The Experts below are selected from a list of 5595 Experts worldwide ranked by ideXlab platform
Frederic Gouaisbaut - One of the best experts on this subject based on the ideXlab platform.
-
Network anomaly estimation for TCP/AQM Networks using an observer
2008Co-Authors: Yassine Ariba, Yann Labit, Frederic GouaisbautAbstract:Abstract—Network anomaly detection is an active researcharea in Network community. Researchers have approached thisproblem using various techniques such as artificial intelligence,machine learning, state machine modeling, statistical approaches.The purpose of this preliminary work is to design an observerfor Network anomaly estimation for TCP/AQM (TransmissionControl Protocol/Active Queue Management) Networks usingtime delay system approach. Collaborating an observer with anAQM, constant anomalies considered as perturbations for theNetwork can be detected. We illustrate the effectiveness of res ultsvia SIMULINK and the NS-2 simulator.Keywords: Network anomaly detection, Observer, AQM, Timedelay system. I. M OTIVATIONS Network anomalies typically refer to circumstances whenNetwork operations deviate from Normal Network behavior.Detecting anomalies such as malfunctioning Network devices,Network overload, flash crowds, worms, port scans, riskyinternal user behavior, malicious denial of service attacks(DoS), Network intrusions that disrupt the Normal deliveryof Network services has become an important key issue forthe Network community. Such anomalies can be found at anytime in the traffic and degrade Quality of Service (QoS) ofthe Network: congestion at first, then non-responsive routersand even worse. Network anomalies (in sense that there is adeviation from the Normal Network Condition) can be roughlyclassified into two categories. The first category is related toNetwork failures and performance problems (like file serverfailures, broadcast storms, etc...). The second major categoryof Network anomalies is security-related problems (like DoSor DDoS detections) in detecting active security threats. Avariety of tools and techniques exists to detect anomaliesmainly based on information theory called IDS (IntrusionDetection Systems) and ADS (Anomaly Detection Systems).They both look for ”bad things” on a system or Network,things that may be potential security incidents. An IDS usesa defined set of rules or filters that have been crafted to catcha specific, malicious event. IDS are based on two principaltechniques to detect the anomalies/intrusions of the traffi c:First, the use of signatures i.e. of specific formats of packa gesor particular successions of packages giving place to the attack.This technique is not well adapted to the detection of thevariations of the traffic which has not a particular signatur e(like flash crowd or of DDoS without signature). Secondly,the use of statistical profiles of the traffic can be used. Butnowadays, approaches which used the statistics are mainlylimited to first order (average and standard deviation). Thevery strong natural variability of the traffic [1] produced astrong fluctuation of these measurements, thus inducing ver yhigh level of false positives (false alarms) and false negatives(missed detections). Recent studies take into account a richerform of the statistical structure of the traffic (correlatio n,spectral density ...) [2], [3], [4], [5], [6]. An ADS, on theother hand, operates only from a baseline of Normal activity.As described above, behavior that varies from this standardis noted. While an IDS looks mainly for a misuse signature,the ADS looks for a strange event which leads to unapprovedNetwork changes.In this paper, we propose to design an observer in the timedelay systems framework for the anomalies detection. Themain advantage of this technique is that we avoid the problemof false positives/negatives appeared in statistical approaches.The observer synthesis is based on a linearized fluid flowmodel of the TCP/AQM behaviour. Consequently, an AQMregulating the queue size of the router buffer is required toensure the relevance of the observer. Hence, the observer mustbe associated to an AQM to perform its diagnosis. Note thattaking into account the drop probability fixed by the AQM, thedetecting mechanism is independent of the former (as long asthe AQM is able to regulate the queue size at a prescribedlevel).The paper is organized as follows. The second part presentsthe problem statement introducing the model of a Network sup-porting TCP and AQM for congestion control. Then, sectionIII is dedicated to the observer design for the detection andthe estimation of anomalies. Section IV presents application ofthe exposed theory and simulation results using SIMULINKand NS-2 (see [7]). Finally, Section V concludes the paper.Notations: For two symmetric matrices, A and B, A > (≥)B means that A−B is (semi-) positive definite. A
Yassine Ariba - One of the best experts on this subject based on the ideXlab platform.
