information in the NT, which along with the information of node location is used in the formulation of decision logic of dynamic power control. Through numerous simulation studies, this thesis demonstrates the benefits of dual polarised directional communication to enhance the performance of MANET. The design principles, benefits and conceptual constraints of proposed DPDA-MAC protocol are analysed with SPDA-MAC and CSMA/CA, while those for DPDA-MRP are analysed with SPDA-MRP and DSR through performance metrics of throughput, Packet Delivery Ratio (PDR) and per hop delay. The thesis also analyses the impact of variations of channel capacity, node density, rate of packet transmission and mobility of nodes on the performance of the proposed and conventional protocols invoked in MANETs.

004.6

Entity finding in a document collection using adaptive window sizes

Alarfaj, Fawaz

January 2016

Traditional search engines work by returning a list of documents in response to queries. However, such engines are often inadequate when the information need of the user involves entities. This issue has led to the development of entity-search, which unlike normal web search does not aim at returning documents but names of people, products, organisations, etc. Some of the most successful methods for identifying relevant entities were built around the idea of a proximity search. In this thesis, we present an adaptive, well-founded, general-purpose entity finding model. In contrast to the work of other researchers, where the size of the targeted part of the document (i.e., the window size) is fixed across the collection, our method uses a number of document features to calculate an adaptive window size for each document in the collection. We construct a new entity finding test collection called the ESSEX test collection for use in evaluating our method. This collection represents a university setting as the data was collected from the publicly accessible webpages of the University of Essex. We test our method on five different datasets including the W3C Dataset, CERC Dataset, UvT/TU Datasets, ESSEX dataset and the ClueWeb09 entity finding collection. Our method provides a considerable improvement over various baseline models on all of these datasets. We also find that the document features considered for the calculation of the window size have differing impacts on the performance of the search. These impacts depend on the structure of the documents and the document language. As users may have a variety of search requirements, we show that our method is adaptable to different applications, environments, types of named entities and document collections.

004.6

Enhancement of the IEEE 802.15.4 standard by energy efficient cluster scheduling

Saleh, Ahmed

January 2015

The IEEE 802.15.4 network is gaining popularity due to its wide range of application in Industries and day to day life. Energy Conservation in IEEE 802.15.4 nodes is always a concern for the designers as the life time of a network depends mainly on minimizing the energy consumption in the nodes. In ZigBee cluster-tree network, the existing literature does not provide combined solution for co-channel interference and power efficient scheduling. In addition, the technique that prevents network collision has not been provided. Delay and reliability issues are not addressed in the QoS-aware routing. Congestion is one of the major challenges in IEEE 802.15.4 Network. This network also has issues in admitting real time flows. The aim of the present research is to overcome the issues mentioned above by designing Energy Efficient Cluster Scheduling and Interference Mitigation, QoS Aware Inter-Cluster Routing Protocol and Adaptive Data Rate Control for Clustered Architecture for IEEE 802.15.4 Networks. To overcome the issue of Energy efficiency and network collision energy efficient cluster scheduling and interference mitigation for IEEE 802.15.4 Network is proposed. It uses a time division cluster scheduling technique that offers energy efficiency in the cluster-tree network. In addition, an interference mitigation technique is demonstrated which detects and mitigates the channel interference based on packet-error detection and repeated channel-handoff command transmission. For the issues of delay and reliability in cluster network, QoS aware intercluster routing protocol for IEEE 802.15.4 Networks is proposed. It consists of some modules like reliability module, packet classifier, hello protocol module, routing service module. Using the Packet classifier, the packets are classified into the data and hello packets. The data packets are classified based on the priority. Neighbour table is constructed to maintain the information of neighbour nodes reliabilities by Hello protocol module. Moreover, routing table is built using the routing service module. The delay in the route is controlled by delay metrics, which is a sum of queuing delay and transmission delay. For the issues of congestion and admit real-time flows an Adaptive data rate control for clustered architecture in IEEE 802.15.4 Networks is proposed. A network device is designed to regulate its data rate adaptively using the feedback message i.e. Congestion Notification Field (CNF) in beacon frame received from the receiver side. The network device controls or changes its data rate based on CNF value. Along with this scalability is considered by modifying encoding parameters using Particle Swarm Optimization (PSO) to balance the target output rate for supporting high data rate. Simulation results show that the proposed techniques significantly reduce the energy consumption by 17% and the network collision, enhance the performance, mitigate the effect of congestion, and admit real-time flows.

