Evaluation of the United States Coast Guard's remote network access procedures

Olesnevich, Craig.

January 2005

Thesis, PlanB (M.S.)--University of Wisconsin--Stout, 2005. / Includes bibliographical references.

Protocol design for scalable and reliable group rekeying

Zhang, Xincheng, Lam, Simon S.,

January 2005

Thesis (Ph. D.)--University of Texas at Austin, 2005. / Supervisor: Simon S. Lam. Vita. Includes bibliographical references.

Parallel firewall designs for high-speed networks /

Farley, Ryan Joseph.

January 2005

Thesis (M.S.)--Wake Forest University. Dept. of Computer Science, 2005. / Vita. Includes bibliographical references (leaves 66-68)

Enhanced quality of service in Internet using dynamic scheduling

Dalakoti, Animesh,

January 2007

Thesis (M.S. in computer science)--Washington State University, August 2007. / Includes bibliographical references (p. 68-70).

On the external stability of linear systems with actuator saturation constraints, and the decentralized control of communicating-agent networks with security constraints

Wen, Zheng,

January 2007

Thesis (M.S. in electrical engineering)--Washington State University, August 2007. / Includes bibliographical references (p. 73-77).

An investigation into the deployment of IEEE 802.11 networks

Janse van Rensburg, Johanna Hendrina

January 2007

Currently, the IEEE 802.11 standard is the leading technology in the Wireless Local Area Network (WLAN) market. It provides flexibility and mobility to users, which in turn, increase productivity. Opposed to traditional fixed Local Area Network (LAN) technologies, WLANs are easier to deploy and have lower installation costs. Unfortunately, there are problems inherent within the technology and standard that inhibits its performance. Technological problems can be attributed to the physical medium of a WLAN, the electromagnetic (EM) wave. Standards based problems include security issues and the MAC layer design. However the impact of these problems can be mitigated with proper planning and design of the WLAN. To do this, an understanding of WLAN issues and the use of WLAN software tools are necessary. This thesis discusses WLAN issues such as security and electromagnetic wave propagation and introduces software that can aid the planning, deployment and maintenance of a WLAN. Furthermore the planning, implementation and auditing phases of a WLAN lifecylce are discussed. The aim being to provide an understanding of the complexities involved to deploy and maintain a secure and reliable WLAN.

Local area networks (Computer networks)

Analysis and implementation of time-delay systems and networked control systems

Wang, Bo

January 2008

Systems with delays frequently appear in engineering. The presence of delays makes system analysis and control design much more complicated. Networked control systems where the delays are often random are typical cases of such systems. For one particular category of time-delays systems, integral processes with dead time (IPDTs), the control limits that a PI controller can achieve are discussed in this thesis. These limits include the region of the control parameters to guarantee the system stability, the control parameters to achieve the given gain and/or phase margins (GPMs), the constraint on achievable gain and phase margins, the performance of set point tracking and disturbance rejection. Three types of PI controllers, namely typical PI controller, single tuning-parameter PI controller and PI controller under two-degree-of-freedom (2-DOF) structure, are studied. In control schemes of the modified Smith predictor (MSP) where the controller usually includes a distributed delay, the system implementation is not trivial because of the inherent hidden unstable poles. This thesis provides an estimation of the minimal number of implementation steps for the distributed delay in linear control laws. This is obtained by solving an inequality with respect to the number of implementation steps. A coarse estimation is given as the initial value to solve the inequality using bisection algorithms. A minimization process as well as some other techniques are also introduced to further improve the estimation. In networked control systems, the network-transmission delay and data dropout are combinedly represented by a network-induced delay. By designing a data pre­ processing mechanism, the network-induced delay can be assigned. Such delay as­ signment is applied to networked predictive control schemes, which alleviates systemstability limits on the network-induced delay. Two stability criteria are given for the closed-loop system with random network-induced delay, and a resulting implementation algorithm is also provided. The control and implementation of a magnetic levitation system over the network is studied in this thesis. Firstly, a test-rig which is suitable to implement control over a network is set up. Feedback linearization and direct local linearization methods for the nonlinear MagLev system are presented. In order to improve the control performance, a networked predictive method is employed, where the system model is identified in real-time. Local control and networked control are implemented on this test-rig, including networked predictive control. Model predictive control demonstrates a clear performance advantage over the networked control strategies which does not incorporate compensation for the network-induced delay. In order to quickly implement networked control systems (NCSs) by simulation or practical application, a MATLAB/Simulink based NCS toolbox is developed. This toolbox incorporates basic parts of a general NCS, that is, network simula­tion, network interface, plant interface and typical control schemes. With the NCS toolbox, users can focus on the study of new control schemes.

