Panita Pongpaibool

Evaluation of road traffic congestion using fuzzy techniques

This paper presents a road-traffic evaluation system from image processing data using manually tuned fuzzy logic and adaptive neuro-fuzzy techniques. The system is designed to emulate humans expertise on specifying three levels of traffic congestion within Bangkok Metropolitan Area. The traffic information comes from a vehicle detection and tracking software, which takes a road-traffic video signal as an input and computes vehicle volume and velocity. We verify accuracy of our system by comparing outputs of the system with opinions of volunteers who watch the same traffic video. Results show that manually tuned fuzzy logic achieves 88.79% accuracy, while the adaptive neuro-fuzzy technique achieves only 75.43% accuracy.

Fast Duplicate Address Detection for Mobile IPv6

Several components contribute to handover delay of mobile IPv6, namely, movement detection time, address configuration time, binding registration time, and route optimization time. Through testbed experiments, we found that the dominating delay component is the address configuration time, which is the time required to configure a new globally routable IPv6 address on the mobile node after it moves to a foreign network. A typical process of IPv6 address configuration requires a duplicate address detection (DAD) procedure. During DAD, a mobile node sends a neighbor solicitation message to ask whether its new address is being used. If no node replies within a set timer, a mobile node can assume the new address is unique on that network. On the Linux testbed, DAD takes as much as 1 second, which causes intolerable disruption in case of time-critical applications. This work studies techniques for reducing delay during the DAD procedure. Main contributions of this work are the insights into benefits and shortcomings of different DAD techniques, as well as benchmarks for design of future DAD protocols.

Lightweight Detection of DoS Attacks

Denial of service (DoS) attacks have continued to evolve and impact availability of the Internet infrastructure. Many researchers in the field of network security and system survivability have been developing mechanisms to detect DoS attacks. By doing so they hope to maximize accurate detections (true-positive) and minimize non-justified detections (false-positive). This research proposes a lightweight method to identify DoS attacks by analyzing host behaviors. Our method is based on the concept of BLINd Classification or BLINC: no access to packet payload, no knowledge of port numbers, and no additional information other than what current flow collectors provide. Rather than using pre-defined signatures or rules as in typical Intrusion Detection Systems, BLINC maps flows into graphlets of each attack pattern. In this work we create three types of graphlets for the following DoS attack patterns: SYN flood, ICMP flood, and host scan. Results show that our method can identify all occurrences and all hosts associated with attack activities, with a low percentage of false positive.

NEMO-Based Distributed Mobility Management

Mobile IPv6 protocol allows a single Mobile Node (MN) to keep the same IPv6 address independently of its network of attachment. One of these extensions, Network Mobility (NEMO) Basic Support protocol is an extension Mobile IPv6. NEMO signaling is performed with extended Mobile IPv6 messages. NEMO Basic Support protocol is concerned with managing the mobility of an entire network, it provides for devices or vehicles which move to another point of attachment to the Internet. This paper proposes a distributed mobility solution based on NEMO for mobile IP networks. This distributed mobility solution that is simple to overcome the drawbacks of the traditional NEMO protocol which is centralized mobility management.

Counting NATted hosts by observing TCP/IP field behaviors

With the prevalence of Network Address Translation (NAT), identifying a number of Internet users becomes a challenging task because many users share the same public IP address. This paper proposes a passive technique for estimating a number of Internet hosts sharing the same IP address, i.e., NATted hosts. Previous work by Bellovin [1] counted NATted hosts by observing a sequence of IPID fields in IP header. This technique only works on some operating systems with a global counter for the IPID sequence (e.g., Windows). Other operating systems that implement the IPID sequence on a per-flow or a random basis are not detected. The proposed technique overcomes this limitation by observing patterns of the TCP sequence number and the TCP source port, in addition to the IPID sequence. Our technique demonstrates more accurate estimate than the previous work in controlled experiments. Moreover, applying our technique on a collection of longitudinal traffic traces measured at a trans-Pacific link in 2001-2010, we find that the percentage of the NATted hosts is stably less than 2% over years.

