The use of Machine Learning (ML) techniques in Intrusion Detection Systems (IDS) has taken a prominent role the network security management field, due to substantial number sophisticated attacks that often pass undetected through classic IDSs. These are typically aimed at recognising based on specific signature, or detecting anomalous events. However, deterministic, rule-based methods fail differentiate particular (rarer) conditions (as peak traffic during situations) from actual cyber...

This work addresses the challenge of forecasting temporal metrics that characterize cellular traffic behavior. The ultimate goal is to provide network operators with a valuable tool for modeling mobile and optimizing connected resources. idea estimate beforehand evolution some Quality-of-Experience (QoE) Quality-of-Service (QoS) metrics, which helpful accurately tuning allocation Remarkably, these (expressed as time series) are typically correlated, changes in one series can affect others...

Distributed Denial-of-Service (DDoS) attacks are usually launched through the botnet, an “army” of compromised nodes hidden in network. Inferential tools for DDoS mitigation should accordingly enable early and reliable discrimination normal users from ones. Unfortunately, recent emergence performed at application layer has multiplied number possibilities that a botnet can exploit to conceal its malicious activities. New challenges arise, which cannot be addressed by simply borrowing have...

This work proposes a stochastic characterization of resilient 5G architectures, where attributes such as performance and availability play crucial role. As regards performance, we focus on the delay associated with Packet Data Unit session establishment, procedure recognized critical for its impact Quality Service Experience end-users. To formally characterize this aspect, employ non-product-form queueing networks framework where: i) main nodes architecture have been realistically modeled...

The detection of encrypted real-time traffic, both streaming and conversational, is an increasingly important issue for agencies in charge lawful interception. Aside from well established technologies used communication (e.g. Skype, Facetime, Lync etc.) a new one recently spreading: Web Real-Time Communication (WebRTC), which, with the support robust encryption method such as DTLS, offers capabilities voice video without need installing specific application but using common browser, like...

Nowadays, network and telecommunication operators require flexible dynamic models to deploy new services in a fast, reliable cost saving way. The Service Function Chaining (SFC) design is particularly suited meet such needs, especially conjunction with the Network Virtualization (NFV) paradigm that adds noteworthy elasticity during SFC deployment phase. Accordingly, realized by means of composition Virtualized Functions (VNFs) aimed at providing some specific services. We consider, from an...

The Next Generation 5G Networks can greatly benefit from the synergy between virtualization paradigms, such as Network Function Virtualization (NFV), and service provisioning platforms IP Multimedia Subsystem (IMS). NFV concept is evolving towards a lightweight solution based on containers that, by contrast to classic virtual machines, do not carry whole operating system result in more efficient scalable deployments. On other hand, IMS has become an integral part of core network, for...

In a Distributed Denial of Service (DDoS) attack, network (botnet) dispersed agents (bots) sends requests to website saturate its resources. Since the are sent by automata, typical way detect them is look for some repetition pattern or commonalities between same user from different users. For this reason, recent DDoS variants exploit communication layers that offer broader possibility in terms admissible request patterns, such as, e.g., application layer. case, malicious can pick legitimate...

This work examines propagation of cyber-threats over networks under an adversarial formulation. Exploiting Kendall's birth-death-immigration model, we propose analytical framework to describe the stochastic dynamics cyber-threat in a collection heterogeneous sub-networks characterized by different attributes. We two formalisations problem as zero-sum games involving adversaries: attacker, who launches across distinct sub-networks; and defender, tries mitigate threats delivering suitable...

The failure of a single network element composing Service Function Chain (SFC) unavoidably leads to some degradation in terms availability (ability guaranteeing working conditions), and/or performance sustaining certain workload) for the whole SFC. By considering both these aspects, we propose, as case study, joint analysis and (a.k.a. performability) IP Multimedia Subsystem, an SFC infrastructure which plays key role all-IP convergence telecommunication services, especially per prospects 5G...

Nowadays, most telecommunication services adhere to the Service Function Chain (SFC) paradigm, where network functions are implemented via software. In particular, container virtualization is becoming a popular approach deploy and enable resource slicing among several tenants. The resulting infrastructure complex system composed by huge amount of containers implementing different SFC functionalities, along with tenants sharing same chain. complexity such scenario lead us evaluate two...

Predicting the behavior of real-time traffic (e.g., VoIP) in mobility scenarios could help operators to better plan their network infrastructures and optimize allocation resources. Accordingly, this work authors propose a forecasting analysis crucial QoS/QoE descriptors (some which neglected technical literature) VoIP real mobile environment. The problem is formulated terms multivariate time series analysis. Such formalization allows discover model temporal relationships among various...

To date the work done in UK to assess loss of life and evacuation times for flood risk areas has been limited.To provide most accurate assessment a complex model is required.This paper details application prototype, agent-based Life Safety Model (LSM) estimate two Thames Estuary.The LSM models individual receptors (e.g.people cars) their dynamic interaction with floodwater.The estimates deaths from: drowning; exhaustion; building collapse; vehicles being swept away, as well times.The offers...

Service provisioning mechanisms implemented across 5G infrastructures take broadly into use the network service chain concept. Typically, it is coupled with Network Function Virtualization (NFV) paradigm, and consists in defining a pre-determined path traversed by set of softwarized nodes to provide specific services. A well known chain-like framework IP Multimedia Subsystem (IMS), key infrastructure networks, that we characterize both performance an availability perspective. Precisely,...

Abstract The assessment of potential consequences a flood event to the exposed population is key question for risk managers. This issue increasingly triggering research on assessing numbers fatalities because flooding. In past, mortality functions were proposed estimate in areas that are hazard defence failures‐in N etherlands. paper describes study undertaken validate those and assesses their applicability appraising flooding people UK ‐specific context. applied 1953 orth S ea torm and,...

The classification of data sessions on the Internet is a crucial issue for Authorities involved in lawful interception. Some Service Providers (ISP) can provide panel IP nodes that, tuned to detect specific patterns, are able send an alert when session targeted class found. Unluckily, several applications generate bulk traffic not characterized by recognizable sequence information segments, except, may be, some short phases such as setup and release. Whenever intercepted, no pattern help...

The Network Function Virtualization (NFV) paradigm has been devised as an enabler of next generation network infrastructures by speeding up the provisioning and composition novel services. latter are implemented via a chain virtualized functions, process known Service Chaining. In this paper, we evaluate availability multi-tenant SFC infrastructures, where every function is modeled multi-state system shared among different independent tenants. To aim, propose Universal Generating (UGF)...

Recent variants of Distributed Denial-of-Service (DDoS) attacks leverage the flexibility application-layer protocols to disguise malicious activities as normal traffic patterns, while concurrently overwhelming target destination with a large request rate. New countermeasures are necessary, aimed at guaranteeing an early and reliable identification compromised network nodes (the botnet). In this work we introduce formal model for aforementioned class attacks, devise inference algorithm that...

In a randomized DDoS attack with increasing emulation dictionary, the bots try to hide their malicious activity by disguising traffic patterns as "normal" patterns. this work, we extend class introduced in [1], [2] case of multi-clustered botnet, whose main feature is that dictionary split over giving rise multiple botnet clusters. We propose two strategies identify such challenging scenario, one based on cluster expurgation, other union rule. Consistency both algorithms under ideal...