30 resultados para computer networks
em Universidad Politécnica de Madrid
Resumo:
The Session Initiation Protocol (SIP) is an application-layer control protocol standardized by the IETF for creating, modifying and terminating multimedia sessions. With the increasing use of SIP in large deployments, the current SIP design cannot handle overload effectively, which may cause SIP networks to suffer from congestion collapse under heavy offered load. This paper introduces a distributed end-to-end overload control (DEOC) mechanism, which is deployed at the edge servers of SIP networks and is easy to implement. By applying overload control closest to the source of traf?c, DEOC can keep high throughput for SIP networks even when the offered load exceeds the capacity of the network. Besides, it responds quickly to the sudden variations of the offered load and achieves good fairness. Theoretic analysis and extensive simulations verify that DEOC is effective in controlling overload of SIP networks.
Resumo:
The emerging use of real-time 3D-based multimedia applications imposes strict quality of service (QoS) requirements on both access and core networks. These requirements and their impact to provide end-to-end 3D videoconferencing services have been studied within the Spanish-funded VISION project, where different scenarios were implemented showing an agile stereoscopic video call that might be offered to the general public in the near future. In view of the requirements, we designed an integrated access and core converged network architecture which provides the requested QoS to end-to-end IP sessions. Novel functional blocks are proposed to control core optical networks, the functionality of the standard ones is redefined, and the signaling improved to better meet the requirements of future multimedia services. An experimental test-bed to assess the feasibility of the solution was also deployed. In such test-bed, set-up and release of end-to-end sessions meeting specific QoS requirements are shown and the impact of QoS degradation in terms of the user perceived quality degradation is quantified. In addition, scalability results show that the proposed signaling architecture is able to cope with large number of requests introducing almost negligible delay.
Resumo:
This paper hallmarks the most relevant contributions carried out by the authors in the VOTESCRIPT project (TIC2000-1630-C02). The main goal of this project was the analysis, definition and implementation of a system which copes with every phases and elements existing in a process of electronic voting using computer networks. A summary of the main criticisms of electronic voting is presented to disclose that the most relevant voting schemes only take into account a technological perspective, just trying to imitate the conventional voting schemes. Nevertheless in these proposals important aspects such individual and global verification are not properly undertaken. The paper includes the proposed solutions of the project to solve these mentioned problems.
Resumo:
Este artículo presenta los aspectos más relevantes del trabajo realizado por los autores dentro del proyecto VOTESCRIPT (TIC2000-1630-C02). El objetivo principal de este proyecto fue el análisis, definición e implementación de un sistema que abarcara todas las fases y elementos existentes en un proceso de votación electrónica sobre redes de ordenadores. El artículo incluye las soluciones propuestas dentro del proyecto. This paper hallmarks the most relevant contributions carried out by the authors in the VOTESCRIPT project (TIC2000-1630-C02). The main goal of this project was the analysis, definition and implementation of a system, which copes with every phases and elements existing in a process of electronic voting using computer networks. The paper includes the proposed solutions of the project to solve these problems.
Resumo:
A system for simultaneous 2D estimation of rectangular room and transceiver localization is proposed. The system is based on two radio transceivers, both capable of full duplex operations (simultaneous transmission and reception). This property enables measurements of channel impulse response (CIR) at the same place the signal is transmitted (generated), commonly known as self-to-self CIR. Another novelty of the proposed system is the spatial CIR discrimination that is possible with the receiver antenna design which consists of eight sectorized antennas with 45° aperture in the horizontal plane and total coverage equal to the isotropic one. The dimensions of a rectangular room are reconstructed directly from spatial radio impulse responses by extracting the information regarding round trip time (RTT). Using radar approach estimation of walls and corners positions is derived. Tests using measured data were performed, and the simulation results confirm the feasibility of the approach.
