Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

Leveraging Symbiotic Relationships for Emulation of Computer Networks

The lack of analytical models that can accurately describe large-scale networked systems makes empirical experimentation indispensable for understanding complex behaviors. Research on network testbeds for testing network protocols and distributed services, including physical, emulated, and federated testbeds, has made steady progress. Although the success of these testbeds is undeniable, they fail to provide: 1) scalability, for handling large-scale networks with hundreds or thousands of hosts and routers organized in different scenarios, 2) flexibility, for testing new protocols or applications in diverse settings, and 3) inter-operability, for combining simulated and real network entities in experiments. This dissertation tackles these issues in three different dimensions. First, we present SVEET, a system that enables inter-operability between real and simulated hosts. In order to increase the scalability of networks under study, SVEET enables time-dilated synchronization between real hosts and the discrete-event simulator. Realistic TCP congestion control algorithms are implemented in the simulator to allow seamless interactions between real and simulated hosts. SVEET is validated via extensive experiments and its capabilities are assessed through case studies involving real applications. Second, we present PrimoGENI, a system that allows a distributed discrete-event simulator, running in real-time, to interact with real network entities in a federated environment. PrimoGENI greatly enhances the flexibility of network experiments, through which a great variety of network conditions can be reproduced to examine what-if questions. Furthermore, PrimoGENI performs resource management functions, on behalf of the user, for instantiating network experiments on shared infrastructures. Finally, to further increase the scalability of network testbeds to handle large-scale high-capacity networks, we present a novel symbiotic simulation approach. We present SymbioSim, a testbed for large-scale network experimentation where a high-performance simulation system closely cooperates with an emulation system in a mutually beneficial way. On the one hand, the simulation system benefits from incorporating the traffic metadata from real applications in the emulation system to reproduce the realistic traffic conditions. On the other hand, the emulation system benefits from receiving the continuous updates from the simulation system to calibrate the traffic between real applications. Specific techniques that support the symbiotic approach include: 1) a model downscaling scheme that can significantly reduce the complexity of the large-scale simulation model, resulting in an efficient emulation system for modulating the high-capacity network traffic between real applications; 2) a queuing network model for the downscaled emulation system to accurately represent the network effects of the simulated traffic; and 3) techniques for reducing the synchronization overhead between the simulation and emulation systems.

Implantación de una SAN corporativa

El objetivo de este proyecto es hacer un estudio de las compañías que utilizan TICs, clasificarlas en base a algunos criterios y analizar qué tipos de almacenamiento les pueden interesar -y en caso de necesitar una SAN (Storage Area Network), proponer alguna tipología de red de almacenamiento-.

Integración de sistema de monitorización Nagios con Twitter

Integración de sistema de monitorización Nagios con Twitter como sistema de notificación de eventos.

Smart cities : Un enfoque práctico sobre una metrópolis y auditoría en Lima (Perú)

Análisis del origen del concepto de smart cities que deriva de la gestión y ahorro energético, comparación de ejemplos de smart cities actuales y realización de un caso práctico sobre Lima analizando exhaustivamente qué componentes tenemos según las diferentes métricas e indicadores y qué componentes faltarían para poder ser una ciudad "smart".

Remote control of CNC machines using the CyberOPC communication system over public networks

During the last few years, the evolution of fieldbus and computers networks allowed the integration of different communication systems involving both production single cells and production cells, as well as other systems for business intelligence, supervision and control. Several well-adopted communication technologies exist today for public and non-public networks. Since most of the industrial applications are time-critical, the requirements of communication systems for remote control differ from common applications for computer networks accessing the Internet, such as Web, e-mail and file transfer. The solution proposed and outlined in this work is called CyberOPC. It includes the study and the implementation of a new open communication system for remote control of industrial CNC machines, making the transmission delay for time-critical control data shorter than other OPC-based solutions, and fulfilling cyber security requirements.

A survey on key management mechanisms for distributed Wireless Sensor Networks

Wireless Sensor Networks (WSNs) have a vast field of applications, including deployment in hostile environments. Thus, the adoption of security mechanisms is fundamental. However, the extremely constrained nature of sensors and the potentially dynamic behavior of WSNs hinder the use of key management mechanisms commonly applied in modern networks. For this reason, many lightweight key management solutions have been proposed to overcome these constraints. In this paper, we review the state of the art of these solutions and evaluate them based on metrics adequate for WSNs. We focus on pre-distribution schemes well-adapted for homogeneous networks (since this is a more general network organization), thus identifying generic features that can improve some of these metrics. We also discuss some challenges in the area and future research directions. (C) 2010 Elsevier B.V. All rights reserved.

The choice of the best among the shortest routes in transparent optical networks

This work introduces the problem of the best choice among M combinations of the shortest paths for dynamic provisioning of lightpaths in all-optical networks. To solve this problem in an optimized way (shortest path and load balance), a new fixed routing algorithm, named Best among the Shortest Routes (BSR), is proposed. The BSR`s performance is compared in terms of blocking probability and network utilization with Dijkstra`s shortest path algorithm and others algorithms proposed in the literature. The evaluated scenarios include several representative topologies for all-optical networking and different wavelength conversion architectures. For all studied scenarios, BSR achieved superior performance. (C) 2010 Elsevier B.V. All rights reserved.

