Rocky Chang | Hong Kong Polytechnic University (original) (raw)
Papers by Rocky Chang
A few low-rate, TCP-targeted Denial-of-Service (DoS) attacks have been recently proposed, includi... more A few low-rate, TCP-targeted Denial-of-Service (DoS) attacks have been recently proposed, including the Shrew attack, Reduction of Quality (RoQ) attack, and Pulsing DoS (PDoS) attack. All of them use periodic attack pulses to throttle TCP flows. These attacks could potentially become major threats to the Internet's stabiliity and therefore they have motivated the development of a number of detection mechanisms for such attacks. However, those detection mechanisms are designed for specific attacks. Moreover, they assume that the period of the attack pulses is a nonzero constant. Unfortunately, these assumptions can be easily thwarted by more sophisticated attack strategies. In this paper, we propose a new detection system called Vanguard to identify a wide range of the aforementioned low-rate, DoS attacks, including the traditional flooding-based attacks as a special case. Vanguard can also detect attacks with randomized attack periods. We have validated Vanguard's efficacy based on extensive test-bed experiments. We have also compared Vanguard with other recently proposed detection systems.
Computer Networks, 2002
ABSTRACT In this paper, we consider the optimal node assignment problem in wavelength division mu... more ABSTRACT In this paper, we consider the optimal node assignment problem in wavelength division multiplexing lightwave networks, which is to optimally assign network nodes to the locations in a regular virtual topology through wavelength assignments. Unlike previous work, which concentrated on a single virtual topology, we consider this problem as a class of problems by formulating it as a quadratic assignment problem. As a result, our objective is of a wider scope: identify the factors responsible for effective (or ineffective) node assignments. Optimal node assignments are considered effective if they could significantly improve the performance given by a random node assignment. The performance metric considered here is the average weighted hop distance. Based on a set of carefully designed experiments and analyses, we have concluded that variability in virtual topologies' hop-distance distributions, variability in network traffic distributions, and pattern matching between distance and traffic matrices are major factors in determining the effectiveness of optimal node assignments. In particular, optimal node assignments are most effective for linear virtual topologies and clustered traffic patterns.
In this paper we consider how to optimize a new generation of pulsing denial-of-service (PDoS) at... more In this paper we consider how to optimize a new generation of pulsing denial-of-service (PDoS) attacks from the attackers' points of views. The PDoS attacks are 'smarter' than the traditional attacks in several aspects. The most obvious one is that they require fewer attack packets to cause a similar damage. Another is that the PDoS attacks can be tuned to achieve different effects. This paper concentrates on the attack tuning part. In particular, we consider two conflicting goals involved in launching a PDoS attack: (1) maximizing the throughput degradation and (2) minimizing the risk of being detected. To address this problem, we first analyze the TCP throughput and quasi-global synchronization phenomenon caused by the PDoS attack. We then propose a family of objective functions to incorporate the two conflicting goals, and obtain the optimal attack settings. To validate the analytical results, we have carried out extensive experiments using both ns-2 simulation and a test-bed. The overall experimental results match well with the analytical results.
Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper... more Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.
We propose a new tree switching protocol (TSP) to reduce multicast routing states required for a ... more We propose a new tree switching protocol (TSP) to reduce multicast routing states required for a forest of multicast trees. The protocol accomplishes this goal by selecting a base multicast tree and “switching” other multicast trees to the base tree. This results in more overlapping among the multicast trees and a net reduction in multicast state. A further reduction in the state is possible by applying state aggregation to the overlapped tree branches. Simulation results show that the tree switching operation alone could result in a very significant state reduction. The TSP is a distributed protocol running on top of any protocol independent multicast routing protocols. It is also loop-free and very efficient
ACM Sigcse Bulletin, 2004
User Mode Linux is a virtual machine running on a GNU-Linux operating system. It is the right cho... more User Mode Linux is a virtual machine running on a GNU-Linux operating system. It is the right choice for teaching operating systems' administration, as it does not need any dedicated hardware. It runs at user level (no need for root, i.e. administrator, access or possible security threats) and it does not have the performance problems of an emulator. This paper describes how to set up a laboratory for teaching operating systems' administration.
