Energy-efficient topology control in wireless ad hoc networks with selfish nodes

In wireless ad hoc networks there is no fixed infrastructure or centralized controller to enforce cooperation between nodes. Therefore, nodes may act selfishly in running network protocols for conserving their own energy resources. In this paper, we consider the “topology control (TC) game” as the problem of creating an energy-efficient topology in wireless ad hoc networks in the presence of selfish nodes. We define a new TC game in which nodes are able to dynamically adjust their transmission power in a per-packet manner, and try to minimize their energy usage through considering both traffic load and transmission power parameters. After analyzing the problem, we propose several algorithms to find stable topologies in an environment composed of selfish nodes, using two types of global and local connectivity information. Finally, we evaluate the performance of the proposed algorithms by simulations. Our simulation results show that using appropriate local information can interestingly result in more efficient topologies than global information.     

多层防火墙技术的研究与应用

分析了在多层网络应用中设计防火墙的技术。集中讨论了把资源严格划分给特定子网的条件。解释了如何通过防火墙加强各应用层的访问控制，满足多层网络应用的技术需求。并给出在甘肃工业大学网络安全设计中的应用实例。     

道路交通网络中的关键节点识别方法研究

在现实世界中，大量复杂系统都可以通过抽象的节点和连边构成的网络来加以刻画。作为城市交通系统的重要组成部分，道路交通网络是一个典型的复杂系统，与人们的生活密切相关。道路交通网络中的关键节点识别问题是复杂网络领域研究中的一个经典难题。传统的度中心性算法和PageRank算法在复杂网络的关键节点的识别中具有较好的应用，考虑到道路交通网络中关键节点的特殊性和彼此关联性，在度中心性算法的基础上引入贪心算法的思想，提出了一个基于贪心策略的度中心性关键节点识别方法；同时，在PageRank算法的基础上引入贪心算法的思想，提出了一种基于贪心策略的PageRank关键节点识别方法，从而使道路交通网络中关键节点识别的结果更合理，在交通道路维护保养、规划设计，以及犯罪分子潜逃阻断等领域都有重要的应用价值。通过公开数据集与经典的关键节点识别方法做比较，验证了算法的有效性。     

Low-latency Mix Using Split and Merge Operations

One of the methods to maintain the anonymity of communicating nodes in a network is the mix technique. Mix networks have been subject to various traffic analysis attacks that aim at compromising the identities of these communication nodes. Our focus in this paper is to propose mix network schemes that are more robust against these attacks. To this end, we propose using traffic re-distribution techniques. Traffic re-distribution involves changing the number and size of messages in the network by splitting and merging the messages at network nodes and using variable size messages to confuse the attacker. The security and anonymity of the proposed techniques are evaluated against traffic analysis attacks. Performance analysis is provided to determine the effectiveness of the proposed techniques.     

Data Integrity Assurance in a Layered Security Strategy

The security industry generally places most emphasis on dealing with threats from external sources, that is, from outside the corporate network. Companies are encouraged to implement firewalls and perimeter defence tools to keep intruders out. Network administrators monitor traffic for abnormal events, raising the alarm as soon as a suspicious email attachment is spotted. So it is fair to say that there is a general assumption that security threats come from outside.     

基于节点状态一致的路网边界控制

针对路网车流分布不均衡的问题,本文提出基于一致性思想的路网边界流量控制策略.首先,基于车辆守恒宏观模型,描述了区域边界车流的动态演化;以区域内路段占有率一致作为控制目标,边界交叉口配时参数为控制输入,进行区域边界反馈控制设计,并推导出边界车流输入与内部路段放行比例的解析关系;最后,通过路网实测数据验证了边界控制策略的适用性.结果表明:边界控制策略不仅能够有效改善路网交通流分布不均衡的状况,还能够有效降低路网的平均延误、排队长度等指标,提高路网运行效率.     

A provision aware proportional fair sharing three colour marker

Traffic conditioners enforce agreements between domains to allow service profiles to conform to subscribers Service Level Agreements. To ensure fairness in the network, these traffic conditioners should allocate bandwidth to subscribers according to their agreed contracted rate and share excess bandwidth in proportion to this agreed rate when the network is over or well provisioned. In instances where the network is under provisioned, the allocation of bandwidth to a subscriber should degrade in proportion to its agreed rate. In this paper a provision aware proportional fair sharing three colour marker is proposed to ensure that these fairness criteria are fulfilled for aggregated flows. Its main contributions are in achieving fairness in under provisioned networks and in the presence of UDP traffic whilst being insensitive to the number of flows in an aggregate. This is demonstrated through a quantitative simulation analysis and also exhibits improved performance over other aggregated approaches, including a recent proposal to provide fairness in under provisioned networks. These results infer that fairness can be achieved by considering the provision of the network in the design of the algorithm, by using separate marking algorithms for TCP and UDP traffic and by using an adaptive factor that mitigates sensitivity to the number of flows in an aggregate.     

