Grenville Armitage

Swinburne University of Technology, Melbourne, Victoria, Australia

Are you Grenville Armitage?

Claim your profile

Publications (129)38.06 Total impact

  • Source
    Mark Claypool, Grenville Armitage, M.Brian Blake
    [Show abstract] [Hide abstract]
    ABSTRACT: Networked games in the context of the emerging technologies of cloud and mobile computing facilitate an enhanced gaming experience for consumers. Software engineers will be continually challenged to offer more realistic games in the context of ever more distributed systems, complexity in new game-delivery platforms, and the uncertainty in performance considering uneven computational environments.
    IEEE Internet Computing 01/2014; 18(3):8-11. · 2.04 Impact Factor
  • Sebastian Zander, Grenville Armitage
    The 38th IEEE Conference on Local Computer Networks (LCN 2013); 10/2013
  • Source
    The 7th IEEE Workshop on Network Measurements (WNM); 10/2013
  • Source
    Sebastian Zander, Lachlan L H Andrew, Grenville Armitage
    poster at IEEE INFOCOM; 04/2013
  • Computer Communications Review. 10/2012;
  • Sebastian Zander, Thuy Nguyen, Grenville Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: Machine Learning (ML) classifiers have been shown to provide accurate, timely and continuous IP flow classification when evaluating sub-flows (short moving windows of packets within flows). They can be used to provide automated QoS management for interactive traffic, such as fast-paced multiplayer games or VoIP. As with other ML classification approaches, previous sub-flow techniques have assumed all packets in all flows are being observed and evaluated. This limits scalability and poses a problem for practical deployment in network core or edge routers. In this paper we propose and evaluate subflow packet sampling (SPS) to reduce an ML sub-flow classifier's resource requirements with minimal compromise of accuracy. While random packet sampling increases classification time from
    The 37th IEEE Conference on Local Computer Networks (LCN12); 10/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Despite the predicted exhaustion of unallocated IPv4 addresses between 2012 and 2014, it remains unclear how many current clients can use its successor, IPv6, to access the Internet. We propose a refinement of previous measurement studies that mitigates intrinsic measurement biases, and demonstrate a novel web-based technique using Google ads to perform IPv6 capability testing on a wider range of clients. After applying our sampling error reduction, we find that 6% of world-wide connections are from IPv6-capable clients, but only 1--2% of connections preferred IPv6 in dual-stack (dual-stack failure rates less than 1%). Except for an uptick around IPv6-day 2011 these proportions were relatively constant, while the percentage of connections with IPv6-capable DNS resolvers has increased to nearly 60%. The percentage of connections from clients with native IPv6 using happy eyeballs has risen to over 20%.
    Internet Measurement Conference 2012; 01/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Machine Learning (ML) for classifying IP traffic has relied on the analysis of statistics of full flows or their first few packets only. However, automated QoS management for interactive traffic flows requires quick and timely classification well before the flows finish. Also, interactive flows are often long-lived and should be continuously monitored during their lifetime. We propose to achieve this by using statistics derived from sub-flows—a small number of most recent packets taken at any point in a flow's lifetime. Then, the ML classifier must be trained on a set of sub-flows, and we investigate different sub-flow selection strategies. We also propose to augment training datasets so that classification accuracy is maintained even when a classifier mixes up client-to-server and server-to-client directions for applications exhibiting asymmetric traffic characteristics. We demonstrate the effectiveness of our approach with the Naive Bayes and C4.5 Decision Tree ML algorithms, for the identification of first-person-shooter online game and VoIP traffic. Our results show that we can classify both applications with up to 99% Precision and 95% Recall within less than 1 s. Stable results are achieved regardless of where within a flow the classifier captures the packets and the traffic direction.
    IEEE/ACM Transactions on Networking 01/2012; 20(6):1880-1894. · 2.01 Impact Factor
  • Source
    Grenville Armitage, Amiel Heyde
    [Show abstract] [Hide abstract]
    ABSTRACT: Online First Person Shooter (FPS) games typically use a client-server communication model, with thousands of enthusiast-hosted game servers active at any time. Traditional FPS server discovery may take minutes, as clients create thousands of short-lived packet flows while probing all available servers to find a selection of game servers with tolerable round trip time (RTT). REED reduces a client's probing time and network traffic to 1% of traditional server discovery. REED game servers participate in a centralized, incremental calculation of their network coordinates, and clients use these coordinates to expedite the discovery of servers with low RTTs.
    ACM Transactions on Multimedia Computing, Communications, and Applications - TOMCCAP. 01/2012;
  • Source
