Performance Evaluation of an Internet Protocol Security (IPSec) Based Multiprotocol Label Switching (MPLS) Virtual Private Network

This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.

Unweighted Voting Method to Detect Sinkhole Attack in RPL-Based Internet of Things Networks

The Internet of Things(IoT)consists of interconnected smart devices communicating and collecting data.The Routing Protocol for Low-Power and Lossy Networks(RPL)is the standard protocol for Internet Protocol Version 6(IPv6)in the IoT.However,RPL is vulnerable to various attacks,including the sinkhole attack,which disrupts the network by manipulating routing information.This paper proposes the Unweighted Voting Method(UVM)for sinkhole node identification,utilizing three key behavioral indicators:DODAG Information Object(DIO)Transaction Frequency,Rank Harmony,and Power Consumption.These indicators have been carefully selected based on their contribution to sinkhole attack detection and other relevant features used in previous research.The UVM method employs an unweighted voting mechanism,where each voter or rule holds equal weight in detecting the presence of a sinkhole attack based on the proposed indicators.The effectiveness of the UVM method is evaluated using the COOJA simulator and compared with existing approaches.Notably,the proposed approach fulfills power consumption requirements for constrained nodes without increasing consumption due to the deployment design.In terms of detection accuracy,simulation results demonstrate a high detection rate ranging from 90%to 100%,with a low false-positive rate of 0%to 0.2%.Consequently,the proposed approach surpasses Ensemble Learning Intrusion Detection Systems by leveraging three indicators and three supporting rules.

ICMPTend: Internet Control Message Protocol Covert Tunnel Attack Intent Detector

The Internet Control Message Protocol(ICMP)covert tunnel refers to a network attack that encapsulates malicious data in the data part of the ICMP protocol for transmission.Its concealment is stronger and it is not easy to be discovered.Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions.In this paper,we propose an ICMP covert tunnel attack intent detection framework ICMPTend,which includes five steps:data collection,feature dictionary construction,data preprocessing,model construction,and attack intent prediction.ICMPTend can detect a variety of attack intentions,such as shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attacks.We extract features from five types of attack intent found in ICMP channels.We build a multi-dimensional dictionary of malicious features,including shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attack keywords.For the high-dimensional and independent characteristics of ICMP traffic,we use a support vector machine(SVM)as a multi-class classifier.The experimental results show that the average accuracy of ICMPTend is 92%,training ICMPTend only takes 55 s,and the prediction time is only 2 s,which can effectively identify the attack intention of ICMP.

Analysis and Application of Covert Channels of Internet Control Message Protocol

Based on the analysis of the covert channel＇s working mechanism of the internet control message protocol （ICMP） in internet protocol version 4 （IPv4） and Internet Protocol version 6 （IPv6）, the ICMP covert channd＇s algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel＇s algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.

USING WAVELENGTH ROUTING IN THE OPTICAL INTERCONNECTION COMPUTER NETWORK

The wavelength routing technology applied to computer interconnection networks is introduced in this paper.By analyzing the relation between wavelength and network routing,we describe a concept of wavelength used as network IP address,and propose a wavelength routing topology to extend the scale of a network and realize the scalability of the network.Moreover,a twin wavelength ring network that is being developed in our laboratory to implement and test the function of wavelength routing is presented,and the main units of the twin wavelength ring network are presented also.According to the testing results based on a single wavelength ring network,it proves that the optical interconnection technology is a perfect technology to provide enough communication bandwidth for computer network.