004.6

Achieving quality of service in mobile ad hoc networks containing packet forwarding attackers

Mcnerney, Peter Joseph John

January 2013

In future, Mobile Ad Hoc Networks (MANETs) may provide access to services in the Internet. MANETs should therefore support diverse applications and data types. This introduces a need for quality of service (QoS), a process of discriminating different data types to provide them with an appropriate level of service. However, QoS can be affected by nodes performing packet forwarding attacks. A critical analysis of the related literature shows that research into QoS and security has typically proceeded independently. However, QoS and security should be considered together as attacks may adversely affect QoS. A simulation study demonstrates this by investigating two single-path packet forwarding approaches under a range of conditions. The study shows that using single-path packet forwarding in the presence of attackers is generally insufficient to support QoS.Based on this background research, a novel 2-Dimensional Adaptation ARChitecture (2-DAARC) and a Priority-based Multi-path Type Selection (PMTS) algorithm are proposed. 2-DAARC integrates two modes of adaptation. The single-path adaptation (SPA) mode uses adaptive bandwidth reservations over a single path for QoS in the presence of node mobility. The multi-path adaptation (MPA) mode uses duplicated data packet transmissions over multiple paths for QoS in the presence of packet forwarding attackers. Adaptation occurs within and between modes to optimize priority packet forwarding in the dynamic MANET environment. The MPA mode uses the PMTS algorithm to select a secondary path which is maximally-disjoint with the primary path. This aims to select a path which may enhance reliability whilst keeping the costs of path selection low. Simulating 2-DAARC shows that under light loads it achieves better QoS than related work, but with a higher control packet overhead. Simulating PMTS shows that under light loads it achieves packet deliveries which are at best as good as a related approach, with lower end-to-end delays and control packet overhead. A novel Congestion and ATtack (CAT) detection mechanism is proposed to improve the performance of 2-DAARC in heavily loaded networks. CAT detection differentiates the causes of packet loss so that adaptation can be better tailored to the network conditions. Without CAT detection, 2-DAARC uses the MPA mode in congested conditions, and this worsens QoS. Simulating 2-DAARC with CAT detection shows that it generally achieves packet deliveries which are greater than or similar to, and end-to-end delays which are less than or similar to related work, and it does so with a lower control packet overhead.

004.6

A virtual intergrated networks emulator on xen (viNex)

Mukwevho, Mukosi Abraham

11 1900

Network research experiments have traditionally been conducted in emulated or simulated environments. Emulators are frequently deployed on physical networks. Network simulators provide a self-contained and simple environment that can be hosted on one host. Simulators provide a synthetic environment that is only an approximation of the real world and therefore the results might not be a true re ection of reality. Recent progress in virtualisation technologies enable the deployment of multiple interconnected, virtual hosts on one machine. Virtual hosts run real network protocol stacks and therefore provide an emulated environment on a single host. The rst objective of this dissertation is to build a network emulator (viNEX) using a virtualisation platform (XEN). The second objective is to evaluate whether viNEX can be used to conduct some network research experiments. Thirdly, some limitations of this approach are identified / Computing / M. Sc. (Computer Science)

Virtual computer system

004.6

Computer science

Local area networks (Computer networks)

Handling emergent conflicts in adaptable rule-based sensor networks

Blum, Jesse Michael

January 2012

This thesis presents a study into conflicts that emerge amongst sensor device rules when such devices are formed into networks. It describes conflicting patterns of communication and computation that can disturb the monitoring of subjects, and lower the quality of service. Such conflicts can negatively affect the lifetimes of the devices and cause incorrect information to be reported. A novel approach to detecting and resolving conflicts is presented. The approach is considered within the context of home-based psychiatric Ambulatory Assessment (AA). Rules are considered that can be used to control the behaviours of devices in a sensor network for AA. The research provides examples of rule conflict that can be found for AA sensor networks. Sensor networks and AA are active areas of research and many questions remain open regarding collaboration amongst collections of heterogeneous devices to collect data, process information in-network, and report personalised findings. This thesis presents an investigation into reliable rule-based service provisioning for a variety of stakeholders, including care providers, patients and technicians. It contributes a collection of rules for controlling AA sensor networks. This research makes a number of contributions to the field of rule-based sensor networks, including areas of knowledge representation, heterogeneous device support, system personalisation, and in particular, system reliability. This thesis provides evidence to support the conclusion that conflicts can be detected and resolved in adaptable rule-based sensor networks.

004.6