Although a lot of congestion control algorithms have been proposed in the past thirty years, researchers pointed out that there is no single one that can achieve best performance in all kinds of network environments. However, service providers mostly deploy one dedicated congestion control algorithm on their servers, which may result in some users not being able to get a high-quality experience. To address this issue, we propose a decision-tree based smart congestion control algorithm selection system named SCASys. SCASys models the link environment based on real-time statistical data, and periodically selects the most suitable congestion control algorithm in order to adapt to the dynamically changing link environment. We test SCASys in two types of environments: steady links and dynamic links. The result shows SCASys can have better environment adaptability and always achieve better performance in various scenarios compared with CUBIC and BBR.
{"title":"SCASys","authors":"Jiejian Wu, L. Kong, Haifeng Tang, Tom Z. J. Fu","doi":"10.1145/3472716.3472857","DOIUrl":"https://doi.org/10.1145/3472716.3472857","url":null,"abstract":"Although a lot of congestion control algorithms have been proposed in the past thirty years, researchers pointed out that there is no single one that can achieve best performance in all kinds of network environments. However, service providers mostly deploy one dedicated congestion control algorithm on their servers, which may result in some users not being able to get a high-quality experience. To address this issue, we propose a decision-tree based smart congestion control algorithm selection system named SCASys. SCASys models the link environment based on real-time statistical data, and periodically selects the most suitable congestion control algorithm in order to adapt to the dynamically changing link environment. We test SCASys in two types of environments: steady links and dynamic links. The result shows SCASys can have better environment adaptability and always achieve better performance in various scenarios compared with CUBIC and BBR.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"278 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116555426","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xinyang Liu, Xinhua Gao, Jiale Li, Yibo Wang, Chi Lin, Zhenquan Qin, Lei Wang
Underwater team members use gestures to exchange information with each other while working, but the way of using gestures to transform information is limited, fixed and prone to lead to ambiguity. If the transformed information is inaccurate or even wrong, it will definitely interfere with collaboration between underwater team members. In our poster, we present the design, implementation and evaluation of UQCom, a novel underwater secure communication method using 3D blue-green QR arrays based on image enhancement technology, to solve the problem mentioned above. We apply blue-green QR codes to underwater short range communication and utilize underwater image enhancement technology to address the unique issues in underwater environments such as turbid water and image distortion. A 3D QR displaying scheme is proposed to improve communication rate. UQCom can also ensure communication security via encryption algorithm. Extensive experiments with two commercial off-the-shelf (COTS) smartphones conducted in indoors and outdoors demonstrate that UQCom can achieve real-time and robust short range communication in underwater environments.
{"title":"UQCom","authors":"Xinyang Liu, Xinhua Gao, Jiale Li, Yibo Wang, Chi Lin, Zhenquan Qin, Lei Wang","doi":"10.1145/3472716.3472859","DOIUrl":"https://doi.org/10.1145/3472716.3472859","url":null,"abstract":"Underwater team members use gestures to exchange information with each other while working, but the way of using gestures to transform information is limited, fixed and prone to lead to ambiguity. If the transformed information is inaccurate or even wrong, it will definitely interfere with collaboration between underwater team members. In our poster, we present the design, implementation and evaluation of UQCom, a novel underwater secure communication method using 3D blue-green QR arrays based on image enhancement technology, to solve the problem mentioned above. We apply blue-green QR codes to underwater short range communication and utilize underwater image enhancement technology to address the unique issues in underwater environments such as turbid water and image distortion. A 3D QR displaying scheme is proposed to improve communication rate. UQCom can also ensure communication security via encryption algorithm. Extensive experiments with two commercial off-the-shelf (COTS) smartphones conducted in indoors and outdoors demonstrate that UQCom can achieve real-time and robust short range communication in underwater environments.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124139517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
DNS Water Torture (also known as Random Subdomain attack) has been gaining popularity since the severe impact of the 2016 Mirai attack on Dyn DNS servers, which caused a large number of sites to become unavailable. One existing solution is rate limiting, which is not effective in cases where the attack is highly distributed. A more robust solution is provided by DNSSEC, which enables a range of subdomains to be declared as non-existent following a single NXDOMAIN response. However, the deployment of DNSSEC has been limited and the resolver needs to explicitly support this feature. DNS resolver, meaning it does not require any resolver compatibility and can potentially react to the attack at an earlier stage and avoid much of the malicious traffic generated by the attack. We present WORD, a system for statistical detection of DNS Water Torture that is implemented directly in the data plane using the P4 language. WORD efficiently collects data about DNS requests and responses on a per-domain basis, and alerts the control plane if malicious traffic is detected. The solution we present succeeds in detecting the attack within the notably confined resources of the data plane, while reducing false positives by separately addressing domains which naturally have large amounts of subdomains (e.g. wordpress). In addition, our solution is easily expandable to further DNS related data plane processing, such as other types of DNS attacks, or collection of other DNS statistics in the data plane.
