Many users are exposed to threats of drive-by download attacks through the Web. Attackers compromise vulnerable websites discovered by search engines and redirect clients to malicious websites created with exploit kits. Security researchers and vendors have tried to prevent the attacks by detecting malicious data, i.e., malicious URLs, web content, and redirections. However, attackers conceal parts of malicious data with evasion techniques to circumvent detection systems. In this paper, we propose a system for detecting malicious websites without collecting all malicious data. Even if we cannot observe parts of malicious data, we can always observe compromised websites. Since vulnerable websites are discovered by search engines, compromised websites have similar traits. Therefore, we built a classifier by leveraging not only malicious but also compromised websites. More precisely, we convert all websites observed at the time of access into a redirection graph and classify it by integrating similarities between its subgraphs and redirection subgraphs shared across malicious, benign, and compromised websites. As a result of evaluating our system with crawling data of 455,860 websites, we found that the system achieved a 91.7% true positive rate for malicious websites containing exploit URLs at a low false positive rate of 0.1%. Moreover, it detected 143 more evasive malicious websites than the conventional content-based system.

Several gateway-based congestion control mechanisms have been proposed to support an end-to-end congestion control mechanism of TCP (Transmission Control Protocol). One of promising gateway-based congestion control mechanisms is a RED (Random Early Detection) gateway. Although effectiveness of the RED gateway is fully dependent on a choice of control parameters, it has not been fully investigated how to configure its control parameters. In this paper, we analyze the steady state behavior of the RED gateway by explicitly modeling the congestion control mechanism of TCP. We first derive the equilibrium values of the TCP window size and the buffer occupancy of the RED gateway. Also derived are the stability condition and the transient performance index of the network using a control theoretic approach. Numerical examples as well as simulation results are presented to clearly show relations between control parameters and the steady state behavior.

Recently, real-time media delivery services such as video streaming and VoIP have rapidly become popular. For these applications requiring high-level QoS guarantee, our research group has proposed a transport-layer approach to provide predictable throughput for upper-layer applications. In the present paper, we propose a congestion control mechanism of TCP for achieving predictable throughput. It does not mean we can guarantee the throughput, while we can provide the throughput required by an upper-layer application at high probability when network congestion level is not so high by using the inline network measurement technique for available bandwidth of the network path. We present the evaluation results for the proposed mechanism obtained in simulation and implementation experiments, and confirm that the proposed mechanism can assure a TCP throughput if the required bandwidth is not so high compared to the physical bandwidth, even when other ordinary TCP (e.g., TCP Reno) connections occupy the link.

While active researches have been continuously made on the ATM switch architectures and the QoS service guarantees, most of them have been treated independently in the past. In this paper, we first explain the architectural requirement on the ATM switches to implement the mechanism of QoS guarantees in the context of ATM congestion control. Then we discuss how a vital link between two should be built, and remaining problems are pointed out.

In this paper, we propose path accommodation methods for unidirectional rings based on an optical compression time-division multiplexing (OCTDM) technology. We first derive a theoretical lower bound on the numbers of slots and frames, in order to allocate all paths among nodes. Three path accommodation algorithms for the all-optical access are next proposed to achieve the lower bound as closely as possible. Path splitting is next considered to improve the traffic accommodation. Finally, we analyze the packet delay time for given numbers of slots/frames, which are decided by our proposed algorithms. Numerical examples are also shown to examine the effectiveness of our proposed algorithms including path accommodation and path splitting methods.

Several task forces have been working on how to design the future Internet in a clean slate manner and mobility management is one of the key issues to be considered. However, mobility management in the future Internet is still being designed in an “all-in-one” way where all management functions are tightly kept at a single location and this results in cost inefficiency that can be an obstruction to constructing flexible systems. In this paper, we propose a new function-distributed mobility management architecture that can enable more flexible future Internet construction. Furthermore, we show the effectiveness of our proposed system via a cost analysis and computer simulation with a random walk mobility model.

