{"title":"Measuring exposure in DDoS protection services","authors":"M. Jonker, A. Sperotto","doi":"10.23919/CNSM.2017.8255991","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8255991","url":null,"abstract":"Denial-of-Service attacks have rapidly gained in popularity over the last decade. The increase in frequency, size, and complexity of attacks has made DDoS Protection Services (DPS) an attractive mitigation solution to which the protection of services can be outsourced. Despite a thriving market and increasing adoption of protection services, a DPS can often be bypassed, and direct attacks can be launched against the origin of a target. Many protection services leverage the Domain Name System (DNS) to protect, e.g., Web sites. When the DNS is misconfigured, the origin IP address of a target can leak to attackers, which defeats the purpose of outsourcing protection. We perform a large-scale analysis of this phenomenon by using three large data sets that cover a 16-month period: a data set of active DNS measurements; a DNS-based data set that focuses on DPS adoption; and a data set of DoS attacks inferred from backscatter traffic to a sizable darknet. We analyze nearly 11k Web sites on Alexa's top 1M that outsource protection, for eight leading DPS providers. Our results show that 40% of these Web sites expose the origin in the DNS. Moreover, we show that the origin of 19% of these Web sites is targeted after outsourcing protection.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131189086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Enforcing free roaming among EU countries: An economic analysis","authors":"P. Maillé, B. Tuffin","doi":"10.23919/CNSM.2017.8255969","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8255969","url":null,"abstract":"In October 2015, the European parliament has decided to forbid roaming charges among EU mobile phone users, starting June 2017, as a first step toward the unification of the European digital market. In this paper, we aim at investigating the consequences of such a measure from an economic perspective. In particular, we analyze the effect of the willingness-to-pay heterogeneity among users (also due to wealth heterogeneity), and the fact that the roaming behavior is positively correlated with wealth. Considering a monopolistic operator, we compare the paid-roaming situation (with usage-based pricing) to the envisioned free-roaming from the point of view of the operator and of users. Our analysis suggests that imposing free roaming degrades the revenues of the operator but can also deter some users from subscribing. This is because paid roaming allows some partial market segmentation; hence we conclude that such (apparently beneficial) regulatory decisions must be taken with care.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"36 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128056591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A lightweight snapshot-based DDoS detector","authors":"Gilles Roudière, P. Owezarski","doi":"10.23919/CNSM.2017.8256014","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8256014","url":null,"abstract":"Despite the efforts made from both the research community and the industry in inventing new methods to deal with distributed denial of service attacks, they stay a major threat in the Internet network. Those attacks are numerous, and can prevent, in most serious cases, the targeted system from answering any request from its clients. Detecting such attacks means dealing with several difficulties, such as their distributed nature or the several evasions techniques available to the attackers. The detection process has also a cost, which includes both the resources needed to perform the detection and the work of the network administrator. In this paper we introduce AATAC (Autonomous Algorithm for Traffic Anomaly Detection), an unsupervised DDoS detector that focuses on reducing the computational resources needed to process the traffic. It models the traffic using a set of regularly created snapshots. Each new snapshot is compared to this model using a k-NN based measure to detect significant deviations toward the usual traffic profile. Those snapshots are also used to provide the network administrator with an explicit and dynamic view of the traffic when an anomaly occurs. Our evaluation shows that AATAC is able to efficiently process real traces with low computational resources requirements, while achieving an efficient detection producing a low number of false-positives.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122624250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Mensah, S. Dubus, Wael Kanoun, C. Morin, G. Piolle, Eric Totel
