{"title":"TupleChain: Fast Lookup of OpenFlow Table with Multifaceted Scalability","authors":"Yanbiao Li, Neng Ren, Xin Wang, Yuxuan Chen, Xinyi Zhang, Lingbo Guo, Gaogang Xie","doi":"arxiv-2408.04390","DOIUrl":"https://doi.org/arxiv-2408.04390","url":null,"abstract":"OpenFlow switches are fundamental components of software defined networking,\u0000where the key operation is to look up flow tables to determine which flow an\u0000incoming packet belongs to. This needs to address the same multi-field\u0000rule-matching problem as legacy packet classification, but faces more serious\u0000scalability challenges. The demand of fast on-line updates makes most existing\u0000solutions unfit, while the rest still lacks the scalability to either large\u0000data sets or large number of fields to match for a rule. In this work, we\u0000propose TupleChain for fast OpenFlow table lookup with multifaceted\u0000scalability. We group rules based on their masks, each being maintained with a\u0000hash table, and explore the connections among rule groups to skip unnecessary\u0000hash probes for fast search. We show via theoretical analysis and extensive\u0000experiments that the proposed scheme not only has competitive computing\u0000complexity, but is also scalable and can achieve high performance in both\u0000search and update. It can process multiple millions of packets per second,\u0000while dealing with millions of on-line updates per second at the same time, and\u0000its lookup speed maintains at the same level no mater it handles a large flow\u0000table with 10 million rules or a flow table with every entry having as many as\u0000100 match fields.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"39 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141944402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Paul R. B. Houssel, Priyanka Singh, Siamak Layeghy, Marius Portmann
{"title":"Towards Explainable Network Intrusion Detection using Large Language Models","authors":"Paul R. B. Houssel, Priyanka Singh, Siamak Layeghy, Marius Portmann","doi":"arxiv-2408.04342","DOIUrl":"https://doi.org/arxiv-2408.04342","url":null,"abstract":"Large Language Models (LLMs) have revolutionised natural language processing\u0000tasks, particularly as chat agents. However, their applicability to threat\u0000detection problems remains unclear. This paper examines the feasibility of\u0000employing LLMs as a Network Intrusion Detection System (NIDS), despite their\u0000high computational requirements, primarily for the sake of explainability.\u0000Furthermore, considerable resources have been invested in developing LLMs, and\u0000they may offer utility for NIDS. Current state-of-the-art NIDS rely on\u0000artificial benchmarking datasets, resulting in skewed performance when applied\u0000to real-world networking environments. Therefore, we compare the GPT-4 and\u0000LLama3 models against traditional architectures and transformer-based models to\u0000assess their ability to detect malicious NetFlows without depending on\u0000artificially skewed datasets, but solely on their vast pre-trained acquired\u0000knowledge. Our results reveal that, although LLMs struggle with precise attack\u0000detection, they hold significant potential for a path towards explainable NIDS.\u0000Our preliminary exploration shows that LLMs are unfit for the detection of\u0000Malicious NetFlows. Most promisingly, however, these exhibit significant\u0000potential as complementary agents in NIDS, particularly in providing\u0000explanations and aiding in threat response when integrated with Retrieval\u0000Augmented Generation (RAG) and function calling capabilities.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"78 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141969847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Tina Moghaddam, Guowei Yang, Chandra Thapa, Seyit Camtepe, Dan Dongseong Kim
{"title":"MTDSense: AI-Based Fingerprinting of Moving Target Defense Techniques in Software-Defined Networking","authors":"Tina Moghaddam, Guowei Yang, Chandra Thapa, Seyit Camtepe, Dan Dongseong Kim","doi":"arxiv-2408.03758","DOIUrl":"https://doi.org/arxiv-2408.03758","url":null,"abstract":"Moving target defenses (MTD) are proactive security techniques that enhance\u0000network security by confusing the attacker and limiting their attack window.\u0000MTDs have been shown to have significant benefits when evaluated against\u0000traditional network attacks, most of which are automated and untargeted.\u0000However, little has been done to address an attacker who is aware the network\u0000uses an MTD. In this work, we propose a novel approach named MTDSense, which\u0000can determine when the MTD has been triggered using the footprints the MTD\u0000operation leaves in the network traffic. MTDSense uses unsupervised clustering\u0000to identify traffic following an MTD trigger and extract the MTD interval. An\u0000attacker can use this information to maximize their attack window and tailor\u0000their attacks, which has been shown to significantly reduce the effectiveness\u0000of MTD. Through analyzing the attacker's approach, we propose and evaluate two\u0000new MTD update algorithms that aim to reduce the information leaked into the\u0000network by the MTD. We present an extensive experimental evaluation by\u0000creating, to our knowledge, the first dataset of the operation of an\u0000IP-shuffling MTD in a software-defined network. Our work reveals that despite\u0000previous results showing the effectiveness of MTD as a defense, traditional\u0000implementations of MTD are highly susceptible to a targeted attacker.