Monitoring the global state in peer-to-peer networks through decentralized mechanisms allows targeted optimization and improvement of the peer-to-peer network. However, malicious nodes could aim to distort the process of gathering the global state through monitoring. In this paper we propose DOMiNo, a security solution for tree-based peer-to-peer monitoring mechanisms. It passively listens to incoming events, e.g. data, and rates its suspiciousness based on outlier detection, structural verification and sanity check mechanisms. For our main objective, which is to limit the monitoring error of the desired global view, we performed an extensive evaluation. Evaluation shows tolerance with normal fluctuations but effective filtering of outliers, that severely influence the global view. As our watchdog solution operates passively, we do not add any costs nor create new surface for attacks to the monitoring system.
{"title":"Convex Hull Watchdog: Mitigation of Malicious Nodes in Tree-Based P2P Monitoring Systems","authors":"Andreas Disterhöft, Kalman Graffi","doi":"10.1109/LCN.2016.16","DOIUrl":"https://doi.org/10.1109/LCN.2016.16","url":null,"abstract":"Monitoring the global state in peer-to-peer networks through decentralized mechanisms allows targeted optimization and improvement of the peer-to-peer network. However, malicious nodes could aim to distort the process of gathering the global state through monitoring. In this paper we propose DOMiNo, a security solution for tree-based peer-to-peer monitoring mechanisms. It passively listens to incoming events, e.g. data, and rates its suspiciousness based on outlier detection, structural verification and sanity check mechanisms. For our main objective, which is to limit the monitoring error of the desired global view, we performed an extensive evaluation. Evaluation shows tolerance with normal fluctuations but effective filtering of outliers, that severely influence the global view. As our watchdog solution operates passively, we do not add any costs nor create new surface for attacks to the monitoring system.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"26 1","pages":"52-60"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84043907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Crowdsensing applications rely on volunteers to collect sensor readings using their mobile devices. Since the collected sensor readings are annotated with spatiotemporal information, the volunteers' privacy may be endangered. Existing privacy-preserving solutions often disclose the volunteers' location information to either a central third party or their peers. As a result, the volunteers need to trust these parties to respect their privacy. In this paper, we present a distributed approach based on the concept of multi-party computation, which does not require a trusted party and protects the location information against curious users. We evaluate the performance of our approach and show its feasibility by means of extensive simulations based on a real-world dataset. We further implement a proof-of-concept to test its performance under realistic conditions.
{"title":"OP4: An OPPortunistic Privacy-Preserving Scheme for Crowdsensing Applications","authors":"D. Reinhardt, Ilya Manyugin","doi":"10.1109/LCN.2016.75","DOIUrl":"https://doi.org/10.1109/LCN.2016.75","url":null,"abstract":"Crowdsensing applications rely on volunteers to collect sensor readings using their mobile devices. Since the collected sensor readings are annotated with spatiotemporal information, the volunteers' privacy may be endangered. Existing privacy-preserving solutions often disclose the volunteers' location information to either a central third party or their peers. As a result, the volunteers need to trust these parties to respect their privacy. In this paper, we present a distributed approach based on the concept of multi-party computation, which does not require a trusted party and protects the location information against curious users. We evaluate the performance of our approach and show its feasibility by means of extensive simulations based on a real-world dataset. We further implement a proof-of-concept to test its performance under realistic conditions.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"23 1","pages":"460-468"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88352302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The challenge in predicting future links over large scale networks (social networks) is not only maintaining accuracy, but also coping with the time-varying network graph. In contrast to the existing approaches, in this work we propose building a Markov prediction model. It not only incorporates temporal snapshots reflecting the dynamic network graph, but also considers effect of multiple timescales, along with corresponding local and global structural evolution (links and clusters respectively), correlated evolution and rate of evolution. The resulting edge selection in our approach exhibits the power law degree distribution, as exhibited in real world networks. Finally, we use two heavily dynamic real world network temporal data set (e.g. Twitter and Enron) and one relatively less dynamic network data set (e.g. DBLP), and existing state-of-the-art static and recent dynamic measures, to evaluate the prediction accuracy of our proposed Markov model and show that it out performs existing approaches.
