Many users are exposed to threats of drive-by download attacks through the Web. Attackers compromise vulnerable websites discovered by search engines and redirect clients to malicious websites created with exploit kits. Security researchers and vendors have tried to prevent the attacks by detecting malicious data, i.e., malicious URLs, web content, and redirections. However, attackers conceal parts of malicious data with evasion techniques to circumvent detection systems. In this paper, we propose a system for detecting malicious websites without collecting all malicious data. Even if we cannot observe parts of malicious data, we can always observe compromised websites. Since vulnerable websites are discovered by search engines, compromised websites have similar traits. Therefore, we built a classifier by leveraging not only malicious but also compromised websites. More precisely, we convert all websites observed at the time of access into a redirection graph and classify it by integrating similarities between its subgraphs and redirection subgraphs shared across malicious, benign, and compromised websites. As a result of evaluating our system with crawling data of 455,860 websites, we found that the system achieved a 91.7% true positive rate for malicious websites containing exploit URLs at a low false positive rate of 0.1%. Moreover, it detected 143 more evasive malicious websites than the conventional content-based system.

Several gateway-based congestion control mechanisms have been proposed to support an end-to-end congestion control mechanism of TCP (Transmission Control Protocol). One of promising gateway-based congestion control mechanisms is a RED (Random Early Detection) gateway. Although effectiveness of the RED gateway is fully dependent on a choice of control parameters, it has not been fully investigated how to configure its control parameters. In this paper, we analyze the steady state behavior of the RED gateway by explicitly modeling the congestion control mechanism of TCP. We first derive the equilibrium values of the TCP window size and the buffer occupancy of the RED gateway. Also derived are the stability condition and the transient performance index of the network using a control theoretic approach. Numerical examples as well as simulation results are presented to clearly show relations between control parameters and the steady state behavior.

Recently, real-time media delivery services such as video streaming and VoIP have rapidly become popular. For these applications requiring high-level QoS guarantee, our research group has proposed a transport-layer approach to provide predictable throughput for upper-layer applications. In the present paper, we propose a congestion control mechanism of TCP for achieving predictable throughput. It does not mean we can guarantee the throughput, while we can provide the throughput required by an upper-layer application at high probability when network congestion level is not so high by using the inline network measurement technique for available bandwidth of the network path. We present the evaluation results for the proposed mechanism obtained in simulation and implementation experiments, and confirm that the proposed mechanism can assure a TCP throughput if the required bandwidth is not so high compared to the physical bandwidth, even when other ordinary TCP (e.g., TCP Reno) connections occupy the link.

While active researches have been continuously made on the ATM switch architectures and the QoS service guarantees, most of them have been treated independently in the past. In this paper, we first explain the architectural requirement on the ATM switches to implement the mechanism of QoS guarantees in the context of ATM congestion control. Then we discuss how a vital link between two should be built, and remaining problems are pointed out.

In this paper, we propose path accommodation methods for unidirectional rings based on an optical compression time-division multiplexing (OCTDM) technology. We first derive a theoretical lower bound on the numbers of slots and frames, in order to allocate all paths among nodes. Three path accommodation algorithms for the all-optical access are next proposed to achieve the lower bound as closely as possible. Path splitting is next considered to improve the traffic accommodation. Finally, we analyze the packet delay time for given numbers of slots/frames, which are decided by our proposed algorithms. Numerical examples are also shown to examine the effectiveness of our proposed algorithms including path accommodation and path splitting methods.

Several task forces have been working on how to design the future Internet in a clean slate manner and mobility management is one of the key issues to be considered. However, mobility management in the future Internet is still being designed in an “all-in-one” way where all management functions are tightly kept at a single location and this results in cost inefficiency that can be an obstruction to constructing flexible systems. In this paper, we propose a new function-distributed mobility management architecture that can enable more flexible future Internet construction. Furthermore, we show the effectiveness of our proposed system via a cost analysis and computer simulation with a random walk mobility model.

Traffic engineering refers to techniques to accommodate traffic efficiently by dynamically configuring traffic routes so as to adjust to changes in traffic. If traffic changes frequently and drastically, the interval of route reconfiguration should be short. However, with shorter intervals, obtaining traffic information is problematic. To calculate a suitable route, accurate traffic information of the whole network must be gathered. This is difficult in short intervals, owing to the overhead incurred to monitor and collect traffic information. In this paper, we propose a framework for traffic engineering in cases where only partial traffic information can be obtained in each time slot. The proposed framework is inspired by the human brain, and uses conditional probability to make decisions. In this framework, a controller is deployed to (1) obtain a limited amount of traffic information, (2) estimate and predict the probability distribution of the traffic, (3) configure routes considering the probability distribution of future predicted traffic, and (4) select traffic that should be monitored during the next period considering the system performance yielded by route reconfiguration. We evaluate our framework with a simulation. The results demonstrate that our framework improves the efficiency of traffic accommodation even when only partial traffic information is monitored during each time slot.