Monitoring network services and diagnosing their problems often require active probing methods. C... more Monitoring network services and diagnosing their problems often require active probing methods. Current probing methods, however, are becoming unreliable, because of interferences from various middleboxes, and inadequate due to their limited path metrics support. In this paper, we present the design and implementation of OneProbe, a new TCP probing method for reliable and metric-rich path monitoring. We have implemented HTTP/OneProbe (i.e., OneProbe for HTTP) which sends TCP data probes containing legitimate HTTP requests to induce HTTP responses for path measurement. Since the probing method is based on TCP's basic data transmission mechanisms, OneProbe works correctly on all major operating systems and web server software, and on 93% of the 37,874 websites randomly selected from the Internet. We also successfully deployed HTTP/OneProbe to monitor a number of network paths for over a month and obtained interesting and useful measurement results.
In this paper, we propose Cloak—a new class of reliable timing channels—which is fundamentally di... more In this paper, we propose Cloak—a new class of reliable timing channels—which is fundamentally different from other timing channels in several aspects. First, Cloak encodes a message by a unique distribution of N packets over X TCP flows. The combinatorial nature of the encoding methods increases the channel capacity largely with (N,X). Second, Cloak offers ten different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and the need for packet marking. Third, the packet transmissions modulated by Cloak could be carefully crafted to mimic the normal TCP flows in a typical TCP-based application session. Although Cloak’s basic idea is simple, we show in this paper how we tackle a number of challenging issues systematically. Our experiment results collected from PlanetLab nodes and a test bed suggest that Cloak is feasible under various network conditions and different round-trip delays.
The accuracy and speed of path capacity measurement could be seriously affected by the presence o... more The accuracy and speed of path capacity measurement could be seriously affected by the presence of cross traffic on the path. In this paper, we propose a new cross-traffic filtering method called minimum delay difference (MDDIF). Unlike the classic packet-pair dispersion techniques, the MDDIF method can obtain accurate capacity estimate from the minimal possible delay of packets from different packet pairs. We have proved that the MDDIF method is correct and that it takes less time to obtain accurate samples than the minimum delay sum (MDSUM) method. We also present analytical and measurement results to evaluate the MDDIF method and to compare its performance with the MDSUM method.
Strifeshadow Fantasy (SSF) is a massive, multiplayer online, role-playing game. Players of this g... more Strifeshadow Fantasy (SSF) is a massive, multiplayer online, role-playing game. Players of this game, acting as avatars, search for the ancient signs, and their goals are to defeat the God of Destruction. Players can adventure in the game alone or co-operate with the others through the chat box. SSF is available for free and there are currently more than 10,000 registered users. In this article, we highlight the overall software architecture of SSF, which is based on a simple server-client model and HTTP. We will also describe in details two problems encountered in the course of designing SSF and the solutions to them. The first one is a local state consistency problem which is to ensure that each client participating in the game will eventually receive all the state updates once and only once. The second one is a connection jamming problem that is a result of using nonpersistent HTTP connections for the communication between the game server and clients.
Eurasip Journal on Advances in Signal Processing, 2009
This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks ... more This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval). Our main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. We have prototyped Vanguard and evaluated it on a testbed. The experiment results show that Vanguard is more effective than the previous methods that are based on other traffic anomalies (after a transformation using wavelet transform, Fourier transform, and autocorrelation) and detection algorithms (e.g., dynamic time warping).
Journal of Parallel and Distributed Computing, 2001
In this paper, we consider a highly recursive interconnection network known as the fully connecte... more In this paper, we consider a highly recursive interconnection network known as the fully connected cubic network (FCCN). By exploiting its recursive properties, we thoroughly analyze the performance of a simple routing algorithm for the FCCN. We show that at least 800 of the routes obtained from this simple algorithm are shortest paths, and this percentage increases further with the network size. Subsequently, we obtain the network diameter and average internodal distance, taking into account the communication locality that is exhibited in many parallel computations. The presence of the communication locality significantly reduces the average internodal distance.
