Introductions

To guarantee lossless delivery, a unique (increasing) sequence number (ID) is attached to every message. The combination of the message’s sender address and its ID identifies every message uniquely. To overcome message loss, sender and receiver agree on some start ID, e.g. TCP connection establishment involves the sender and receiver exchanging their start sequence numbers in the SYN/ACK packets. Now the IDs of messages received from a sender S always have to monotonically increase: if message 56 was received from S, the next message has to be 57. If a gap is detected, the receiver sends a retransmission request to the sender of the message. Upon receiving a retransmission request, the sender resends the message with the requested ID. Being able to resend old messages requires the senders to store recently sent messages for some time, usually until it is know that the receiver(s) has/have received all messages below a certain ID. In this case the messages below this ID may be deleted. When a receiver only sends retransmission requests when a gap is detected, the mechanism is called negative acknowledgment NAK. NAK is used in systems where message loss is infrequent, so NAKs would only rarely have to be used to retransmit lost messages.

When communication links are noisy and loss rate high, ACK schemes are preferred: a sender has to receive an acknowledgment from each receiver of a message. If ACKs are not received, the message is resent until an ACK has been received.

The idea of sliding windows is to keep track of the acknowledgements for each ID. However, a scheme in which a sender send a single message (e.g. to multiple receivers in a group) and then waits for all ACKs is to slow: a sender should be able to send a number of messages and a separate thread should receive ACKs, and resend messages with ACKs missing.

The senders and receivers each maintain a window of messages for which no ACKs have been received: a window is essentially a sequence of message IDs, starting with a low water mark and bounded by a high water mark. Whenever an ACK is received, the low and high water marks are advanced by 1, this allows 1 more ACK to be received, therefore sliding the window 1 to the right. When the window is full, an ACK is either discarded, or some kind of flow control is used to throttle the sender until there is more space available.

Sliding windows usually start out with a given size, however, more sophisticated protocols will dynamically adapt the window size, trying to find an agreed-upon size between sender and receiver.

The characteristics of sliding windows used at the sender and receiver usually involve (but do not have to !)

• error correction (by retransmission),
• flow control and
• message ordering by sender (FIFO).

The latter property can easily be incorporated in a sliding window protocol, but sometimes, it is preferred to be implemented as a separate protocol for easier maintenance / replaceability.

Sliding window is used by most connection oriented network protocol, among others, the Point-to-Point protocol (PPP) which many people use to establish their home PC as temporary Internet node via a phone-line connection to an existing node. In fact, TCP also uses sliding window.

Sliding Window Protocols

assumes two-way communication (full duplex). It uses two types of frames:

• Data
• Ack (sequence number of last correctly received frame)
  The basic idea of sliding window protocol is that both sender and receiver keep a “window” of acknowledgment. The sender keeps the value of expected acknowledgment; while the receiver keeps the value of expected receiving frame. When it receives an acknowledgment from the receiver, the sender advances the window. When it receives the expected frame, the receiver advances the window.

Stop and Wait

One Bit Sliding Window Protocol

One bit sliding window protocol is also called Stop-And-Wait protocol. In this protocol, the sender sends out one frame, waits for acknowledgment before sending next frame, thus the name Stop-And-Wait.

Problem with Stop-And-Wait protocol is that it is very inefficient. At any one moment, only in frame is in transition. The sender will have to wait at least one round trip time before sending next. The waiting can be long for a slow network such as satellite link.

Go Back n

If there is one frame k missing, the receiver simply discard all subsequent frames k+1, k+2, …, sending no acknowledgments. So the sender will retransmit frames from k onwards.

Selective Repeat

Another strategy is to re-send only the ones that are actually lost or damaged. The receiver buffers all the frames after the lost one. When the sender finally noticed the problem (e.g. no ack for the lost frame is received within time-out limit), the sender retransmits the frame in question.

Main Window

The main window can be subdivided roughly into four areas:

• area 1 represents the receiver
• area 2 the sender
• area number 3 represents the channel, with which the two computers are interconnected and over which the communication takes place.
• In the area 4, the logs of all events takes place. It also represents the History-Chart, in such a way as to enable the reconstruction of the data transfer whaich happened.

Sender (Area number 2)

The representation assumes that the implementation of the Sliding-Window protocol takes place on Stack n. Layer n+1 represents the “data-supplier” for the protocol. It is represented through the text-input-field.

One can hand over individual data-packages with the ” Step ” button. So that the animation speed can be adjusted.

Receiver (Area number 1)

It is similar to the sender. The only difference is that the step button here controls the data transfer from the layer n+1 to the layer n. The received Packetes is presented in the input text field.

Channel (Area number 3)

Represent the network channel. By clicking on it with the right mouse button. One can simulate errors.

