Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
1,380
result(s) for
"Network Time Protocol (Computer network protocol)"
Sort by:
NTP security : a quick-start guide
\"Learn the risks associated with Network Time Protocol (NTP) security and how to minimize those risks in daily deployment. Disruption of NTP services can interrupt communication between servers on the network and take an entire network offline. Beyond disrupting communication, flaws in the NTP daemon itself can make servers vulnerable to external attack--attacks that often go unnoticed. NTP is being used more frequently in Distributed Denial of Service (DDoS) attacks. It is a User Datagram Protocol (UDP) with encryption schemes that are not often used or are poorly implemented, making it susceptible to spoofing. Despite all of the security challenges, the fact is that NTP is critical to most modern networks. It is one of those \"set it and forget it\" protocols that network administrators and even security professionals don't understand in depth. However, an attacker who does understand the security flaws can wreak havoc on an insecure network. NTP Security: A Quick-Start Guide provides a deeper understanding of the protocol itself and how to deploy a strategy using the protocol throughout a network in a secure manner. Your security team will be able to provide better guidance to the system and network teams who will then be able to better manage the day-to-day implementation. This succinct resource offers practical guidance to an underserved topic (actually, not served at all). Coverage includes: an understanding of NTP and the importance of time synchronization in modern networks; issues in NTP security, including an analysis of NTP traffic; a review of the vulnerabilities and flaws in the protocol; practical solutions for securing NTP and building a robust infrastructure; effective alternatives to NTP\"--Back cover.
Book
An Energy Efficient Localization-Free Routing Protocol for Underwater Wireless Sensor Networks
Recently, underwater wireless sensor networks (UWSNs) have attracted much research attention from both academia and industry, in order to explore the vast underwater environment. UWSNs have peculiar characteristics; that is, they have large propagation delay, high error rate, low bandwidth, and limited energy. Therefore, designing network/routing protocols for UWSNs is very challenging. Also, in UWSNs, improving the energy efficiency is one of the most important issues since the replacement of the batteries of underwater sensor nodes is very expensive due to the unpleasant underwater environment. In this paper, we therefore propose an energy efficient routing protocol, named (energy-efficient depth-based routing protocol) EEDBR for UWSNs. EEDBR utilizes the depth of sensor nodes for forwarding data packets. Furthermore, the residual energy of sensor nodes is also taken into account in order to improve the network lifetime. Based on the comprehensive simulation using NS2, we observe that EEDBR contributes to the performance improvements in terms of the network lifetime, energy consumption, and end-to-end delay. A previous version of this paper was accepted in AST-2011 conference.
Journal Article
A TCP Acceleration Algorithm for Aerospace-Ground Service Networks
The transmission of satellite payload data is critical for services provided by aerospace ground networks. To ensure the correctness of data transmission, the TCP data transmission protocol has been used typically. However, the standard TCP congestion control algorithm is incompatible with networks with a long time delay and a large bandwidth, resulting in low throughput and resource waste. This article compares recent studies on TCP-based acceleration algorithms and proposes an acceleration algorithm based on the learning of historical characteristics, such as end-to-end delay and its variation characteristics, the arrival interval of feedback packets (ACK) at the receiving end and its variation characteristics, the degree of data packet reversal and its variation characteristics, delay and jitter caused by the security equipment’s deep data inspection, and random packet loss caused by various factors. The proposed algorithm is evaluated and compared with the TCP congestion control algorithms under both laboratory and ground network conditions. Experimental results indicate that the proposed acceleration algorithm is efficient and can significantly increase throughput. Therefore, it has a promising application prospect in high-speed data transmission in aerospace-ground service networks.
Journal Article
Non-Stationary Characteristics of AQM Based on the Queue Length
We performed a non-stationary analysis of a class of buffer management schemes for TCP/IP networks, in which the arriving packets were rejected randomly, with probability depending on the queue length. In particular, we derived formulas for the packet waiting time (queuing delay) and the intensity of packet losses as functions of time. These results allow us to observe how the evolution of the waiting time and losses depend on initial conditions (e.g., the full buffer) and system parameters (e.g., dropping probabilities, load, packet size distribution). As side results, the stationary waiting time and packet loss probability were obtained. Numerical examples demonstrate applicability of the theoretical results.
