Ever more powerful mobile devices are handling a broader range of applications, so that giving them greater control in scheduling transmissions as a function of application needs is becoming increasingly desirable. Several standards have, therefore, proposed mechanisms aimed at giving devices more autonomy in making transmission decisions on the wireless uplink. This paper explores the impact this can have on total throughput in CDMA systems, where this control has traditionally been centralized. The investigation relies on a simple distributed policy that helps provide insight into the impact of distributed decisions on overall system efficiency, and identify guidelines on how to best mitigate it. Abstract. Ever more powerful mobile devices are handling a broader range of applications, so that giving them greater control in scheduling transmissions as a function of application needs is becoming increasingly desirable. Several standards have, therefore, proposed mechanisms aimed at giving devices more autonomy in making transmission decisions on the wireless uplink. This paper explores the impact this can have on total throughput in CDMA systems, where this control has traditionally been centralized. The investigation relies on a simple distributed policy that helps provide insight into the impact of distributed decisions on overall system efficiency, and identify guidelines on how to best mitigate it.
Over the past few years, enterprises are facing a growing number of highly customized and targeted attacks that use sophisticated techniques and seek after important company assets, such as customer data and intellectual property. Unlike conventional attacks, targeted attacks are operated by experts who use multiple steps to gain access to sensitive assets, and most of time, leave very few network traces behind for detection. In this paper, we propose a multi-layer deception system that provides an in depth defense against such sophisticated targeted attacks. Specifically, based on previous knowledge and patterns of such attacks, we model the attacker as trying to compromising an enterprise network via multiple stages of penetration and propose defenses at each of these layers using deception based detection. Due to multiple layers of deception, the probability of detecting such an attack will be greatly enhanced. We present a proof of concept implementation of one of the key deception methods proposed. Due to various financial constraints of an enterprise, we also model the design of the deception system as an optimization problem in order to minimize the total expected loss due to system deployment and asset compromise. We find that there is an optimal solution to deploy deception entities, and even over spending budget on more entities will only increase the total expected loss to the enterprise. Such a system Detecting Targeted Attacks by Multilayer Deception 177 phase, gathering information such as the organization background, resources and individual employees to initially target to launch the attack. By using social engineering techniques, such as a spear-phishing email, the attacker attempts to "infiltrate" into the enterprise by using a particular employee as the entry point. This typically requires an employee to fall victim to the social engineering attack, for example by following a web link or opening an attachment that contains some exploit and malicious payload. During this phase of "exploitation", the attacker penetrates a level deeper by gaining control of the employee's personal assets (such as email and personal computer). This may then be used to penetrate another level deeper into the enterprise through manual "exploration" of remote servers (hosting databases, proprietary algorithms, intellectual properties etc.), or to launch additional social engineering attacks against other employees who have access to the information that the attacker seeks to obtain. Some attacks may exploit and gain control of many different servers and machines during the exploration phase to gain a persistent foothold in the enterprise. Once an asset has been obtained, the attacker finally "exfiltrates" the data out of the enterprise network and the attack can be considered successful.This pattern, as mentioned above, reveals that there are three layers of penetration -a human layer, a local asset layer, and a global asset layer. Each layer of penetration brings the attacker closer to the targeted information assets...
Wireless metropolitan area networks usually rely on a network of microwave links created by mounting communication equipment on masts located at the sites to which they provide connectivity. Today microwave link design tools design only a single link pair at a time or, at most, a network of direct links between communicating sites. In many cases one can realize substantial savings in mast and equipment costs by routing the flows between communicating sites via third sites rather than via direct links. Furthermore, in some cases direct links may be infeasible due to technical or regulatory reasons, and rerouting flows via other sites may be necessary. To do this with today's tools, a wireless network design engineer is forced to manually try various combinations of direct links. This work describes a prototype system that automates this process by modeling it as a combinatorial optimization problem. (The underlying optimization problem is NP-Complete and inapproximable.) We tested our system by using it to find high-quality solutions to several realistic problem instances.
This article describes an approach to building and using a Network Ontology (NO) for network planning projects with particular focus on real-life enterprise networks. In addition to the ontology, we have developed a Network Markup Language (NML) based on the ontology that can be used to describe real life networks. We have also developed network patterns that capture the most common and best practices in network design and represented them in the proposed NML. Finally, we have developed a Web-based tool that uses the NO, NML and network patterns to quickly generate network plans for given situations. The practical contribution of this article is that it ties ontologies to the practice of network planning and network patterns, including decisions such as network device selection.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.