Ronaldo M. Salles

Botnets: A survey

Botnets, which are networks formed by malware-compromised machines, have become a serious threat to the Internet. Such networks have been created to conduct large-scale illegal activities, even jeopardizing the operation of private and public services in several countries around the world. Although research on the topic of botnets is relatively new, it has been the subject of increasing interest in recent years and has spawned a growing number of publications. However, existing studies remain somewhat limited in scope and do not generally include recent research and developments. This paper presents a comprehensive review that broadly discusses the botnet problem, briefly summarizes the previously published studies and supplements these with a wide ranging discussion of recent works and solution proposals spanning the entire botnet research field. This paper also presents and discusses a list of the prominent and persistent research problems that remain open.

Lexicographic maximin optimisation for fair bandwidth allocation in computer networks

AbstractThis paper addresses the problem of bandwidth allocation in multi-application computer network environments. Allo-cations are determined from the solution of a multiple objective optimisation problem under network constraints, wherethe lexicographic maximin criterion is applied to solve the problem and guarantees fairness and efficiency properties to thesolution. An algorithm based on a series of maximum concurrent multicommodity flow subproblems is proposed. Numer-ical results show the advantage of the approach compared to other traditional bandwidth allocation solutions. 2007 Elsevier B.V. All rights reserved. Keywords: OR in telecommunications; Bandwidth allocation; Lexicographic optimisation; Fairness; Utility theory 1. IntroductionThe performance of network applications is directly affected by the amount of available bandwidth alongend-to-end paths. Optimizing the allocation of bandwidth on network links is therefore a fundamental issuetoward the improvement of network services.In the network context, it is often possible to map the amount of allotted bandwidth to the expected level ofperformance experienced by the application. From microeconomic theory (Mas-Colell et al., 1995), such map-ping is known as the utility function associated to the application, or simply, application utility.Utility functions can be determined either qualitatively, through typical application behaviour (Shenker,1995), or quantitatively, through mean opinion scores (MOS), distortion rates (Berger, 1971) or closed-formexpressions (Breslau and Shenker, 1998; Liao and Campbell, 2001; Salles and Barria, 2004). From the userpoint of view, her personal goal may be to maximise utility. In this sense, the bandwidth allocation problemcan be generally formulated as a constrained multiple objective optimisation problem (CMOP): multiple util-ity functions to be maximised under constraints given by the limited amount of resources (link bandwidth)distributed according to the network topology.

Fair and efficient dynamic bandwidth allocation for multi-application networks

The large diversity of applications and requirements posed to current network environments make the resource allocation problem difficult to work out. This paper proposes a dynamic algorithm based on weighted fair queueing (WFQ) to promote fairness (in the Rawlsian sense) and efficiency (in the Paretian sense) in the allocation of bandwidth for multi-application networks. Utility functions are used to characterize application requirements and provide the informational basis from where the algorithm operates. Aggregation techniques are employed to ensure scalability in the network core. Simulation results confirm a significant improvement of our approach over traditional bandwidth allocation algorithms (maxmin and proportional fairness). The algorithm also provides low errors (below 10% when compared to the zero-delay centralized approach) whenever response time does not exceed 1000 times the timescale involving flow arrivals and departures.

On Metrics to Distinguish Skype Flows from HTTP Traffic

Skype is a Voice over IP (VoIP) Internet application that is gaining huge popularity in recent years. A key point to Skype popularity is its capability to dynamically adapt itself to operate behind firewalls or network proxies. A common way adopted by Skype to delude these network devices is to use port 80, normally expected to comprise HTTP traffic. In this paper, we propose metrics and investigate statistical tests intended to clearly distinguish Skype flows from HTTP traffic. We validate our study using real-world experimental datasets gathered at a commercial Internet Service Provider (ISP). Our experimental results suggest that the proposed methodology may be seen as a promising building block towards a system to detect general protocol anomalies in HTTP traffic.

Proportional differentiated admission control

This letter presents a new admission control policy inspired in the framework of proportional differentiated services (PDS). While most of previous PDS has focused on average queueing delays and packet drops to differentiate the performance of adaptive applications, the proportional differentiation admission control (PDAC) differentiates inelastic traffic in terms of blocking probabilities. The PDAC is built up using asymptotic approximation theory, employs a class based approach, and conforms with the PDS requirements of predictability and controllability . Numerical experiments confirm a good performance of the approach.

Utility-based scheduling disciplines for adaptive applications over the Internet

This letter presents packet scheduling disciplines based on application utility functions and network traffic measurements. The disciplines support different classes of adaptive applications over the Internet, providing differentiation, fairness, and dynamic allocation of network resources. They are composed of a decision procedure, where a fairness criterion based on utility functions is used; and a measurement procedure, which considers the statistics involving packet arrivals and departures. The underlying algorithm is then applied to emulate the proportional differentiation services, and is shown-via simulation-that its results outperform the best alternative algorithms published in the literature.

Strategies and Metric for Resilience in Computer Networks

The use of the Internet for business-critical and real-time services is growing day after day. Random node (link) failures and targeted attacks against the network affect all types of traffic, but mainly critical services. For these services, most of the time it is not possible to wait for the complete network recovery; the best approach is to act in a proactive way by improving redundancy and network robustness. In this paper, we study network resilience and propose a resilience factor to measure the network level of robustness and protection against targeted attacks. We also propose strategies to improve resilience by simple alterations in the network topology. Our proposal is compared with previous approaches, and experimental results on selected network topologies confirmed the effectiveness of the approach.

Efficient Routing Heuristics for Internet Traffic Engineering

This work presents an alternative analysis for the shortest path optimal routing problem and proposes novel heuristics methods to solve it. In practical terms, a solution for the shortest path optimal routing problem determines the link weights that optimize a computer network operating under standard routing protocols (e.g. OSPF). We base our solution on traffic engineering techniques that respect the shortest path routing model. We consider the main objectives of traffic engineering, such as: load balancing, efficient use of available resources and capacity to support growing traffic demands. Our proposals present better results than traditional approaches and follow closely theoretical optimal points.

Anti-jamming defense mechanism in cognitive radios networks

Cognitive Radio is a technology that enables the spectrum sharing in an opportunistic fashion. However, as the development of cognitive radio technology occurs, its security problems like jamming arise. In this paper, we studied the jamming attack in cognitive radio networks. We sketched a scenario comprised by a primary user, a secondary user, and a spectrum jammer (namely attacker). Since the legitimate secondary user needs to transmit control messages and data in the available channels, we derived the best combinations of the number of control and data channels to the legitimate secondary user in face of different data applications considering the quality of service requirements reliability and throughput. We also considered the device with and without power constraints.

Intra-domain IP traceback using OSPF

Denial of service (DoS) attacks are a serious threat to the appropriate operation of services within network domains. In this paper, we propose a system that creates an overlay network to provide intra-domain IP traceback to deal with this threat. The Main contribution of our proposal with respect to previous work is its ability to provide partial and progressive deployment of the traceback system throughout a monitored network domain. We build the overlay network using the OSPF routing protocol through the creation of an IP Traceback Opaque LSA (Link State Advertisement). We also investigate and evaluate the performance of partial and progressive deployment of the proposed system, showing its suitability even for large network domains.