Unlike outbound traffic, incoming traffic distribution to a multi-homed AS is influenced mainly b... more Unlike outbound traffic, incoming traffic distribution to a multi-homed AS is influenced mainly by the upstream ISPs' routing policies. Currently, only a handful of mechanisms is available for such an AS to engineer the traffic volume coming into these links. We concentrate on the problem of re-distributing the incoming traffic across the multiple links. We consider the approach of AS path prepending which artificially inflates the length of the AS path to the network reported in BGP (border gateway protocol) messages, with the hope of diverting some of the traffic from one incoming link to another. Although this approach has already been deployed by many ASes, it is often performed on a trial-and-error basis; there is also a lack of a detailed measurement study on the effectiveness of this approach. The paper attempts to fill these gaps. In particular, we have proposed a complete procedure based on the AS path prepending method to engineer incoming traffic according to some traffic control policy. The procedure includes passive measurements, active measurements, and traffic change prediction. We have deployed this approach to a noncommercial site and evaluated its effectiveness based on measurements collected over six months. Similar measurement cycles can be replicated in other multi-homed ASes by deploying the procedure and the associated software tools.
IEEE Transactions on Network and Service Management, 2007
AS Path Prepending (ASPP) is a popular method for the inter-AS inbound traffic engineering, which... more AS Path Prepending (ASPP) is a popular method for the inter-AS inbound traffic engineering, which is known to be more difficult than the outbound traffic engineering. Although the ASPP approach has been extensively practised by many ASes, it is surprising that there still lacks a systematic study of this approach and the basic understanding of its effectiveness. In this paper, we introduce the concept, applicability and potential instability problem of the ASPP approach. Some guidelines are given as the first step to study the method to avoid instability problem. Finally, we study the dynamic prepending behavior of ISPs and show a real-world pathologic case of prepending instability based on our measurement study of RouteViews data.
lyzed for the last few years. However, the analysis usually assumed that routers and TCP flows ar... more lyzed for the last few years. However, the analysis usually assumed that routers and TCP flows are not under any network attacks. In this paper, we investigate how the performance of TCP flows is affected by denial-of-service (DoS) attacks under the Drop Tail and various AQM schemes. In particular, we consider two types of DoS attacks-the traditional flooding-based DoS (FDDoS) attacks and the recently proposed Pulsing DoS (PDoS) attacks. Both analytical and simulation results support that the PDoS attacks are more effective than the FDDoS attacks under the same average attack rate. Moreover, the Drop Tail surprisingly outperforms the RED-like AQMs when the router is under a PDoS attack, whereas the RED-like AQMs perform better under a severe FDDoS attack. On the other hand, the Adaptive Virtual Queue algorithm can retain a higher TCP throughput during PDoS attacks as compared with the RED-like AQMs.
IEEE Transactions on Automatic Control, 2001
In this note, we have extended previous studies of the system stability of buffered ALOHA systems... more In this note, we have extended previous studies of the system stability of buffered ALOHA systems to study an individual queue's stability, i.e., per-queue stability. The main result obtained in this work is a necessary and sufficient per-queue stability condition, which can be computed analytically only for several cases. For other noncomputable cases, we have evaluated several inner and outer bounds. They are generally quite tight for not-so-asymmetric systems.
The rapid and accurate detection of network traffic anomaly is one of the preconditions to guaran... more The rapid and accurate detection of network traffic anomaly is one of the preconditions to guarantee the effective work of the network.Aiming at the deficiency of present methods of network traffic anomaly detection, we propose a scale-adaptive method based on wavelet packet. By means of wavelet packet decomposition, our method can adjust the decomposition process adaptively, has the same detective ability to the anomaly of various frequency, especially the middle and high frequency ones which can not be checked out by the multi-resolution analysis. By means of adaptive reconstruction of the wavelet packet coefficient of different wavelet domains which anomaly, our method is able to confirm the characteristics of anomaly and enhance the reliability of detection. By means of a fast wavelet packet algorithm based on sliding window, our method satisfies can decrease the computation complexity of wavelet packet transform. By means of scale-adaptive detection window choice method based on wavelet center frequency, we can choose different detection time-windows to anomalous traffic which has difference scale. The simulation results prove that the method can detect the network traffic anomaly efficiently and rapidly.
A wireless device's energy can be saved by putting it into the sleeping mode (power saving mode, ... more A wireless device's energy can be saved by putting it into the sleeping mode (power saving mode, PSM) or decreasing its transmission power (transmission power control, TPC) which prolongs the packet transmission time. However, decreasing one's transmission power would prevent others from transmitting their packets. Clearly, there are complex interactions when each tries to optimize its own energy efficiency. Therefore, in this paper we are considering the problem of optimizing the energy efficiency for all wireless devices in the network with the constraint that they are all stable. In particular, we consider the polling-based MAC protocols with phase grouping and mobile grouping schedules, and we employ both the PSM and TPC to save the energy. We have formulated stability-constrained optimization problems for them, and have proposed an iterative algorithm to compute the optimal power allocations for the wireless devices. We have conducted a lot of experiments to validate the accuracy of the algorithm and to evaluate the gains in the energy efficiency for the two schedules. The mobile grouping schedule is found to be much more energy efficient than the PG schedule, especially when the downlink traffic is higher than the uplink traffic. We have also studied the impact of the optimized schedules on the delay performance.
