Catálogo de publicaciones - libros

This paper presents a distributed and heuristic policy-based system for resource management in large-scale Grids. This approach involves three phases: resource discovery, scheduling and allocation. The resource discovery phase is supported by the SNMP-based Balanced Load Monitoring Agents for Resource Scheduling (SBLOMARS). In this approach, network and computational resources are monitored by autonomous monitoring agents, offering a pure decentralized monitoring system. The resource scheduling phase is supported by the Balanced Load Multi-Constrained Resource Scheduler (BLOMERS). It is a heuristic resource scheduler, which includes an implementation of a Genetic Algorithm (GA), as an alternative to solve the inherent NP-hard problem for resource scheduling in large-scale Grids. Allocation phase is supported by means of a Policy-based Grid Management Architecture (PbGMA). This architecture integrates different sources of service necessities such as requirements demanded by customers, applications requirements and network conditions. It interfaces with Globus middleware to allocate services into the selected resources with certain levels of QoS.

Mobile ad hoc networks (MANETs) do not share the properties of traditional wired networks, as mobile nodes are more vulnerable to security attacks. Detection of selfish, malicious or faulty nodes presents security challenges that are not encountered traditionally in wired networks. The nodes in the network need to identify, and take the necessary security measures to protect their resources against these malicious nodes. We propose a risk-based authorisation model to help build ad-hoc trust relationships, capturing the dynamic behaviour of the entities with time, and ensuring the sharing of trust information through recommendations.

Different kinds of malware like the botnets and the worms are a main threat on Internet for the current and future. Their effectiveness to control systems is proved and we are investigating the malware mechanisms that can be adapted to get an efficient and scalable management plane. Our work consists in modelling malware based network management and assessing its performance.

Intrusion detection for IP networks has been a research theme for a number of years already. One of the challenges is to keep up with the ever increasing Internet usage and network link speeds, as more and more data has to be scanned for intrusions. Another challenge is that it is hardly feasible to adapt the scanning configuration to new threats manually in a timely fashion, because of the possible rapid spread of new threats. This paper is the result of the first three months of a PhD research project in high speed, self-learning network intrusion detection systems. Here, we give an overview of the state of the art in this field, highlighting at the same time the major open issues.

We outline a distributed case-based reasoning system that exploits various online knowledge sources and reasoning capabilities in a decentralized, self-organizing platform provided by peer-to-peer technologies. The goal of the system is to assist operators in finding solutions for faults. We present the research motivation and issues in this paper.

We describe our effort to evaluate the syntax and constraints of Promise Theory using a tool developed in the Maude framework. Through the development of a Maude module we are able to do searches and queries in all possible syntactically valid Promise expressions of an arbitrary initial state of participants and constraints. We use this approach to improve the set of grammatical rules that is already available.

Critical infrastructures are interconnected on multiple levels, and due to their size models with acceptable computational complexity and adequate modeling capacities must be developed. This paper presents the skeleton of a graph based model and sketches its capabilities.

This paper presents a new idea for the management of lambda-connections in optical networks. The idea consists of making multi-service optical switches responsible for automatically detecting IP flows at the packet-level, creating lambda-connections for them, and moving them to the optical-level. In addition to that, they are also in charge of tearing down the connections when no longer needed. This new idea is the result of 1 year of research work at the University of Twente (UT) and it is aimed at resulting in a Ph.D. thesis by the end of 4 years of Ph.D. research.

Current high-speed links become a challenge to traditional real-time analysis of IP traffic. Major research was done in finding sampling methods for IP packets and IP flows in order to reduce the amount of data that needs to be processed while keeping a high level of result accuracy. Although sampling proves to be a promising approach, there may be application sce-narios foreseen, in which decisions may not be based on sampled data, usage based charging or intrusion detection systems. This paper proposes a distributed architecture for collecting, analysing and storing of IP traffic data. This approach aims to provide a high level of automation, self-configuration, and self-healing so that new nodes may be easily added or removed to/from the analysis network. The proposed solution makes use of unused processing power existing in the network (such as customer’s PCs of an ISP) to achieve real-time analysis of IP traffic for high-speed network links.

As the nodes and the resources in a structured peer-to-peer network are indexed with unique identifiers, and as the identifiers are assigned to nodes whose nodeId (i.e., the identifier of the peer) is closest (by some metrics) to the identifier, at an application level it is an issue to know the unique identifier a resource is indexed with, to route a message to the node that is responsible for the identifier and thus to retrieve the resource itself. We are studying a way to exploit the features of structured peer-to-peer networks in web services addressing and discovery.