5G; mobile network; security; monitoring; multi-domain; SDN
2. Related Work
2.1. Fifth Generation Security
Fifth generation security architecture is an evolution of third and fourth generation (3G/4G) security standards and architecture defined by Third Generation Partnership Project (3GPP) [4,5,6,7,8]. These specifications focus on the authentication between subscriber’s terminals and networks as well as on protection of access and core network communication against external threats. Fifth generation security approaches address these requirements but also new threats arising from new technologies and applications. The requirements for security mechanisms include:
Scalability and performance—Solutions for new and legacy threats must support high traffic volumes and large device numbers with new emerging applications. Security solutions must be scalable in a horizontal manner (more connected devices) and in a vertical manner (support different applications with diverse requirements).
2.2. Security Monitoring and Trust Management
Security monitoring is a process of collecting, analysing, and inferring security event information in order to gain awareness of a system’s security state and trustworthiness as well as to detect and enable responses to security incidents. Monitoring systems collect and share information on events—occurrences that are relevant to the security of the system—from various sources. Networks produce large amounts of event data. Security relevant information is composed of the following categories:
Network configuration information reveals security capabilities and trustworthiness of the hardware and software deployed to the network. This information consists of software configuration of network functions (software vendors, identities, version information, and management practices) and physical configuration of the infrastructure (topology, location of nodes, physical security, hardware vendors, models). Furthermore, the number, location, and configuration of end-user devices, affect the system’s security.
Status information on available security services allows for keeping track of protected assets. For instance, use of different security protocols, algorithms, firewalls, and secure tunnelling solutions should be monitored and failures recorded.
Traffic statistics, various counters, and key performance indicators (KPIs) can be used to detect different ongoing threats and attack situations. For instance, abrupt high traffic peaks or resource starvation situations can indicate malicious attacks.
Application data flowing through the network can be analysed in detail when packet traces (header and payload data from different protocol layers) are available. Packets can be scanned, e.g., for malware. However, in many cases encryption prevents such inspections anywhere other than in the originating and destination domains.
Detected incidents reports are shared across domains to enable common defence actions e.g., against distributed-denial-of-service attacks.
2.3. Security by Software-Defined Networking
Software-Defined Networks (SDNs) ease network configuration and evolution as well as policy enforcement. SDN is based on three principles that enable faster provisioning and configuration of network connections [25,26,27]:
Decoupling of control and data plane—Data plane nodes (switches) query the control plane (SDN controller) to give forwarding instructions when new packet flows emerge.
Programmability of network services—The administrator may introduce complex rules and programs for the control layer, which are then consistently executed in the data plane.
Logically centralized control—network administrators can program the behaviour of the traffic in a centralized manner.
3. Framework for Security Monitoring and Multi-Domain Trust Management
3.1. The Framework
The monitoring framework, illustrated in Figure 3, is a collection of enablers and features (software components for extracting security awareness from 5G networks) and information sharing mechanisms for tying these enablers together. The framework consists of the following enablers:
The micro-segmentation enabler facilitates creation and control of slices. It organizes and isolates network traffic flows. The enabler is a software component that uses a virtualization platform, access control functions, and an SDN controller to create slices and manage and adapt traffic flows.
Monitoring brokers distribute security event information. Brokers combine event flows from parts of the network within the end-to-end slice and make them available for different security inferencing functions.
The inferencing platform and functions generate security awareness from monitored data. The platform provides libraries for correlating and analysing large amount of streaming data flows.
Security adaptation mechanisms change the behaviour of 5G networks and security control mechanisms based on inferred knowledge on risks and trust levels.
The Trust Level Agreement (TLA) mechanism and Trust Metric Enabler facilitate knowledge exchange across administrative domains. The TLA enables the orchestration of end-to-end trustworthy slices.
