Research Papers
Overview of publications of the bwNET2.0 project
1. Performance Evaluation of Browser-Based Throughput Measurement for 100 Gb/s Infrastructure
Yannick Huber, Marco Haeberle, Benjamin Steinert, Michael Menth | 2025 | 4th KuVS Workshop on Network Softwarization (KuVS NetSoft)
Browser-based throughput tests are commonly used to evaluate end-to-end performance metrics in IP networks. They provide an easy-to-use throughput test tool. Unlike native software solutions such as iperf3, browser-based tests are restricted by the capabilities of the web browsers they use, which can potentially affect the accuracy and reliability of test results. This work investigates the limitations of browser-based throughput tests in a controlled lab environment equipped with a 100 Gb/s link. It is demonstrated that browser-based tests do not reach full link utilization, with the choice of browser having a significant impact on the measured throughput rate. The cause of the bandwidth limitation is determined by measuring the individual components of the test setup separately. The bottleneck is introduced by running the tests in a browser and limits the measurable throughput rate to below 10 Gb/s. The study reveals that browser-based tests are currently not suitable for the evaluation of connection speeds in networks with throughput rates of 10 Gb/s and beyond.
2. MalFIX: Using IPFIX for Scaling Threat Detection to High Data Rates
Gabriel Paradzik, Benjamin Steinert, Janik Steegmüller, Michael Menth | 2025 | 4th KuVS Workshop on Network Softwarization (KuVS NetSoft)
Threat intelligence feeds provide up-to-date information about threat indicators, i.e., IP addresses, hostnames, etc. This information can be used to identify potentially malicious actors by scanning network traffic. In this paper, we present a high-performance architecture for threat detection that leverages openly available threat intelligence feeds. For that purpose, the open-source tool Maltrail has been modified to make it horizontally scalable and to handle IPFIX flow data. Maltrail was adapted to process IPFIX as input and generate IPFIXcompatible output that includes information about detected threats. These threats are then ingested into Apache Kafka, enabling further analysis and integration with other tools. Benchmark results highlight the scalability of this approach, with a peak processing speed of 300,000 flows per second on 32 CPU cores.
3. Automated Test Bench for High-Performance Network Equipment
Benjamin Steinert, Gabriel Paradzik, Michael Menth | 2025 | 4th KuVS Workshop on Network Softwarization (KuVS NetSoft)
This paper presents an automated test bench that supports reproducible and holistic benchmarking of data plane and control plane performance. The modular architecture integrates the hardware-based traffic generator P4TG and the software-based traffic generator iperf3 for precise control over test traffic. Additionally, it supports automated Device under Test (DuT) reconfiguration between test runs and metric collection. A case study demonstrates the feasibility of the approach by measuring the performance of a modern P4-based COTS data center switch.
4. Enhancements to P4TG: Protocols, Performance, and Automation
Fabian Ihle, Etienne Zink, Steffen Lindner, Michael Menth | 2025 | 4th KuVS Workshop on Network Softwarization (KuVS NetSoft)
P4TG is a hardware-based traffic generator (TG) running on the Intel Tofino™ 1 ASIC and was programmed using the programming language P4. In its initial version, P4TG could generate up to 10×100Gb/s of traffic and directly measure rates, packet loss, and other metrics in the data plane. Many researchers and industrial partners requested new features to be incorporated into P4TG since its publication in 2023. With the recently added features, P4TG supports the generation of packets encapsulated with a customizable VLAN, QinQ, VxLAN, MPLS, and SRv6 header. Further, generation of IPv6 traffic is added and P4TG is ported to the Intel Tofino™ 2 platform enabling a generation capability of up to 10×400Gb/s. The improvement in user experience focuses on ease of operation. Features like automated ARP replies, improved visualization, report generation, and automated testing based on the IMIX distribution and RFC 2544 are added. Future work on P4TG includes NDP to facilitate IPv6 traffic, and a NETCONF integration to further ease the configuration.
5. Network Digital Twin Toward Networking, Telecommunications, and Traffic Engineering: A Survey
Reza Poorzare, Dimitris N. Kanellopoulos, Varun Kumar Sharma, Poulami Dalapati, Oliver P. Waldhorst | 2025 | IEEE Access
Network Digital Twin (NDT) is an evolving technology that provides a framework through which a network administrator can have a virtual representation of a computer network. As a result, analysis, monitoring, testing, running new protocols, and more can be performed using the NDT before the final deployment of the developed approach. In this way, the consequences of direct deployment and the negative impact on network operations can be avoided. Telecommunications, along with traffic engineering as one of its critical components, play a prominent role across various networking domains, including Internet service providers, data centers, cellular networks, intelligent transportation systems, and smart cities. In this context, NDT has the potential to serve as a key enabler for optimizing these domains by providing a digital framework, which can facilitate the evaluation and enhancement of different scenarios. Accordingly, this paper presents a comprehensive survey on how NDT can facilitate advancements in network traffic engineering across a wide range of networking domains. First, we start with an in-depth analysis of the evolution of the network digital twin technology and provide a comparison with simulation tools. Next, we examine the role of NDT in various networking and telecommunication domains. We also explore the applicability of NDT technology from a traffic engineering perspective across different network types. Subsequently, we highlight key open research questions and potential future directions that warrant further investigation. Finally, we conclude by outlining the promising future trajectory of NDT within the aforementioned domains.