{"title":"Inferring Future Links in Large Scale Networks","authors":"Sima Das, Sajal K. Das, Susmita K. Ghosh","doi":"10.1109/LCN.2016.52","DOIUrl":"https://doi.org/10.1109/LCN.2016.52","url":null,"abstract":"The challenge in predicting future links over large scale networks (social networks) is not only maintaining accuracy, but also coping with the time-varying network graph. In contrast to the existing approaches, in this work we propose building a Markov prediction model. It not only incorporates temporal snapshots reflecting the dynamic network graph, but also considers effect of multiple timescales, along with corresponding local and global structural evolution (links and clusters respectively), correlated evolution and rate of evolution. The resulting edge selection in our approach exhibits the power law degree distribution, as exhibited in real world networks. Finally, we use two heavily dynamic real world network temporal data set (e.g. Twitter and Enron) and one relatively less dynamic network data set (e.g. DBLP), and existing state-of-the-art static and recent dynamic measures, to evaluate the prediction accuracy of our proposed Markov model and show that it out performs existing approaches.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"41 1","pages":"244-252"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76375565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Current revision control systems are commonly used in a distributed fashion but rely on centralized stores and low-latency communication. In this work we evaluate how they would fare in fully distributed high latency networks such as delay tolerant networks (DTNs). We show that current revision control systems impose significant costs under these conditions even in moderately-sized networks. By simplifying/improving the merging process, these costs can be reduced. We also show that speeding up or slowing down communication can reduce the costs significantly.
{"title":"Distributing Distributed Revision Control Systems","authors":"Philipp Hagemeister, M. Mauve","doi":"10.1109/LCN.2016.113","DOIUrl":"https://doi.org/10.1109/LCN.2016.113","url":null,"abstract":"Current revision control systems are commonly used in a distributed fashion but rely on centralized stores and low-latency communication. In this work we evaluate how they would fare in fully distributed high latency networks such as delay tolerant networks (DTNs). We show that current revision control systems impose significant costs under these conditions even in moderately-sized networks. By simplifying/improving the merging process, these costs can be reduced. We also show that speeding up or slowing down communication can reduce the costs significantly.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"47 7 1","pages":"647-650"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77493408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wireless multi-hop networks are scalable in that devices can easily connect to the network. Such scalability is also required in IoT. However, wireless multi-hop network mostly suffers from high probability of transmission failure due to interference, and nodes connected to the network often experience connection loss and subsequent segment loss which node mobility and routing update incur. Due to the fact that the congestion is not a sole reason for segment loss in wireless multi-hop network, the congestion control of TCP should consider momentary link instability, which unnecessarily reduces transmission speed. For this reason, this paper suggests adjustment of slow-start threshold (ssthresh) value which is used for congestion control algorithm. The adjustment algorithm is called adaptive ssthresh decision ASD algorithm that is to reduce unnecessary decrease of transmission speed in wireless multi-hop network.
{"title":"Adaptive Transmission Scheme for TCP in Wireless Multi-Hop Network","authors":"J. Lee, Hyunsoon Kim, Woonghee Lee, Hwangnam Kim","doi":"10.1109/LCN.2016.78","DOIUrl":"https://doi.org/10.1109/LCN.2016.78","url":null,"abstract":"Wireless multi-hop networks are scalable in that devices can easily connect to the network. Such scalability is also required in IoT. However, wireless multi-hop network mostly suffers from high probability of transmission failure due to interference, and nodes connected to the network often experience connection loss and subsequent segment loss which node mobility and routing update incur. Due to the fact that the congestion is not a sole reason for segment loss in wireless multi-hop network, the congestion control of TCP should consider momentary link instability, which unnecessarily reduces transmission speed. For this reason, this paper suggests adjustment of slow-start threshold (ssthresh) value which is used for congestion control algorithm. The adjustment algorithm is called adaptive ssthresh decision ASD algorithm that is to reduce unnecessary decrease of transmission speed in wireless multi-hop network.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"45 1","pages":"503-506"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73478832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Border Gateway Protocol (BGP) has been and will still be the de-facto standard for inter-domain routing in the Internet. However, the problem of routing oscillations in BGP has not been well addressed, which can introduce lots of unnecessary routing updates and severely degrade network performance. In particular, existing studies need a great effort to be deployed or introduce a large overhead. In this paper, we propose to first detect a routing oscillation quickly after the oscillation happened, and then, we eliminate the routing oscillation by disseminating only one additional path (Add-path). Based on analysis of BGP updates in the routers where oscillations have already happened, we present a general method to detect a routing oscillation within a couple of routing replacements. Then, we show that one more Add-path is enough to stop the oscillation. We propose the Minimal Add-paths BGP (MA-BGP) approach, develop algorithms, and prove that MA-BGP can guarantee stable iBGP by a classical model that captures the underlying semantics of any path vector protocol including BGP. The simulation results show the effectiveness and efficiency of our approach.