3.2. Event Brokering
The glue in the monitoring framework is the information brokering mechanism. It enables different parties to connect each other and share information and knowledge. The proposed paradigm for information distribution is to ‘publish and subscribe’. In this paradigm, the information is published to a central element broker, which then forwards information to components that have subscribed to that particular information flow. The approach increases the scalability and flexibility of 5G security monitoring as:
It is easy to add new heterogeneous event sources to the system without changes to the broker or existing inferencing applications.
Inferencing components can be integrated to the system for processing and inferencing of event streams as needed and reused in different applications.
Events are efficiently provided only for those components that are interested on them.
3.3. Security Inferencing
3.4. Customizing Security by Software-Defined Networking
3.5. Trust Level Agreement between Slices and Domains
4. Security Scenarios of Multi-Domain Data Correlation
4.1. IoT Authentication Storms and Adaptive Group Authentication
An overload situation in one domain may then trigger different control actions:
In a situation where a home network has enough capacity, the system allows devices to authenticate directly with the home network using, e.g., a standard authentication and key agreement (AKA)  protocol.
In a case where a monitor detects an overload situation in the home network domain, it adapts security controls in access and/or user equipment domains so that traffic flows are blocked and devices are required to use group authentication mechanisms instead. These mechanisms require less effort from the home network but may also have some downsides with respect to the access network performance or for the security level .
In a situation where the access network does not have enough capacity for group authentication, the monitoring system may allow device access through trusted gateways which authenticate devices locally. This solution is the most scalable but places trust in local gateways.
In a situation where a slice subscriber has specified a trust model with high integrity requirements, the strongest (e.g., direct authentication with home network) is applied even if that means that some devices will be disconnected. The slice may also have set particular trust models, which define the amount of devices that can be connected to a slice using group authentication mechanisms and for which authentication mechanisms are possible.
4.2. Location Tracking and Adaptive Privacy Protection
5.1. Micro-Segmentation Enabler
5.2. Sharing of Monitoring Data
5.3. Security Inferencing and Anomaly Detection
5.4. Trust Metric Enabler
Trust models specify requirements that the 5G network must fulfil to provide the required trust level. All requirements stated in the model must be fulfilled to confirm that the network is trusted. The current implementation supports three types of measurements:
Service—Stating that a particular service is running. “The service must be running for the network to be trusted”.
Max_level—Setting an upper boundary for particular aggregated events. “There must be at most x number of events y occurrences for the network to be trusted.”
Min_level—Setting a lower boundary for particular aggregated events. “There must be at least x number of events y occurrences for the network to be trusted.”
5.5. Mobile Network Testbed
6. Characteristics of Application-Specific Data in the Mobile Network Testbed
6.1. EPC Data from Video and IoT scenarios
6.2. Effects on Machine Learning
The proposed framework can detect different kinds of threats. In Section 4, we discussed location tracking and IoT botnet scenarios in more detail. Other potential use cases could include:
Detecting man-in-the-middle (MitM) attacks by following times that it takes for specific packets to cross different domains and detecting if there are delays that could indicate MitM. Such an approach can be used to improve application domain security—e.g., to detect attacks against two-channel authentication/verifications used for example in bank applications or in company intranet authentication.
Downgrading attacks—detecting cases where a capable device is forced to use connectivity alternatives (5G ≥ 3G, 4G, or WiFi) that may have weaker protection. Such attacks can be detected by monitoring the use of weak connectivity alternatives in locations where stronger mechanisms are available.
Location spoofing by end-points—A device may want to spoof its location to an end-service in order to circumvent location-specific access controls. For instance, a sensor may be stolen and transferred to another location in order to spoof a data collector. Such attacks can be detected by monitoring which base stations are used to connect to the network. SDNs can also control access so that access to slices is only possible from particular locations.
8. Conclusions and Future Work
Conflicts of Interest
- ITU. ITU towards IMT for 2020 and Beyond—IMT-2020 Standards for 5G. 2017. Available online: http://www.itu.int/en/ITU-R/study-groups/rsg5/rwp5d/imt-2020/Pages/default.aspx (accessed on 28 September 2017).