Meta-firewall: A sixth generation firewall — Part 2

Terminology in the firewall area is still confusing. Proxies, packet filters, ‘stateful’ filters, hybrid approaches, fifth generation firewalls and many more rule the market, and thus rule the user's mind of what is good and what is bad. But few people have thought about the relationships between all those technologies, how they can interact, and how they can be integrated to increase security on a perimeter network to a maximum. Let us call this approach a ‘meta-firewall’, designed to provide maximum security for dedicated purposes. All of the issues involved in planning for a solution for any network cannot be discussed, but it is an approach to a new way of thinking what can be done with firewalls and the like. This concluding part of a two-part article continues to build the layers of security to make a ‘meta-firewall’.     

Optimization of parallel firewalls filtering rules

As filtering policies are getting larger and more complex, packet filtering at firewalls needs to keep low delays. New firewall architectures are needed to enforce security and meet the increasing demand for high-speed networks. Two main architectures exist for parallelization, data-parallel and function-parallel firewalls. In the first, packets are distributed across a set of identical firewalls that implement the entire policy. In the second, each firewall implements a subset of the policy with a fewer number of rules, but the packets have to be duplicated and processed by all the firewalls. This paper proposes a new architecture function-parallel with pre-processing that combines the advantages of both architectures. The proposed architecture has the advantage of not duplicating the data, so that the processing time can be significantly reduced. Moreover, our architecture enables stateful inspection of packets, which is necessary to prevent multiple types of attacks. The performances of this architecture have been proven to be scalable for large security policies.

     

Perimeter discovery in wireless sensor networks

In this paper, we focus on the perimeter detection problem using wireless sensor networks, as perimeter detection has a wide range of uses in several areas. We present a decentralized localized algorithm where sensor nodes determine if they are located along the perimeter of a wireless sensor network. Our proposed algorithm uses the location neighborhood information in conjunction with the Barycentric technique to determine if the sensor node enclosed by neighboring nodes, and consequently, if it is located within the interior of the wireless sensor network. We define performance metrics to analyze the performance of our approach and the simulation shows that the algorithm gives fairly accurate results.     

Scalable services via egress admission control

Allocating resources for multimedia traffic flows with real-time performance requirements is an important challenge for future packet networks. However, in large-scale networks, individually managing each traffic flow on each of its traversed routers has fundamental scalability limitations, in both the control plane's requirements for signaling, state management, and admission control, and the data plane's requirements for per-flow scheduling mechanisms. In this paper, we develop a scalable architecture and algorithm for quality-of-service management termed egress admission control. In our approach, resource management and admission control are performed only at egress routers, without any coordination among backbone nodes or per-flow management. Our key technique is to develop a framework for admission control under a general “black box” model, which allows for cross traffic that cannot be directly measured, and scheduling policies that may be ill-described across many network nodes. By monitoring and controlling egress routers' class-based arrival and service envelopes, we show how network services can be provisioned via scalable control at the network edge. We illustrate the performance of our approach with a set of simulation experiments using highly bursty traffic flows and find that despite our use of distributed admission control, our approach is able to accurately control the system's admissible region under a wide range of conditions     

New enhancements to the SOCKS communication network security protocol: Schemes and performance evaluation

In this paper we propose two new enhancements to the SOCKS protocol in the areas of IP multicasting and UDP tunneling. Most network firewalls deployed at the entrance to a private network block multicast traffic. This is because of potential security threats inherent with IP multicast. Multicasting is the backbone of many Internet technologies like voice and video conferencing, real time gaming, multimedia streaming, and online stock quotes, among others. There is a need to be able to safely and securely allow multicast streams to enter into and leave a protected enterprise network. Securing multicast streams is challenging. It poses many architectural issues. The SOCKS protocol is typically implemented in a network firewall as an application-layer gateway. Our first enhancement in the area of IP multicast to the SOCKS protocol is to enable the application of security and access control policies and safely allow multicast traffic to enter into the boundaries of a protected enterprise network. The second enhancement we propose is to allow the establishment of a tunnel between two protected networks that have SOCKS based firewalls to transport UDP datagrams.     

A hierarchical architecture for detecting selfish behaviour in community wireless mesh networks

Wireless mesh networks (WMNs) consist of dedicated nodes called mesh routers which relay the traffic generated by mesh clients over multi-hop paths. In a community WMN, all mesh routers may not be managed by an Internet Service Provider (ISP). Limited capacity of wireless channels and lack of a single trusted authority in such networks can motivate mesh routers to behave selfishly by dropping relay traffic in order to provide a higher throughput to their own users. Existing solutions for stimulating cooperation in multi-hop networks use promiscuous monitoring or exchange probe packets to detect selfish nodes and apply virtual currency mechanism to compensate the cooperating nodes. These schemes fail to operate well when applied to WMNs which have a multi-radio environment with a relatively static topology. In this paper we, propose architecture for a community WMN which can detect selfish behaviour in the network and enforce cooperation among mesh routers. The architecture adopts a decentralized detection scheme by dividing the mesh routers into manageable clusters. Monitoring agents hosted on managed mesh routers monitor the behaviour of mesh routers in their cluster by collecting periodic reports and sending them to the sink agents hosted at the mesh gateways. To make the detection more accurate we consider the quality of wireless links. We present experimental results that evaluate the performance of our scheme.     

