Irfan-Ullah Awan

Entropy maximisation and open queueing networks with priorities and blocking

A review is carried out on the characterisation and algorithmic implementation of an extended product-form approximation, based on the principle of maximum entropy (ME), for a wide class of arbitrary finite capacity open queueing network models (QNMs) with service and space priorities. A single server finite capacity GE/GE/1/N queue with R (R Ni ≤ Ni-1, i = 2 ..., R}. The GE/GE/1/N queue is utilised, in conjunction with GE-type first two moment flow approximation formulae, as a cost-effective building block towards the establishment of a generic ME queue-by-queue decomposition algorithm for arbitrary open QNMs with space and service priorities under repetitive service blocking with random destination (RS-RD). Typical numerical results are included to illustrate the credibility of the ME algorithm against simulation for various network topologies and define experimentally pessimistic GE-type performance bounds. Remarks on the extensions of the ME algorithm to other types of blocking mechanisms, such as repetitive service blocking with fixed destination (RS-FD) and blocking-after-service (BAS), are included.

Recommendation Based Trust Model with an Effective Defence Scheme for MANETs

The reliability of delivering packets through multi-hop intermediate nodes is a significant issue in the mobile ad hoc networks (MANETs). The distributed mobile nodes establish connections to form the MANET, which may include selfish and misbehaving nodes. Recommendation based trust management has been proposed in the literature as a mechanism to filter out the misbehaving nodes while searching for a packet delivery route. However, building a trust model that adopts recommendations by other nodes in the network is a challenging problem due to the risk of dishonest recommendations like bad-mouthing, ballot-stuffing, and collusion. This paper investigates the problems related to attacks posed by misbehaving nodes while propagating recommendations in the existing trust models. We propose a recommendation based trust model with a defence scheme, which utilises clustering technique to dynamically filter out attacks related to dishonest recommendations between certain time based on number of interactions, compatibility of information and closeness between the nodes. The model is empirically tested under several mobile and disconnected topologies in which nodes experience changes in their neighbourhood leading to frequent route changes. The empirical analysis demonstrates robustness and accuracy of the trust model in a dynamic MANET environment.

Centralized Dynamic Clustering for Wireless Sensor Network

Sensors have limited resources in terms of memory, energy and computational resources. Clustering has been proposed by researches to group a number of nodes to form a cluster that managed by cluster head. The advantage of this strategy is to minimize the number of message transmissions. In this paper, we propose clustering protocol called Centralized Dynamic Clustering CDC. Each cluster selects a node that serves as the cluster head. The cluster head is responsible for collecting the data from all the cluster members, aggregating the data, transmitting fused information to the base station and selecting new cluster head for next round. When node dies in cluster, the cluster head sends message to base station to forms clusters. Our experiment results show that CDC outperforms LEACH-C in term of communication overhead and latency in data delivery.

MEM for arbitrary closed queueing networks with RS-blocking and multiple job classes

A new product-form approximation, based on the method of entropy maximisation (MEM), is characterised for arbitrary closed queueing networks with multiple and distinct classes of jobs, Generalised Exponential (GE) service times, mixed service disciplines, complete buffer sharing and repetitive-service blocking with both fixed (RS-FD) and random destinations (RS-RD). The maximum entropy (ME) approximation implies decomposition of the network into individual multiple class GE/GE/1/N queues satisfying constraints on population and flow conservation which is, in turn, truncated and efficiently implemented by a general convolution recursive procedure for the efficient calculation of the normalising constant and typical performance metrics. A relationship between MEM and reversible closed multiple class queueing networks is identified and it is shown how the ME approximation reduces to the exact solution. Numerical validation experiments against simulation are included to demonstrate the credibility of ME results.

MARS: Multi-stage Attack Recognition System

Network Intrusion Detection Systems (NIDS) are considered as essential mechanisms to ensure reliable security. Intrusive model is used in signature-based NIDS by defining attack patterns and applying signature-matching on incoming traffic packets. Thousands of signatures and rules are created to specify different attacks and variations of a single attack. As a result, enormous data with less efficiency is produced that overwhelms the network administrator. Most of the generated alerts are false-positives; this is due to the redundancy caused by the detection techniques, and due to low-level processing capacity. Moreover, detection of novel and multi-stage attacks are not efficiently achieved by the current systems. Hence, high-level view of the attacker’s behaviour has become a stressing demand. Alerts correlation techniques have been widely used to provide intelligent and stateful detection methodologies. This is to understand attack steps and predict the expected sequence of events. However, most of the proposed systems are based on rules libraries specified by security experts, which is a cumbersome and error prone task. Other methods are based on statistical models; these are unable to identify causal relationships between the events. In this paper, we identify the limitations of the current techniques and propose a framework for alert correlation that overcomes these shortcomings. An improved “cause and effect” model will be presented cooperating with statistical model to achieve higher detection rate with minimum false positives. Knowledge-based model with vulnerability and extensional consequences parameters has been developed to provide manageable and meaningful graph. The proposed system is evaluated using DARPA 2000 and collected real life data sets. The results have shown an improvement in respect to detection rate and reduction of false positives.