- 3GPP. TR 38.913 Study on Scenarios and Requirements for Next Generation Access Technologies. Technical Report, v14.3. 2017. Available online: http://www.3gpp.org/ftp/Specs/archive/38_series/38.913/38913-e30.zip (accessed on 13 November 2017).
- Gupta, A.; Jha, R. A Survey of 5G Network: Architecture and Emerging Technologies. IEEE Access 2015, 3, 1206–1232. Available online: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=7169508 (accessed on 10 August 2015). [Google Scholar] [CrossRef]
- 3GPP. Technical Specification Group Services and System Aspects; 3G Security; Security Architecture. (TS 33.102); 2012. [Google Scholar]
- GPP. TS 33.401 V12.14.0 (2015-03). 3GPP System Architecture Evolution (SAE). Security Architecture. 2015. Available online: http://www.3gpp.org/ftp/specs/html-info/33401.htm (accessed on 28 September 2017).
- 3GPP. TS 35.215. Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 1: UEA2 and UIA2 Specifications; Available online: http://www.3gpp.org/DynaReport/35215.htm (accessed on 28 September 2017).
- 3GPP. 3G Security; Access Security for IP-Based Services. 3GPP Specification. TS 33.203 V12.6.0. 2014. Available online: http://www.3gpp.org/DynaReport/33203.htm (accessed on 28 September 2017).
- 3GPP. Technical Specification Group Services and System Aspects; 3G Security; Network Domain Security (NDS); IP Network Layer Security (TS33.210); 2015. [Google Scholar]
- Traynor, P.; Lin, M.; Ongtang, M.; Rao, V.; Jaeger, T. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In Proceedings of the 16th ACM conference on Computer and Communications Security, Chicago, IL, USA, 9–13 November 2009; Available online: http://dl.acm.org/citation.cfm?id=1653690 (accessed on 29 May 2017). [Google Scholar]
- Mulliner, C.; Seifert, J.-P. Rise of the iBots: Owning a Telco Network. In Proceedings of the 2010 5th International Conference on Malicious and Unwanted Software, Nancy, France, 19–20 October 2010; pp. 71–80. Available online: http://ieeexplore.ieee.org/document/5665790/ (accessed on 29 May 2017). [Google Scholar]
- G-ENSURE Project. Security Architecture (Draft)—Deliverable D2.4. 2016. Available online: https://5gensure.eu/sites/default/files/Deliverables/5G-ENSURE_D2.4-SecurityArchitectureDraft.pdf (accessed on 17 August 2017).
- 5G-ENSURE Project. 5G-PPP Security Enablers Open Specifications (v2.0)—Deliverable D3.6. 2017. Available online: https://5gensure.eu/sites/default/files/5G-ENSURE_D3.6 5G-PPP security enablers open specifications %28v2.0%29.pdf (accessed on 17 August 2017).
- 3GPP. Key Performance Indicators (KPI) for Evolved Universal Terrestrial Radio Access Network (E-UTRAN): Definitions (Release 8). TS32-450; 2011; Available online: www.3gpp.org/DynaReport/32450.htm.
- 3GPP. Telecommunication Management; Key Performance Indicators (KPI) for Evolved Universal Terrestrial Radio Access Network (E-UTRAN): Requirements. TS 32.451; 2008; Available online: http://www.qtc.jp/3GPP/Specs/32451-a00.pdf (accessed on 6 March 2017).
- ETSI. Network Functions Virtualisation (NFV) Release 3; Security; Security Management and Monitoring; Draft; GS NFV-SEC 013 V0.0.9.; ETSI: Sophia Antipolis, France, 2017. [Google Scholar]
- ETSI. NFV Security; Security and Trust Guidance; GS NFV-SEC 003—V1.1.1. 2014. Available online: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf (accessed on 10 February 2017).
- Martin, A.B.; Marinos, L.; Rekleitis, E. Threat Landscape and Good Practice Guide for Software Defined Networks/5G. ENISA. 2015. Available online: http://openaccess.city.ac.uk/id/eprint/15504 (accessed on 14 August 2017).