Traffic engineering refers to techniques to accommodate traffic efficiently by dynamically configuring traffic routes so as to adjust to changes in traffic. If traffic changes frequently and drastically, the interval of route reconfiguration should be short. However, with shorter intervals, obtaining traffic information is problematic. To calculate a suitable route, accurate traffic information of the whole network must be gathered. This is difficult in short intervals, owing to the overhead incurred to monitor and collect traffic information. In this paper, we propose a framework for traffic engineering in cases where only partial traffic information can be obtained in each time slot. The proposed framework is inspired by the human brain, and uses conditional probability to make decisions. In this framework, a controller is deployed to (1) obtain a limited amount of traffic information, (2) estimate and predict the probability distribution of the traffic, (3) configure routes considering the probability distribution of future predicted traffic, and (4) select traffic that should be monitored during the next period considering the system performance yielded by route reconfiguration. We evaluate our framework with a simulation. The results demonstrate that our framework improves the efficiency of traffic accommodation even when only partial traffic information is monitored during each time slot.

Since a radio channel is shared among terminals in an ad hoc network, packet collisions are frequent. In case of transmitting packets especially using TCP, data and ACK packets are transmitted in opposite directions on the same radio channel. Therefore, frequent collisions are unavoidable, and this seriously degrades TCP throughput. It is possible to transmit to two or more nodes which adjoin from a certain node simultaneously on the radio channel. To reduce the likelihood of packet collisions when an intermediate node transmits both data and ACK packets, these two types of packet can be combined and transmitted at the same time to increase the efficiency of radio channel utilization. In this paper, we propose a new technique to improve TCP performance by combining data and ACK packets. Our proposed technique is applicable to generic ad hoc networks easily. By means of a simulation using networks with various topologies, we have found that throughput can be improved by up to 60% by applying our proposed technique.

Parallel TCP is one possible approach to increasing throughput of data transfer in Long Fat Networks (LFNs). Using parallel TCP is something of black art. As high-speed transport-layer protocols appear, e.g. HSTCP, it is necessary to reinvestigate the performance of parallel TCP, because a choice has to be make among them for the system. In this paper, the performance of parallel TCP is evaluated by mathematical analysis based on a simple dumbbell topology. Packet drop rate and aggregate goodput are used as two metrics to characterize the performance of parallel TCP. Two cases, namely synchronization and non-synchronization, are analyzed in detail when DropTail is deployed on routers. The synchronization case is common in using parallel TCP, but the goodput deteriorates seriously. The non-synchronization case may benefit parallel TCP, but extra mechanisms are required, and it is not easy to implement in the real world. The problem also remains even if Random Early Detection (RED) queue management is employed on routers. The analysis results show the difficulty in using parallel TCP in practice.

Overlay routing is an application-level routing mechanism on overlay networks. Previous researches have revealed that the overlay routing can improve user-perceived performance. However, it may also generate traffic unintended by ISPs, incurring additional monetary cost. In addition, since ISPs and end users have their own objectives respectively regarding traffic routing, overlay routing must be operated considering both standpoints. In the present paper, we propose a method to reduce inter-ISP transit costs caused by overlay routing from the both standpoints of ISPs and end users. To determine the relationships among ASes, which are required for ISP cost-aware routing, we construct a method to estimate a transit cost of overlay-routed paths from end-to-end network performance values. Utilizing the metric, we propose a novel method that controls overlay routing from the both standpoints of ISPs and end users. Through extensive evaluations using measurement results from the actual network environments, we confirm that the advantage of the proposed method whereby we can reduce the transit cost in the overlay routing and can control the overlay routing according to the objectives of both ISPs and end users.

Cloud bursting temporarily expands the capacity of a cloud-based service hosted in a private data center by renting public data center capacity when the demand for capacity spikes. To determine the optimal resources of a business-critical web system deployed over private and public data centers, this paper presents a cloud bursting approach based on long- and short-term predictions of requests to the system. In a private data center, a dedicated pool of virtual machines (VMs) is assigned to the web system on the basis of one-week predictions. Moreover, in both private and public data centers, VMs are activated on the basis of one-hour predictions. We formulate a problem that includes the total cost and response time constraints and conduct numerical simulations. The results indicate that our approach is tolerant of prediction errors and only slightly dependent on the processing power of a single VM. Even if the website receives bursty requests and one-hour predictions include a mean absolute percentage error (MAPE) of 0.2, the total cost decreases to half the existing cost of provisioning in the private date center alone. At the same time, 95% of response time is kept below 0.15s.