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"39 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141944421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Home Energy Management Systems: Challenges, Heterogeneity & Integration Architecture Towards A Smart City Ecosystem","authors":"Georgios Kormpakis, Alexios Lekidis, Elissaios Sarmas, Giannis Papias, Filippos Serepas, George Stravodimos, Vangelis Marinakis","doi":"arxiv-2408.03707","DOIUrl":"https://doi.org/arxiv-2408.03707","url":null,"abstract":"The contemporary era is marked by rapid urban growth and increasing\u0000population. A significant, and constantly growing, portion of the global\u0000population now resides in major cities, leading to escalating energy demands in\u0000urban centers. As urban population is expected to keep on expanding in the near\u0000future, the same is also expected to happen with the associated energy\u0000requirements. The situation with the continuously increasing energy demand,\u0000along with the emergence of smart grids and the capabilities that are already\u0000-- or can be -- offered by Home Energy Management System (HEMS), has created a\u0000lot of opportunities towards a more sustainable future, with optimized energy\u0000consumption and demand response, which leads to economic and environmental\u0000benefits, based on the actual needs of the consumers. In this paper, we begin\u0000by providing an analytical exploration of the challenges faced at both the\u0000development and deployment levels. We proceed with a thorough analysis and\u0000comparison between the abundance of devices, smart home technologies, and\u0000protocols currently used by various products. Following, aiming to blunt the\u0000currently existing challenges, we propose a reliable, flexible, and extendable\u0000architectural schema. Finally, we analyze a number of potential ways in which\u0000the data deriving from such implementations can be analyzed and leveraged, in\u0000order to produce services that offer useful insights and smart solutions\u0000towards enhanced energy efficiency.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141944420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Congestion or No Congestion: Packet Loss Identification and Prediction Using Machine Learning","authors":"Inayat Ali, Sonia Sabir, Seungwoo Hong, Taesik Cheung","doi":"arxiv-2408.03007","DOIUrl":"https://doi.org/arxiv-2408.03007","url":null,"abstract":"Packet losses in the network significantly impact network performance. Most\u0000TCP variants reduce the transmission rate when detecting packet losses,\u0000assuming network congestion, resulting in lower throughput and affecting\u0000bandwidth-intensive applications like immersive applications. However, not all\u0000packet losses are due to congestion; some occur due to wireless link issues,\u0000which we refer to as non-congestive packet losses. In today's hybrid Internet,\u0000packets of a single flow may traverse wired and wireless segments of a network\u0000to reach their destination. TCP should not react to non-congestive packet\u0000losses the same way as it does to congestive losses. However, TCP currently can\u0000not differentiate between these types of packet losses and lowers its\u0000transmission rate irrespective of packet loss type, resulting in lower\u0000throughput for wireless clients. To address this challenge, we use machine\u0000learning techniques to distinguish between these types of packet losses at end\u0000hosts, utilizing easily available features at the host. Our results demonstrate\u0000that Random Forest and K-Nearest Neighbor classifiers perform better in\u0000predicting the type of packet loss, offering a promising solution to enhance\u0000network performance.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"41 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141944405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Demystifying AMD SEV Performance Penalty for NFV Deployment","authors":"Syafiq Al Atiiq, Aris Cahyadi Risdianto","doi":"arxiv-2408.02212","DOIUrl":"https://doi.org/arxiv-2408.02212","url":null,"abstract":"Network Function Virtualization (NFV) has shifted communication networks\u0000towards more adaptable software solutions, but this transition raises new\u0000security concerns, particularly in public cloud deployments. While Intel's\u0000Software Guard Extensions (SGX) offers a potential remedy, it requires complex\u0000application adaptations. This paper investigates AMD's Secure Encrypted\u0000Virtualization (SEV) as an alternative approach for securing NFV. SEV encrypts\u0000virtual machine (VM) memory, protecting it from threats, including those at the\u0000hypervisor level, without requiring application modifications. We explore the\u0000practicality and performance implications of executing native network function\u0000(NF) implementations in AMD SEV-SNP, the latest iteration of SEV. Our study\u0000focuses on running an unmodified Snort NF within SEV. Results show an average\u0000performance penalty of approximately 20% across various traffic and packet\u0000configurations, demonstrating a trade-off between security and performance that\u0000may be acceptable for many NFV deployments.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"17 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141969852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cho-Chun Chiu, Tuan Nguyen, Ting He, Shiqiang Wang, Beom-Su Kim, Ki-Il Kim