- Yan, Z.; Zhang, P.; Vasilakos, A.V. A security and Trust Framework for Virtualized Networks and Software-Defined Networking. Secur. Commun. Netw. 2015, 9, 3059–3069. Available online: http://doi.wiley.com/10.1002/sec.1243 (accessed on 6 June 2017). [Google Scholar] [CrossRef]
- Luo, S.; Dong, M.; Ota, K.; Wu, J.; Li, J. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks. Sensors 2015, 15, 31843–31858. Available online: http://www.mdpi.com/1424-8220/15/12/29887 (accessed on 16 August 2017). [Google Scholar] [CrossRef] [PubMed]
- Ahmed, M.; Naser Mahmood, A.; Hu, J. A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 2016, 60, 19–31. Available online: http://www.sciencedirect.com/science/article/pii/S1084804515002891 (accessed on 6 September 2017). [Google Scholar] [CrossRef]
- Gupta, A.; Verma, T.; Bali, S.; Kaul, S. Detecting MS Initiated Signaling DDoS Attacks in 3G/4G Wireless Networks. In Proceedings of the 2013 Fifth International Conference on Communication Systems and Networks (COMSNETS), Bangalore, India, 9–10 January 2013; pp. 1–60. Available online: http://ieeexplore.ieee.org/document/6465568/ (accessed on 29 May 2017). [Google Scholar]
- Shabtai, A.; Tenenboim-Chekina, L.; Mimran, D.; Rokach, L.; Shapira, B.; Elovici, Y. Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 2014, 43, 1–18. Available online: http://www.sciencedirect.com/science/article/pii/S0167404814000285 (accessed on 6 June 2017). [Google Scholar] [CrossRef]
- Marquezan, C.; Mahmood, K.; Zafeiropoulos, A. Context Awareness in Next Generation of Mobile Core Networks. arXiv. 2016. Available online: https://arxiv.org/abs/1611.05353 (accessed on 14 August 2017).
- López, L.B.; Caraguay, Á.V.; Vidal, J.M.; Monge, M.A. S.; Villalba, L.J.G. Towards Incidence Management in 5G Based on Situational Awareness. Future Internet 2017, 9, 3. Available online: http://www.mdpi.com/1999-5903/9/1/3/htm (accessed on 14 August 2017). [Google Scholar] [CrossRef]
- Van Adrichem, N.; Doerr, C. OpenNetMon: Network monitoring in OpenFlow Software-Defined Networks. In Proceedings of the 2014 IEEE Network Operations and Management Symposium (NOMS), Krakow, Poland, 5–9 May 2014; Available online: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6838228 (accessed on 13 June 2016). [Google Scholar]
- Tootoonchian, A.; Ghobadi, M.; Ganjali, Y. OpenTM: Traffic Matrix Estimator for OpenFlow Networks; Springer: Berlin/Heidelberg, Germany, 2010; pp. 201–210. Available online: http://link.springer.com/10.1007/978-3-642-12334-4_21 (accessed on 16 June 2016).
- Ballard, J.R.; Rae, I.; Akella, A. Extensible and scalable network monitoring using OpenSAFE. In Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, San Jose, CA, USA, 28–30 April 2010; p. 8. Available online: http://dl.acm.org/citation.cfm?id=1863141 (accessed on 16 June 2016). [Google Scholar]
- ETSI. GS NFV-SWA 001—V1.1.1—Network Functions Virtualisation (NFV); Virtual Network Functions Architecture. 2014. Available online: http://www.etsi.org/deliver/etsi_gs/NFV-SWA/001_099/001/01.01.01_60/gs_NFV-SWA001v010101p.pdf (accessed on 27 October 2017).
- NGMN Alliance. Description of Network Slicing Concept. Report. 2016. Available online: https://www.ngmn.org/uploads/media/160113_Network_Slicing_v1_0.pdf (accessed on 21 September 2017).