Since a radio channel is shared among terminals in an ad hoc network, packet collisions are frequent. In case of transmitting packets especially using TCP, data and ACK packets are transmitted in opposite directions on the same radio channel. Therefore, frequent collisions are unavoidable, and this seriously degrades TCP throughput. It is possible to transmit to two or more nodes which adjoin from a certain node simultaneously on the radio channel. To reduce the likelihood of packet collisions when an intermediate node transmits both data and ACK packets, these two types of packet can be combined and transmitted at the same time to increase the efficiency of radio channel utilization. In this paper, we propose a new technique to improve TCP performance by combining data and ACK packets. Our proposed technique is applicable to generic ad hoc networks easily. By means of a simulation using networks with various topologies, we have found that throughput can be improved by up to 60% by applying our proposed technique.

Parallel TCP is one possible approach to increasing throughput of data transfer in Long Fat Networks (LFNs). Using parallel TCP is something of black art. As high-speed transport-layer protocols appear, e.g. HSTCP, it is necessary to reinvestigate the performance of parallel TCP, because a choice has to be make among them for the system. In this paper, the performance of parallel TCP is evaluated by mathematical analysis based on a simple dumbbell topology. Packet drop rate and aggregate goodput are used as two metrics to characterize the performance of parallel TCP. Two cases, namely synchronization and non-synchronization, are analyzed in detail when DropTail is deployed on routers. The synchronization case is common in using parallel TCP, but the goodput deteriorates seriously. The non-synchronization case may benefit parallel TCP, but extra mechanisms are required, and it is not easy to implement in the real world. The problem also remains even if Random Early Detection (RED) queue management is employed on routers. The analysis results show the difficulty in using parallel TCP in practice.

Overlay routing is an application-level routing mechanism on overlay networks. Previous researches have revealed that the overlay routing can improve user-perceived performance. However, it may also generate traffic unintended by ISPs, incurring additional monetary cost. In addition, since ISPs and end users have their own objectives respectively regarding traffic routing, overlay routing must be operated considering both standpoints. In the present paper, we propose a method to reduce inter-ISP transit costs caused by overlay routing from the both standpoints of ISPs and end users. To determine the relationships among ASes, which are required for ISP cost-aware routing, we construct a method to estimate a transit cost of overlay-routed paths from end-to-end network performance values. Utilizing the metric, we propose a novel method that controls overlay routing from the both standpoints of ISPs and end users. Through extensive evaluations using measurement results from the actual network environments, we confirm that the advantage of the proposed method whereby we can reduce the transit cost in the overlay routing and can control the overlay routing according to the objectives of both ISPs and end users.

Cloud bursting temporarily expands the capacity of a cloud-based service hosted in a private data center by renting public data center capacity when the demand for capacity spikes. To determine the optimal resources of a business-critical web system deployed over private and public data centers, this paper presents a cloud bursting approach based on long- and short-term predictions of requests to the system. In a private data center, a dedicated pool of virtual machines (VMs) is assigned to the web system on the basis of one-week predictions. Moreover, in both private and public data centers, VMs are activated on the basis of one-hour predictions. We formulate a problem that includes the total cost and response time constraints and conduct numerical simulations. The results indicate that our approach is tolerant of prediction errors and only slightly dependent on the processing power of a single VM. Even if the website receives bursty requests and one-hour predictions include a mean absolute percentage error (MAPE) of 0.2, the total cost decreases to half the existing cost of provisioning in the private date center alone. At the same time, 95% of response time is kept below 0.15s.

Overlay networks, such as P2P, Grid, and CDN, have been widely deployed over physical IP networks. Since simultaneous overlay networks compete for network resources, their selfish behaviors to improve their application-oriented QoS disrupt each other. To enhance the collective performance and improve the QoS at the application level, we consider so-called the overlay network symbiosis where overlay networks cooperate with each other. In this paper, we proposed a cooperative mechanism for hybrid P2P file-sharing networks, where peers can find more files and exchange files with more peers. Through simulation experiments, we verified the effectiveness of cooperation from view points of application and system.