Journal Article
A Comparative Analysis of Deep Learning Approaches for Network Intrusion Detection Systems (N-IDSs): Deep Learning for N-IDSs
Recently, due to the advance and impressive results of deep learning techniques in the fields of image recognition, natural language processing and speech recognition for various long-standing artificial intelligence (AI) tasks, there has been a great interest in applying towards security tasks too. This article focuses on applying these deep taxonomy techniques to network intrusion detection system (N-IDS) with the aim to enhance the performance in classifying the network connections as either good or bad. To substantiate this to NIDS, this article models network traffic as a time series data, specifically transmission control protocol / internet protocol (TCP/IP) packets in a predefined time-window with a supervised deep learning methods such as recurrent neural network (RNN), identity matrix of initialized values typically termed as identity recurrent neural network (IRNN), long short-term memory (LSTM), clock-work RNN (CWRNN) and gated recurrent unit (GRU), utilizing connection records of KDDCup-99 challenge data set. The main interest is given to evaluate the performance of RNN over newly introduced method such as LSTM and IRNN to alleviate the vanishing and exploding gradient problem in memorizing the long-term dependencies. The efficient network architecture for all deep models is chosen based on comparing the performance of various network topologies and network parameters. The experiments of such chosen efficient configurations of deep models were run up to 1,000 epochs by varying learning-rates between 0.01-05. The observed results of IRNN are relatively close to the performance of LSTM on KDDCup-99 NIDS data set. In addition to KDDCup-99, the effectiveness of deep model architectures are evaluated on refined version of KDDCup-99: NSL-KDD and most recent one, UNSW-NB15 NIDS datasets.
Journal Article
An Efficient Probe-Based Routing for Content-Centric Networking
With the development of new technologies and applications, such as the Internet of Things, smart cities, 5G, and edge computing, traditional Internet Protocol-based (IP-based) networks have been exposed as having many problems. Information-Centric Networking (ICN), Named Data Networking (NDN), and Content-Centric Networking (CCN) are therefore proposed as an alternative for future networks. However, unlike IP-based networks, CCN routing is non-deterministic and difficult to optimize due to frequent in-network caching replacement. This paper presents a novel probe-based routing algorithm that explores real-time in-network caching to ensure the routing table storing the optimal paths to the nearest content provider is up to date. Effective probe-selections, Pending Interest Table (PIT) probe, and Forwarding Information Base (FIB) probe are discussed and analyzed by simulation with different performance measurements. Compared with the basic CCN, in terms of qualitative analysis, the additional computational overhead of our approach is O(NCS + Nrt + NFIB ∗ NSPT) and O(NFIB) on processing interest packets and data packets, respectively. However, in terms of quantitative analysis, our approach reduces the number of timeout interests by 6% and the average response time by 0.6 s. Furthermore, although basic CCN and our approach belong to the same Quality of Service (QoS) category, our approach outperforms basic CCN in terms of real values. Additionally, our probe-based approach performs better than RECIF+PIF and EEGPR. Owing to speedup FIB updating by probes, our approach provides more reliable interest packet routing when accounting for router failures. In summary, the results demonstrate that compared to basic CCN, our probe-based routing approach raises FIB accuracy and reduces network congestion and response time, resulting in efficient routing.
Journal Article
A Decentralized Multi-Venue Real-Time Video Broadcasting System Integrating Chain Topology and Intelligent Self-Healing Mechanisms
The rapid growth in large-scale distributed video conferencing, remote education, and real-time broadcasting poses significant challenges to traditional centralized streaming systems, particularly regarding scalability, cost, and reliability under high concurrency. Centralized approaches often encounter bottlenecks, increased bandwidth expenses, and diminished fault tolerance. This paper proposes a novel decentralized real-time broadcasting system employing a peer-to-peer (P2P) chain topology based on IPv6 networking and the Secure Reliable Transport (SRT) protocol. By exploiting the global addressing capability of IPv6, our solution simplifies direct node interconnections, effectively eliminating complexities associated with Network Address Translation (NAT). Furthermore, we introduce an innovative chain-relay transmission method combined with distributed node management strategies, substantially reducing reliance on central servers and minimizing deployment complexity. Leveraging SRT’s low-latency UDP transmission, packet retransmission, congestion control, and AES-128/256 encryption, the proposed system ensures robust security and high video stream quality across wide-area networks. Additionally, a WebSocket-based real-time fault detection algorithm coupled with a rapid fallback self-healing mechanism is developed, enabling millisecond-level fault detection and swift restoration of disrupted links. Extensive performance evaluations using Video Multi-Resolution Fidelity (VMRF) metrics across geographically diverse and heterogeneous environments confirm significant performance gains. Specifically, our approach achieves substantial improvements in latency, video quality stability, and fault tolerance over existing P2P methods, along with over tenfold enhancements in frame rates compared with conventional RTMP-based solutions, thereby demonstrating its efficacy, scalability, and cost-effectiveness for real-time video streaming applications.