    Geoff Huston, Mattia Rossi, Grenville J. Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: HE INTERNET is a decentralised collection of interconnected component networks. These networks are composed of end hosts (who originate and/or receive IP packets, and are identified by IP addresses) and active forwarding elements (routers) whose role is to pass IP packets through the network. The routing system is responsible for propagating the relative location of addresses to each routing element, so that routers can make consistent and optimal routing decisions in order to pass a packet from its source to its destination. Routing protocols are used to perform this information propagation. The Internet’s current routing system is divided into a twolevel hierarchy. At one level is intra-domain routing, used by the set of autonomous routing systems operating within each component network. At the other level is a single interdomain routing system that maintains the inter-autonomous system connectivity information that straddles these component networks. A single inter-domain routing protocol, the Border Gateway Protocol (BGP) [1], has provided interdomain routing services for the Internet’s disparate component networks since the late 1980’s [2]. Given the central role of routing in the operation of the Internet, BGP is one of the critical protocols that provide security and stability to the Internet [3]. BGP’s underlying distributed distance vector computations rely heavily on informal trust models associated with information propagation to produce reliable and correct results. It can be likened to a hearsay network — information is flooded across a network as a series of point-to-point exchanges, with the information being incrementally modified each time it is exchanged between BGP speakers. The design of BGP was undertaken in the relatively homogeneous and mutually trusting environment of the early Internet. Consequently, its
    IEEE Communications Surveys and Tutorials. 01/2011; 13:199-222.
  • Source
    David A. Hayes, Michael Welzl, Grenville J. Armitage, Mattia Rossi
    [Show abstract] [Hide abstract]
    ABSTRACT: TCP is quite a heavyweight protocol when serving very small web pages. We introduce a server-side kernel modification which enables a web server to perform HTTP over a UDP socket while the kernel provides a regular TCP interface 'on the wire' to remote clients. We show that our "stateless" TCP modification can greatly reduce a server's CPU usage (>20%) and TCP related memory requirements(>90%), potentially enabling it to serve small web pages even under extreme overload conditions.
    Network and Operating System Support for Digital Audio and Video, 21st International Workshop, NOSSDAV 2011, Vancouver, BC, Canada, June 1-3, 2011, Proceedings; 01/2011
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Consumer broadband services are increasingly a mix of TCP-based and UDP-based applications, often with quite distinct requirements for interactivity and network performance. Consumers can experience degraded service when application traffic collides at a congestion point between home LANs, service provider edge networks and fractional-Mbit/sec `broadband' links. We illustrate two key issues that arise from the impact of TCP-based data transfers on real-time traffic (such as VoIP or online games) sharing a broadband link. First, well-intentioned modifications to traditional TCP congestion control can noticeably increase the latencies experienced by VoIP or online games. Second, superficially-similar packet dropping rules in broadband gateways can induce distinctly different packet loss rates in VoIP and online game traffic. Our observations provide cautionary guidance to researchers who model such traffic mixes, and to vendors implementing equipment at either end of consumer links.
    ACM Multimedia Systems Conference (MMSys 2011); 01/2011
  • Source
    David A. Hayes, Grenville J. Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: Traditional loss-based TCP congestion control (CC) tends to induce high queuing delays and perform badly across paths containing links that exhibit packet losses unrelated to congestion. Delay-based TCP CC algorithms infer congestion from delay measurements and tend to keep queue lengths low. To date most delay-based CC algorithms do not coexist well with loss-based TCP, and require knowledge of a network path’s RTT characteristics to establish delay thresholds indicative of congestion. We propose and implement a delay-gradient CC algorithm (CDG) that no longer requires knowledge of path-specific minimum RTT or delay thresholds. Our FreeBSD implementation is shown to coexist reasonably with loss-based TCP (NewReno) in lightly multiplexed environments, share capacity fairly between instances of itself and NewReno, and exhibits improved tolerance of non-congestion related losses (86% better goodput than NewReno in the presence of 1% packet losses).
    NETWORKING 2011 - 10th International IFIP TC 6 Networking Conference, Valencia, Spain, May 9-13, 2011, Proceedings, Part II; 01/2011
  • Source
    G. Huston, M. Rossi, G. Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: The Border Gateway Protocol (BGP) is the Internet's inter-domain routing protocol. One of the major concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet is vulnerable to various forms of attack. This paper examines the Internet's routing architecture and the design of BGP in particular, and surveys the work to date on securing BGP. To date no proposal has been seen as offering a combination of adequate security functions, suitable performance overheads and deployable support infrastructure. Some open questions on the next steps in the study of BGP security are posed.