003.5

Computer networks ; Automatic control

Near real-time threat assessment using intrusion detection system's data

Fragkos, Grigorios

January 2011

The concept of Intrusion Detection (ID) and the development of such systems have been a major concern for scientists since the late sixties. In recent computer networks, the use of different types of Intrusion Detection Systems (IDS) is considered essential and in most cases mandatory. Major improvements have been achieved over the years and a large number of different approaches have been developed and applied in the way these systems perform Intrusion Detection. The purpose of the research is to introduce a novel approach that will enable us to take advantage of the vast amounts of information generated by the large number of different IDSs, in order to identify suspicious traffic, malicious intentions and network attacks in an automated manner. In order to achieve this, the research focuses upon a system capable of identifying malicious activity in near real-time, that is capable of identifying attacks while they are progressing. The thesis addresses the near real-time threat assessment by researching into current state of the art solutions. Based on the literature review, current Intrusion Detection technologies lean towards event correlation systems using different types of detections techniques. Instead of using linear event signatures or rule sets, the thesis suggests a structured description of network attacks based on the abstracted form of the attacker’s activity. For that reason, the design focuses upon the description of network attacks using the development of footprints. Despite the level of knowledge, capabilities and resources of the attacker, the system compares occurring network events against predefined footprints in order to identify potential malicious activity. Furthermore, based on the implementation of the footprints, the research also focuses upon the design of the Threat Assessment Engine (TAE) which is capable of performing detection in near real-time by the use of the above described footprints. The outcome of the research proves that it is possible to have an automated process performing threat assessment despite the number of different ongoing attacks taking place simultaneously. The threat assessment process, taking into consideration the system’s architecture, is capable of acting as the human analyst would do when investigating such network activity. This automation speeds up the time-consuming process of manually analysing and comparing data logs deriving from heterogeneous sources, as it performs the task in near real-time. Effectively, by performing the this task in near real-time, the proposed system is capable of detecting complicated malicious activity which in other cases, as currently performed, it would be difficult, maybe impossible or results would be generated too late.

005.8

Computer networks Security measures

Design of networked control systems and global Web-based control laboratory

Hu, Wenshan

January 2008

This thesis mainly focuses on two Internet based control applications. One is a networked control system (NCS) where the control loop is closed through the network. The other is the Networked Control System Laboratory (NCSLab) which is a global web based remote experimentation platform. The contribution in the first part of the thesis relates to the networked predictive control (NPC) which was first introduced by Liu et al. (2004). In this method, the controller uses the model predictive approach to predict a future control sequence and send it to the plant in a network packet. The plant side receives this packet and then determine the appropriate control signal to apply to the actuator according to the time delay measurement. This method is innovative and works well in theory, but it has two deficiencies in practical applications. The first deficiency is that it needs synchronization between the controller and plant side to measure the individual forward and feedback channel time delays and this is very hard to achieve on the Internet. In this thesis, a round-trip NPC is proposed in which the predictive calculations and signal selections are based on the round-trip delay. The measurement of the round-tip delay is achieved using the plant side clock only, so that the need for synchronization is avoided. The second deficiency is that the mathematical model has to be accurately known. Otherwise the accuracy of the predictive calculation is affected, which may result in a degraded control performance. An event-driven NPC scheme is introduced to solve this problem. In this scheme, the selection of the appropriate control signal is not based on the time delay measurement but on the previous system output. This method can compensate for the effect of model uncertainty, which has been verified by both simulations and real-time experiments. Some experiments carried out on other NPC schemes are also reported on in this thesis. They are the NPC in state-space form and nonlinear NPC. These methods expand the use of NPC methodology. The second part of the thesis describes the design and implementation of the Networked Control System Laboratory. The NCSLab is based in the University of Glamorgan but its test rigs are diversely located in four Institutions from both the UK and China. In order to manage these test rigs from different places, a four layer structure (Central Server/Regional Server/Sub-Server/Test Rig) is adopted. The four layers are integrated into one system via the Internet. In order to deliver the remote experimentation to the users, a web-based user interface is designed. It provides great flexibility to the users such as remote monitoring, remote tuning and remote control algorithms. The implementation of the user interface (UI) heavily adopts the AJAX technology, so the remote experiments can be conducted inside the web browsers without installing special plug-ins. In order to show how the NCSLab works, two examples are given in the thesis.

629.895

Automatic control ; Computer networks

A framework for secure mobility in wireless overlay networks

Chen, Hejun

January 2006

Various wireless networks are widely deployed world wide. Current technologies employed in these networks vary widely in terms of bandwidths, latencies, frequencies, and media access methods. Most existing wireless network technologies can be divided into two categories: those that provide a low-bandwidth service over a wide geographic area, for example UMTS, and those that provide a high bandwidth service over a narrow geographic area, for example 802.11. Although it would be desirable to provide a high- bandwidth service over a wide coverage region to mobile users all the time, no single wireless network technology simultaneously satisfies these require- ments. Wireless Overlay Networks, a hierarchical structure of wireless personal area, local area, and wide area data networks, is considered as an efficient and scalable way to solve this problem. Due to the wide deployment of UMTS and 802.11 WLAN, this study attempts to combine them to implement the concept of Wireless Overlay Net- works. Furthermore, the information transmitted over this Wireless Overlay Networks is protected in terms of authentication, integrity and confidentiality. To achieve this goal, this study aims to combine GPRS, Mobile IP and IPSec to propose a framework for secure mobility in Wireless Overlay Networks. The framework is developed in three steps: Firstly, this study addresses the problem of combining GPRS and Mo- bile IP, so that GPRS users are provided with Mobile IP service. This results in presenting a uniform Mobile IP interface to peers regardless of whether mobile users use UMTS or 802.11 WLAN. Secondly, this study discovers the existing problem when combining Mobile IP and IPSec, and proposes a Dual Home Agent Architecture to achieve secure mobility. Finally, based on the output of the previous two steps, a complete framework is proposed, which achieves secure mobility in Wireless Overlay Networks, specifically, in UMTS and 802.11 WLAN. The framework also implements seamless handover when mobile users switch between UMTS and 802.11. This results in UMTS and 802.11 WLAN looking like a single network when participating in this framework, and presents seamless and secure mobility.

Wireless communication systems

Computer networks