Energy management in a wireless LAN is an important problem, as the viability of wireless devices... more Energy management in a wireless LAN is an important problem, as the viability of wireless devices depends very much on their battery life. In this paper, we propose a centralized power saving mode (C-PSM), an AP-centric PSM for 802.11 infrastructure networks. Having the AP select optimal PSM parameters, such as the beacon and listen intervals, C-PSM is able to maximize the total energy efficiency for all clients. Moreover, C-PSM provides a first-wake-up schedule to further increase the energy efficiency by reducing clients' simultaneous wake-ups. Extensive simulation experiments show that C-PSM outperforms the standard PSM by a very significant margin. In our set of experiments, C-PSM reduces power consumption and increases energy efficiency by as much as 76% and 320%, respectively. As a side benefit, C-PSM also decreases the frame buffering delay at the AP by 88%. The wake-up schedule can save clients' energy consumption by 22% at most. Moreover, the improvement increases with the number of clients.
IEEE Communications Magazine, 2002
Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the ... more Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its Internet connection, or both. In the last two years, it is discovered that DDoS attack methods and tools are becoming more sophisticated, effective, and also more difficult to trace to the real attackers. On the defense side, current technologies are still unable to withstand large-scale attacks. The main purpose of this article is therefore twofold. The first one is to describe various DDoS attack methods, and to present a systematic review and evaluation of the existing defense mechanisms. The second is to discuss a longer-term solution, dubbed the Internet-firewall approach, that attempts to intercept attack packets in the Internet core, well before reaching the victim. Packet filtering in LAD is very ineffective in the midst of a sufficiently large-scale attack. However, this approach is most deployable among the four because the detection activities are centralized in the victim network or its ISP network.
A few low-rate, TCP-targeted Denial-of-Service (DoS) attacks have been recently proposed, includi... more A few low-rate, TCP-targeted Denial-of-Service (DoS) attacks have been recently proposed, including the Shrew attack, Reduction of Quality (RoQ) attack, and Pulsing DoS (PDoS) attack. All of them use periodic attack pulses to throttle TCP flows. These attacks could potentially become major threats to the Internet's stabiliity and therefore they have motivated the development of a number of detection mechanisms for such attacks. However, those detection mechanisms are designed for specific attacks. Moreover, they assume that the period of the attack pulses is a nonzero constant. Unfortunately, these assumptions can be easily thwarted by more sophisticated attack strategies. In this paper, we propose a new detection system called Vanguard to identify a wide range of the aforementioned low-rate, DoS attacks, including the traditional flooding-based attacks as a special case. Vanguard can also detect attacks with randomized attack periods. We have validated Vanguard's efficacy based on extensive test-bed experiments. We have also compared Vanguard with other recently proposed detection systems.
Computer Networks, 2002
ABSTRACT In this paper, we consider the optimal node assignment problem in wavelength division mu... more ABSTRACT In this paper, we consider the optimal node assignment problem in wavelength division multiplexing lightwave networks, which is to optimally assign network nodes to the locations in a regular virtual topology through wavelength assignments. Unlike previous work, which concentrated on a single virtual topology, we consider this problem as a class of problems by formulating it as a quadratic assignment problem. As a result, our objective is of a wider scope: identify the factors responsible for effective (or ineffective) node assignments. Optimal node assignments are considered effective if they could significantly improve the performance given by a random node assignment. The performance metric considered here is the average weighted hop distance. Based on a set of carefully designed experiments and analyses, we have concluded that variability in virtual topologies' hop-distance distributions, variability in network traffic distributions, and pattern matching between distance and traffic matrices are major factors in determining the effectiveness of optimal node assignments. In particular, optimal node assignments are most effective for linear virtual topologies and clustered traffic patterns.