Overlay networks, such as P2P, Grid, and CDN, have been widely deployed over physical IP networks. Since simultaneous overlay networks compete for network resources, their selfish behaviors to improve their application-oriented QoS disrupt each other. To enhance the collective performance and improve the QoS at the application level, we consider so-called the overlay network symbiosis where overlay networks cooperate with each other. In this paper, we proposed a cooperative mechanism for hybrid P2P file-sharing networks, where peers can find more files and exchange files with more peers. Through simulation experiments, we verified the effectiveness of cooperation from view points of application and system.

Recent research on overlay networks has revealed that user-perceived network performance, such as end-to-end delay performance, could be improved by an overlay routing mechanism. However, these studies consider only end-to-end delay, and few studies have focused on bandwidth-related information, such as available bandwidth and TCP throughput, which are important performance metrics especially for long-lived data transmission. In the present paper, we investigate the effect of overlay routing both delay and bandwidth-related information, based on the measurement results of network paths between PlanetLab nodes. We consider three metrics for selecting the overlay route: end-to-end delay, available bandwidth, and TCP throughput. We then show that the available bandwidth-based overlay routing provides significant gain, as compared with delay-based routing. We further reveal the correlation between the latency and available bandwidth of the overlay paths and propose several guidelines for selecting an overlay path.

In this paper, we propose a novel analysis method for large-scale networks with consideration of the behavior of the congestion control mechanism of TCP. In the analysis, we model the behavior of TCP at end-host and network link as independent systems, and combine them into a single system in order to analyze the entire network. Using this analysis, we can analyze a large-scale network, i.e. with over 100/1,000/10,000 routers/hosts/links and 100,000 TCP connections very rapidly. Especially, a calculation time of our analysis, it is different from that of ns-2, is independent of a network bandwidth and/or propagation delay. Specifically, we can derive the utilization of the network links, the packet loss ratio of the link buffer, the round-trip time (RTT) and the throughput of TCP connections, and the location and degree of the network congestion. We validate our approximate analysis by comparing analytic results with simulation ones. We also show that our analysis method treats the behavior of TCP connection in a large-scale network appropriately.

To efficiently use network resources, internet service providers need to conduct traffic engineering that dynamically controls traffic routes to accommodate traffic change with limited network resources. The performance of traffic engineering (TE) depends on the accuracy of traffic prediction. However, the size of traffic change has been drastically increasing in recent years due to the growth in various types of network services, which has made traffic prediction difficult. Our approach to tackle this issue is to separate traffic into predictable and unpredictable parts and to apply different control policies. However, there are two challenges to achieving this: dynamically separating traffic according to predictability and dynamically controlling routes for each separated traffic part. In this paper, we propose a macroflow-based TE scheme that uses different routing policies in accordance with traffic predictability. We also propose a traffic-separation algorithm based on real-time traffic analysis and a framework for controlling separated traffic with software-defined networking technology, particularly OpenFlow. An evaluation of actual traffic measured in an Internet2 network shows that compared with current TE schemes the proposed scheme can reduce the maximum link load by 34% (at the most congested time) and the average link load by an average of 11%.

The layered cell configuration, in which a large number of small cells are set in a macro-cell coverage area, is attracting much attention recently as a promising approach to handle the rapidly increasing mobile data traffic. In this configuration, cells of various sizes, from macro to small, are placed in various locations, so that the variation in the number and the distribution of the users among cells becomes much wider than in conventional macro-cell homogeneous networks. Therefore, even in the layered cell configuration, the users in the cell with many users and low received signal quality may experience low throughput especially at cell edge. This is because such users experience both low spectral efficiency and few radio resources. In order to resolve this issue, a lot of techniques have been proposed such as load balancing and cooperative multi-point transmission. In this paper, we focus on scheduling priority control as a simple solution that can also be used in combination with load balancing and coordinated multi-point transmission. We propose an adaptive scheduling priority control scheme based on the congestion and user distribution of each cell and clarify the effect of the proposed method by computer simulations.