An efficient composition of Web services with active network support

Abstract Composition of Web services enables collaboration among autonomous business organisations such that they can integrate their services to perform collaborative business activities. It facilitates the development of new services using pre-existing Web services thus reducing development and operational costs. However, the highly distributed, dynamic, and autonomous nature of component Web services gives rise to various issues such as service matchmaking, reliability, availability, security and efficiency. This paper presents a new protocol in order to improve the efficiency of Web services composition. The proposed protocol is based on the peer-to-peer paradigm which exploits the capabilities of underlying networks such that part of the processing is carried out at the network nodes. Efficiency of the proposed protocol is tested through various experiments. Experimental results show that the proposed protocol significantly improves performance by reducing the system response time in the composition of Web services.

Discrete-time performance analysis of a congestion control mechanism based on RED under multi-class bursty and correlated traffic

Internet traffic congestion control using queue thresholds is a well known and effective mechanism. This motivates the stochastic analysis of a discrete-time queueing systems for the performance evaluation of the active queue management (AQM) based congestion control mechanism called Random Early Detection (RED) with bursty and correlated traffic using a two-state Markov-Modulated Bernoulli arrival process (MMBP-2) as the traffic source. A two-dimensional discrete-time Markov chain is introduced to model the RED mechanism for two traffic classes where each dimension corresponds to a traffic class with its own parameters. This mechanism takes into account the reduction of incoming traffic arrival rate due to packets dropped probabilistically with the drop probability increasing linearly with system contents. The stochastic analysis of the queue considered could be of interest for the performance evaluation of the RED mechanism for the multi-class traffic with short range dependent (SRD) traffic characteristics. The performance metrics including mean system occupancy, mean packet delay, packet loss probability and system throughput are computed from the analytical model for a dropping policy which is a function of the thresholds and maximum drop probability. Typical numerical results are included to illustrate the credibility of the proposed mechanism in the context of external bursty and correlated traffic. These results clearly demonstrate how different threshold settings can provide different trade-offs between loss probability and delay to suit different service requirements. The effects on various performance measures of changes in the input parameters and of burstiness and correlations exhibited by the arrival process are also presented. The model would be applicable to high-speed networks which use slotted protocols.

Evaluating Intrusion Detection Systems in High Speed Networks

The recent era has witnessed tremendous increase in the usage of computer network applications. Users of any type and requirement are compelled to be on a network. Today, the computer has become a network machine rather than a standalone system. This has generated challenges to the network security devices in terms of accuracy and reliability.Intrusion Detection Systems (IDS) are designed for the security needs of networks. Existing Network Intrusion Detection Systems (NIDS) are found to be limited in performance and utility especially once subjected to heavy traffic conditions. It has been observed that NIDS become less effective even when presented with a bandwidth of a few hundred megabits per second. In this work, we have endeavored to identify the causes which lead to unsatisfactory performance of NIDSs. In this regard, we have conducted an extensive performance evaluation of an open source intrusion detection system (Snort). This has been done on a highly sophisticated test-bench with different traffic conditions. We have also used different hardware and software platforms to determine the efficacy of the NIDS under test. Finally, in our results/ analysis, we have identified the factors responsible for the limited performance of Snort. We have also recommended few solutions for improving the performance of Snort.

A Comparison Between the Tunneling Process and Mapping Schemes for IPv4/IPv6 Transition

A number of transition mechanisms have been developed to support the interoperability between IPv4 and IPv6 during the time of migration from the existing IP version (IPv4) to the new IP version (IPv6). BDMS is one of the IPv4/IPv6 transition mechanisms that has been designed to enable IPv4-only hosts to communicate with IPv6-only hosts and vice versa; while DSTM has been designed to enable IPv6 hosts to communicate with IPv4-only hosts. In this paper, we present the impact of the mapping and translation processes of the BDMS transition mechanism compared with the tunneling process of the DSTM when a variety of traffic loads are used. Our simulation results show that the delay and throughput results of the BDMS are close to the results of the DSTM and direct-link connections when the number of connected nodes is small. This paper shows that the tunneling process in the DSTM has a significant impact on the performance evaluation metrics compared with the BDMS and direct-link connections when large traffic loads are used. All the simulation scenarios in this paper are performed using the OMNeT++ simulator platform.

Coverage based inter cluster communication for load balancing in heterogeneous wireless sensor networks

Effective energy management in heterogeneous wireless sensor networks is more challenging issue compared to homogeneous wireless sensor networks. Much of the existing research focuses on homogeneous wireless sensor networks. The energy conservation schemes for the homogeneous wireless sensor networks do not perform efficiently when applied to heterogeneous wireless sensor networks. The proposed algorithm in this paper exploits the redundancy properties of the wireless sensor networks and also changes the inter cluster communication pattern depending on the energy condition of the high energy nodes during the life cycle of the heterogeneous wireless sensor networks. Performance studies indicate that the proposed algorithm effectively solves the problem of load balancing across the network and is more energy efficient compared to multi hop versions of the standard low energy adaptive clustering hierarchy protocol.