{"title":"DNS water torture detection in the data plane","authors":"Alexander Kaplan, Shir Landau Feibish","doi":"10.1145/3472716.3472854","DOIUrl":"https://doi.org/10.1145/3472716.3472854","url":null,"abstract":"DNS Water Torture (also known as Random Subdomain attack) has been gaining popularity since the severe impact of the 2016 Mirai attack on Dyn DNS servers, which caused a large number of sites to become unavailable. One existing solution is rate limiting, which is not effective in cases where the attack is highly distributed. A more robust solution is provided by DNSSEC, which enables a range of subdomains to be declared as non-existent following a single NXDOMAIN response. However, the deployment of DNSSEC has been limited and the resolver needs to explicitly support this feature. DNS resolver, meaning it does not require any resolver compatibility and can potentially react to the attack at an earlier stage and avoid much of the malicious traffic generated by the attack. We present WORD, a system for statistical detection of DNS Water Torture that is implemented directly in the data plane using the P4 language. WORD efficiently collects data about DNS requests and responses on a per-domain basis, and alerts the control plane if malicious traffic is detected. The solution we present succeeds in detecting the attack within the notably confined resources of the data plane, while reducing false positives by separately addressing domains which naturally have large amounts of subdomains (e.g. wordpress). In addition, our solution is easily expandable to further DNS related data plane processing, such as other types of DNS attacks, or collection of other DNS statistics in the data plane.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134373302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Data classification within the network brings significant benefits in reaction time, servers offload and power efficiency. Still, only very simple models were mapped to the network. In-network classification will not be useful unless we manage to map complex machine learning models to network devices. We present Planter, an algorithm that maps a variety of ensemble models, such as XGBoost and Random Forest, to programmable switches. By overlapping trees within coded tables, Planter manages to map ensemble models to switches with high accuracy and low resource overhead.
{"title":"Planter","authors":"Changgang Zheng, Noa Zilberman","doi":"10.1145/3472716.3472846","DOIUrl":"https://doi.org/10.1145/3472716.3472846","url":null,"abstract":"Data classification within the network brings significant benefits in reaction time, servers offload and power efficiency. Still, only very simple models were mapped to the network. In-network classification will not be useful unless we manage to map complex machine learning models to network devices. We present Planter, an algorithm that maps a variety of ensemble models, such as XGBoost and Random Forest, to programmable switches. By overlapping trees within coded tables, Planter manages to map ensemble models to switches with high accuracy and low resource overhead.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128601709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Tony John, Piet De Vaere, C. Schutijser, A. Perrig, D. Hausheer
As industrial control systems are becoming increasingly interconnected, there is a rising need for secure and highly available communication as a commodity product. We introduce Linc, a communication gateway that leverages SCION, a next-generation Internet architecture to provide highly reliable and secure inter-domain connectivity for industrial applications.
{"title":"Linc","authors":"Tony John, Piet De Vaere, C. Schutijser, A. Perrig, D. Hausheer","doi":"10.1145/3472716.3472850","DOIUrl":"https://doi.org/10.1145/3472716.3472850","url":null,"abstract":"As industrial control systems are becoming increasingly interconnected, there is a rising need for secure and highly available communication as a commodity product. We introduce Linc, a communication gateway that leverages SCION, a next-generation Internet architecture to provide highly reliable and secure inter-domain connectivity for industrial applications.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126788033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pham Tran Anh Quang, S. Martin, Jérémie Leguay, Xuan Gong, Feng Zeng
To optimize bandwidth utilization in wide area networks, a controller typically maintains policies at edge routers. In this context, our demonstration presents a versatile policy optimization model that carefully selects the set of overlay links for each application based on its requirements and the overall intent of the operator. The optimization of policies is realized using an SLA prediction model for several intents. We demonstrate, for instance, that latency is improved by 40% when the high-quality intent is selected.