Journal Article
Rethinking Modbus-UDP for Real-Time IIoT Systems
The original Modbus specification for RS-485 and RS-232 buses supported broadcast transmission. As the protocol evolved into Modbus-TCP, to use the TCP transport, this useful feature was lost, likely due to the point-to-point nature of TCP connections. Later proposals did not restore the broadcast transmission capability, although they used UDP as transport and UDP, by itself, would have supported it. Moreover, they did not address the inherent lack of reliable delivery of UDP, leaving datagram loss detection and recovery to the application layer. This paper describes a novel redesign of Modbus-UDP that addresses the aforementioned shortcomings. It achieves a mean round-trip time of only 38% with respect to Modbus-TCP and seamlessly supports a previously published protocol based on Modbus broadcast. In addition, the built-in retransmission of Modbus-UDP reacts more efficiently than the equivalent Modbus-TCP mechanism, exhibiting 50% of its round-trip standard deviation when subject to a 1% two-way IP datagram loss probability. Combined with the lower overhead of UDP versus TCP, this makes the redesigned Modbus-UDP protocol better suited for a variety of Industrial Internet of Things systems with limited computing and communication resources.
Journal Article
Intrusion detection using TCP/IP single packet header binary image for IoT networks
In today’s interconnected world, real-time intrusion detection poses a critical challenge due to the increasing volume, complexity, and diversity of IoT network traffic. Conventional methods often struggle to meet the stringent demands for low latency and high accuracy necessary to detect and mitigate cyber-attacks in dynamic environments like IoT networks. Exposure to the open and insecure Internet exacerbates these vulnerabilities, increasing the risks of privacy breaches and catastrophic consequences, including financial losses and threats to human safety. In response, we propose a novel approach to network intrusion detection that transforms single raw TCP/IP packet headers into binary images with maximal contrast between image components (black and white dots). It leverages the exceptional capabilities of Convolutional Neural Networks in computer vision to detect and classify network intrusions using single TCP/IP packet headers image. Experimental evaluation using the Edge-IIoTset and MQTTset datasets demonstrates outstanding performance. In binary classification, the lightweight CNN model, with only 35 trainable parameters, achieves 100% accuracy. For multiclass classification, accuracy rates reach 97.435% with Edge-IIoTset and 100% with MQTTset, with zero false positives for normal traffic across both datasets. These results highlight the proposed method's ability to enhance IoT security while accommodating the computational constraints of IoT devices. By bypassing complex feature extraction, the method significantly reduces latency, making it highly suitable for real-time applications.
Journal Article
A Digital Twin Platform Integrating Process Parameter Simulation Solution for Intelligent Manufacturing
The present work aims to develop a digital twin system typical of intelligent manufacturing applications, which has integrated visualization technologies, as well as the process parameter simulation solution. The application under consideration is a typical machining process, with a gantry machine tool controlled by Siemens Programmable Logic Controller(PLC) S7-1200. With the establishment of dual-directional data communication between the physical machine tool and its virtual counterpart based on TCP/IP protocol, real-time visualization, monitoring, and control of the entire working process can be achieved. Furthermore, we integrated with the digital twin system as a solution for real-time process parameter simulation based on finite element modeling (FEM), which enables the real-time monitoring of necessary process parameters, e.g., surface deformation, during the machining process. A preliminary experiment was conducted to validate our proposed digital twin system, and the results demonstrated that our proposed method has satisfactory performance in terms of both control and monitoring of the traditional machining process, and synchronization between the physical and virtual models is also proven to be positive with minimal latency.
Journal Article