Neco Ventura

Honeycyber: Automated signature generation for zero-day polymorphic worms

Signature-based intrusion detection systems (IDSs) can be evaded by polymorphic worms which vary their payloads in every infection attempt. In this paper, we propose Honeycyber, a system for automated signature generation for zero-day polymorphic worms. We have designed a novel double-Honeynet system, which is able to automatically detect new worms and isolate the attack traffic from innocuous traffic. We introduce unlimited Honeynet outbound connections, which allow us to capture different payloads in every infection of the same worm. The system is able to generate signatures to match most polymorphic worm instances with low false positives and low false negatives.

The UCT IMS client

The UCT IMS Client is a free open source implementation of a 3GPP IMS Client. The project was started with the goal of creating a flexible and extensible code base for researchers and industry specialists to use the many communication services offered by the IMS. Since its inception in 2006 the client has grown, both in terms of its stability and its feature set, and is used worldwide by IMS enthusiasts as a means to experiment with IMS without any associated risks or costs. This paper describes the history of the project, the software architecture, the supported services and provides results of the various interoperability tests that have been performed between the UCT IMS Client and other freely available IMS Clients.

A novel pricing approach to support QoS in 3G networks

Pricing in 3G and other communication networks may control and manage the utilisation of network resources. The available network resources get strained with increased usage levels, which results in poor service to the users. Most users prefer receiving high quality services at affordable costs. This requires the provision of QoS guarantees for network services at a low cost. In a real business scenario, this relationship is hard to achieve; moreover revenue sources for network operators have been shifting from the provision of network access to provisioning of rich services, e.g. multimedia services. To attain a functional compromise, we propose a pricing scheme that relies on service profiles to manage resource utilisation in a DiffServ-enabled 3G network. The service profiles define the QoS achieved for accessing services through a common resource pool, in which resource sharing is used to maximise network resource utilisation, user satisfaction and profits for the network operators. In an NGN scenario users would select pricing profiles according to their budgets, and the network will map these profiles to a set of QoS options that may translate to the choice of an access network for service access. In this paper, we present the mathematical model of the proposed pricing scheme, the proposed design of an evaluation framework, QoS performance results, and a service provisioning scenario illustrating the applicability of the proposed pricing scheme.

A SIP-based web client for HTTP session mobility and multimedia services

This work leverages Session Initiation Protocol (SIP) transportation and mobility mechanism to transfer session data between two Web browsers. In addition, a Web browser can now act as an adaptive User Agent Client to surf the Internet and make voice calls as a SIP client. It is a novel work that uses SIP to transfer session data between Web browsers and borrows SIP Mobility types to introduce new service namely, content sharing and session hand-off, to the Web browsing experience. Referred to as a SIP-based HTTP session mobility service, it offers personal mobility to end users, and facilitates session mobility in Web browsing. While content sharing refers to the ability to view the same Web resource on two Web browsers and does not require moving session data, session hand-off refers to the migration of a Web session with its session data (cookies, hidden form elements and rewritten URL) to another Web browser. Results showed that the integration of SIP into a Web browser does not degrade the performance of a Web browser. Results also showed that the service could not work on all websites because of the Same Origin Policy (SOP) used by Web browsers to transfer cookies. The hybrid-based architectural scheme proposed and implemented here is compared with other existing Web session migration schemes. On the service commercialization, if the privacy and security of session data could be guaranteed by the implementers, a flat rate could be periodically charged regardless of the varying session data sizes. In another sense, it could be rendered as a Value Added Service (VAS) to customers.