History-Chart (Area number 4)

One can adjust the number of messages to be displayed in this area

Reference

1. S. Zaman S., F. Karray. Fuzzy ESVDF approach for Intrusion Detection System. The IEEE 23^rdInternational Conference on Advanced Information Networking and Applications (AINA-09). May 26-29, 2009. “to be published”
2. I. Onut and A. Ghorbani. A Feature Classification Scheme for Network Intrusion Detection. International Journal of Network Security, Page(s): 1-15, July 2007.
3. I. Onut and A. Ghorbani. Features vs. Attacks: A Comprehensive Feature Selection Model for Network Based Intrusion Detection Systems. Lecture notes in Computer Science, Page(s): 19-36, Springer-Verlag Berlin Heidelberg 2007.
   [CrossRef]
4. A. Tamilarasan, S. Mukkamala, A. Sung, and K. Yendrapalli. Feature Ranking and Selection for Intrusion Detection Using Artificial Neural Networks and Statistical Methods. 2006 International Joint Conference on Neural Networks (IJCNN’06),Page(s):4754-4761, July 16-21, 2006.
   Abstract | Full Text: PDF (307KB) | Full Text: HTML
5. A. Sung, S. Mukkamala. Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. Symposium on Application and Internet (SAINT’03),Page(s): 209-216, 27-31 Jan. 2003.
   Abstract | Full Text: PDF (277KB) | Full Text: HTML
6. V. Golovko, L. Vaitsekhovich, P. Kochurko and U. Rubanau. Dimensionality Reduction and Attack Recognition using Neural Network Approaches. International Joint Conference on Neural Networks, 2007,Page(s): 2734-2739, 12-17 Aug. 2007.
   Abstract | Full Text: PDF (385KB) | Full Text: HTML
7. S. Srinoy. Intrusion Detection Model Based On Particle Swarm Optimization and Support Vector Machine. The 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2007), Page(s): 186-192, 1-5 April 2007.
   Abstract | Full Text: PDF (7692KB) | Full Text: HTML
8. H. Gao, H. Yang, X. Wang. Ant Colony Optimization Based Network Intrusion Feature Selection and Detection. The Fourth International Conference on Machine Learning and Cybernetics, Guangzhou,Page(s): 18-21, August 2005.
9. Kh. Shazzad, J. Sou Park. Optimization of Intrusion Detection through Fast Hybrid Feature Selection. The Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2005, (PDCAT’05),Page(s): 264 – 267, 05-08 Dec, 2005.
   Abstract | Full Text: PDF (184KB) | Full Text: HTML
10. M. Yasin, and A. Awan. A Study of Host-Based IDS using System Calls. INCC 204, International Conference on Networking and Communication 2004, On page(s): 36-41, June 2004.
11. P. Lichodzijewski, and A. Zincir. Host-Based Detection Using Self-Organizing Maps. Proceedings of the 2002 International Joint Conference on Neural Networks,Vol 2, Page(s): 1714-1719, 2002.
12. J. Lei and A. Ghorbani. Network Intrusion Detection Using an Improved Competitive Learning Neural Network. Proceedings of the Second Annual Conference on Communication Networks and Services Research (CNSR’04), IEEE Computer Society, Page(s): 190 – 197, 2004.
    Abstract | Full Text: PDF (528KB) | Full Text: HTML
13. M. Moradi and M. Zulkernine. A Neural Network Based System for Intrusion Detection and Classification of Attacks.Unpublished technical report, this work was supported in part by the Natural Sciences and Engineering Research Council of Canada (NSERC). http://www.cs.queensu.ca/~moradi/148-04-MM- MZ.pdf.
14. S. Mukkamala, and A. Sung. A Framework for Countering Denial of Service Attacks (Knowledge Discovery Approach). IEEE International Conference on Systems, Man and Cybernetics,Page(s): 3273-3278 Vol.4, Oct. 2004.
15. L. Silva, A. Santos, J. Silva, and A. Montes. A Neural Network Application for Attack Detection in Computer Networks. IEEE International Joint Conference on Neural Network, 25-29, Page(s):1569-1574 Vol.2, July 2004.
    Abstract | Full Text: PDF (705KB) | Full Text: HTML
16. D. Novikov R. Yampolskiy and L Reznik. Anomaly Detection Based Intrusion Detection. Third International Conference on Information Technology: New Generation,Page(s):420 – 425, April 2006.
17. R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang and S. Zhou. Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions. Proceedings of the 9th ACM conference on Computer and communications security,Page(s): 265 – 274, 2002.
18. A. Curtis, and J. Carver, “Intrusion Response Systems: A Survey”, Department of Computer Science, Texas A&M University, Tech Report, 2000.
19. H. Kai, H. Zhu, K. Eguchi, N. Sun, and T. Tabata. A Novel Intelligent Intrusion Detection, Decision, Response System.IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences archive, Page(s): 1630-1637 Vol. E89-A, June 2006.
20. S. Zaman, and F. Karray. Feature Selection for Intrusion Detection System Based on Support Vector Machine. 6th Annual IEEE Consumer Communications & Networking Conference IEEE CCNC 2009. 10-13 January 2009.
    Abstract | Full Text: PDF (256KB) | Full Text: HTML
21. http://www.ll.mit.edu/mission/communications/ist/index.html.
22. N. Cristianini. Support Vector and Kernel Machines. BIOwulf Technologies, Tutorial, UCML-2001.
23. http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html.
24. S. Zaman, and F. Karray. Features Selection using Fuzzy ESVDF for Data Dimensionality Reduction. The International Conference on Computer Engineering and technology 2009 (ICCET 2009),January 22-24, 2009. “to be published”