Praise for the Third Edition: "This is one of the best books available. Its excellent organizational structure allows quick reference to specific models and its clear presentation . . . solidifies the understanding of the concepts being presented."IIE Transactions on Operations EngineeringThoroughly revised and expanded to reflect the latest developments in the field, Fundamentals of Queueing Theory, Fourth Edition continues to present the basic statistical principles that are necessary to analyze the probabilistic nature of queues. Rather than presenting a narrow focus on the subject, this update illustrates the wide-reaching, fundamental concepts in queueing theory and its applications to diverse areas such as computer science, engineering, business, and operations research.This update takes a numerical approach to understanding and making probable estimations relating to queues, with a comprehensive outline of simple and more advanced queueing models. Newly featured topics of the Fourth Edition include:Retrial queuesApproximations for queueing networksNumerical inversion of transformsDetermining the appropriate number of servers to balance quality and cost of serviceEach chapter provides a self-contained presentation of key concepts and formulae, allowing readers to work with each section independently, while a summary table at the end of the book outlines the types of queues that have been discussed and their results. In addition, two new appendices have been added, discussing transforms and generating functions as well as the fundamentals of differential and difference equations. New examples are now included along with problems that incorporate QtsPlus software, which is freely available via the book's related Web site.With its accessible style and wealth of real-world examples, Fundamentals of Queueing Theory, Fourth Edition is an ideal book for courses on queueing theory at the upper-undergraduate and graduate levels. It is also a valuable resource for researchers and practitioners who analyze congestion in the fields of telecommunications, transportation, aviation, and management science.

Fundamentals of Queueing Theory

Network functions virtualization (NFV) is a new network architecture framework where network function that traditionally used dedicated hardware (middleboxes or network appliances) are now implemented in software that runs on top of general purpose hardware such as high volume server. NFV emerges as an initiative from the industry (network operators, carriers, and manufacturers) in order to increase the deployment flexibility and integration of new network services with increased agility within operator’s networks and to obtain significant reductions in operating expenditures and capital expenditures. NFV promotes virtualizing network functions such as transcoders, firewalls, and load balancers, among others, which were carried out by specialized hardware devices and migrating them to software-based appliances. One of the main challenges for the deployment of NFV is the resource allocation of demanded network services in NFV-based network infrastructures. This challenge has been called the NFV resource allocation (NFV-RA) problem. This paper presents a comprehensive state of the art of NFV-RA by introducing a novel classification of the main approaches that pose solutions to solve it. This paper also presents the research challenges that are still subject of future investigation in the NFV-RA realm.

Resource Allocation in NFV: A Comprehensive Survey

Network function virtualization foresees the virtualization of service functions and their execution on virtual machines. Any service is represented by a service function chain (SFC) that is a set of VNFs to be executed according to a given order. The running of VNFs needs the instantiation of VNF Instances (VNFIs) that in general are software modules executed on virtual machines. The virtualization challenges include: 1) where to instantiate VNFIs; ii) how many resources to allocate to each VNFI; iii) how to route SFC requests to the appropriate VNFIs in the right sequence; and iv) when and how to migrate VNFIs in response to changes to SFC request intensity and location. We develop an approach that uses three algorithms that are used back-to-back resulting in VNFI placement, SFC routing, and VNFI migration in response to changing workload. The objective is to first minimize the rejection of SFC bandwidth and second to consolidate VNFIs in as few servers as possible so as to reduce the energy consumed. The proposed consolidation algorithm is based on a migration policy of VNFIs that considers the revenue loss due to QoS degradation that a user suffers due to information loss occurring during the migrations. The objective is to minimize the total cost given by the energy consumption and the revenue loss due to QoS degradation. We evaluate our suite of algorithms on a test network and show performance gains that can be achieved over using other alternative naive algorithms.

An Approach for Service Function Chain Routing and Virtual Function Network Instance Migration in Network Function Virtualization Architectures

A survey on service function chaining

Network function virtualization (NFV) is a promising technology to decouple the network functions from dedicated hardware elements, leading to the significant cost reduction in network service provisioning. As more and more users are trying to access their services wherever and whenever, we expect the NFV-related service function chains (SFCs) to be dynamic and adaptive, i.e., they can be readjusted to adapt to the service requests’ dynamics for better user experience. In this paper, we study how to optimize SFC deployment and readjustment in the dynamic situation. Specifically, we try to jointly optimize the deployment of new users’ SFCs and the readjustment of in-service users’ SFCs while considering the trade-off between resource consumption and operational overhead. We first formulate an integer linear programming (ILP) model to solve the problem exactly. Then, to reduce the time complexity, we design a column generation (CG) model for the optimization. Simulation results show that the proposed CG-based algorithm can approximate the performance of the ILP and outperform an existing benchmark in terms of the profit from service provisioning.