{"title":"Active Learning for WBAN-based Health Monitoring","authors":"Cho-Chun Chiu, Tuan Nguyen, Ting He, Shiqiang Wang, Beom-Su Kim, Ki-Il Kim","doi":"arxiv-2408.02849","DOIUrl":"https://doi.org/arxiv-2408.02849","url":null,"abstract":"We consider a novel active learning problem motivated by the need of learning\u0000machine learning models for health monitoring in wireless body area network\u0000(WBAN). Due to the limited resources at body sensors, collecting each unlabeled\u0000sample in WBAN incurs a nontrivial cost. Moreover, training health monitoring\u0000models typically requires labels indicating the patient's health state that\u0000need to be generated by healthcare professionals, which cannot be obtained at\u0000the same pace as data collection. These challenges make our problem\u0000fundamentally different from classical active learning, where unlabeled samples\u0000are free and labels can be queried in real time. To handle these challenges, we\u0000propose a two-phased active learning method, consisting of an online phase\u0000where a coreset construction algorithm is proposed to select a subset of\u0000unlabeled samples based on their noisy predictions, and an offline phase where\u0000the selected samples are labeled to train the target model. The samples\u0000selected by our algorithm are proved to yield a guaranteed error in\u0000approximating the full dataset in evaluating the loss function. Our evaluation\u0000based on real health monitoring data and our own experimentation demonstrates\u0000that our solution can drastically save the data curation cost without\u0000sacrificing the quality of the target model.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"15 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141969242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Demand-aware Networked System Using Telemetry and ML with ReactNET","authors":"Seyed Milad Miri, Stefan Schmid, Habib Mostafaei","doi":"arxiv-2408.02057","DOIUrl":"https://doi.org/arxiv-2408.02057","url":null,"abstract":"Emerging network applications ranging from video streaming to\u0000virtual/augmented reality need to provide stringent quality-of-service (QoS)\u0000guarantees in complex and dynamic environments with shared resources. A\u0000promising approach to meeting these requirements is to automate complex network\u0000operations and create self-adjusting networks. These networks should\u0000automatically gather contextual information, analyze how to efficiently ensure\u0000QoS requirements, and adapt accordingly. This paper presents ReactNET, a\u0000self-adjusting networked system designed to achieve this vision by leveraging\u0000emerging network programmability and machine learning techniques.\u0000Programmability empowers ReactNET by providing fine-grained telemetry\u0000information, while machine learning-based classification techniques enable the\u0000system to learn and adjust the network to changing conditions. Our preliminary\u0000implementation of ReactNET in P4 and Python demonstrates its effectiveness in\u0000video streaming applications.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"126 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141969243","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Distributionally Robust Optimization for Computation Offloading in Aerial Access Networks","authors":"Guanwang Jiang, Ziye Jia, Lijun He, Chao Dong, Qihui Wu, Zhu Han","doi":"arxiv-2408.02037","DOIUrl":"https://doi.org/arxiv-2408.02037","url":null,"abstract":"With the rapid increment of multiple users for data offloading and\u0000computation, it is challenging to guarantee the quality of service (QoS) in\u0000remote areas. To deal with the challenge, it is promising to combine aerial\u0000access networks (AANs) with multi-access edge computing (MEC) equipments to\u0000provide computation services with high QoS. However, as for uncertain data\u0000sizes of tasks, it is intractable to optimize the offloading decisions and the\u0000aerial resources. Hence, in this paper, we consider the AAN to provide MEC\u0000services for uncertain tasks. Specifically, we construct the uncertainty sets\u0000based on historical data to characterize the possible probability distribution\u0000of the uncertain tasks. Then, based on the constructed uncertainty sets, we\u0000formulate a distributionally robust optimization problem to minimize the system\u0000delay. Next,we relax the problem and reformulate it into a linear programming\u0000problem. Accordingly, we design a MEC-based distributionally robust latency\u0000optimization algorithm. Finally, simulation results reveal that the proposed\u0000algorithm achieves a superior balance between reducing system latency and\u0000minimizing energy consumption, as compared to other benchmark mechanisms in the\u0000existing literature.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"93 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141969244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Manuel M. H. Roth, Anupama Hegde, Thomas Delamotte, Andreas Knopp
{"title":"Shaping Rewards, Shaping Routes: On Multi-Agent Deep Q-Networks for Routing in Satellite Constellation Networks","authors":"Manuel M. H. Roth, Anupama Hegde, Thomas Delamotte, Andreas Knopp","doi":"arxiv-2408.01979","DOIUrl":"https://doi.org/arxiv-2408.01979","url":null,"abstract":"Effective routing in satellite mega-constellations has become crucial to\u0000facilitate the handling of increasing traffic loads, more complex network\u0000architectures, as well as the integration into 6G networks. To enhance\u0000adaptability as well as robustness to unpredictable traffic demands, and to\u0000solve dynamic routing environments efficiently, machine learning-based\u0000solutions are being considered. For network control problems, such as\u0000optimizing packet forwarding decisions according to Quality of Service\u0000requirements and maintaining network stability, deep reinforcement learning\u0000techniques have demonstrated promising results. For this reason, we investigate\u0000the viability of multi-agent deep Q-networks for routing in satellite\u0000constellation networks. We focus specifically on reward shaping and quantifying\u0000training convergence for joint optimization of latency and load balancing in\u0000static and dynamic scenarios. To address identified drawbacks, we propose a\u0000novel hybrid solution based on centralized learning and decentralized control.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"10 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141944408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}