In this paper we consider how to optimize a new generation of pulsing denial-of-service (PDoS) at... more In this paper we consider how to optimize a new generation of pulsing denial-of-service (PDoS) attacks from the attackers' points of views. The PDoS attacks are 'smarter' than the traditional attacks in several aspects. The most obvious one is that they require fewer attack packets to cause a similar damage. Another is that the PDoS attacks can be tuned to achieve different effects. This paper concentrates on the attack tuning part. In particular, we consider two conflicting goals involved in launching a PDoS attack: (1) maximizing the throughput degradation and (2) minimizing the risk of being detected. To address this problem, we first analyze the TCP throughput and quasi-global synchronization phenomenon caused by the PDoS attack. We then propose a family of objective functions to incorporate the two conflicting goals, and obtain the optimal attack settings. To validate the analytical results, we have carried out extensive experiments using both ns-2 simulation and a test-bed. The overall experimental results match well with the analytical results.
Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper... more Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.
We propose a new tree switching protocol (TSP) to reduce multicast routing states required for a ... more We propose a new tree switching protocol (TSP) to reduce multicast routing states required for a forest of multicast trees. The protocol accomplishes this goal by selecting a base multicast tree and “switching” other multicast trees to the base tree. This results in more overlapping among the multicast trees and a net reduction in multicast state. A further reduction in the state is possible by applying state aggregation to the overlapped tree branches. Simulation results show that the tree switching operation alone could result in a very significant state reduction. The TSP is a distributed protocol running on top of any protocol independent multicast routing protocols. It is also loop-free and very efficient
ACM Sigcse Bulletin, 2004
User Mode Linux is a virtual machine running on a GNU-Linux operating system. It is the right cho... more User Mode Linux is a virtual machine running on a GNU-Linux operating system. It is the right choice for teaching operating systems' administration, as it does not need any dedicated hardware. It runs at user level (no need for root, i.e. administrator, access or possible security threats) and it does not have the performance problems of an emulator. This paper describes how to set up a laboratory for teaching operating systems' administration.
Monitoring network services and diagnosing their problems often require active probing methods. C... more Monitoring network services and diagnosing their problems often require active probing methods. Current probing methods, however, are becoming unreliable, because of interferences from various middleboxes, and inadequate due to their limited path metrics support. In this paper, we present the design and implementation of OneProbe, a new TCP probing method for reliable and metric-rich path monitoring. We have implemented HTTP/OneProbe (i.e., OneProbe for HTTP) which sends TCP data probes containing legitimate HTTP requests to induce HTTP responses for path measurement. Since the probing method is based on TCP's basic data transmission mechanisms, OneProbe works correctly on all major operating systems and web server software, and on 93% of the 37,874 websites randomly selected from the Internet. We also successfully deployed HTTP/OneProbe to monitor a number of network paths for over a month and obtained interesting and useful measurement results.
In this paper, we propose Cloak—a new class of reliable timing channels—which is fundamentally di... more In this paper, we propose Cloak—a new class of reliable timing channels—which is fundamentally different from other timing channels in several aspects. First, Cloak encodes a message by a unique distribution of N packets over X TCP flows. The combinatorial nature of the encoding methods increases the channel capacity largely with (N,X). Second, Cloak offers ten different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and the need for packet marking. Third, the packet transmissions modulated by Cloak could be carefully crafted to mimic the normal TCP flows in a typical TCP-based application session. Although Cloak’s basic idea is simple, we show in this paper how we tackle a number of challenging issues systematically. Our experiment results collected from PlanetLab nodes and a test bed suggest that Cloak is feasible under various network conditions and different round-trip delays.
The accuracy and speed of path capacity measurement could be seriously affected by the presence o... more The accuracy and speed of path capacity measurement could be seriously affected by the presence of cross traffic on the path. In this paper, we propose a new cross-traffic filtering method called minimum delay difference (MDDIF). Unlike the classic packet-pair dispersion techniques, the MDDIF method can obtain accurate capacity estimate from the minimal possible delay of packets from different packet pairs. We have proved that the MDDIF method is correct and that it takes less time to obtain accurate samples than the minimum delay sum (MDSUM) method. We also present analytical and measurement results to evaluate the MDDIF method and to compare its performance with the MDSUM method.