A new perspective on firewalls

No topic seems to have captured the fancy of information security professionals as has the topic of firewalls. Firewalls are commonly defined as security barriers between an internal network and other networks external to that network. The topic of firewalls is not only disproportionately represented in the agenda of information security conferences and workshops but is the focus of a number of net groups (e.g. Firewalls Digest) that generate a prolific number of postings. Indeed, firewalls are receiving so much attention today that it is difficult to imagine anything new that could be said. Corporations offering information security services now routinely advertise ‘state-of-the-art’ consulting in firewall design and evaluation.     

Demystifying Cluster-Based Fault-Tolerant Firewalls

Firewalls are perimeter security solutions that are useful for addressing the unwanted traffic issue. However, designers must also appropriately address the network performance, availability, and complexity problems that firewalls introduce. The authors survey existing cluster-based fault-tolerant firewall architectures and discuss their trade-offs in these three areas. They present a preliminary evaluation of these architectures and discuss the need for state replication in stateful firewall clusters. They also discuss the difficulties of providing a simple, performance, and fault-tolerant cluster-based firewall solution.     

Protecting Your Internal Resources with Intranet Application Firewalls

Abstract

Web application firewalls (WAFs) are rapidly becoming a key component of end-to-end network security. Although the market is still struggling to move beyond the early adopter stages, WAF placement in the network is now well known and generally accepted as a necessary requirement. When looking at total security architecture, securing public Web applications over ports 80 and 443 is the next logical step to perimeter security: the concept of restricting access from the outside to the resources on the inside. Coupled with network firewalls, HTTP application firewalls can close perimeter security holes opened by allowing unrestricted access to public Web servers. Bui focusing solely on external, public application security is only half of the solution. Internal Web-based applications, such as corporate intranets, HR systems, CRM systems, HTTP-based databases, and report management applications, can also be al risk for the same open-access reasons, but from trusted internal attackers.     

Active network supports for mobile IP

The basic mobile IP protocol is difficult to implement on the traditional IP network and not flexible and efficient under certain conditions.For example,firewalls or boundary routers may drop packets sent by mobile nodes for security reasons.Traditional networking devices such as routers cannot dynamically load and unload extended services to achieve different qualities of services.In this paper,a new scheme of using the active network to support the mobile IP is presented.The Softnet,a prototype of active networks based on mobile agents,is introduced.The active network is characterized by the programmability of its intermediate nodes and therefore presents dynaic and flexible behaviors.Special services can be dynamically deployed onto the active nodes in the Softnet.This property is definitely required in implementing the mobile IP protocols.The SOftnet.This property is definitely required in implementing the mobile IP protocols.The Softnet.This property is definitely required in implementing the mobile IP protocols.The Softnet supports not only the basic mobile IP protocol but also other extended mobile IP protocols.Virtual networks for mobile IP services are dynamically formed by mobile agents in the Softnet to provide different qualities of services.     

AntP2PR: An ant intelligence inspired routing scheme for Peer-to-Peer networks

Unstructured Peer-to-Peer networks consist of an infrastructure-less overlay on top of another network. Most of them use distributed algorithms for all operations, such as resource discovery or connectivity control. Research has shown that a considerable amount of the generated traffic is due to signaling messages. Furthermore, another challenge when implementing a Peer-to-Peer network is avoiding free riders, i.e. users trying to profit from the network without sharing their resources. In this paper a new approach to routing packets in such networks is presented using ant intelligence. Success messages are used as agents and the biological procedure of pheromone trails is used for forwarding new packets used in resource discovery. These agents carry an amount of pheromone which will be added to a pheromone table representing routes to other peers. This approach enables the network to adjust to the dynamic nature of Peer-to-Peer networks where new nodes connect and disconnect continuously. Peers that are free riding will be ultimately isolated from the rest of the network by limiting the number of messages directed to them. The authors have simulated an unstructured Peer-to-Peer network, such as Gnutella, that uses this method and the results are very promising. The amount of traffic used solely for resource discovery is greatly reduced enabling the users to use more bandwidth for transferring content.     

Design of ANN Based Non-Linear Network Using Interconnection of Parallel Processor

Suspicious mass traffic constantly evolves, making network behaviour tracing and structure more complex. Neural networks yield promising results by considering a sufficient number of processing elements with strong interconnections between them. They offer efficient computational Hopfield neural networks models and optimization constraints used by undergoing a good amount of parallelism to yield optimal results. Artificial neural network (ANN) offers optimal solutions in classifying and clustering the various reels of data, and the results obtained purely depend on identifying a problem. In this research work, the design of optimized applications is presented in an organized manner. In addition, this research work examines theoretical approaches to achieving optimized results using ANN. It mainly focuses on designing rules. The optimizing design approach of neural networks analyzes the internal process of the neural networks. Practices in developing the network are based on the interconnections among the hidden nodes and their learning parameters. The methodology is proven best for nonlinear resource allocation problems with a suitable design and complex issues. The ANN proposed here considers more or less 46k nodes hidden inside 49 million connections employed on full-fledged parallel processors. The proposed ANN offered optimal results in real-world application problems, and the results were obtained using MATLAB.