{"title":"Achieving Stable iBGP with Only One Add-Path","authors":"Xiaomei Sun, Qi Li, Mingwei Xu, Yuan Yang","doi":"10.1109/LCN.2016.119","DOIUrl":"https://doi.org/10.1109/LCN.2016.119","url":null,"abstract":"Border Gateway Protocol (BGP) has been and will still be the de-facto standard for inter-domain routing in the Internet. However, the problem of routing oscillations in BGP has not been well addressed, which can introduce lots of unnecessary routing updates and severely degrade network performance. In particular, existing studies need a great effort to be deployed or introduce a large overhead. In this paper, we propose to first detect a routing oscillation quickly after the oscillation happened, and then, we eliminate the routing oscillation by disseminating only one additional path (Add-path). Based on analysis of BGP updates in the routers where oscillations have already happened, we present a general method to detect a routing oscillation within a couple of routing replacements. Then, we show that one more Add-path is enough to stop the oscillation. We propose the Minimal Add-paths BGP (MA-BGP) approach, develop algorithms, and prove that MA-BGP can guarantee stable iBGP by a classical model that captures the underlying semantics of any path vector protocol including BGP. The simulation results show the effectiveness and efficiency of our approach.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"1216 7 1","pages":"688-696"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75843182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abdullah Aydeger, Nico Saputro, K. Akkaya, Mohammed Rahman
Recent research demonstrated that software defined networking (SDN) can be leveraged to enable moving target defense (MTD) to mitigate distributed denial of service (DDoS) attacks. The network states are continuously changed in MTD by effectively collecting information from the network and enforcing certain security measures on the fly in order to deceive the attackers. Being motivated from the success of SDN-based maneuvering, this work targets an emerging type of DDoS attacks, called Crossfire, and proposes an SDN-based MTD mechanism to defend against such attacks. We analyze Crossfire attack planning and utilize the analyzed results to develop the defense mechanism which in turn reorganize the routes in such a way that the congested links are avoided during packet forwarding. The detection and mitigation techniques are implemented using Mininet emulator and Floodlight SDN controller. The evaluation results show that the route mutation can effectively reduce the congestion in the targeted links without making any major disruption on network services.
{"title":"Mitigating Crossfire Attacks Using SDN-Based Moving Target Defense","authors":"Abdullah Aydeger, Nico Saputro, K. Akkaya, Mohammed Rahman","doi":"10.1109/LCN.2016.108","DOIUrl":"https://doi.org/10.1109/LCN.2016.108","url":null,"abstract":"Recent research demonstrated that software defined networking (SDN) can be leveraged to enable moving target defense (MTD) to mitigate distributed denial of service (DDoS) attacks. The network states are continuously changed in MTD by effectively collecting information from the network and enforcing certain security measures on the fly in order to deceive the attackers. Being motivated from the success of SDN-based maneuvering, this work targets an emerging type of DDoS attacks, called Crossfire, and proposes an SDN-based MTD mechanism to defend against such attacks. We analyze Crossfire attack planning and utilize the analyzed results to develop the defense mechanism which in turn reorganize the routes in such a way that the congested links are avoided during packet forwarding. The detection and mitigation techniques are implemented using Mininet emulator and Floodlight SDN controller. The evaluation results show that the route mutation can effectively reduce the congestion in the targeted links without making any major disruption on network services.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"1 1","pages":"627-630"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81347013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ziteng Cui, J. Liao, Jingyu Wang, Q. Qi, Jing Wang
The overlay network has been widely developed in recent years. There may be various overlays that co-exist with each other upon the same underlying network. These overlays have heterogeneous performance goals, and they will compete for the physical resources, so that a sub-optimal performance of the overlays may be achieved. Moreover, the heterogeneity of the overlays makes them difficult to coordinate with each other to improve their performance. We introduce the concept of SDN to the deployment of overlay network and propose an approach to make the overlays cooperate with each other. A cooperative solution is proposed for co-existing overlays to improve their performance while leveraging their heterogeneous performance goals. Simulations are performed to evaluate the cooperative solution.