6. Integration of Security Service Functions Into Network-Level Access Control
Leonard Bradatsch, Frank Kargl | 2024 | IEEE Access
Service function chaining is an approach to dynamically steer traffic through different service functions like intrusion prevention systems within a local area network. Existing approaches to determining the set of service functions through which specific traffic is steered are relatively coarse-grained. In this article, which focuses on security-related service functions, we present a more fine-grained determination process by integrating security service functions into attribute-based access control and utilizing contextual information attributes, such as access time. By mapping attributes to security service functions, we aim to achieve four key objectives: 1) Minimizing false negative access decisions, 2) minimizing false positive access decisions, 3) enhancing network performance by optimizing the application of security service functions, and 4) ensuring network visibility. The paper includes a detailed list of available security service functions and the security actions each can perform based on a comprehensive literature review. It also explains how attributes can be mapped to security service functions to determine when and which security service function needs to be applied to network traffic. The paper also includes detailed use cases to demonstrate the practical implementation of our approach. In the evaluation of these use cases we achieved an accuracy improvement of up to 16% compared to a standard Zero Trust approach that does not integrate traffic classification into access control. Additionally, we reduced false negatives by as much as 93% and false positives by up to 100%. The network performance was enhanced by decreasing service access times by up to 29% and increasing the number of accesses per second by up to 40% during high concurrency.
7. HEJet: A Framework for Efficient Machine Learning Inference with Homomorphic Encryption
David Monschein, Oliver P. Waldhorst | 2024 | International Performance Computing and Communications Conference (IPCCC)
The increasing adoption of machine learning (ML)-based services has presented challenges in processing sensitive data while ensuring privacy and confidentiality. Homomorphic encryption offers a promising solution by enabling computations on encrypted data. However, applying homomorphic encryption in ML faces challenges regarding efficient structuring, arrangement, and execution of numerical operations. In this paper, we present HEJet: a framework that enables efficient and user-friendly application of neural networks with homomorphic encryption. Our framework maps sequences of numerical computations to an optimized set of instructions that are processed by compilers for homomorphic encryption. Consequently, HEJet provides user-friendly interfaces to utilize advanced neural network structures with homomorphic encryption. Evaluation results on the MNIST dataset highlight its usability and show a significant speedup in inferences between 3% and 48% compared to existing approaches. Additionally, HEJet maintains accuracy levels close to those observed on raw data.
8. Optimizing Privacy-Preserving Continuous Authentication of Mobile Devices
David Monschein, Oliver P. Waldhorst | 2024 | International Conference on Network and System Security (NSS)
In response to the rise of identity theft, continuous authentication based on user behavior (e.g., background sensor data) is emerging as a promising solution. However, in the context of distributed mobile applications, the processing of sensitive data raises serious concerns about user privacy. Existing methods employing homomorphic encryption address this, but face issues with increased network traffic and latency. Therefore, we introduce a novel approach that extends homomorphic encryption-based authentication systems to ensure efficient, continuous, and privacy-preserving authentication. It uses a modern homomorphic encryption scheme and an analysis process that leverages machine learning methods. In the first step, behavioral data is preprocessed on the clients’ mobile devices prior to encrypting it and sending it to the server. The server then performs an analysis with neural networks on the encrypted data, which serves as the basis for the authentication decision. We conducted an experiment using real mobile devices and a public dataset to validate our approach’s effectiveness, demonstrating competitive authentication accuracy, 32% reduction in network traffic, and over 68% reduction in latency compared to existing research.
9. Evaluating Drill-Down DDoS Destination Detection
Timon Krack, Samuel Kopmann, Martina Zitterbart | 2024 | Local Computer Networks (LCN)
Volumetric Distributed Denial of Service (DDoS) attacks remain a persistent threat to network infrastructures. The increasing number of devices connected to the Internet, e.g., through the Internet of Things, and growing data rates make volumetric DDoS attacks easier to execute at a large scale, resulting in a high impact on the target. Drill-down DDoS Destination Detection aggregates ingress traffic in two dimensions, the source and destination IP address space, represented as a fixed-state image. A Convolutional Neural Network (CNN) identifies the attack’s target subnet using multi-class classification. Iteratively monitoring only the subnet detected by the CNN at a finer granularity leads to increasingly accurate results until the exact destination IP address is determined. The destination drill-down is evaluated on synthetic and authentic traffic, detecting an attack with 2.5% of the background traffic within 275 milliseconds.
10. Machine Learning With Computer Networks: Techniques, Datasets, and Models
Afifi, Haitham and Pochaba, Sabrina and Boltres, Andreas and Laniewski, Dominic and Haberer, Janek and Paeleke, Leonard and Poorzare, Reza and Stolpmann, Daniel and Wehner, Nikolas and Redder, Adrian and Samikwa, Eric and Seufert, Michael | 2024 | IEEE Access
Machine learning has found many applications in network contexts. These include solving optimisation problems and managing network operations. Conversely, networks are essential for facilitating machine learning training and inference, whether performed centrally or in a distributed fashion. To conduct rigorous research in this area, researchers must have a comprehensive understanding of fundamental techniques, specific frameworks, and access to relevant datasets. Additionally, access to training data can serve as a benchmark or a springboard for further investigation. All these techniques are summarized in this article; serving as a primer paper and hopefully providing an efficient start for anybody doing research regarding machine learning for networks or using networks for machine learning.