Sharif Digital Repository

Intrusion detection systems’ test and evaluation is an active research area on which many researchers have been working for years. A complete and comprehensive test methodology that can be applied in reasonable time and cost is important and useful both to evaluate a newly designed system and to compare two or more existing systems to select an appropriate system for a particular network. In this research, we first determine the critical features of an IDS and then inspect methods and effective parameters that may influence the test process and propose a method for testing intrusion detection systems. In the proposed test methodology we only examine critical features which lake of them cause... 

Flash Crowd traffic generation can be used as a metrics for measuring the resiliency and performance of a server. Also, it can provide a framework for verification and test of Intrusion detection systems (IDS) and Intrusion protection systems (IPS). Common traffic generation methods mimic timing and content of input traffic or regenerate input traffic by extracting its statistic distribution. So all of them need input traffic, while properties of Flash Crowd are different in the various servers and situations and there is no guaranty in existence of such samples of traffic for all servers. In this thesis, we introduce and use a new method for traffic generation without the need for input... 

A novel internetworking paradigm, software-defined exchange (SDX), allows multiple independent administrative domains to share computing, storage, and networking resources. Although the term SDX is very recent, the concept has already been used by many distinct disciplines.We argue that the advent of Software Defined Networking (SDN) provides a unique opportunity to effectively detect and contain network security problems such as DDoS attacks. DDoS attacks can easily exhaust the controller's or the switches' computing and communication resources and hence, breakdown the network within a short time. In this thesis we extend these functionalities with an efficient, scalable and light weight... 

Due to the growing need of users to establish voice over IP (VoIP) communications, the low quality of voice transmission that do not meet their needs leads to their dissatisfaction. For this reason, the VoIP quality improvement has become one of the most important challenges facing the current domain of network communications. The analysis of the quality of network services in the VoIP traffics is an integral part of the quality assurance and improvement process of the multimedia networks. Hence, "user satisfaction" monitoring and evaluation of voice communications (also known as "Quality of Experience"), in addition to adaptive improvement of the speech quality in such communications, are... 

By using an encoding scheme based on Algebraic Integers (AIs), we study in this thesis how to map the real numbers needed in the computation of the FFT to integer numbers, in order to prevent error production and propagation throughout the intermediate stages of the FFT computation. To reconstruct encoded data, a decoding stage is to be used at the end of the FFT computation. AI-encoding poses two challenges; how to determine suitable AI bases and an unwanted growth in the number of data passes. This research work, firstly, determines an appropriate FFT architecture, and then, proposes a dedicated architecture based on AI-encoding. The basic and also the proposed dedicated architecture are... 

Today, users can easily access network and Internet services from anywhere, anytime, using mobile computing devices, such as laptops, tablets, smartphones, and so forth This trend has diversified users and their need for network protocol-based services, including VoIP. VoIP is an Internet protocol for voice transmission and reception, which has become one of the biggest challenges in today's world of communications and telecommunications. Analyzing and evaluating the quality of network service (QoS) in VoIP traffic is an essential part of the process of ensuring and improving the quality of multimedia networks. Therefore, monitoring and measuring "users’ satisfaction" toward voice... 

Payload Attribution Systems (PAS) are one of the most important tools of network forensics for detecting offenders and victims after the occurrence of a cybercrime. A PAS stores the network traffic history in order to detect the source and destination pair of a certain data stream in case a malicious activity occurs on the network. The huge volume of information that is daily transferred in the network means that the data stored by a PAS must be as compact and concise as possible. Moreover, the investigation of this large volume of data for a malicious data stream must be handled within a reasonable time. For this purpose, several techniques based on storing a digest of traffic using Bloom... 

Intrusion Detection System (IDS) is an equipment destined to provide computer networks security. In recent years, Machine Learning and Deep Neural Network (DNN) methods have been considered as a way to detect new network attacks. Due to the huge amounts of calculations needed for these methods, there is a need for high performance and parallel or specific processors, such as Application Specific Integrated Circuit (ASIC), Graphical Processor Unit (GPU) and Field-Programmable Gate Array (FPGA). The latter seems more suitable than others due to its higher configurability and lesser power consumption. The goal of this study is the acceleration of a DNN-based IDS on FPGA. In this study, which is... 

Software defined networks are developed to provide programmability and a centralized view in networks by decoupling control plane from data plane. Software defined networks are now well received,and these networks are evolving every day. This is while more attention has been paid to widen the application of these networks and eliminating the shortcomings in their performance. On the other hand, in very large networks, the issue of efficiency and processing speed is of great importance. However, performance in these networks is not satisfactory, especially in single controller based SDN due to the complex processing of packets in a unique controller. Security needs are also of great... 

Software defined network (SDN) is an emerging network architecture in which the network control is directly programmed and separated from the forwarding plane. The SDN is a suitable and adaptable infrastructure for the requirements of new networks such as the Internet of Things and the fifth generation of mobile phones. In real time systems, tasks that miss their deadline are considered worthless or useless. Nowadays, real time applications in the SDN platform have diversified and will continue to expand in the future. SDN should be able to support real time communications like traditional networks, and even better. Therefore, from a designer’s or analyst’s point of view of such networks, it... 