Resumo:
Desde la aparición de Internet, hace ya más de 20 años ha existido por parte de diversos sectores de la sociedad, científicos, empresas, usuarios, etc. la inquietud por la aplicación de esta tecnología a lo que se ha dado en llamar “El Internet de las Cosas”, que no es más que el control a distancia de cualquier elemento útil o necesario para la vida cotidiana y la industria. Sin embargo el desarrollo masivo de aplicaciones orientadas a esto, no ha evolucionado hasta que no se han producido avances importantes en dos campos: por un lado, en las Redes Inalámbricas de Sensores (WSN), redes compuestas por un conjunto de pequeños dispositivos capaces de transmitir la información que recogen, haciéndola llegar desde su propia red inalámbrica, a otras de amplia cobertura y por otro con la miniaturización cada vez mayor de dispositivos capaces de tener una autonomía suficiente como para procesar datos e interconectarse entre sí. Al igual que en las redes de ordenadores convencionales, las WSN se pueden ver comprometidas en lo que a seguridad se refiere, ya que la masiva implementación de estas redes hará que millones de Terabytes de datos, muchas veces comprometidos o sometidos a estrictas Leyes de protección de los mismos, circulen en la sociedad de la información, de forma que lo que nace como una ventaja muy interesante para sus usuarios, puede convertirse en una pesadilla debido a la amenaza constante hacia los servicios mínimos de seguridad que las compañías desarrolladoras han de garantizar a los usuarios de sus aplicaciones. Éstas, y con el objetivo de proveer un ámbito de seguridad mínimo, deben de realizar un minucioso estudio de la aplicación en particular que se quiere ofrecer con una WSN y también de las características específicas de la red ya que, al estar formadas por dispositivos prácticamente diminutos, pueden tener ciertas limitaciones en cuanto al tamaño de la batería, capacidad de procesamiento, memoria, etc. El presente proyecto desarrolla una aplicación, única, ya que en la actualidad no existe un software con similares características y que aporta un avance importante en dos campos principalmente: por un lado ayudará a los usuarios que deseen desplegar una aplicación en una red WSN a determinar de forma automática cuales son los mecanismos y servicios específicos de seguridad que se han de implementar en dicha red para esa aplicación concreta y, por otro lado proporcionará un apoyo extra a expertos de seguridad que estén investigando en la materia ya que, servirá de plataforma de pruebas para centralizar la información sobre seguridad que se tengan en ese momento en una base de conocimientos única, proporcionando también un método útil de prueba para posibles escenarios virtuales. ABSTRACT. It has been more than 20 years since the Internet appeared and with it, scientists, companies, users, etc. have been wanted to apply this technology to their environment which means to control remotely devices, which are useful for the industry or aspects of the daily life. However, the huge development of these applications oriented to that use, has not evolve till some important researches has been occurred in two fields: on one hand, the field of the Wireless Sensor Networks (WSN) which are networks composed of little devices that are able to transmit the information that they gather making it to pass through from their wireless network to other wider networks and on the other hand with the increase of the miniaturization of the devices which are able to work in autonomous mode so that to process data and connect to each other. WSN could be compromised in the matter of security as well as the conventional computer networks, due to the massive implementation of this kind of networks will cause that millions of Terabytes of data will be going around in the information society, thus what it is thought at first as an interesting advantage for people, could turn to be a nightmare because of the continuous threat to the minimal security services that developing companies must guarantee their applications users. These companies, and with the aim to provide a minimal security realm, they have to do a strict research about the application that they want to implement in one WSN and the specific characteristics of the network as they are made by tiny devices so that they could have certain limitations related to the battery, throughput, memory, etc. This project develops a unique application since, nowadays, there is not any software with similar characteristics and it will be really helpful in mainly two areas: on one side, it will help users who want to deploy an application in one WSN to determine in an automatically way, which ones security services and mechanisms are those which is necessary to implement in that network for the concrete application and, on the other side, it will provide an extra help for the security experts who are researching in wireless sensor network security so that ti will an exceptional platform in order to centralize information about security in the Wireless Sensor Networks in an exclusive knowledge base, providing at the same time a useful method to test virtual scenarios.
Resumo:
El presente documento pretende ofrecer una visión general del estado del conjunto de herramientas disponibles para el análisis y explotación de vulnerabilidades en sistemas informáticos y más concretamente en redes de ordenadores. Por un lado se ha procedido a describir analíticamente el conjunto de herramientas de software libre que se ofrecen en la actualidad para analizar y detectar vulnerabilidades en sistemas informáticos. Se ha descrito el funcionamiento, las opciones, y la motivación de uso para dichas herramientas, comparándolas con otras en algunos casos, describiendo sus diferencias en otros, y justificando su elección en todos ellos. Por otro lado se ha procedido a utilizar dichas herramientas analizadas con el objetivo de desarrollar ejemplos concretos de uso con sus diferentes parámetros seleccionados observando su comportamiento y tratando de discernir qué datos son útiles para obtener información acerca de las vulnerabilidades existentes en el sistema. Además, se ha desarrollado un caso práctico en el que se pone en práctica el conocimiento teórico presentado de forma que el lector sea capaz de asentar lo aprendido comprobando mediante un caso real la utilidad de las herramientas descritas. Los resultados obtenidos han demostrado que el análisis y detección de vulnerabilidades por parte de un administrador de sistemas competente permite ofrecer a la organización en cuestión un conjunto de técnicas para mejorar su seguridad informática y así evitar problemas con potenciales atacantes. ABSTRACT. This paper tries to provide an overview of the features of the set of tools available for the analysis and exploitation of vulnerabilities in computer systems and more specifically in computer networks. On the one hand we pretend analytically describe the set of free software tools that are offered today to analyze and detect vulnerabilities in computer systems. We have described the operation, options, and motivation to use these tools in comparison with other in some case, describing their differences in others, and justifying them in all cases. On the other hand we proceeded to use these analyzed tools in order to develop concrete examples of use with different parameters selected by observing their behavior and trying to discern what data are useful for obtaining information on existing vulnerabilities in the system. In addition, we have developed a practical case in which we put in practice the theoretical knowledge presented so that the reader is able to settle what has been learned through a real case verifying the usefulness of the tools previously described. The results have shown that vulnerabilities analysis and detection made by a competent system administrator can provide to an organization a set of techniques to improve its systems and avoid any potential attacker.
Resumo:
En este proyecto se hace un análisis en profundidad de las técnicas de ataque a las redes de ordenadores conocidas como APTs (Advanced Persistent Threats), viendo cuál es el impacto que pueden llegar a tener en los equipos de una empresa y el posible robo de información y pérdida monetaria que puede llevar asociada. Para hacer esta introspección veremos qué técnicas utilizan los atacantes para introducir el malware en la red y también cómo dicho malware escala privilegios, obtiene información privilegiada y se mantiene oculto. Además, y cómo parte experimental de este proyecto se ha desarrollado una plataforma para la detección de malware de una red en base a las webs, URLs e IPs que visitan los nodos que la componen. Obtendremos esta visión gracias a la extracción de los logs y registros de DNS de consulta de la compañía, sobre los que realizaremos un análisis exhaustivo. Para poder inferir correctamente qué equipos están infectados o no se ha utilizado un algoritmo de desarrollo propio inspirado en la técnica Belief Propagation (“Propagación basada en creencia”) que ya ha sido usada antes por desarrolladores cómo los de los Álamos en Nuevo México (Estados Unidos) para fines similares a los que aquí se muestran. Además, para mejorar la velocidad de inferencia y el rendimiento del sistema se propone un algoritmo adaptado a la plataforma Hadoop de Apache, por lo que se modifica el paradigma de programación habitual y se busca un nuevo paradigma conocido como MapReduce que consiste en la división de la información en conceptos clave-valor. Por una parte, los algoritmos que existen basados en Belief Propagation para el descubrimiento de malware son propietarios y no han sido publicados completamente hasta la fecha, por otra parte, estos algoritmos aún no han sido adaptados a Hadoop ni a ningún modelo de programación distribuida aspecto que se abordará en este proyecto. No es propósito de este proyecto desarrollar una