Understanding pollution dynamics in large-scale peer-to-peer IPTV system

With the great commercial success of several IPTV (internet protocal television) applications, PPLive has received more and more attention from both industry and academia. At present, PPLive system is one of the most popular instances of IPTV applications which attract a large number of users across the globe; however, the dramatic rise in popularity makes it more likely to become a vulnerable target. The main contribution of this work is twofold. Firstly, a dedicated distributed crawler system was proposed and its crawling performance was analyzed, which was used to evaluate the impact of pollution attack in P2P live streaming system. The measurement results reveal that the crawler system with distributed architecture could capture PPLive overlay snapshots with more efficient way than previous crawlers. To the best of our knowledge, our study work is the first to employ distributed architecture idea to design crawler system and discuss the crawling performance of capturing accurate overlay snapshots for P2P live streaming system. Secondly, a feasible and effective pollution architecture was proposed to deploy content pollution attack in a real-world P2P live streaming system called PPLive, and deeply evaluate the impact of pollution attack from following five aspects:dynamic evolution of participating users, user lifetime characteristics, user connectivity-performance, dynamic evolution of uploading polluted chunks and dynamic evolution of pollution ratio. Specifically, the experiment results show that a single polluter is capable of compromising all the system and its destructiveness is severe.

Performance Evaluation of IPv4/IPv6 Networks for Ubiquitous Home-Care Service

Abstract--- Because of rapid development in network technology, Internet usage has become widespread. It allows users with sensing devices to obtain medical data for healthcare, such as physiological signals, voice, and video streams from telemedicine systems, and to send the healthcare data to back-end database systems, creating a ubiquitous healthcare environment. However, this environment requires a widespread and suitable network. IPv6 （Internet protocol version 6） is the next-generation Internet protocol that will be the protocol of future networks; it improves many shortcomings of IPv4. In this paper, we propose an IPv6/IPv4 U-home-care test system and analyze the network＇s parameters though a series of tests by adjusting network parameters to find the optimal design for applications in the IPv6/IPv4 U-home-care service so as to assure good performance and high quality.

IP MULTICAST GROUP MANAGEMENT FOR BROADCAST LANS DISTRIBUTION

Problems of the current IGMP mechanism were identified, such as unnecessary periodic probing of hosts and leave latency, which wastes bandwidth and cause more traffic and overhead. Alternative mechanism that preserve the IP multicast model but employ join/leave messages to track local group membership for broadcast LANs (shared medium LANs) was proposed in this paper. We describe the implementation requirements of the new mechanism and compare it to existing one, demonstrating that join/leave approach is uniformly superior for the environment of broadcast LANs.

Design of Enterprise Storage Architecture for Optimal Business Continuity

This paper presents a solution for optimal business continuity, with storage architecture for enterprise applications, which will ensure zero data loss and quick recovery. The solution makes use of Internet protocol storage area network （IPSAN）, which is used for data management without burdening the application server, as well as mix of synchronous and semi-synchronous replication techniques to replicate data to remote disaster recovery site. We have presented the detailed design of both synchronous and semi-synchronous with case study of using open source database postgres to prove our point for optimal business continuity. The theoretical presentation is also given for the same.

Down to Zero Size of VoIP Packet Payload

Voice over Internet Protocol(VoIP)is widely used by companies,schools,universities,and other institutions.However,VoIP faces many issues that slow down its propagation.An important issue is poor utilization of the VoIP service network bandwidth,which results from the large header of the VoIP packet.The objective of this study is to handle this poor utilization of the network bandwidth.Therefore,this study proposes a novel method to address this large header overhead problem.The proposed method is called zero size payload(ZSP),which aims to reemploy and use the header information(fields)of the VoIP packet that is dispensable to the VoIP service,particularly the unicast IP voice calls.In general,these fields are used to carry the VoIP packet payload.Therefore,the size of the payload is reduced to save bandwidth.The performance estimation results of the proposed ZSP method showed a considerable improvement in the bandwidth utilization of the VoIP service.For example,the saved bandwidth in the tested scenario with the G.723.1,G.729,and LPC codecs reached 32%,28%,and 26%respectively.