Mapping Third Party Call Control and Session Handoff in SIP Mobility to Content Sharing and Session Handoff in the Web Browsing Context

This paper presents a new service to web browsing. The service, referred to as Session Handoff and Content Sharing between two web browsers, requires extending the capabilities of existing web browsers by integrating a Session Initiation Protocol (SIP) stack into them. An optional SIP Application Server (SIP AS) that co-ordinates HTTP session mobility between web browsers is introduced. In addition, Third-party Call Control and Session Handoff in SIP Session Mobility are successfully mapped to Content Sharing and Session Handoff between two web browsers, respectively. While content sharing refers to the ability to view same web resource on two web browsers, session handoff refers to the ability to migrate a web session between two web browsers. Until now, SIP had only been integrated into application servers. Integrating a SIP stack into a web browser has helped improve collaboration and mobility among the web users. In addition, it encourages developing adaptive User Agent Clients (UACs) that can serve two or more purposes. In this case, a web browser can also be used as a SIP client to make voice calls and be extended to perform other SIP functionalities.

A multilayered hybrid architecture to support vertical handover between IEEE802.11 and UMTS

Telecommunications advances have created the need for a high speed, ubiquitous network capable of catering for diverse application domains. This Next Generation or 4G network can be achieved through the interworking of several existing architectures to form a seamless global network. An important issue involved in interworking is vertical handover.This paper reviews mobility protocols, Mobile IP and the Session Initiation Protocol (SIP), and compares their ability to implement vertical handovers. A multilayere, hybrid architecture is proposed and described, which incorporates both SIP and Mobile IP. A Mobile IP framework is introduced and evaluated, based on its ability to implement vertical handover.

Detection of Zero-Day Polymorphic Worms Using Principal Component Analysis

Polymorphic worms pose a big challenge to the Internet security. The difficulty of detection of such a polymorphic worm is that it has more than one instance and very large efforts are needed to capture all these instances and to generate signatures. This paper proposes automatic system for signature generation for zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Principal Component Analysis (PCA) to determine the most significant substrings that are shared between polymorphic worm instances and to use them as signatures. The system is able to generate signatures to match most polymorphic worm instances with low false positives and low false negatives.

The UCT IMS IPTV Initiative

As revenues from voice services continue to fall, telecommunication operators have begun to develop and acquire new services in an attempt to generate new revenue streams and to avoid losing customers to third party service providers. One such service that many, if not all, operators are investigating is Internet Protocol Television (IPTV). IPTV provides broadcast television channels as well as Video on Demand (VoD) content to subscribers, delivering the video content using the Internet Protocol (IP). The UCT Advanced IPTV v2.0 system is an open source implementation of an IPTV system based on ETSI TISPAN standards. The proposed system also incorporates multimedia content adaptation methods in order to adapt video to meet varying client terminal devices and access network characteristics. This paper describes the history of the project followed by the relevant ETSI TISPAN standards. It then goes on to discuss the software architecture of the developed system and provides results of several transcoding tests.

XML-Driven Framework for Policy-Based QoS Management of IMS Networks

Policy Based Network Management (PBNM) simplifies the administration and management of communication networks. However due to the wide variety of policy representation forms, interoperability between different entities of PBNM systems becomes a concern. The Common Open Policy Service (COPS), which was standardized for policy control between a Policy Decision Function (PDF) and Policy Enforcement Point (PEP) had considerable shortfalls in efficiency and flexibility - its successor the Diameter protocol exhibits interoperability shortfalls. An XML-based policy provisioning solution presents great modeling capabilities that may overcome these shortfalls. The IP multimedia subsystem has adopted PBMN as the mechanism for resource and admission control. This paper reviews an XML- driven architecture for policy control of DiffServ networks, and explores the incorporation of the proposed architecture into the IMS framework to perform policy control and enforcement. Proof of concept results of the XML-based policy control architecture are presented alongside design requirements for using it as an alternative to diameter for IMS policy control.

Design and Performance Analysis of Low-Complexity Pilot-Aided OFDM Channel Estimators

In this article, we present an explicit comparative analysis of the two low-complexity channel estimation techniques, which can be used in the pilot-assisted orthogonal frequency division multiplexing (OFDM) systems, – linear minimum mean squared error (LMMSE) and least squares (LS) criteria based. Numerical results are preceded by derivation of the optimum design form to yield both robustness and minimum possible computational complexity for the given class of algorithms. The work also investigates the effect of quantity and power of pilot subcarriers on estimation accuracy and BER performance.