Generating realistic network traffic serves capacity planning, traffic engineering, understanding internet service performance and anomaly detection. A useful traffic generator must generate characteristics in flows and packets, and add known internet anomalies to legitimate traffic. In this dissertation, we develop a tool for generating realistic and anomalous traffic. This generator can generate traffic in a scalable, reproducible and stochastic manner. Two methods are proposed for this purpose. In the first method, the traffic is generated according to statistical distribution of packets and flow charactristics. In the second method, traffic is generated by modeling the behavior of... 

Today road accidents take the lives of millions of people on a yearly basis through the world. Also, numerous attempts have been proposed to increase safety on the roads. Vehicular Ad hoc Network (VANET) is a subclass of mobile ad hoc networks (MANET); the main goal of which is to increase the safety and efficiency of road traffics and trips. However, like other networks, routing protocols are one of the most important parts of VANET. But, due to the unique characteristics of VANET (high mobility, short radio coverage area, etc.), the process of data dissemination is a more challenging task than other networks. Therefore, the need for efficient, reliable and safe routing protocols which can... 

By increasing speed gap between microprocessors and off-chip Last Level Cache, Optimization in Last Level Cache makes improvement in system performance. With development of new generation of multi-core processors and sharing LLC between these cores, the so called issue of Memory Wall has caused an incremental effect of LLC on system performance. There are three approaches to use this memory more efficiently:
1. Increasing cache capacity
2. Making cache hierarchical and adding different layers to hierarchy
3. Improvement of replacement algorithms in cache memory
The first approach has not been used in regard with limitation of technology and growth of access time due to... 

Congestion is an important issue in the network environment. To keep stable the perfor-mance of the network, congestion control algorithms have been extensively studied. Queue management method employed by the routers is one of the important issues in the congestion control study. Active Queue Management (AQM) has been proposed for early detection of congestion inside the network. AQM mechanisms control the queue length in a router by dropping arriving packets. The Random Early Detection (RED) is the most popular AQM mechanism used in routers on the Intenet to allow network users to simultaneously achieve high throughput and low average delay. The RED algorithm may cause heavy oscillation of... 

Protocol identification and reverse engineering have recently received much attention due to their importance in many communication and security applications. In this field, the main challenges are: protocol identification, clustering unknown protocols, extracting protocol fields, and finding the protocol format based on these fields and their relations. Most of the proposed methods for the first two parts (protocol identification and clustering) use machine learning and AI techniques. For the last part, some bioinformatics techniques like sequence alignment algorithms are used. In this thesis, after reviewing different methods for protocol identification and reverse engineering, some... 

Many congestion control protocols proposed so far to alleviate the problems encountered by TCP protocol in high-speed networks and wireless links have to estimate the parameters of the network. For example, the TCP WESTWOOD congestion window is adjusted based on available bandwidth estimation, or TCP Vegas detects the congestion status based on RTT (Round Trip Time) estimation, and XCP protocol operates according to network traffic load. In this paper, we proposed a novel estimation algorithm that is based on burst identification techniques in router. we show through analysis and simulation that during burst periods this method can estimate the congestion window size of the specific flow... 

Nowadays, the significance of securing data and information is undeniable. Cryptography is being used to provide data security. In addition, cryptanalysis is required to evaluate the effectiveness of cryptography methods, and hence, it is an essential concept for securing data. In general, the cryptography functions shall be designed in a way to impose a high load of time-intensive operations to prevent an adversary from accessing the main data from the encrypted data. As a result, cryptography and cryptanalysis algorithms need high performance computations. So far, a number of methods have been proposed to support the required performance. These methods include: distributed computing and... 

The attempt of this project is to propose a simple model for traffic analysis which eventually leads to the presentation of an online classifier for network traffic anomaly detection. In this research, e show empirically that despite the variety of data networks in size, number of users, applications, and load, the inter-arrival times of normal TCP flows comply with the Weibull distribution whereas specific irregularities (anomalies) causes deviations from the distribution. Consequently, any type of anomalies affecting TCP flows, including intentional intrusions or unintended faults and network failures in general, can be detected by analyzing the discrepancy of TCP flow inter-arrival times... 

The visible growth in usage of computer networks in daily human life has significantly increased the importance of their correct and flawless operation. Various solutions have been offered to evaluate the operation correctness of network equipment. One of the most important issues in this context is evaluating the performance of such equipment. Due to the increase in speed of network ports, design and implementation of performance evaluation tools have become a challenging issue in terms of parameters such as speed, time accuracy, power consumption and cost. In this thesis, a hardware-based system for testing network equipment with 10 Gbps ports has been designed and implemented. This system... 

Nowadays, using smart buildings to improve performance and welfare of residents is of interest. Usually, these systems consist of safety systems that provide safety and security for residents. For example, fire detection system, sound the alarm and activating sprinkler in the building. For different types of critical events that can occur, variety of safety systems has been designed. Response time of these systems should be less than the deadline and the correct operation must be compeleted. As a result, analyzing and checking out the real-time and logical features of safety systems are the issues that we treat and investigate in this thesis.
In general, these systems are either...