On Dynamic Service Function Chain Deployment and Readjustment

Nowadays, many cloud providers offer Virtual Network Function (VNF) services that are dynamically scaled according to the workload. Enterprises enjoy these services by only paying for the actual consumed resources. From a cloud provider's standpoint, the cost of these services must be kept as low as possible, while QoS is maintained and service downtime is minimized. In this paper, we introduce Elastic Virtual Network Function Placement (EVNFP) problem and present a model for minimizing operational costs in providing VNF services. In this model, the elasticity overhead and the trade-off between bandwidth and host resource consumption are considered together, while the previous works ignored this perspective of the problem. We propose a solution called Simple Lazy Facility Location (SLFL) that optimizes the placement of VNF instances in response to on-demand workload. Our experiments suggest that SLFL can accept two times more workload while incurring similar operational cost compared to first-fit and random placements.

/pdf/elastic-virtual-network-function-placement-zfniyfyrmf.pdf

Elastic virtual network function placement

Intrusion Detection Systems (IDSs) are designed to monitor user and/or network activity and generate alerts whenever abnormal activities are detected. The number of these alerts can be very large; making the task of security analysts difficult to manage. Furthermore, IDS alert management techniques, such as clustering and correlation, suffer from involving unrelated alerts in their processes and consequently provide imprecise results. In this paper, we propose a fuzzy-logic based technique for scoring and prioritizing alerts generated by an IDS(1). In addition, we present an alert rescoring technique that leads to a further reduction of the number of alerts. The approach is validated using the 2000 DARPA intrusion detection scenario specific datasets and comparative results between the Snort IDS alert scoring and our scoring and prioritization scheme are presented.

/pdf/alert-prioritization-in-intrusion-detection-systems-5fy9i7hsko.pdf

Alert prioritization in Intrusion Detection Systems

Burgeoning wireless technology developments have positively affected nearly every aspect of human life, and remote patient-healthcare monitoring through the internet is no exception. By employing smart gadgets, wireless body area networks, and cloud-based server platforms, patients can submit their sensor-captured readings in real-time to e-health cloud servers and ultimately to medical professionals so that the latter may treat patients appropriately at any time and in any place. To make the system reliable, an authenticated key agreement is required for the participating entities in this system. Many remote patient-healthcare monitoring protocols have been seen so far; however, reliance on wireless technology brings many security challenges for existing protocols. Recently, Xu et al. presented a new patient healthcare monitoring protocol; however, we demonstrate that it is vulnerable to many attacks, including replay attacks and key compromise impersonation attacks, and also that it suffers from privacy issues. Thereafter, we have proposed an improved scheme and formally analyzed its security features by implementing BAN logic and an automated simulation tool.

A Provably Secure and Lightweight Patient-Healthcare Authentication Protocol in Wireless Body Area Networks

The Internet of Things (IoT) combines hundreds of millions of devices which are capable of interaction with each other with minimum user interaction. IoT is one of the fastest-growing areas in of computing; however, the reality is that in the extremely hostile environment of the internet, IoT is vulnerable to numerous types of cyberattacks. To resolve this, practical countermeasures need to be established to secure IoT networks, such as network anomaly detection. Regardless that attacks cannot be wholly avoided forever, early detection of an attack is crucial for practical defense. Since IoT devices have low storage capacity and low processing power, traditional high-end security solutions to protect an IoT system are not appropriate. Also, IoT devices are now connected without human intervention for longer periods. This implies that intelligent network-based security solutions like machine learning solutions must be developed. Although many studies in recent years have discussed the use of Machine Learning (ML) solutions in attack detection problems, little attention has been given to the detection of attacks specifically in IoT networks. In this study, we aim to contribute to the literature by evaluating various machine learning algorithms that can be used to quickly and effectively detect IoT network attacks. A new dataset, Bot-IoT, is used to evaluate various detection algorithms. In the implementation phase, seven different machine learning algorithms were used, and most of them achieved high performance. New features were extracted from the Bot-IoT dataset during the implementation and compared with studies from the literature, and the new features gave better results.

/pdf/internet-of-things-cyber-attacks-detection-using-machine-2mvimqhktl.pdf

Internet of Things Cyber Attacks Detection using Machine Learning

The distributed nature of Internet of Things (IoT) and its rapid increase on a large scale raises many security and privacy issues. Access control is one of the major challenges currently addressed through centralized approaches that may rely on a third party and they are constrained by availability and scalability, which may result in a performance bottleneck. Therefore, this paper proposes a novel solution to manage the delivery of lightweight and decentralized secure access control of an IoT system based on a multi-agent system and a blockchain. The main objective of the proposed solution is to build Blockchain Managers (BCMs) for securing IoT access control, as well as allowing for secure communication between local IoT devices. Moreover, the solution also enables secure communication between IoT devices, fog nodes and cloud computing.

https://www.mdpi.com/2076-3417/11/4/1772/pdf

Khalid Alsubhi

Papers

Elastic virtual network function placement

Alert prioritization in Intrusion Detection Systems

A Provably Secure and Lightweight Patient-Healthcare Authentication Protocol in Wireless Body Area Networks

Internet of Things Cyber Attacks Detection using Machine Learning

Blockchain-Based Secured Access Control in an IoT System