Strifeshadow Fantasy (SSF) is a massive, multiplayer online, role-playing game. Players of this g... more Strifeshadow Fantasy (SSF) is a massive, multiplayer online, role-playing game. Players of this game, acting as avatars, search for the ancient signs, and their goals are to defeat the God of Destruction. Players can adventure in the game alone or co-operate with the others through the chat box. SSF is available for free and there are currently more than 10,000 registered users. In this article, we highlight the overall software architecture of SSF, which is based on a simple server-client model and HTTP. We will also describe in details two problems encountered in the course of designing SSF and the solutions to them. The first one is a local state consistency problem which is to ensure that each client participating in the game will eventually receive all the state updates once and only once. The second one is a connection jamming problem that is a result of using nonpersistent HTTP connections for the communication between the game server and clients.
Eurasip Journal on Advances in Signal Processing, 2009
This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks ... more This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval). Our main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. We have prototyped Vanguard and evaluated it on a testbed. The experiment results show that Vanguard is more effective than the previous methods that are based on other traffic anomalies (after a transformation using wavelet transform, Fourier transform, and autocorrelation) and detection algorithms (e.g., dynamic time warping).
Journal of Parallel and Distributed Computing, 2001
In this paper, we consider a highly recursive interconnection network known as the fully connecte... more In this paper, we consider a highly recursive interconnection network known as the fully connected cubic network (FCCN). By exploiting its recursive properties, we thoroughly analyze the performance of a simple routing algorithm for the FCCN. We show that at least 800 of the routes obtained from this simple algorithm are shortest paths, and this percentage increases further with the network size. Subsequently, we obtain the network diameter and average internodal distance, taking into account the communication locality that is exhibited in many parallel computations. The presence of the communication locality significantly reduces the average internodal distance.
Unlike outbound traffic, incoming traffic distribution to a multi-homed AS is influenced mainly b... more Unlike outbound traffic, incoming traffic distribution to a multi-homed AS is influenced mainly by the upstream ISPs' routing policies. Currently, only a handful of mechanisms is available for such an AS to engineer the traffic volume coming into these links. We concentrate on the problem of re-distributing the incoming traffic across the multiple links. We consider the approach of AS path prepending which artificially inflates the length of the AS path to the network reported in BGP (border gateway protocol) messages, with the hope of diverting some of the traffic from one incoming link to another. Although this approach has already been deployed by many ASes, it is often performed on a trial-and-error basis; there is also a lack of a detailed measurement study on the effectiveness of this approach. The paper attempts to fill these gaps. In particular, we have proposed a complete procedure based on the AS path prepending method to engineer incoming traffic according to some traffic control policy. The procedure includes passive measurements, active measurements, and traffic change prediction. We have deployed this approach to a noncommercial site and evaluated its effectiveness based on measurements collected over six months. Similar measurement cycles can be replicated in other multi-homed ASes by deploying the procedure and the associated software tools.
IEEE Transactions on Network and Service Management, 2007
AS Path Prepending (ASPP) is a popular method for the inter-AS inbound traffic engineering, which... more AS Path Prepending (ASPP) is a popular method for the inter-AS inbound traffic engineering, which is known to be more difficult than the outbound traffic engineering. Although the ASPP approach has been extensively practised by many ASes, it is surprising that there still lacks a systematic study of this approach and the basic understanding of its effectiveness. In this paper, we introduce the concept, applicability and potential instability problem of the ASPP approach. Some guidelines are given as the first step to study the method to avoid instability problem. Finally, we study the dynamic prepending behavior of ISPs and show a real-world pathologic case of prepending instability based on our measurement study of RouteViews data.
lyzed for the last few years. However, the analysis usually assumed that routers and TCP flows ar... more lyzed for the last few years. However, the analysis usually assumed that routers and TCP flows are not under any network attacks. In this paper, we investigate how the performance of TCP flows is affected by denial-of-service (DoS) attacks under the Drop Tail and various AQM schemes. In particular, we consider two types of DoS attacks-the traditional flooding-based DoS (FDDoS) attacks and the recently proposed Pulsing DoS (PDoS) attacks. Both analytical and simulation results support that the PDoS attacks are more effective than the FDDoS attacks under the same average attack rate. Moreover, the Drop Tail surprisingly outperforms the RED-like AQMs when the router is under a PDoS attack, whereas the RED-like AQMs perform better under a severe FDDoS attack. On the other hand, the Adaptive Virtual Queue algorithm can retain a higher TCP throughput during PDoS attacks as compared with the RED-like AQMs.