Dynamic models for computer viruses

Computer viruses are an important risk to computational systems endangering either corporations of all sizes or personal computers used for domestic applications. Here, classical epidemiological models for disease propagation are adapted to computer networks and, by using simple systems identification techniques a model called SAIC (Susceptible, Antidotal, Infectious, Contaminated) is developed. Real data about computer viruses are used to validate the model. (c) 2008 Elsevier Ltd. All rights reserved.

Towards the design of efficient nonbeacon-enabled ZigBee networks

This paper presents experimental results of the communication performance evaluation of a prototype ZigBee-based patient monitoring system commissioned in an in-patient floor of a Portuguese hospital (HPG – Hospital Privado de Guimar~aes). Besides, it revisits relevant problems that affect the performance of nonbeacon-enabled ZigBee networks. Initially, the presence of hidden-nodes and the impact of sensor node mobility are discussed. It was observed, for instance, that the message delivery ratio in a star network consisting of six wireless electrocardiogram sensor devices may decrease from 100% when no hidden-nodes are present to 83.96% when half of the sensor devices are unable to detect the transmissions made by the other half. An additional aspect which affects the communication reliability is a deadlock condition that can occur if routers are unable to process incoming packets during the backoff part of the CSMA-CA mechanism. A simple approach to increase the message delivery ratio in this case is proposed and its effectiveness is verified. The discussion and results presented in this paper aim to contribute to the design of efficient networks,and are valid to other scenarios and environments rather than hospitals.

Real-time communications over wired/wireless PROFIBUS networks supporting inter-cell mobility

PROFIBUS is an international standard (IEC 61158, EN 50170) for factory-floor communications, with several thousands of installations worldwide. Taking into account the increasing need for mobile devices in industrial environments, one obvious solution is to extend traditional wired PROFIBUS networks with wireless capabilities. In this paper, we outline the major aspects of a hybrid wired/wireless PROFIBUS-based architecture, where most of the design options were made in order to guarantee the real-time behaviour of the overall network. We also introduce the timing unpredictability problems resulting from the co-existence of heterogeneous physical media in the same network. However, the major focus of this paper is on how to guarantee real-time communications in such a hybrid network, where nodes (and whole segments) can move between different radio cells (inter-cell mobility). Assuming a simple mobility management mechanism based on mobile nodes performing periodic radio channel assessment and switching, we propose a methodology to compute values for specific parameters that enable an optimal (minimum) and bounded duration of the handoff procedure.

Replication vs erasure coding in data centric storage for wireless sensor networks

In-network storage of data in wireless sensor networks contributes to reduce the communications inside the network and to favor data aggregation. In this paper, we consider the use of n out of m codes and data dispersal in combination to in-network storage. In particular, we provide an abstract model of in-network storage to show how n out of m codes can be used, and we discuss how this can be achieved in five cases of study. We also define a model aimed at evaluating the probability of correct data encoding and decoding, we exploit this model and simulations to show how, in the cases of study, the parameters of the n out of m codes and the network should be configured in order to achieve correct data coding and decoding with high probability.

Desenvolupament d'una aplicació Android per a Moodle

L'evolució que la tecnologia de les comunicacions sense fils ha experimentat en els darrers anys permet que avui en dia els dispositius mòbils proporcionin una resposta més que acceptable. Ja s'han superat molts dels problemes de mobilitat, d'infraestructura i d'ample de banda que fins ara dificultaven l'ús d'aquests dispositius. Aquest fet ha fomentat l'expansió de diferents sistemes dels que es pot destacar Android, iPhone OS i Windows Mobile/Windows Phone 7. Els dos primers són els que actualment es disputen el lideratge del mercat dels dispositius i aplicacions mòbils i és Android el que ha experimentat el major creixement els darrers anys. Paral·lelament, la constant introducció de programari d'e-learning destinat a activitats de formació no presencial basades en Internet ha permès arribar a milions d'usuaris en diferents àmbits, com ara universitats, empreses i institucions d'arreu del món. D'aquest conjunt de programari destaca Moodle, suite de codi obert que permet crear llocs web de formació en línia de forma senzilla i eficaç.Aquest Projecte de Final de Carrera, emmarcat en l'àrea de Xarxes de Computadors, conjugaaquests tres conceptes mitjançant el desenvolupament d'una aplicació per a dispositius mòbils Android que connecta a un servidor Moodle. La comunicació entre ells utilitza intensivament les xarxes sense fils i fa crides als serveis que aquest ofereix gràcies als Web Services, mètode de comunicacions composat d'un conjunt de protocols i de programari que permet la comunicació entre dos dispositius a través de la xarxa.

J2EE : proveïdor de seguretat en un entorn distribuit

Aquest TFC-J2EE, està basat en l'anàlisi, disseny i implementació d'un proveïdor de seguretat en un entorn distribuït. Ha consistit en dues aplicacions independents, una consumidora i l'altre servidora que es comunicaven usant el patró Façana (una façana amigable amaga el negoci i la complexitat de l'aplicació a la que es vol accedir).

Extensió de les capacitats de monitoratge de JFFNM en entorns Wlan

Aquest TFC pretén recollir un conjunt de paràmetres de radi d'un dispositiu Wireless i poder representar-los en l'aplicació de monitoratge Just For Fun Network Management System (JFFNMS).