Management and Security in the Age of Hyperconnectivity

. This keynote focuses on the threat landscape and its evolution as seen from a Tier-1 operator ’ s perspective. This includes the development of threats that affect mainly consumers, such as botnets, as well as threats that address primarily organizations. So called Advanced Persistent Threats (APT) are analyzed in the way offenders usually pursue such attacks. Strategic and operational options to detect and remediate such attacks are discussed. This keynote closes with thoughts on possible future roles of telcos in this threat context.


Preface
The International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2016) is a single-track event integrating regular conference paper sessions, tutorials, keynotes, and a PhD student workshop into a highly interactive event.Within the network and service management community, AIMS is focused on PhD students and young researchers.One of the key goals of AIMS is to provide earlystage researchers with constructive feedback by senior scientists and give them the possibility to grow in the research community by means of targeted lab sessions on technical and educational aspects of their research activity.This focus on early-stage researchers is immediately observable in the program, featuring a high number of educational sessions and PhD sessions, where young PhD students present their research.
AIMS 2016which took place during June 20-23, 2016, in Neubiberg, Germany, and was hosted by the Universität der Bundeswehr Münchenwas the tenth edition of a conference series on management and security aspects of distributed and autonomous systems.It followed the established tradition of an unusually vivid and interactive conference series, after successful events in Ghent, Belgium AIMS 2016 focused on management and security in the age of hyperconnectivity.New paradigms, smart and fully distributed algorithms, and large-scale virtualization are investigated to design scalable and resilient frameworks able to deal with more complex, more dynamic and hyperconnected environments.This theme was addressed in the technical program with papers related to monitoring, configuration, and security in areas from cloud infrastructures to the Internet-of-Things.AIMS 2016 was organized as a 4-day program to encourage the interaction with and the active participation of the audience.The program consisted of technical sessions for the main track and PhD sessions, interleaved with research keynotes, an educational panel, and lab sessions.
The lab sessions offered hands-on experience in network and service management topics and they were organized in on-site labs preceded by short tutorial-style teaching sessions.The first lab session addressed big data analysis for the Domain Name System (DNS), explaining how tracking DNS changes based on measurements may provide valuable information about the evolution of the Internet.The other lab sessions were centered on traffic mining for flow-based forensic and network troubleshooting, using Tranalyzer, a lightweight flow generator and packet analyzer designed for practitioners and researchers.In line with its educational mission, this year the conference also included an educational panel, which was chaired by Daphné Tuncer and Marinos Charalambides (University College London, UK) on "Experiences with MOOCs and Flipped Classrooms."Additionally, AIMS 2016 featured two research keynotes: one on "Today's Cyber Security Threats and Challenges for Telco Providers" by Bernd Eßer (Telekom CDC, Germany) and one on "Cyber Resilience of Complex Interdependent Infrastructures" by Tobias Kiesling (IABG, Germany).
The technical program consisted of two sessionscovering the topics of autonomic and smart management, and security attacks and defensesand included seven full papers, which were selected after a thorough reviewing process out of a total of 22 submissions.Each paper received at least three independent reviews.Three papers were also selected for presentation as short papers.
The AIMS PhD workshop is a venue for doctoral students to present and discuss their research ideas, and more importantly to obtain valuable feedback from the AIMS audience about their planned PhD research work.This year, the workshop was structured into two technical sessions covering the management of future networks and security management.All PhD papers included in this volume describe the current state of these investigations, including their clear research problem statements, proposed approaches, and an outline of results achieved so far.A total of nine PhD papers were presented and discussed.These papers were selected after a separate review process out of 21 submissions, while all PhD papers received at least three independent reviews.
The present volume of the Lecture Notes in Computer Science series includes all papers presented at AIMS 2016 as defined within the overall final program.It demonstrates again the European scope of this conference series, since most of the accepted papers originate from European research groups.Also, AIMS 2016 proved true to its defined DNA of a conference with a strong educational goal, as indicated by the number of submissions attracted by the PhD Workshop.
The editors would like to thank the many people who helped to make AIMS 2016 such a high-quality and successful event.Firstly, many thanks are extended to all authors who submitted their contributions to AIMS 2016, and to the lab session speakers, namely, Anna Sperotto, Mattijs Jonker, Christian Dietz, Stefan Burschka, and Benoît Dupasquier, and the keynote speakers Bernd Eßer and Tobias Kiesling.The great review work performed by the members of both the AIMS Technical Program Committee and the PhD Student Workshop Committee as well as additional reviewers is highly acknowledged.Thanks are also addressed to Volker Eiseler and Lars Stiemert for setting up and organizing the lab sessions.Additionally, many thanks to the local organizers for handling all the logistics and hosting the AIMS 2016 event.
Finally, the editors would like to express their thanks to Springer, especially Anna Kramer, for the smooth cooperation in finalizing these proceedings.Additionally, special thanks go to the AIMS 2016 supporters, Universität der Bundeswehr München, ITIS, and the European FP7 NoE FLAMINGO under Grant No. 318488.