-
Network anomaly estimation for TCP/AQM Networks using an observer
2008Co-Authors: Yassine Ariba, Yann Labit, Frederic GouaisbautAbstract:Abstract—Network anomaly detection is an active researcharea in Network community. Researchers have approached thisproblem using various techniques such as artificial intelligence,machine learning, state machine modeling, statistical approaches.The purpose of this preliminary work is to design an observerfor Network anomaly estimation for TCP/AQM (TransmissionControl Protocol/Active Queue Management) Networks usingtime delay system approach. Collaborating an observer with anAQM, constant anomalies considered as perturbations for theNetwork can be detected. We illustrate the effectiveness of res ultsvia SIMULINK and the NS-2 simulator.Keywords: Network anomaly detection, Observer, AQM, Timedelay system. I. M OTIVATIONS Network anomalies typically refer to circumstances whenNetwork operations deviate from Normal Network behavior.Detecting anomalies such as malfunctioning Network devices,Network overload, flash crowds, worms, port scans, riskyinternal user behavior, malicious denial of service attacks(DoS), Network intrusions that disrupt the Normal deliveryof Network services has become an important key issue forthe Network community. Such anomalies can be found at anytime in the traffic and degrade Quality of Service (QoS) ofthe Network: congestion at first, then non-responsive routersand even worse. Network anomalies (in sense that there is adeviation from the Normal Network Condition) can be roughlyclassified into two categories. The first category is related toNetwork failures and performance problems (like file serverfailures, broadcast storms, etc...). The second major categoryof Network anomalies is security-related problems (like DoSor DDoS detections) in detecting active security threats. Avariety of tools and techniques exists to detect anomaliesmainly based on information theory called IDS (IntrusionDetection Systems) and ADS (Anomaly Detection Systems).They both look for ”bad things” on a system or Network,things that may be potential security incidents. An IDS usesa defined set of rules or filters that have been crafted to catcha specific, malicious event. IDS are based on two principaltechniques to detect the anomalies/intrusions of the traffi c:First, the use of signatures i.e. of specific formats of packa gesor particular successions of packages giving place to the attack.This technique is not well adapted to the detection of thevariations of the traffic which has not a particular signatur e(like flash crowd or of DDoS without signature). Secondly,the use of statistical profiles of the traffic can be used. Butnowadays, approaches which used the statistics are mainlylimited to first order (average and standard deviation). Thevery strong natural variability of the traffic [1] produced astrong fluctuation of these measurements, thus inducing ver yhigh level of false positives (false alarms) and false negatives(missed detections). Recent studies take into account a richerform of the statistical structure of the traffic (correlatio n,spectral density ...) [2], [3], [4], [5], [6]. An ADS, on theother hand, operates only from a baseline of Normal activity.As described above, behavior that varies from this standardis noted. While an IDS looks mainly for a misuse signature,the ADS looks for a strange event which leads to unapprovedNetwork changes.In this paper, we propose to design an observer in the timedelay systems framework for the anomalies detection. Themain advantage of this technique is that we avoid the problemof false positives/negatives appeared in statistical approaches.The observer synthesis is based on a linearized fluid flowmodel of the TCP/AQM behaviour. Consequently, an AQMregulating the queue size of the router buffer is required toensure the relevance of the observer. Hence, the observer mustbe associated to an AQM to perform its diagnosis. Note thattaking into account the drop probability fixed by the AQM, thedetecting mechanism is independent of the former (as long asthe AQM is able to regulate the queue size at a prescribedlevel).The paper is organized as follows. The second part presentsthe problem statement introducing the model of a Network sup-porting TCP and AQM for congestion control. Then, sectionIII is dedicated to the observer design for the detection andthe estimation of anomalies. Section IV presents application ofthe exposed theory and simulation results using SIMULINKand NS-2 (see [7]). Finally, Section V concludes the paper.Notations: For two symmetric matrices, A and B, A > (≥)B means that A−B is (semi-) positive definite. A
Yoshitaka Shibata - One of the best experts on this subject based on the ideXlab platform.
-
IMIS - Wireless Networked Omni-directional Video Distribution System Based on Delay Tolerant Network on Disaster Environment
2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2013Co-Authors: Kenta Ito, Kazuka Tsuda, Noriki Uchida, Yoshitaka ShibataAbstract:In this paper, we introduce Wireless Networked Omni-directional video collect and distribution System for both Normal and challenged Network environment. Omni directional video camera is used to capture the 360 degree of surround image with various sensor including GPS location, 3-densional gyro-sensor, temperature sensor data. Those data are transmitted to all of the users through Web system. In Normal Network Condition, the conventional IP protocol over mobile Network or wireless Network are used to access to Web server through Internet. The delay tolerant Network protocol (DTN) is used between the vehicles and the web server to support challenged Network environment such as mountain road and disaster area. The user can see the live video and recorded video along the road with 360 degree surround on GIS map as Web services. The system configuration and architecture are explained and a prototype system is constructed to evaluate the functional and performance. Through the performance evaluation, the usefulness and effects of the proposed system is validated.
Yann Labit - One of the best experts on this subject based on the ideXlab platform.