- VMware. Data Center Micro-Segmentation A Software Defined Data Center Approach for a “Zero Trust” Security Strategy. White Paper. 2014. Available online: https://blogs.vmware.com/networkvirtualization/files/2014/06/VMware-SDDC-Micro-Segmentation-White-Paper.pdf (accessed on 21 September 2017).
- Mämmelä, O.; Hiltunen, J.; Suomalainen, J.; Ahola, K.; Mannersalo, P.; Vehkaperä, J. Towards Micro-Segmentation in 5G Network Security. European Conference on Networks and Communications (EuCNC 2016) Workshop on Network Management, Quality of Service and Security for 5G Networks. 2016. Available online: https://www.researchgate.net/profile/Olli_Maemmelae/publication/310447736_Towards_Micro-Segmentation_in_5G_Network_Security/links/582d678b08aef19cb811738b.pdf (accessed on 31 January 2017).
- Liyanage, M.; Abro, A. Opportunities and Challenges of Software-Defined Mobile Networks in Network Security Perspective. IEEE Secur. Priv. 2016, 14, 34–44. Available online: https://www.researchgate.net/profile/Madhusanka_Liyanage/publication/282648199_Opportunities_and_Challenges_of_Software-Defined_Mobile_Networks_in_Network_Security_Perspective/links/561bb10a08ae78721fa100f2.pdf (accessed on 16 February 2016). [Google Scholar] [CrossRef]
- Donatini, L.; Garroppo, R.G.; Giordano, S.; Procissi, G.; Roma, S.; Foddis, G.; Topazzi, S. Advances in LTE network monitoring: A step towards an SDN solution. In Proceedings of the Mediterranean Electrotechnical Conference (MELECON), Beirut, Lebanon, 13–16 April 2014; pp. 339–343. Available online: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6820557 (accessed on 20 June 2016). [Google Scholar]
- Adami, D.; Donatini, L.; Foddis, G.; Giordano, S.; Roma, S.; Topazzi, S. Design and development of management functions for distributed monitoring based on SDN-based network. In Proceedings of the Euro Med Telco Conference (EMTC 2014), Naples, Italy, 12–15 November 2014; pp. 1–5. Available online: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6996655 (accessed on 20 June 2016). [Google Scholar]
- Yousaf, F.; Gramaglia, M.; Friderikos, V.; Gajic, B.; von Hugo, D.; Sayadi, B.; Sciancalepore, V.; Crippa, M.R. Network slicing with flexible mobility and QoS/QoE support for 5G Networks. In Proceedings of the 2017 IEEE International Conference on 4th Communications Workshops (ICC Workshops), Paris, France, 21–25 May 2017; Available online: http://ieeexplore.ieee.org/abstract/document/7962821/ (accessed on 23 January 2018). [Google Scholar]
- Kephart, J.O.; Chess, D.M. The vision of autonomic computing. Computer 2003, 36, 41–50. Available online: http://ieeexplore.ieee.org/document/1160055/ (accessed on 26 September 2017). [Google Scholar] [CrossRef]
- Hiltunen, J.; Ruuska, P.; Suomalainen, J. Trust Metric Enabler Open Specifications. 5G-ENSURE Project. Deliverable D3.6. 5G-PPP Security Enablers Open Specifications (v2.0). 2017. Available online: https://5gensure.eu/sites/default/files/5G-ENSURE_D3.6 5G-PPP security enablers open specifications %28v2.0%29.pdf (accessed on 28 September 2017).
- Jover, R. Security Attacks against the Availability of LTE Mobility Networks: Overview and Research Directions. In Proceedings of the 2013 16th International Symposium on Wireless Personal Multimedia Communications (WPMC), Atlantic City, NJ, USA, 24–27 June 2013; Available online: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6618585 (accessed on 28 June 2016). [Google Scholar]
- Jover, R.P. Security and impact of the IoT on LTE mobile networks. In Security and Privacy in the Internet of Things (IoT): Models, Algorithms, and Implementations; Taylor & Francis LLC, CRC Press: New York, NY, USA, 2016; Available online: http://www.ee.columbia.edu/~roger/LTE_IoT.pdf (accessed on 7 March 2016).