plataforma comercial o funcionalmente completa, sino estudiar el problema de las APTs y una implementación que demuestre que la plataforma mencionada es factible de implementar. Este proyecto abre, a su vez, un horizonte nuevo de investigación en el campo de la adaptación al modelo MapReduce de algoritmos del tipo Belief Propagation basados en la detección del malware mediante registros DNS. ABSTRACT. This project makes an in-depth investigation about problems related to APT in computer networks nowadays, seeing how much damage could they inflict on the hosts of a Company and how much monetary and information loss may they cause. In our investigation we will find what techniques are generally applied by attackers to inject malware into networks and how this malware escalates its privileges, extracts privileged information and stays hidden. As the main part of this Project, this paper shows how to develop and configure a platform that could detect malware from URLs and IPs visited by the hosts of the network. This information can be extracted from the logs and DNS query records of the Company, on which we will make an analysis in depth. A self-developed algorithm inspired on Belief Propagation technique has been used to infer which hosts are infected and which are not. This technique has been used before by developers of Los Alamos Lab (New Mexico, USA) for similar purposes. Moreover, this project proposes an algorithm adapted to Apache Hadoop Platform in order to improve the inference speed and system performance. This platform replaces the traditional coding paradigm by a new paradigm called MapReduce which splits and shares information among hosts and uses key-value tokens. On the one hand, existing algorithms based on Belief Propagation are part of owner software and they have not been published yet because they have been patented due to the huge economic benefits they could give. On the other hand these algorithms have neither been adapted to Hadoop nor to other distributed coding paradigms. This situation turn the challenge into a complicated problem and could lead to a dramatic increase of its installation difficulty on a client corporation. The purpose of this Project is to develop a complete and 100% functional brand platform. Herein, show a short summary of the APT problem will be presented and make an effort will be made to demonstrate the viability of an APT discovering platform. At the same time, this project opens up new horizons of investigation about adapting Belief Propagation algorithms to the MapReduce model and about malware detection with DNS records.
Resumo:
El mundo actual es una fuente ilimitada de información. El manejo y análisis de estas enormes cantidades de información es casi imposible, pero también es difícil poder capturar y relacionar diferentes tipos de datos entre sí y, a partir de este análisis, sacar conclusiones que puedan conllevar a la realización, o no, de un conjunto de acciones. Esto hace necesario la implementación de sistemas que faciliten el acceso, visualización y manejo de estos datos; con el objetivo de poder relacionarlos, analizarlos, y permitir al usuario que, de la manera más sencilla posible, pueda sacar conclusiones de estos. De esta necesidad de manejar, visualizar y relacionar datos nació la plataforma Wirecloud. Wirecloud ha sido desarrollado en el laboratorio Computer Networks & Web Technologies Lab (CoNWeT Lab) del grupo CETTICO, ubicado en la Escuela Técnica Superior de Ingenieros Informáticos de la Universidad Politécnica de Madrid. Wirecloud es una plataforma de código abierto que permite, utilizando las últimas tecnologías web, recoger la información que se quiere analizar de diferentes fuentes en tiempo real e, interconectando entre sí una serie de componentes y operadores, realizar una mezcla y procesado de esta información para después usarla y mostrarla de la manera más usable posible al usuario. Un ejemplo de uso real de la plataforma podría ser: utilizar la lista de repartidores de una empresa de envío urgente para conocer cuáles son sus posiciones en tiempo real sobre un mapa utilizando el posicionamiento GPS de sus dispositivos móviles, y poder asignarles el destino y la ruta más óptima; todo esto desde la misma pantalla. El proyecto Wirecloud Mobile corresponde a la versión móvil de la plataforma Wirecloud, cuyo objetivos principales pretenden compatibilizar Wirecloud con el mayor número de sistemas operativos móviles que actualmente hay en el mercado, permitiendo su uso en cualquier parte del mundo; y poder enriquecer los componentes mencionados en el párrafo anterior con las características y propiedades nativas de los dispositivos móviles actuales, como por ejemplo el posicionamiento GPS, el acelerómetro, la cámara, el micrófono, los altavoces o tecnologías de comunicación como el Bluetooth o el NFC.