Classification of web-based email traffic in Thailand

Traditional works in traffic classification usually measure usage of mail applications by monitoring only SMTP, IMAP, and POP3 traffic. The shortcoming of such measurement is that it does not take into account Web-based email usage (Webmail) since the Webmail traffic is usually classified collectively as HTTP or Web traffic. The simple way to identify Webmail traffic is mapping source or destination IP address with URLs of Webmail providers (e.g. Hotmail, Yahoo!, and Gmail), is neither flexible nor accurate. The URL mapping technique cannot detect some related Webmail traffic such as advertising banners, pictures, and news, which are requested from other servers. In this paper we propose a technique to detect Webmail traffic from regular HTTP traffic by matching unique Webmail keywords in HTTP payload, in combination with TCP flow analysis. The significance of our method is that it can identify Webmail traffic missed by using the URL mapping alone, and can identify all packets associated with a TCP flow in both sending and receiving directions

LD 2 : A system for lightweight detection of denial-of-service attacks

This paper proposes a system for lightweight detection of DoS attacks, called LD2. Our system detects attack activities by observing flow behaviors and matching them with graphlets for each attack type. The proposed system is lightweight because it does not analyze packet content nor packet statistics. We benchmark performance of LD2, in terms of detection accuracy and complexity against Snort, a popular open-source IDS software. Our evaluations focus on six types of DoS attacks, namely SYN flood, UDP flood, ICMP flood, Smurf, port scan, and host scan. Results show that LD2 can accurately identify all occurrences and all hosts associated with attack activities. Although LD2 uses higher CPU cycles than Snort, it consumes much less memory than Snort.

Rapid IPv6 address autoconfiguration for heterogeneous mobile technologies

This paper proposes a novel IPv6 address autoconfiguration that works with multiple types of mobile networks, such as MANET, NEMO, MANEMO, as well as regular IPv6 networks. Our proposed algorithm assigns unique addresses to mobile devices without performing duplicate address detection. As a result, an address autoconfiguration can be done rapidly. This is suitable for system that requires dynamic movement and quick handover such as a disaster relief system or car-car communication.

Performance evaluation of IPv4/IPv6 transition mechanisms: IPv4-in-IPv6 tunneling techniques

Exhaustion of IPv4 address space is highly aware for most internet players, not only Internet Service Providers (ISPs), but also Telco and Content Providers. A number of IPv4/IPv6 migration/transition tools and mechanisms have been proposed, deployed/implemented world-wide. To make IPv4 networks be able to connect to IPv6 world, 4over6, DS-lite, and 4rd seems to be the most attractive solution according to their features and functions benefits. Beside such benefits, in this paper, we investigate their performance in terms of delay time, and reliability in both inter and intra-communications. Comparison results and analysis of these 3 solutions will be given. We conclude that these figures will provide the factors of scalability and quality-of-service (QoS).

PC-Nash

With a formulated game of non-cooperative internet service providers (ISPs), this paper proposes a new framework for apportioning ISPs responsibility in an end-to-end quality of service (QoS) request. The strategy is based on Path-Classification scheme under Nash equilibrium (PC-Nash), which is obtained by classifying paths according to the quantized QoS level. Optimal QoS-level selection of individual ISP is then captured by the Nash equilibrium. To facilitate the game solution searching, a loss network model is derived for the call acceptance probabilities and the expected utility values. Solutions provided by PC-Nash are compared with three conventional policies, i.e. most-effort (ME), least-effort (LE) and equal-distribution (ED). The reported results show the conformity of call acceptance probabilities between mathematical analysis and discrete-event simulations. Furthermore, with the utility functions of practical service models, ME and LE are found to provide comparable utilities to PC-Nash with respect to peer and retail/wholesale service models, respectively, for a network with the same path quality. However, for networks with different path qualities, PC-Nash outperforms all the conventional policies significantly. From this evidence, PC-Nash is thus expected to be useful in QoS provisioning of practical inter-domain networks.