- 3GPP. Study on Machine-Type Communications (MTC) and Other Mobile Data Applications Communications Enhancements. TR 23.887. 2013. Available online: http://www.3gpp.org/ftp/Specs/archive/23_series/23.887/23887-c00.zip (accessed on 22 September 2017).
- Cao, J.; Ma, M.; Li, H. A group-based authentication and key agreement for MTC in LTE networks. In Proceedings of the 2012 IEEE Global Communications Conference (GLOBECOM), Anaheim, CA, USA, 3–7 December 2012; pp. 1017–1022. Available online: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6503246 (accessed on 25 May 2016). [Google Scholar]
- Lai, C.; Li, H.; Lu, R.; Shen, X. SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks. Comput. Netw. 2013, 57, 3492–3510. Available online: http://www.sciencedirect.com/science/article/pii/S1389128613002570 (accessed on 17 May 2016). [Google Scholar] [CrossRef]
- Giustolisi, R.; Gerhmann, C. Threats to 5G Group-Based Authentication. In Proceedings of the 13th International Conference on Security and Cryptography (SECRYPT 2016), Lisbon, Portugal, 26–28 July 2016; SciTePress: Setubal, Portugal, 2016. Available online: http://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1062093&dswid=6179 (accessed on 28 September 2017). [Google Scholar]
- Kune, D.F.; Koelndorfer, J.; Hopper, N.; Kim, Y. Location leaks on the GSM air interface. In Proceedings of the Network & Distributed System Security Symposium (NDSS), San Diego, CA, USA, 5–8 February 2012. [Google Scholar]
- Shaik, A.; Borgaonkar, R.; Asokan, N.; Niemi, V. Practical attacks against privacy and availability in 4G/LTE mobile communication systems. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS 2016), San Diego, CA, USA, 21–24 February 2016; Available online: https://arxiv.org/abs/1510.07563 (accessed on 29 June 2017). [Google Scholar]
- Burke, K. How Many Texts Do People Send Every Day? Text Request. Blog. 2016. Available online: https://www.textrequest.com/blog/many-texts-people-send-per-day/ (accessed on 29 November 2017).
- Sauter, M. LTE And The Number Of Simultaneously Connected Users—WirelessMoves. Wireless Moves. Blog. 2016. Available online: https://blog.wirelessmoves.com/2016/02/lte-and-the-number-of-simultaneously-connected-users.html (accessed on 29 November 2017).
- Suomalainen, J. Security Monitor for 5G-Microsegments. 5G-PPP Security Enablers Documentation. 5G-ENSURE Project Deliverable 3.4. 2017. Available online: https://5gensure.eu/sites/default/files/Deliverables/5G-ENSURE_D3.4_5G-PPP_Security_Enablers_Documentation.pdf (accessed on 28 September 2017).
- 5G-ENSURE Project. Web Site. 2017. Available online: http://5gensure.eu/ (accessed on 28 September 2017).
- Al-Shabibi, A.; de Leenheer, M.; Gerola, M.; Koshibe, A.; Parulkar, G.; Salvadori, E.; Snow, B. OpenVirteX. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking (HotSDN ’14), Chicago, IL, USA, 22 August 2014; pp. 25–30. Available online: http://dl.acm.org/citation.cfm?id=2620728.2620741 (accessed on 23 September 2015). [Google Scholar]
- OpenVirteX Project. Web Site. 2017. Available online: http://mininet.org/ (accessed on 28 September 2017).
- Ryu SDN Framework Community. Web Site. 2017. Available online: https://osrg.github.io/ryu/ (accessed on 28 September 2017).
- Mininet Team. Web Site. 2017. Available online: http://mininet.org/ (accessed on 28 September 2017).
- Open vSwitch. Web Site. 2017. Available online: http://openvswitch.org/ (accessed on 3 October 2017).
