Title: An SDN-based access point virtualization solution for multichannel IEEE 802.11 networks
Author: Juan Lucas do Rosário Vieira
Abstract: As we move into increasingly denser Wi-Fi scenarios with a more significant number of connected objects, problems such as load unbalance and collisions between transmissions become more severe. While client-based handoff is inefficient to mitigate these challenges, network-wide migration decisions would allow better management of network resources. This work proposes an access point virtualization solution based on the SDN paradigm to allow client handover conducted by the network, based on a global scope. The evaluation of our solution reveals that the handover of stations did not lead to significant delays or packet losses in the clients' connections while providing greater flexibility to the management of IEEE 802.11 wireless networks.
Title: 3AS: Authentication, Authorization, and Accountability for Smart Grids
Author: Arthur Albuquerque Zopellaro Soares
Abstract: The smart grid arises from the need to improve the traditional grid, enabling, among other features, the monitoring and control of the grid with the aid of communication networks and information technology. Despite the benefits presented by the introduction of a communication network, this network also incorporates new vulnerabilities into the smart grid. This work proposes 3AS: Authentication, Authorization, and Accounting for Smart Grids. This proposal provides an IEEE 802.1X-based authentication mechanism for the communication protocols specified by IEC 61850, proposes the use of attribute-based access control, and proposes an integrated accounting system by logging resources usage, authentication, and authorization events. Other works found in the literature only address specific smart grid scenarios, while 3AS is concerned with meeting diverse smart grid scenarios, such as the introduction of electric vehicles to the grid, and teleprotection systems for the grid. Emulated experiments show that the authentication mechanism produces a control load of 4.65 kB, 48.84% less than the mechanism proposed by another work. Authentication has also been validated through two different authentication models: EAP-PEAP, for the electric vehicle scenarios, and produces less control overhead; and EAP-TLS, for teleprotection scenarios, showing less delay. The authorization process was shown efficient by blocking communication from unauthenticated or unauthorized devices and allowing communication only after successful authorization.
Title: MineCap: Super Incremental Learning for Detecting and Blocking Cryptocurrency Mining on Software-Defined Networking
Author: Hélio do Nascimento Cunha Neto
Abstract: Covert mining of cryptocurrency implies the use of valuable computing resources and high energy consumption. In this paper, we propose MineCap, a dynamic online mechanism for detecting and blocking covert cryptocurrency mining flows, using machine learning on software-defined networking. The proposed mechanism relies on Spark Streaming for online processing of network flows, and, when identifying a mining flow, it requests the flow blocking to the network controller. We also propose a learning technique called super incremental learning, a variant of the super learner applied to online learning, which takes the classification probabilities of an ensemble of classifiers as features for an incremental learning classifier. Hence, we design an accurate mechanism to classify mining flows that learn with incoming data with an average of 98% accuracy, 99% precision, 97% sensitivity, and 99.9% specificity and avoid concept drift-related issues.