IEEE Transactions on Automatic Control, 2001
In this note, we have extended previous studies of the system stability of buffered ALOHA systems... more In this note, we have extended previous studies of the system stability of buffered ALOHA systems to study an individual queue's stability, i.e., per-queue stability. The main result obtained in this work is a necessary and sufficient per-queue stability condition, which can be computed analytically only for several cases. For other noncomputable cases, we have evaluated several inner and outer bounds. They are generally quite tight for not-so-asymmetric systems.
The rapid and accurate detection of network traffic anomaly is one of the preconditions to guaran... more The rapid and accurate detection of network traffic anomaly is one of the preconditions to guarantee the effective work of the network.Aiming at the deficiency of present methods of network traffic anomaly detection, we propose a scale-adaptive method based on wavelet packet. By means of wavelet packet decomposition, our method can adjust the decomposition process adaptively, has the same detective ability to the anomaly of various frequency, especially the middle and high frequency ones which can not be checked out by the multi-resolution analysis. By means of adaptive reconstruction of the wavelet packet coefficient of different wavelet domains which anomaly, our method is able to confirm the characteristics of anomaly and enhance the reliability of detection. By means of a fast wavelet packet algorithm based on sliding window, our method satisfies can decrease the computation complexity of wavelet packet transform. By means of scale-adaptive detection window choice method based on wavelet center frequency, we can choose different detection time-windows to anomalous traffic which has difference scale. The simulation results prove that the method can detect the network traffic anomaly efficiently and rapidly.
A wireless device's energy can be saved by putting it into the sleeping mode (power saving mode, ... more A wireless device's energy can be saved by putting it into the sleeping mode (power saving mode, PSM) or decreasing its transmission power (transmission power control, TPC) which prolongs the packet transmission time. However, decreasing one's transmission power would prevent others from transmitting their packets. Clearly, there are complex interactions when each tries to optimize its own energy efficiency. Therefore, in this paper we are considering the problem of optimizing the energy efficiency for all wireless devices in the network with the constraint that they are all stable. In particular, we consider the polling-based MAC protocols with phase grouping and mobile grouping schedules, and we employ both the PSM and TPC to save the energy. We have formulated stability-constrained optimization problems for them, and have proposed an iterative algorithm to compute the optimal power allocations for the wireless devices. We have conducted a lot of experiments to validate the accuracy of the algorithm and to evaluate the gains in the energy efficiency for the two schedules. The mobile grouping schedule is found to be much more energy efficient than the PG schedule, especially when the downlink traffic is higher than the uplink traffic. We have also studied the impact of the optimized schedules on the delay performance.
Energy management in a wireless LAN is an important problem, as the viability of wireless devices... more Energy management in a wireless LAN is an important problem, as the viability of wireless devices depends very much on their battery life. In this paper, we propose a centralized power saving mode (C-PSM), an AP-centric PSM for 802.11 infrastructure networks. Having the AP select optimal PSM parameters, such as the beacon and listen intervals, C-PSM is able to maximize the total energy efficiency for all clients. Moreover, C-PSM provides a first-wake-up schedule to further increase the energy efficiency by reducing clients' simultaneous wake-ups. Extensive simulation experiments show that C-PSM outperforms the standard PSM by a very significant margin. In our set of experiments, C-PSM reduces power consumption and increases energy efficiency by as much as 76% and 320%, respectively. As a side benefit, C-PSM also decreases the frame buffering delay at the AP by 88%. The wake-up schedule can save clients' energy consumption by 22% at most. Moreover, the improvement increases with the number of clients.
IEEE Communications Magazine, 2002
Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the ... more Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its Internet connection, or both. In the last two years, it is discovered that DDoS attack methods and tools are becoming more sophisticated, effective, and also more difficult to trace to the real attackers. On the defense side, current technologies are still unable to withstand large-scale attacks. The main purpose of this article is therefore twofold. The first one is to describe various DDoS attack methods, and to present a systematic review and evaluation of the existing defense mechanisms. The second is to discuss a longer-term solution, dubbed the Internet-firewall approach, that attempts to intercept attack packets in the Internet core, well before reaching the victim. Packet filtering in LAD is very ineffective in the midst of a sufficiently large-scale attack. However, this approach is most deployable among the four because the detection activities are centralized in the victim network or its ISP network.