Advanced Persistent Threat Detection and Mitigation Using Machine Learning Model

The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood.Several cyber-attacks lead to the compromise of data security.The proposed system offers complete data protection from Advanced Persistent Threat(APT)attacks with attack detection and defence mechanisms.The modified lateral movement detection algorithm detects the APT attacks,while the defence is achieved by the Dynamic Deception system that makes use of the belief update algorithm.Before termination,every cyber-attack undergoes multiple stages,with the most prominent stage being Lateral Movement(LM).The LM uses a Remote Desktop protocol(RDP)technique to authenticate the unauthorised host leaving footprints on the network and host logs.An anomaly-based approach leveraging the RDP event logs on Windows is used for detecting the evidence of LM.After extracting various feature sets from the logs,the RDP sessions are classified using machine-learning techniques with high recall and precision.It is found that the AdaBoost classifier offers better accuracy,precision,F1 score and recall recording 99.9%,99.9%,0.99 and 0.98%.Further,a dynamic deception process is used as a defence mechanism to mitigateAPTattacks.A hybrid encryption communication,dynamic(Internet Protocol)IP address generation,timing selection and policy allocation are established based on mathematical models.A belief update algorithm controls the defender’s action.The performance of the proposed system is compared with the state-of-the-art models.

An efficient QoS enhancement mechanism of VoIP using erasure array codes

In order to solve the problem of losing voice packets in voice over internet protocol(VoIP),a kind of lost packets double recovery algorithm is proposed. The algorithm is based on erasure coding technique which comes from highly available data storage systems. An efficient coding scheme with higher tolerance based on STAR and Reed-Solomon( RS) erasure code is described. An efficient method is also provided which could transform the voice data packets of one dimensional bit stream into two dimensional array according to given window size. If the lost rate has increased beyond the error correction capability,packet-loss concealment will be adopted. Under various conditions of packet-loss simulation during the experiments,the algorithm has proved its better performance on MOS rating and coding rate.

ARRANGING MULTICAST FORWARDING TABLE IN CLASS SEQUENCE IN TERNARY-CAM FOR LINE-SPEED LOOKUP

PIM-SM(Protocol Independent Multicast-Sparse Mode) is a main multicast routing pro-tocol in the IPv6(Internet Protocol version 6).It can use either a shared tree or a shortest path tree to deliver data packets,consequently the multicast IP lookup engine requires,in some cases,two searches to get a correct lookup result according to its multicast forwarding rule,and it may result in a new requirement of doubling the lookup speed of the lookup engine.The ordinary method to satisfy this requirement in TCAM(Ternary Content Addressable Memory) based lookup engines is to exploit parallelism among multiple TCAMs.However,traditional parallel methods always induce more re-sources and higher design difficulty.We propose in this paper a novel approach to solve this problem.By arranging multicast forwarding table in class sequence in TCAM and making full use of the intrinsic characteristic of the TCAM,our approach can get the right lookup result with just one search and a single TCAM,while keeping the hardware of lookup engine unchanged.Experimental results have shown that the approach make it possible to satisfy forwarding IPv6 multicast packets at the full link rate of 20 Gb/s with just one TCAM with the current TCAM chip.

Design and implementation of digital content metadata system

Today's multimedia services are far beyond just the voice and data services:they have been diversified tremendously after fueled by the advancement of network infrastructures as well as the sudden surge of multimedia data itself.Currently,researches on metadata insertion,management and transfer keep going very well in order to provide a variety of services to users.In this paper,we propose the design and implementation methods of digital contents metadata system for insertion,storage and retrieval of metadata.The performance evaluation shows that the proposed method performs better than the existing method.