    IEEE Communications Surveys &amp Tutorials 01/2011; · 4.82 Impact Factor
  • Source
    Sebastian Zander, Philip Branch, Grenville Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: Covert channels aim to hide the exis-tence of communication. Recently, Murdoch proposed a temperature-based covert channel where information is transmitted by remotely inducing and measuring changes of temperature of an unwitting intermediate host. The channel was invented for the purpose of attacking anony-mous servers, but could also be used for general-purpose covert communications. We propose an empirical method for estimating realistic (and previously unknown) capaci-ties for this channel. In example scenarios with different intermediate hosts and different levels of temperature induction and noise we find the channel capacity is up to 20.5 bits per hour, but it almost halves to 10.3 bits per hour with higher noise or more effective cooling at the intermediate host.
    IEEE Communications Letters 01/2011; 15. · 1.16 Impact Factor
  • Mattia Rossi, Philip Branch, Grenville J. Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: Geolocation of IP addresses is used for determining authenticity of webpages, delivering specific country or location related content and advertisements, or to add security for online transactions. Although IP geolocation databases exist, it is sometimes useful to validate their entries or create new, independent databases using independent sources of information. We propose and demonstrate a method whereby collecting and analyzing online game server discovery traffic over short periods of time can allow us to detect in which timezone a certain prefix or AS is located. Our method provides very good estimates of various AS timezones which we verify using publicly available IP geolocation databases.
    Network and Operating System Support for Digital Audio and Video, 21st International Workshop, NOSSDAV 2011, Vancouver, BC, Canada, June 1-3, 2011, Proceedings; 01/2011
  • Sebastian Zander, Grenville J. Armitage, Philip Branch
    [Show abstract] [Hide abstract]
    ABSTRACT: Covert channels aim to hide the existence of communication. Recently proposed packet-timing channels encode covert data in inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show that ~80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder to detect. Only ~9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending on overt traffic and network jitter.
    NETWORKING 2011 - 10th International IFIP TC 6 Networking Conference, Valencia, Spain, May 9-13, 2011, Proceedings, Part I; 01/2011
  • Source
    Sebastian Zander, Grenville J. Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: A multi-service Internet requires routers to recognise and prioritise IP flows carrying interactive or multimedia traffic. It is increasingly problematic for legal or administrative reasons to recognise such flows using unique port numbers or deep packet inspection. New work in recent years shows that Machine Learning (ML) techniques can use externally observable statistical characteristics to usefully differentiate such IP traffic. However, most previous work has not addressed the practicality of ML-based traffic classification in terms of CPU and memory usage. Here we describe our design, implementation and performance evaluation of a distributed, ML-based traffic classification and control system for FreeBSD's IP Firewall (IPFW). On an Intel Core i7 2.8 GHz PC our system can classify up to 400 000 packets per second using only one core and our system scales well to up to 100 000 simultaneous flows. Also our implementation allows one classifier PC to control subsequent traffic shaping or blocking at multiple (potentially lower performance) routers or gateways distributed around the network.
    IEEE 36th Conference on Local Computer Networks, LCN 2011, Bonn, Germany, October 4-7, 2011; 01/2011
  • Source
    Sebastian Zander, Grenville Armitage
    11/2010;
  • Source
    G. Huston, M. Rossi, G. Armitage
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper defines and evaluates Path Exploration Damping (PED) - a router-level mechanism for reducing the volume of propagation of likely transient update messages within a BGP network and decreasing average time to restore reachability compared to current BGP Update damping practices. PED selectively delays and suppresses the propagation of BGP updates that either lengthen an existing AS Path or vary an existing AS Path without shortening its length. We show how PED impacts on convergence time compared to currently deployed mechanisms like Route Flap Damping (RFD), Minimum Route Advertisement Interval (MRAI) and Withdrawal Rate Limiting (WRATE). We replay Internet BGP update traffic captured at two Autonomous Systems to observe that a PED-enabled BGP speaker can reduce the total number of BGP announcements by up to 32% and reduce Path Exploration by 77% compared to conventional use of MRAI. We also describe how PED can be incrementally deployed in the Internet, as it interacts well with prevailing MRAI deployment, and enables restoration of reachability more quickly than MRAI.
    IEEE Journal on Selected Areas in Communications 11/2010; · 3.12 Impact Factor