{"title":"Intent-based policy optimization in SD-WAN","authors":"Pham Tran Anh Quang, S. Martin, Jérémie Leguay, Xuan Gong, Feng Zeng","doi":"10.1145/3472716.3472858","DOIUrl":"https://doi.org/10.1145/3472716.3472858","url":null,"abstract":"To optimize bandwidth utilization in wide area networks, a controller typically maintains policies at edge routers. In this context, our demonstration presents a versatile policy optimization model that carefully selects the set of overlay links for each application based on its requirements and the overall intent of the operator. The optimization of policies is realized using an SLA prediction model for several intents. We demonstrate, for instance, that latency is improved by 40% when the high-quality intent is selected.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125951654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
David Pujol-Perich, J. Suárez-Varela, Miquel Ferriol-Galmés, Bo-Xi Wu, Shihan Xiao, Xiangle Cheng, A. Cabellos-Aparicio, P. Barlet-Ros
Graph Neural Networks (GNN) have recently exploded in the Machine Learning area as a novel technique for modeling graph-structured data. This makes them especially suitable for applications in the networking field, as communication networks inherently comprise graphs at many levels (e.g., topology, routing, user connections). In this demo, we will present IGNNITION, an open-source framework for fast prototyping of GNNs applied to communication networks. This framework is especially designed for network engineers and/or researchers with limited background on neural network programming. IGNNITION comprises a set of tools and functionalities that eases and accelerates the whole implementation process, from the design of a GNN model, to its training, evaluation, debugging, and integration into larger network applications. In the demo, we will show how a user can implement a complex GNN model applied to network performance modeling (RouteNet), following three simple steps.
{"title":"IGNNITION","authors":"David Pujol-Perich, J. Suárez-Varela, Miquel Ferriol-Galmés, Bo-Xi Wu, Shihan Xiao, Xiangle Cheng, A. Cabellos-Aparicio, P. Barlet-Ros","doi":"10.1145/3472716.3472853","DOIUrl":"https://doi.org/10.1145/3472716.3472853","url":null,"abstract":"Graph Neural Networks (GNN) have recently exploded in the Machine Learning area as a novel technique for modeling graph-structured data. This makes them especially suitable for applications in the networking field, as communication networks inherently comprise graphs at many levels (e.g., topology, routing, user connections). In this demo, we will present IGNNITION, an open-source framework for fast prototyping of GNNs applied to communication networks. This framework is especially designed for network engineers and/or researchers with limited background on neural network programming. IGNNITION comprises a set of tools and functionalities that eases and accelerates the whole implementation process, from the design of a GNN model, to its training, evaluation, debugging, and integration into larger network applications. In the demo, we will show how a user can implement a complex GNN model applied to network performance modeling (RouteNet), following three simple steps.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129887200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zero Trust is an emerging security paradigm that does away with implicit zones of trust commonly employed within static, defense-in-depth, enterprise architectures. One of the core tenets of Zero Trust is that resource access is determined by dynamic policy - an intersection of trust in a user, the supporting application or service, the underlying network, and the devices which hold or process data. Establishing this overall assessment of trust serves well for centralized architectures where an administrator can establish and assess each of these trust enablers, such as in an enterprise network. However, shifting workloads to remote access, bring your own device (BYOD), and cloud hosting of collaborative services, to name a few, all challenge the ability of an administrator to effectively establish a complete Zero Trust architecture due to the inability to fully trust each component. This shift away from centrally managed architectures reveal a significant challenge in achieving complete Zero Trust: security is a function of many interactions, many of which an administer has no control over. Recently the term "Zero Trust 2.0" was coined as an evolution to Zero Trust which establishes identity as the new perimeter via an orchestration layer and machine learning capabilities~cite{trust}. However, this functionality still remains tied to centrally controlled architectures where an administrator can link together products and solutions to achieve a desired level of security. We argue that this orchestration needs to expand beyond these common enterprise boundaries in a way that trust can be guaranteed across disparate systems, networks, and servicers. Similar to identity federation, where a user can use credentials from one provider to access another competitors platform, federation of trust should serve as a guarantee for security across networks. In the remaining sections we propose what this trust federation mechanism could potentially look like.