Multi-Stage Image Compression-Decompression System Using PCA/IPCA to Enhance Wireless Transmission Security

The goal of this paper is to propose a fast and secure multi-stage image compression-decompression system by using a wireless network between two Personal Computers (PCs). In this paper, the Principal Component Analysis (PCA) technique is used for multi-stage image compression and Inverse Principal Component Analysis (IPCA) for multi-stage image decompression. The first step of the proposed system is to select the input image, the second step is to perform PCA up to 9 times on the input image, this compression, and after multi-stage compression process then the third step begins by transforming across wireless Ad hoc Network (WANET) to the second computing device, forth step start with multi-stage decompression process up 9 times. The proposed system for different images is transferred over the wireless network using Transmission Control Protocol/Internet Protocol (TCP/IP), which is programmed using the network role property of the MATLAB program. The proposed system implements 25 different images correctly (100%). The main contribution of this paper is that we are dealing with the black image at the end of the compressed process ad start with a black image at the start of the decompressed process of this proposed system. In this work, the compressed and uncompressed images are compared with each other in their size and transmission time. This system can be very useful in networks because they provide a high level of protection to the transmitted data from hackers because they cannot guess how much the image has been compressed or what kind of information the image represents.

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.

Development and Verification of Simulation Model Based on Real MANET Experiments for Transport Layer Protocols (UDP and TCP)

There is a lack of appropriate guidelines for realistic user traces, mobility models, routing protocols, considerations of real-life challenges, etc. for general-purpose mobile ad hoc networks （MANET）. In this paper, four laptops are used in an open field environment in four scenarios to evaluate the performances of Internet control message protocol （ICMP） based ping and transmission control protocol （TCP） based streaming video applications using optimised link state routing （OLSR） implementation in an IEEE 802.11g wireless network. Corresponding simulations are developed in Network Simulator ns-2 by setting simulation parameters according to the real experiments. Difficulties faced to regenerate real-life scenarios have been discussed and the gaps between reality and simulation are identified. A setup guideline to produce realistic simulation results has been established.

Registration Cost Performance Analysis of a Hierarchical Mobile Internet Protocol Network

On the basis of introducing principles for hierarchical mobile Internet protocol networks, the registration cost performance in this network model is analyzed in detail. Furthermore, the functional relationship is also established in the paper among registration cost, hierarchical level number and the maximum handover time for gateway foreign agent regional registration. At last, the registration cost of the hierarchical mobile Internet protocol network is compared with that of the traditional mobile Internet protocol. Theoretic analysis and computer simulation results show that the hierarchical level number and the maximum handover times can both affect the registration cost importantly, when suitable values of which are chosen, the hierarchical network can significantly improve the registration performance compared with the traditional mobile IP.

A multipath routing algorithm for satellite networksbased on service demand and traffic awareness

With the reduction in manufacturing and launch costs of low Earth orbit satellites and the advantages of large coverage and high data transmission rates,satellites have become an important part of data transmission in air-ground networks.However,due to the factors such as geographical location and people’s living habits,the differences in user’demand for multimedia data will result in unbalanced network traffic,which may lead to network congestion and affect data transmission.In addition,in traditional satellite network transmission,the convergence of network information acquisition is slow and global network information cannot be collected in a fine-grained manner,which is not conducive to calculating optimal routes.The service quality requirements cannot be satisfied when multiple service requests are made.Based on the above,in this paper artificial intelligence technology is applied to the satellite network,and a software-defined network is used to obtain the global network information,perceive network traffic,develop comprehensive decisions online through reinforcement learning,and update the optimal routing strategy in real time.Simulation results show that the proposed reinforcement learning algorithm has good convergence performance and strong generalizability.Compared with traditional routing,the throughput is 8%higher,and the proposed method has load balancing characteristics.

Virtual topology design scheme with energy efficiency for IP over elastic optical networks

The rapid growth of the Internet raises the importance of resource planning of Internet protocol（IP） over elastic optical networks（EONs）, which is a challenging task due to more complex and obscure physical constraints of it. Compared with network cost, the power consumption may eventually become the barrier to the expansion of the Internet. We present an energy-efficient virtual topology design（VTD） scheme for IP over EON. We explicitly explain and analyze the mixed integer linear programming model and the heuristic algorithm for this scheme. Numerical results show that the proposed VTD scheme can significantly save power consumption.