{"title":"Connectivity extraction in cloud infrastructures","authors":"P. Mensah, S. Dubus, Wael Kanoun, C. Morin, G. Piolle, Eric Totel","doi":"10.23919/CNSM.2017.8256010","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8256010","url":null,"abstract":"For management and security purposes, cloud providers should know the connectivity graph between virtual machines. Since traditional methods used in physical networks produce incomplete results and are hardly usable in the Cloud, we propose to use information provided by a Cloud Management Software and an SDN controller, to compute the connectivity graph in those environments. Our approach shows an exact, complete and up-to-date connectivity graphs computation on a representative infrastructure, in reasonable time.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115209463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jean-Michel Sanner, Y. H. Aoul, M. Ouzzif, G. Rubino
{"title":"An evolutionary controllers' placement algorithm for reliable SDN networks","authors":"Jean-Michel Sanner, Y. H. Aoul, M. Ouzzif, G. Rubino","doi":"10.23919/CNSM.2017.8256047","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8256047","url":null,"abstract":"SDN controllers placement in TelCo networks are generally multi-objective and multi-constrained problems. The solutions proposed in the literature usually model the placement problem by providing a mixed integer linear program (MILP). Their performances are, however, quickly limited for large sized networks, due to the significant increase in the computational delays. In order to avoid the inherent complexity of optimal approaches and the lack of flexibility of heuristics, we propose in this paper a genetic algorithm designed from the NSGA II framework that aims to deal with the controller placement problem. Genetic algorithms can, indeed, be both multi-objective, multi-constraints and can be designed to be computed in parallel. They constitute a real opportunity to find good solutions to this category of problems. Furthermore, the proposed algorithm can be easily adapted to manage dynamic placements scenarios. The goal chosen, in this work, is to maximize the clusters average connectivity and to balance the control's load between clusters, in a way to improve the networks' reliability. The evaluation results on a set of network topologies demonstrated very good performances, which achieve optimal results for small networks.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120960520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Anomaly detection for openstack services with process-related topological analysis","authors":"T. Niwa, Yuki Kasuya, T. Kitahara","doi":"10.23919/CNSM.2017.8255977","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8255977","url":null,"abstract":"OpenStack has become the de-facto standard open source software for managing virtualized infrastructure for NFV, however, operators are facing increased complexity of fault management for OpenStack due to its black-box modular architecture and half-yearly version updates. This hinders operators from promptly identifying the root cause of failure or anomalies in OpenStack services. In this paper, we propose an anomaly detection framework for OpenStack in order to identify the root process of anomalies underlying OpenStack services. The framework utilizes a process relational graph and an anomaly detection technique with a centroid-based clustering algorithm. We demonstrate experiments with regards to two use cases and prove the framework to enable discovery of the root process that is responsible for the anomalous situation.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116939353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shaohan Huang, Carol J. Fung, Chang Liu, Shupeng Zhang, Guang Wei, Zhongzhi Luan, D. Qian
{"title":"Arena: Adaptive real-time update anomaly prediction in cloud systems","authors":"Shaohan Huang, Carol J. Fung, Chang Liu, Shupeng Zhang, Guang Wei, Zhongzhi Luan, D. Qian","doi":"10.23919/CNSM.2017.8256031","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8256031","url":null,"abstract":"In current cloud systems, their monitoring relies strongly on rule-based and supervised-learning-based detection methods for anomaly detection. These methods require either some knowledge provided by an expert system or monitoring data to be labeled as a training set. In practice, the systems behavior changes over time. It is difficult to adjust the rules or re-train detection model for these methods. In this paper, we present an Adaptive REal-time update uNsupervised Anomaly prediction system (Arena) for cloud systems. Arena uses a clustering technique based on a density spatial clustering algorithm to identify clusters and outliers. We propose two prediction strategies to improve the ability to predict anomaly and a real-time update strategy by adding new monitoring points into Arenas model. To improve the prediction efficiency and reduce the scale of the model, we adopt a pruning method to remove redundant points. The anomaly data used in the experiments was collected from the Yahoo Lab and the component based system of enterprise T. The experimental results show that our proposed methods can achieve high prediction accuracy compared to existing methods. Realtime update strategy can improve the prediction performance. The pruning method can further reduce the scale of the model and demonstrates the prediction efficiency.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121279074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Anne-Cécile Orgerie, B. Amersho, Timothée Haudebourg, M. Quinson, M. Rifai, Dino Lopez Pacheco, L. Lefèvre
{"title":"Simulation toolbox for studying energy consumption in wired networks","authors":"Anne-Cécile Orgerie, B. Amersho, Timothée Haudebourg, M. Quinson, M. Rifai, Dino Lopez Pacheco, L. Lefèvre","doi":"10.23919/CNSM.2017.8256037","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8256037","url":null,"abstract":"Networking infrastructures are considered to consume as much energy as terminal end-user equipment or datacenters. While energy consumption of wireless networks is a matter of concern since their beginning, it is not the case for wired networks as they do not rely on batteries, but on plugged equipment. Yet, facing growing consumption, energy-efficient techniques start to be implemented in wired networks. However, measuring the end-to-end energy consumption of wired networking infrastructures remains a real challenge for network operators and scientists. This article presents the ECOFEN (Energy Consumption mOdel For End-to-end Networks) framework which allows to support precise simulation of energy consumption of large-scale complex wired networks. The experimental validation shows that Ecofen provides accurate energy consumption values.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"127 45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114453929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Distributed-collaborative managed dash video services","authors":"Kemal E. Sahin, K. Bagci, A. Tekalp","doi":"10.23919/CNSM.2017.8256001","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8256001","url":null,"abstract":"We propose a new distributed-collaborative managed DASH video service architecture over software defined networks (SDN) that enables fair and stable video quality to heterogeneous resolution clients. The proposed service is managed by the video service provider (VSP) in collaboration with the network service provider (NSP), where groups of clients sharing a network slice with a reserved throughput collaborate with each other to compute their own fair-share bitrates. Our novel distributed service architecture allows each client to share its buffer status with other clients in the same collaboration group so that each client can estimate a group-buffer-status aware fair-share bitrate, enforce this rate by TCP receive-window size control over a network slice reserved for the group, and perform application-level DASH video rate adaptation that is consistent with this enforced fair bitrate. Experimental results show that the proposed collaborative video service outperforms the traditional competitive DASH clients in terms of (i) minimizing quality fluctuations per client, (ii) fairness among heterogeneous DASH clients, and (iii) maximizing the total goodput of reserved network slice.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123652455","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Adaptive and distributed monitoring mechanism in software-defined networks","authors":"X. Phan, I. D. Martinez-Casanueva, K. Fukuda","doi":"10.23919/CNSM.2017.8256003","DOIUrl":"https://doi.org/10.23919/CNSM.2017.8256003","url":null,"abstract":"Network traffic monitoring is an important factor to ensure the controllability and manageability of software-defined network (SDN). The current monitoring mechanism of SDN requires switches to request the controller for instructions to install flow entries for every new incoming flow. For finegrained monitoring, which requires many flow entries in switches' flow tables, this mechanism creates a non-trivial delay in the forwarding of switches and overhead in the control channel. Our previous work presented SDN-Mon, a monitoring framework that supports fine-grained monitoring for SDN. In this paper, we discuss the aspect of monitoring the flows in a distributed manner. We believe that a distributed monitoring capability enhances the monitoring scalability for SDN. We propose a mechanism that supports SDN to distribute the monitoring load over multiple switches in the network, in which it prevents flows monitoring duplication and balances the monitoring load over switches in the network. With the proposed mechanism, each switch handles much less monitoring load; and the overhead at switches, the control channel, and the controller caused by the monitoring duplication is eliminated. We implement the proposal and integrate it to SDN-Mon to enable a scalable and distributed monitoring capability in SDN. Experimental results show that the proposed mechanism significantly reduces the amount of monitoring load per switch, while the monitoring load is well balanced over switches in the network, with only an acceptable polling and processing overhead.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132313248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}