{"title":"Federating trust: network orchestration for cross-boundary zero trust","authors":"K. Olson, Eric Keller","doi":"10.1145/3472716.3472865","DOIUrl":"https://doi.org/10.1145/3472716.3472865","url":null,"abstract":"Zero Trust is an emerging security paradigm that does away with implicit zones of trust commonly employed within static, defense-in-depth, enterprise architectures. One of the core tenets of Zero Trust is that resource access is determined by dynamic policy - an intersection of trust in a user, the supporting application or service, the underlying network, and the devices which hold or process data. Establishing this overall assessment of trust serves well for centralized architectures where an administrator can establish and assess each of these trust enablers, such as in an enterprise network. However, shifting workloads to remote access, bring your own device (BYOD), and cloud hosting of collaborative services, to name a few, all challenge the ability of an administrator to effectively establish a complete Zero Trust architecture due to the inability to fully trust each component. This shift away from centrally managed architectures reveal a significant challenge in achieving complete Zero Trust: security is a function of many interactions, many of which an administer has no control over. Recently the term \"Zero Trust 2.0\" was coined as an evolution to Zero Trust which establishes identity as the new perimeter via an orchestration layer and machine learning capabilities~cite{trust}. However, this functionality still remains tied to centrally controlled architectures where an administrator can link together products and solutions to achieve a desired level of security. We argue that this orchestration needs to expand beyond these common enterprise boundaries in a way that trust can be guaranteed across disparate systems, networks, and servicers. Similar to identity federation, where a user can use credentials from one provider to access another competitors platform, federation of trust should serve as a guarantee for security across networks. In the remaining sections we propose what this trust federation mechanism could potentially look like.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127646986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Paula Duarte Bol, R. C. Lunardi, B. D. França, Weverton Cordeiro
We propose Switch(De)Composer, a solution for enabling network developers to leverage the One Big Switch abstraction to write modular switch code that can be deployed across a programmable forwarding plane while promoting reusability, maintainability, and efficient resource usage in switches.
我们提出了Switch(De)Composer,这是一个使网络开发人员能够利用One Big Switch抽象来编写模块化交换机代码的解决方案,这些代码可以在可编程转发平面上部署,同时提高交换机的可重用性、可维护性和有效的资源利用。
{"title":"Modular switch deployment in programmable forwarding planes with switch (de)composer","authors":"Paula Duarte Bol, R. C. Lunardi, B. D. França, Weverton Cordeiro","doi":"10.1145/3472716.3472856","DOIUrl":"https://doi.org/10.1145/3472716.3472856","url":null,"abstract":"We propose Switch(De)Composer, a solution for enabling network developers to leverage the One Big Switch abstraction to write modular switch code that can be deployed across a programmable forwarding plane while promoting reusability, maintainability, and efficient resource usage in switches.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132501794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
David Cordova Morales, P. B. Velloso, Alexandre Guerre, T. Nguyen, G. Pujolle, K. A. Agha, Guillaume Dua
Blockgraph is a new structure of blockchain in which the blocks are interconnected in the form of a graph instead of a chain. Blockgraph has been designed to enable the use of blockchain in mobile adhoc networks and mesh networks by dealing with the problem of network partition due to node mobility. This paper presents a proof of the blockgraph concept using a testbed composed of five mesh routers. The demonstration shows that the blockgraph is created and maintained by the participant nodes in case of network split and merge.
{"title":"Blockgraph proof-of-concept","authors":"David Cordova Morales, P. B. Velloso, Alexandre Guerre, T. Nguyen, G. Pujolle, K. A. Agha, Guillaume Dua","doi":"10.1145/3472716.3472866","DOIUrl":"https://doi.org/10.1145/3472716.3472866","url":null,"abstract":"Blockgraph is a new structure of blockchain in which the blocks are interconnected in the form of a graph instead of a chain. Blockgraph has been designed to enable the use of blockchain in mobile adhoc networks and mesh networks by dealing with the problem of network partition due to node mobility. This paper presents a proof of the blockgraph concept using a testbed composed of five mesh routers. The demonstration shows that the blockgraph is created and maintained by the participant nodes in case of network split and merge.","PeriodicalId":178725,"journal":{"name":"Proceedings of the SIGCOMM '21 Poster and Demo Sessions","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130074792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: