Mary Grammatikou

Hierarchical Anomaly Detection in Distributed Large-Scale Sensor Networks

In this paper, an anomaly detection approach that fuses data gathered from different nodes in a distributed wireless sensor network is proposed and evaluated. The emphasis of this work is placed on the data integrity and accuracy problem caused by compromised or malfunctioning nodes. One of the key features of the proposed approach is that it provides an integrated methodology of taking into consideration and combining effectively correlated sensor data, in a distributed fashion, in order to reveal anomalies that span through a number of neighboring sensors. Furthermore, it allows the integration of results from neighboring network areas to detect correlated anomalies/attacks that involve multiple groups of nodes. The efficiency and effectiveness of the proposed approach is demonstrated for a real use case that utilizes meteorological data collected from a distributed set of sensor nodes.

A novel framework for mobile attack strategy modelling and vulnerability analysis in wireless ad hoc networks

Global dissemination of information and tools for computer networks, has allowed for major system attacks affecting critical network points and resulting in significant network performance degradation. In this paper, we present a probabilistic modelling framework for the propagation of an energy-constrained mobile threat in a wireless ad hoc network. The motivation behind this approach can be found in the topology-constrained character of the ad hoc setting, its dynamic nature and the stochastic characteristics of the interactions among the involved events. The introduced formulation is used to identify and evaluate different attack strategies and approaches. Through modelling and simulation, we evaluate the impact of various parameters associated with the operational characteristics of the mobile attacker on an outbreak spreading and the network evolution. Furthermore, a new metric, which indicates the overall infection-capability of each attack strategy is proposed and used to characterise the potential of each strategy to harm the network.

The ArguGRID Platform: An Overview

The ArguGRID project aims at supporting service selection and composition in distributed environments, including the Grid and Service-oriented architectures, by means of argumentative agents, an agent environment, a service-composition environment, Peer-to-Peer technology and Grid middleware. Agents are argumentative in that they use argumentation-based decision-making and argumentation-supported negotiation of services and contracts. The integration of all technologies gives rise to the overall ArguGRID platform. In this paper we outline the main components and the overall functionalities of the ARGUGRID platform.

Performance Comparison of Web Services Security: Kerberos Token Profile Against X.509 Token Profile

Web services (WS) security is the set of standards that provides means for applying security to WS. In this paper we present the performance of the WS security Kerberos token profile in contrast to the X.509 token profile. The measurements are based on the Apache wss4j library for the X.509 token profile and the extensions we have made on the same library in order to support the Kerberos token profile. The Kerberos token profile is based exclusively on symmetric cryptography, whereas the X.509 profile uses public key cryptography for encrypting the symmetric encryption key used for deciphering the message. These differences in the nature of cryptography are reflected and quantified on the measurements we have performed. The performance evaluation and numerical results, demonstrated that Kerberos token profile has up to 28% packet throughput improvement over the X.509 Token profile, under full CPU load on the server.

Understanding and Evaluating the Impact of Sampling on Anomaly Detection Techniques

In this paper, the emphasis is placed on the evaluation of the impact of various packet sampling techniques that have been proposed in the PSAMP IETF draft, on two widely used anomaly detection approaches. More specifically, we evaluate the behavior of a sequential nonparametric change-point detection method and an algorithm based on principal component analysis (PCA) with the use of different metrics, under different traffic and measurement sampling methodologies. One of the key objectives of our study is to gain some insight about the feasibility and scalability of the anomaly detection process, by analyzing and understanding the tradeoff of reducing the volume of collected data while still maintaining the accuracy and effectiveness in the anomaly detection

On the Characterization and Evaluation of Mobile Attack Strategies in Wireless Ad Hoc Networks

The spread of active attacks has become a frequent cause of vast systems breakdown in modern communication networks. In this paper, we first present a probabilistic modeling framework for the propagation of an energy-constrained mobile threat in a wireless ad hoc network. The introduced formulation is used to identify and evaluate different attack strategies and approaches, which in turn can help in the development of efficient countermeasures for such attacks. Through modeling and simulation, we evaluate the impact of various parameters associated with the operational characteristics of the mobile attack node - such as transmission radius, mobility, energy - on an outbreak spreading and the evolution of the network. Furthermore, we introduce a new metric which indicates the overall infection-capability of each attack strategy and characterize their ability to harm the network according to this metric

Virtual Laboratories

Experimentation is an invaluable part of learning in all sciences. However, building and maintaining laboratories is expensive, time and space consuming. Moreover, in computer science advances in technology can quickly make the infrastructure obsolete. In this paper we advocate the use of recently deployed public testbeds as remote labs for computer science education. As an example we describe the successful use of the GENI testbed in graduate and undergraduate courses and present a specific case study of GENI being used in an undergraduate class on Network Management and Intelligent Networks.

Toward a holistic federated future internet experimentation environment: the experience of NOVI research and experimentation

This article presents the design and pilot implementation of a suite of intelligent methods, algorithms, and tools for federating heterogeneous experimental platforms (domains) toward a holistic Future Internet experimentation ecosystem. The proposed framework developed within the NOVI research and experimentation European collaborative effort, aims at providing a modular data, control, and management plane architecture that includes: an information model capturing the abstractions of virtualized resources residing in different yet interworking experimental platforms; resource mapping algorithms tackling the inter-domain virtual network embedding problem; mechanisms providing interoperability of monitoring tools; policy-based management services for role-based intra and inter-domain management policies; and dataplane stitching mechanisms to enable the composition of user-specific slices (baskets of virtual resources drawn from the federated substrate). The NOVI framework was deployed and validated in a combined testbed consisting of two dissimilar platforms: a private PlanetLab domain with resources interconnected over the public Internet; and FEDERICA, an infrastructure of virtual resources interconnected via dedicated networking facilities of European National Research and Education Networks and GÉANT. This pre-normative work is expected to contribute to bridging Future Internet experimental federations with interconnected cloud architectures and interworked public/private data-centers, adding value via its intelligent services, information models, and composite algorithms.

GEMBus based services composition platform for cloud paas

Cloud Platform as a Service (PaaS) provides an environment for creating and deploying applications using one of popular development platforms. This paper presents a practical solution for building a service composition platform based on the GEMBus (GEANT Multi-domain Bus) that extends the industry accepted Enterprise Service Bus (ESB) platform with automated services composition functionality and core services to support federated network access to distributed applications and resources, primarily targeted for GEANT research and academic community. The ESB is widely used as a platform for SOA and Web Services based integrated enterprise solutions. However in existing practices ESB design is still based on manual development, configuration and integration. GEMBus with its extended functionality and orientation on distributed resources integration can be considered as a logical choice for creating cloud PaaS services composition and provisioning platform. The paper describes Composable Services Architecture that creates a basis for automated services composition and lifecycle management and explains how this can be implemented with GEMBus. The paper describes the combined GEMBus/ESB testbed and provides an example of the simple services composition.

Applying distributed monitoring techniques in autonomic networks

The increasing size, complexity and the dynamic character of future networks make traditional monitoring systems inadequate to be continuously updated and sense the endless changes in the topology and communication conditions. The need for reduction in the network management complexity and the administrators operational burden imposes the design and implementation of self-functionalities and the adoption of self-management schemes. We propose a novel approach for improving network management based on distributed monitoring techniques. Autonomic mechanisms are designed to control traffic monitoring within a network in order to increase the accuracy of the acquired data without increasing the imposed overhead in the network. Nodes are able to correlate monitoring data and to adapt the monitoring functions according to existing networking conditions and predefined administration policies.