Metrology for Security and
Quality of Service
|
Support: MetroSec is a project granted and funded
by the French ministry of research, CNRS, INRIA and DGA. He has
been accepted by the ACI Sécurité & Informatique (Security & Computer science). Beginning: Duration: 3 years |
Contact: Philippe Owezarski LAAS-CNRS 7, Avenue du Colonel Roche 31077 Toulouse cedex Phone : +33 (0)5 61 33 63 17 Fax : +33 (0)5 61 33 64 11 e-mail :mailto:owe@laas.fr |
The
Internet is evolving towards the model of a multi-service network that will be
expected to provide strict quality of service (QoS)
in all circumstances, including the most difficult ones. Among the most
difficult, one can count both simple and distributed denial of service (DoS) attacks, during which times the network is unable to
furnish requested service levels. The extreme sensitivity of the Internet in
such cases underlines the tight relation that exists between computer security
and QoS. At a more general level, the Internet shows
an equally important sensitivity to all types of ruptures, be
they induced by failures, by Byzantine behaviours of some elements of the
network, or more simply by significant though not abnormal increases in the
traffic level related, for instance, to a flash crowd or the live diffusion of
a popular event.
The
major goal of this research project is to increase robustness and insensitivity
of the network with respect to ruptures in traffic characteristics and
topology, so that the network continues to deliver an acceptable level of
services and the requested QoS (thus voiding the
effect of possible attacks).
MetroSec intends first to develop and use tools for active and passive
metrology, and for monitoring the characteristics of the network and its
traffic. The analysis of the collected traces and measurements will permit
study of the nature and importance of manner in which ruptures have an impact
on QoS and on the propagation in time and space (via
network topology) of potential alterations to QoS.
One
of the research directions of this project is based on preliminary characterisation
and modelling of traffic obtained in past years mainly by the research teams
involved in MetroSec.
This work showed that scale invariant phenomena are one of the major
statistical characteristics of modern computer network traffic. Research teams
involved in the present MetroSec
proposal, as well as a number of other research groups throughout the world,
have shown that attacks against a network cause significant variations in
scaling parameters. Based on satisfactory preliminary results, the goal of this
research direction is to design signal processing tools that enable the
detection, estimation, and identification of “abnormal” variations
in traffic characteristics. Such variations will be, as a preliminary analysis,
tracked using wavelet decompositions, empirical mode decomposition as well as Kalman Filtering methods.
In a
complementary line of inquiry, this research project intends to use graph
theory tools to detect ruptures in network behaviour. The goal here is to
monitor variations in the estimated topologies of the network and variations in
network exchanges. Tools for the statistical analysis of network graphs and
their temporal dynamics will allow a precise description of these topologies
and of the impacts of ruptures on their properties. These impacts will be
analyzed, and relevant detection and reaction methods will be developed.
From the analysis above, MetroSec will propose architectural,
protocol-related, and topological improvements to enable the network to
maintain high QoS, despite ruptures. Increased
robustness against ruptures will provide time to metrology and signal
processing tools, allowing them to identify the nature of the rupture. In case
of an attack, for instance, tools to identify and eliminate fault packets or to
track hackers will be developed and used. As deliverables, MetroSec will provide a
consistent set of metrology, signal processing and topology tools. It also
expects to provide efficient monitoring and reaction methods, as well as
architectures and communication protocols aiming at significantly increasing
network QoS.
Insuring the integration and complementarity of the four separate scientific fields of
the MetroSec
partners (network, signal processing, graph theory, distributed systems)
constitutes one of the major challenges of this proposal. Fortunately, the
project partners have over time developed a pluridisciplinary
synergy through their collaboration in the “Action Spécifique”
88 of the STIC department of the CNRS. Their work on a report entitled
“Metrology of Internet networks,” validated just such a pluridisciplinary approach.