---ABSTRACT---The current world is a limitless source of information. Use and analysis of this huge amount of information is nearly impossible; but it is also difficult being able to capture and relate different kinds of data to each other and, from this analysis, draw conclusions that can lead to the fulfilment or not of a set of relevant actions. This requires the implementation of systems to facilitate the access, visualization and management of this data easier; with the purpose of being capable of relate, analyse, and allow the user to draw conclusions from them. And out of this need to manage, visualize and relate data, the Wirecloud platform was born. Wirecloud has been developed at the Computer Networks & Web Technologies Lab (CoNWeT Lab) of CETTICO group, located at Escuela Técnica Superior de Ingenieros Informáticos of Universidad Politécnica de Madrid. Wirecloud is an open-source platform that allows, using the latest web technologies, to collect the information from different sources in real time and interlinking a set of widgets and operators, make a mixture and processing of this information, so then use it and show it in the most usable way. An example of the actual use of the platform could be: using the list of deliverymen from an express delivery company in order to know, using GPS positioning from their mobile devices, which are their current locations in a map; and be able to assign them the destination and optimum route; all of this from the same display/screen. Wirecloud Mobile Project is the mobile version of the Wirecloud platform, whose main objectives aim to make Wirecloud compatible with the largest amount of mobile operative systems that are currently available, allowing its use everywhere; and enriching and improving the previously mentioned components with the native specifications and properties of the present mobile devices, such as GPS positioning, accelerometer, camera, microphone, built-in speakers, or communication technologies such as Bluetooth or NFC (Near Field Communications).
Resumo:
Next Generation Networks (NGN) provide Telecommunications operators with the possibility to share their resources and infrastructure, facilitate the interoperability with other networks, and simplify and unify the management, operation and maintenance of service offerings, thus enabling the fast and cost-effective creation of new personal, broadband ubiquitous services. Unfortunately, service creation over NGN is far from the success of service creation in the Web, especially when it comes to Web 2.0. This paper presents a novel approach to service creation and delivery, with a platform that opens to non-technically skilled users the possibility to create, manage and share their own convergent (NGN-based and Web-based) services. To this end, the business approach to user-generated services is analyzed and the technological bases supporting the proposal are explained.
Resumo:
In this paper we generalize the Continuous Adversarial Queuing Theory (CAQT) model (Blesa et al. in MFCS, Lecture Notes in Computer Science, vol. 3618, pp. 144–155, 2005) by considering the possibility that the router clocks in the network are not synchronized. We name the new model Non Synchronized CAQT (NSCAQT). Clearly, this new extension to the model only affects those scheduling policies that use some form of timing. In a first approach we consider the case in which although not synchronized, all clocks run at the same speed, maintaining constant differences. In this case we show that all universally stable policies in CAQT that use the injection time and the remaining path to schedule packets remain universally stable. These policies include, for instance, Shortest in System (SIS) and Longest in System (LIS). Then, we study the case in which clock differences can vary over time, but the maximum difference is bounded. In this model we show the universal stability of two families of policies related to SIS and LIS respectively (the priority of a packet in these policies depends on the arrival time and a function of the path traversed). The bounds we obtain in this case depend on the maximum difference between clocks. This is a necessary requirement, since we also show that LIS is not universally stable in systems without bounded clock difference. We then present a new policy that we call Longest in Queues (LIQ), which gives priority to the packet that has been waiting the longest in edge queues. This policy is universally stable and, if clocks maintain constant differences, the bounds we prove do not depend on them. To finish, we provide with simulation results that compare the behavior of some of these policies in a network with stochastic injection of packets.