- Apache Kafka. Available online: https://kafka.apache.org/ (accessed on 25 August 2017).
- Apache Spark—Lightning-Fast Cluster Computing. Available online: https://spark.apache.org/ (accessed on 25 August 2017).
- Ailon, N.; Jaiswal, R.; Monteleoni, C. Streaming k-means approximation. In Advances in Neural Information; Neural Information Processing Systems Foundation: South Lake Tahoe, NV, USA, 2009; Available online: http://papers.nips.cc/paper/3812-streaming-k-means-approximation (accessed on 14 February 2017).
- Freeman, J. Introducing Streaming k-Means in Apache Spark 1.2—The Databricks Blog. Databrics, Engineering Blog. Available online: https://databricks.com/blog/2015/01/28/introducing-streaming-k-means-in-spark-1-2.html (accessed on 14 February 2017).
- MacQueen, J. Some methods for classification and analysis of multivariate observations. In Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Berkeley, CA, USA, 18–21 July 1965. [Google Scholar]
- Lloyd, S. Least Squares Quantization in PCM. IEEE Trans. Inf. Theory 1982, 28, 129–137. Available online: http://ieeexplore.ieee.org/abstract/document/1056489/ (accessed on 15 February 2017). [Google Scholar] [CrossRef]
- Core Network Dynamics. OpenEPC. 2017. Available online: https://www.corenetdynamics.com/products (accessed on 2 October 2017).
- Bergmann, O. Libcoap: C-Implementation of CoAP. 2017. Available online: https://libcoap.net/ (accessed on 2 October 2017).
- Shelby, Z.; Hartke, K.; Bormann, C. The Constrained Application Protocol (CoAP). RFC 7252. IETF; 2014. Available online: https://tools.ietf.org/html/rfc7252 (accessed on 2 October 2017).
- Rosenberg, J.; Schulzrinne, H.; Camarillo, G.; Johnston, A.; Peterson, J.; Sparks, R.; Handley, M.; Schooler, E. SIP: Session Initiation Protocol. RFC 3261. 2002. Available online: https://tools.ietf.org/html/rfc3261 (accessed on 2 October 2017).
- Schulzrinne, H.; Casner, S.; Frederick, R.; Jacobson, V. RTP: A Transport Protocol for Real-Time Applications. RFC3550, IETF. 2003. Available online: https://tools.ietf.org/html/rfc3550 (accessed on 2 October 2017).
- The Wireshark Team. Wireshark Web Site. 2017. Available online: https://www.wireshark.org/ (accessed on 2 October 2017).
- Borg, I.; Groenen, P.; Mair, P. Applied Multidimensional Scaling; Springer Science & Business Media: New York, NY, USA, 2012. [Google Scholar]
- The Scikit-Learn Project. sklearn.manifold.MDS—Scikit-Learn 0.19.0 Documentation. 2017. Available online: http://scikit-learn.org/stable/modules/generated/sklearn.manifold.MDS.html (accessed on 15 September 2017).
- Steinbach, M.; Karypis, G.; Kumar, V. A Comparison of Document Clustering Techniques. In Proceedings of the KDD Workshop on Text Mining, Boston, MA, USA, 20–23 August 2000. [Google Scholar]
- The Scikit-Learn Project. sklearn.preprocessing.MinMaxScaler—Scikit-Learn 0.19.0 Documentation. Available online: http://scikit-learn.org/stable/modules/generated/sklearn.preprocessing.MinMaxScaler.html (accessed on 18 September 2017).
- The Scikit-Learn Project. sklearn.datasets.make_blobs—Scikit-Learn 0.19.0 Documentation. Available online: http://scikit-learn.org/stable/modules/generated/sklearn.datasets.make_blobs.html (accessed on 18 September 2017).
- The Apache Spark Project. Clustering—RDD-Based API—Spark 2.2.0 Documentation. 2018. Available online: https://spark.apache.org/docs/2.2.0/mllib-clustering.html (accessed on 8 February 2018).