{"title":"An Approach to Improve the Cooperation between Heterogeneous SDN Overlays","authors":"Ziteng Cui, J. Liao, Jingyu Wang, Q. Qi, Jing Wang","doi":"10.1109/LCN.2016.51","DOIUrl":"https://doi.org/10.1109/LCN.2016.51","url":null,"abstract":"The overlay network has been widely developed in recent years. There may be various overlays that co-exist with each other upon the same underlying network. These overlays have heterogeneous performance goals, and they will compete for the physical resources, so that a sub-optimal performance of the overlays may be achieved. Moreover, the heterogeneity of the overlays makes them difficult to coordinate with each other to improve their performance. We introduce the concept of SDN to the deployment of overlay network and propose an approach to make the overlays cooperate with each other. A cooperative solution is proposed for co-existing overlays to improve their performance while leveraging their heterogeneous performance goals. Simulations are performed to evaluate the cooperative solution.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"103 1","pages":"236-239"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85617919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent times, there has been an increase in the number of mobile devices to access a variety of services on radio access network, and the trend is expected to continue. In addition, ultra-low latency services require much bandwidth and often characterized by having extremely short delay constraints. Hence, satisfying required strong QoS requirement becomes challenging task. Existing scheduling methods to solve this problem exhibit very poor performance in terms of transmission latency. In this paper, a scheduling-based resource reservation mechanism is proposed for cloud UE. Unlike other methods, the proposed algorithm in this paper considers various traffic parameters to calculate the effective bandwidth of the flow and always gives priority to delay sensitive flows under a software defined network framework. Simulation results show that the proposed scheduling algorithm improves the average throughput of ultra-low latency flows.
{"title":"Joint Resource Reservation and Flow Scheduling for Ultra-Low-Latency Transmission","authors":"Guolin Sun, Dawit Kefyalew, Guisong Liu","doi":"10.1109/LCN.2016.44","DOIUrl":"https://doi.org/10.1109/LCN.2016.44","url":null,"abstract":"In recent times, there has been an increase in the number of mobile devices to access a variety of services on radio access network, and the trend is expected to continue. In addition, ultra-low latency services require much bandwidth and often characterized by having extremely short delay constraints. Hence, satisfying required strong QoS requirement becomes challenging task. Existing scheduling methods to solve this problem exhibit very poor performance in terms of transmission latency. In this paper, a scheduling-based resource reservation mechanism is proposed for cloud UE. Unlike other methods, the proposed algorithm in this paper considers various traffic parameters to calculate the effective bandwidth of the flow and always gives priority to delay sensitive flows under a software defined network framework. Simulation results show that the proposed scheduling algorithm improves the average throughput of ultra-low latency flows.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"180 1","pages":"208-211"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80144131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Packet classification-the matching of packet headers against a predefined rule set-is a crucial functionality of firewalls, intrusion detection systems, and SDN switches. Most existing classification algorithms trade setup time for classification speed-that is, the packet classification is fast, but the transformation of rules set into the corresponding search data structure takes a considerable amount of time. This preprocessing time, however, poses a significant challenge for systems where rule sets can often change. Hence, these systems often use slow classification algorithms that support frequent rule set updates, which drastically limits their achievable throughput. In this work, we present a novel algorithmic technique which is able to "upgrade" an arbitrary existing classification algorithm to support fast updates, while still providing high lookup performance. Our evaluation demonstrates that our proposed technique exceeds the matching performance of existing dynamically updatable algorithms by an order of magnitude while providing the same level of update responsiveness.
{"title":"The Small, the Fast, and the Lazy (SFL): A General Approach for Fast and Flexible Packet Classification","authors":"Sven Hager, Samuel Brack, B. Scheuermann","doi":"10.1109/LCN.2016.125","DOIUrl":"https://doi.org/10.1109/LCN.2016.125","url":null,"abstract":"Packet classification-the matching of packet headers against a predefined rule set-is a crucial functionality of firewalls, intrusion detection systems, and SDN switches. Most existing classification algorithms trade setup time for classification speed-that is, the packet classification is fast, but the transformation of rules set into the corresponding search data structure takes a considerable amount of time. This preprocessing time, however, poses a significant challenge for systems where rule sets can often change. Hence, these systems often use slow classification algorithms that support frequent rule set updates, which drastically limits their achievable throughput. In this work, we present a novel algorithmic technique which is able to \"upgrade\" an arbitrary existing classification algorithm to support fast updates, while still providing high lookup performance. Our evaluation demonstrates that our proposed technique exceeds the matching performance of existing dynamically updatable algorithms by an order of magnitude while providing the same level of update responsiveness.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"1 1","pages":"43-51"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88567190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: