Modeling and Performance Evaluation of a Delay and Marking Based Congestion Controller

Wickramarathna, Thamali Dilusha N.

01 January 2008

Achieving high performance in high capacity data transfers over the Internet has long been a daunting challenge. The current standard of Transmission Control Protocol (TCP), TCP Reno, does not scale efficiently to higher bandwidths. Various congestion controllers have been proposed to alleviate this problem. Most of these controllers primarily use marking/loss or/and delay as distinct feedback signals from the network, and employ separate data transfer control strategies that react to either marking/loss or delay. While these controllers have achieved better performance compared to existing TCP standard, they suffer from various shortcomings. Thus, in our previous work, we designed a congestion control scheme that jointly exploits both delay and marking; D+M (Delay Marking) TCP. We demonstrated that D+M TCP can adapt to highly dynamic network conditions and infrastructure using ns-2 simulations. Yet, an analytical explanation of D+M TCP was needed to explain why it works as observed. Furthermore, D+M TCP needed extensive simulations in order to assess its performance, especially in relation to other high-speed protocols. Therefore, we propose a model for D+M TCP based on distributed resource optimization theory. Based on this model, we argue that D+M TCP solves the network resource allocation problem in an optimal manner. Moreover, we analyze the fairness properties of D+M TCP, and its coexistence with different queue management algorithms. Resource optimization interpretation of D+M TCP allows us to derive equilibrium values of steady state of the controller, and we use ns-2 simulations to verify that the protocol indeed attains the analytical equilibria. Furthermore, dynamics of D+M TCP is also explained in a mathematical framework, and we show that D+M TCP achieves analytical predictions. Modeling the dynamics gives insights to the stability and convergence properties of D+M TCP, as we outline in the thesis. Moreover, we demonstrate that D+M TCP is able to achieve excellent performance in a variety of network conditions and infrastructure. D+M TCP achieved performance superior to most of the existing high-speed TCP versions in terms of link utilization, RTT fairness, goodput, and oscillatory behavior, as confirmed by comparative ns-2 simulations.

FORENSICS AND FORMALIZED PROTOCOL CUSTOMIZATION FOR ENHANCING NETWORKING SECURITY

Fei Wang (11523058)

22 November 2021

<div>Comprehensive networking security is a goal to achieve for enterprise networks. In forensics, the traffic analysis, causality dependence in intricate program network flows is needed in flow-based attribution techniques. The provenance, the connection between stealthy advanced persistent threats (APTs) and the execution of loadable modules is stripped because loading a module does not guarantee an execution. The reports of common vulnerabilities and exposures (CVE) demonstrate that lots of vulnerabilities have been introduced in protocol engineering process, especially for the emerging Internet-of-Things (IoT) applications. A code generation framework targeting secure protocol implementations can substantially enhance security.</div><div>A novel automaton-based technique, NetCrop, to infer fine-grained program behavior by analyzing network traffic is proposed in this thesis. Based on network flow causality, it constructs automata that describe both the network behavior and the end-host behavior of a whole program to attribute individual packets to their belonging programs and fingerprint the high-level program behavior. A novel provenance-oriented library tracing system, Lprov, which enforces library tracing on top of existing syscall logging based provenance tracking approaches is investigated. With the dynamic library call stack, the provenance of implicit library function execution is revealed and correlated to system events, facilitating the locating and defense of malicious libraries. The thesis presents ProFactory, in which a protocol is modeled, checked and securely generated, averting common vulnerabilities residing in protocol implementations.</div>

Computer System Security

traffic attribution

behavior inference

flow analysis

flow causality

provenance tracking

library tracing

IoT security

protocol modeling

protocol verification

protocol customization