Resumo:
Systems biology techniques are a topic of recent interest within the neurological field. Computational intelligence (CI) addresses this holistic perspective by means of consensus or ensemble techniques ultimately capable of uncovering new and relevant findings. In this paper, we propose the application of a CI approach based on ensemble Bayesian network classifiers and multivariate feature subset selection to induce probabilistic dependences that could match or unveil biological relationships. The research focuses on the analysis of high-throughput Alzheimer's disease (AD) transcript profiling. The analysis is conducted from two perspectives. First, we compare the expression profiles of hippocampus subregion entorhinal cortex (EC) samples of AD patients and controls. Second, we use the ensemble approach to study four types of samples: EC and dentate gyrus (DG) samples from both patients and controls. Results disclose transcript interaction networks with remarkable structures and genes not directly related to AD by previous studies. The ensemble is able to identify a variety of transcripts that play key roles in other neurological pathologies. Classical statistical assessment by means of non-parametric tests confirms the relevance of the majority of the transcripts. The ensemble approach pinpoints key metabolic mechanisms that could lead to new findings in the pathogenesis and development of AD
Resumo:
In this paper we generalize the Continuous Adversarial Queuing Theory (CAQT) model (Blesa et al. in MFCS, Lecture Notes in Computer Science, vol. 3618, pp. 144–155, 2005) by considering the possibility that the router clocks in the network are not synchronized. We name the new model Non Synchronized CAQT (NSCAQT). Clearly, this new extension to the model only affects those scheduling policies that use some form of timing. In a first approach we consider the case in which although not synchronized, all clocks run at the same speed, maintaining constant differences. In this case we show that all universally stable policies in CAQT that use the injection time and the remaining path to schedule packets remain universally stable. These policies include, for instance, Shortest in System (SIS) and Longest in System (LIS). Then, we study the case in which clock differences can vary over time, but the maximum difference is bounded. In this model we show the universal stability of two families of policies related to SIS and LIS respectively (the priority of a packet in these policies depends on the arrival time and a function of the path traversed). The bounds we obtain in this case depend on the maximum difference between clocks. This is a necessary requirement, since we also show that LIS is not universally stable in systems without bounded clock difference. We then present a new policy that we call Longest in Queues (LIQ), which gives priority to the packet that has been waiting the longest in edge queues. This policy is universally stable and, if clocks maintain constant differences, the bounds we prove do not depend on them. To finish, we provide with simulation results that compare the behavior of some of these policies in a network with stochastic injection of packets.
Resumo:
Swarm colonies reproduce social habits. Working together in a group to reach a predefined goal is a social behaviour occurring in nature. Linear optimization problems have been approached by different techniques based on natural models. In particular, Particles Swarm optimization is a meta-heuristic search technique that has proven to be effective when dealing with complex optimization problems. This paper presents and develops a new method based on different penalties strategies to solve complex problems. It focuses on the training process of the neural networks, the constraints and the election of the parameters to ensure successful results and to avoid the most common obstacles when searching optimal solutions.
Resumo:
In the presence of a river flood, operators in charge of control must take decisions based on imperfect and incomplete sources of information (e.g., data provided by a limited number sensors) and partial knowledge about the structure and behavior of the river basin. This is a case of reasoning about a complex dynamic system with uncertainty and real-time constraints where bayesian networks can be used to provide an effective support. In this paper we describe a solution with spatio-temporal bayesian networks to be used in a context of emergencies produced by river floods. In the paper we describe first a set of types of causal relations for hydrologic processes with spatial and temporal references to represent the dynamics of the river basin. Then we describe how this was included in a computer system called SAIDA to provide assistance to operators in charge of control in a river basin. Finally the paper shows experimental results about the performance of the model.