Educational Panel Experiences with MOOCs and Flipped Classrooms
Daphné Tuncer, Marinos Charalambides University College London, UK d.tuncer@ee.ucl.ac.uk, marinos.charalambides@ucl.ac.ukAbstract.Massive Open Online Courses (MOOC) are open access and scalable online higher education courses.MOOCs have been gaining increasing popularity in recent years mainly due to their extended outreach and lack of entry requirements as well as tuition fees.Given their initial success and the interest from the higher education community, they have the potential of becoming an essential part of the education system.
However, due to their online nature they do not follow the traditional teaching paradigm that requires classroom presence and involves direct interaction with the lecturer.In addition, MOOCs can be developed through various platforms and can have different formats.These factors can influence the student learning experience and the future uptake of such courses.This panel will mainly consist of PhD researchers, that have followed at least one MOOC, who will discuss their personal experience and expectations, and share their insights with the audience.The panel will be structured in three parts.First, the panelists will present their views based on a short questionnaire that will be provided prior to the event.Second, the moderators will ask questions concerning, course integration, interaction with other students/instructor, MOOC format, course customization, and grading systems.Finally, an open discussion with the audience will conclude the panel.The overall objective is to collect valuable feedback of the panelists and potentially the audience, which can be used to suggest changes in current practices and make learning more effective.

Lab Sessions
Lab Session 1 The Internet of Names: Big Data Analysis for DNS Anna Sperotto 1 , Mattijs Jonker 1 , Christian Dietz 2 1 University of Twente, The Netherlands 2 Universität der Bundeswehr München, Germany a.sperotto@utwente.nl,m.jonker@utwente.nl,christian.dietz@unibw.de Abstract.The Domain Name System (DNS) is part of the core infrastructure of the Internet.Tracking changes in the DNS, therefore, provide valuable information about the evolution of the Internet.Think about adoption of protocols (e.g., IPv6 and DNSSEC) and applications (e.g., cloud e-mail providers), distribution of content (Web domains), and network security (e.g., botnets).Since February 2015, the University of Twente, SURFnet, and SIDN run a largescale active measurement of the DNS, which cover the domain names in the .com,.net,and .orgzones.Since February 2016, the .nlzone has also been added.In total, our measurement currently queries over 50 % of the DNS name space on a daily basis.The measurement results are stored in an Hadoop cluster for later analysis [1].The goal of this hands-on tutorial is to familiarize the participants with DNS, DNS measurements, and possible research application.The session will start with a general introduction to the measurement including a few example use cases.Then, we will briefly introduce the participants to a virtualized lab environment, in which they can experiment with the data themselves.The remainder of the session is then spent "hackathon"-style, in groups, each of which will present their experiences and possible findings from the data at the end of the session in a short presentation.The lab environment will contain real data for the Alexa Top 1 Million domains.

Lab Sessions 2 and 3 Traffic Mining (TM) using Brain and Tranalyzer
Stefan Burschka, Benoît Dupasquier RUAG, Switzerland stefan.burschka@ruag.com,benoit.dupasquier@ruag.comAbstract.Tranalyzer is a lightweight flow generator and packet analyzer designed for practitioners and researchers [1].Special value is set to simplicity, performance, and scalability.It extends netflow functionality and supports the analysis in processing ultra large packet dumps.It supports the drill down process to the very flow of interest, which can be analyzed in depth by tcpdump or wireshark.It provides support for assessing and generating key parameters and statistics from IP traces either being live-captured from ethernet interfaces or pcap files, in the context of flow forensics and network troubleshooting.These lab sessions are literally defined by the title, Traffic Mining (TM) using your brain and Tranalyzer.Participants will do a hands-on job of analysists trying to find anomalies in real IP traffic.
After a short introduction to the most important IP protocols and header features, they will get familiar with Tranalyzer's main concepts, such as configuration and compilation operations, most important plugins including configuration constants, flows and global reports, and how to write their own plugins in C.They will experiment it in groups or alone on several pcaps traffic captures through different practical exercises.They might get stuck in a foxhole and have to learn how to dig themselves out.Nothing is like it initially seems, or maybe it is.It is addressed to everybody who is willing to learn further about IP traffic and the way of flow based traffic mining.