-
Network anomaly estimation for TCP/AQM Networks using an observer
2008Co-Authors: Yassine Ariba, Yann Labit, Frederic GouaisbautAbstract:Abstract—Network anomaly detection is an active researcharea in Network community. Researchers have approached thisproblem using various techniques such as artificial intelligence,machine learning, state machine modeling, statistical approaches.The purpose of this preliminary work is to design an observerfor Network anomaly estimation for TCP/AQM (TransmissionControl Protocol/Active Queue Management) Networks usingtime delay system approach. Collaborating an observer with anAQM, constant anomalies considered as perturbations for theNetwork can be detected. We illustrate the effectiveness of res ultsvia SIMULINK and the NS-2 simulator.Keywords: Network anomaly detection, Observer, AQM, Timedelay system. I. M OTIVATIONS Network anomalies typically refer to circumstances whenNetwork operations deviate from Normal Network behavior.Detecting anomalies such as malfunctioning Network devices,Network overload, flash crowds, worms, port scans, riskyinternal user behavior, malicious denial of service attacks(DoS), Network intrusions that disrupt the Normal deliveryof Network services has become an important key issue forthe Network community. Such anomalies can be found at anytime in the traffic and degrade Quality of Service (QoS) ofthe Network: congestion at first, then non-responsive routersand even worse. Network anomalies (in sense that there is adeviation from the Normal Network Condition) can be roughlyclassified into two categories. The first category is related toNetwork failures and performance problems (like file serverfailures, broadcast storms, etc...). The second major categoryof Network anomalies is security-related problems (like DoSor DDoS detections) in detecting active security threats. Avariety of tools and techniques exists to detect anomaliesmainly based on information theory called IDS (IntrusionDetection Systems) and ADS (Anomaly Detection Systems).They both look for ”bad things” on a system or Network,things that may be potential security incidents. An IDS usesa defined set of rules or filters that have been crafted to catcha specific, malicious event. IDS are based on two principaltechniques to detect the anomalies/intrusions of the traffi c:First, the use of signatures i.e. of specific formats of packa gesor particular successions of packages giving place to the attack.This technique is not well adapted to the detection of thevariations of the traffic which has not a particular signatur e(like flash crowd or of DDoS without signature). Secondly,the use of statistical profiles of the traffic can be used. Butnowadays, approaches which used the statistics are mainlylimited to first order (average and standard deviation). Thevery strong natural variability of the traffic [1] produced astrong fluctuation of these measurements, thus inducing ver yhigh level of false positives (false alarms) and false negatives(missed detections). Recent studies take into account a richerform of the statistical structure of the traffic (correlatio n,spectral density ...) [2], [3], [4], [5], [6]. An ADS, on theother hand, operates only from a baseline of Normal activity.As described above, behavior that varies from this standardis noted. While an IDS looks mainly for a misuse signature,the ADS looks for a strange event which leads to unapprovedNetwork changes.In this paper, we propose to design an observer in the timedelay systems framework for the anomalies detection. Themain advantage of this technique is that we avoid the problemof false positives/negatives appeared in statistical approaches.The observer synthesis is based on a linearized fluid flowmodel of the TCP/AQM behaviour. Consequently, an AQMregulating the queue size of the router buffer is required toensure the relevance of the observer. Hence, the observer mustbe associated to an AQM to perform its diagnosis. Note thattaking into account the drop probability fixed by the AQM, thedetecting mechanism is independent of the former (as long asthe AQM is able to regulate the queue size at a prescribedlevel).The paper is organized as follows. The second part presentsthe problem statement introducing the model of a Network sup-porting TCP and AQM for congestion control. Then, sectionIII is dedicated to the observer design for the detection andthe estimation of anomalies. Section IV presents application ofthe exposed theory and simulation results using SIMULINKand NS-2 (see [7]). Finally, Section V concludes the paper.Notations: For two symmetric matrices, A and B, A > (≥)B means that A−B is (semi-) positive definite. A
Kenta Ito - One of the best experts on this subject based on the ideXlab platform.
-
IMIS - Wireless Networked Omni-directional Video Distribution System Based on Delay Tolerant Network on Disaster Environment
2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2013Co-Authors: Kenta Ito, Kazuka Tsuda, Noriki Uchida, Yoshitaka ShibataAbstract:In this paper, we introduce Wireless Networked Omni-directional video collect and distribution System for both Normal and challenged Network environment. Omni directional video camera is used to capture the 360 degree of surround image with various sensor including GPS location, 3-densional gyro-sensor, temperature sensor data. Those data are transmitted to all of the users through Web system. In Normal Network Condition, the conventional IP protocol over mobile Network or wireless Network are used to access to Web server through Internet. The delay tolerant Network protocol (DTN) is used between the vehicles and the web server to support challenged Network environment such as mountain road and disaster area. The user can see the live video and recorded video along the road with 360 degree surround on GIS map as Web services. The system configuration and architecture are explained and a prototype system is constructed to evaluate the functional and performance. Through the performance evaluation, the usefulness and effects of the proposed system is validated.
