oana niculaescu | University of Massachusetts, Boston (original) (raw)
Uploads
Papers by oana niculaescu
It is always a challenge to keep the state of the network consistent and to be able to say at any... more It is always a challenge to keep the state of the network consistent and to be able to say at any moment what packets are getting through it. Software Defined Networking comes in aid and offers an alternative to the old way networking administration is done, offering the administrators the possibility to control the network through a custom written software. In this paper, we propose a solution for automatic discovery of the network topology and packet generations from a central point with some troubleshooting capabilities. We use the onePK Software Defined Networking solution to implement an application that offers at any time a consistent view of the network topology and permits packet generation. The general purpose of the application is network troubleshooting.
Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy
High-speed research networks developed significantly in the past decade, and they are becoming an... more High-speed research networks developed significantly in the past decade, and they are becoming an essential infrastructure component for supporting large-scale data-intensive scientific projects. With the increased use of high-speed research networks, a large amount of network measurement data is becoming available at flow granularity. Such data has many uses, such as performance analysis, diagnostics, security incident response, etc. However, collecting and sharing such data raises important concerns related to individual users’ privacy. Once the network data are released, personal details like website browsing access patterns may be extracted from the network flows. Such details can be inferred even when payloads are suppressed, by inspecting only flow metadata. In this thesis, I propose a framework for collecting and sanitizing network flow data to provide various stakeholders (e.g. network researchers, engineers) with accurate aggregate query results, while preserving the privacy of individual users of the network. Using big data tools and techniques, as well as the de-facto standard in data protection (differential privacy) the proposed framework is capable to process high-rate and high- volume network flows in an efficient manner. The framework uses state-of-the-art adaptations of differential privacy techniques customized for network flow sanitization, as well as efficient data storage and organization strategies on top of prominent BigData technologies like Apache Hadoop, HBase and MapReduce. We further enhance the capabilities of the framework by devising a series of algorithms that construct differentially private synopsis of datasets in order to improve the accuracy of users’ queries over that data. The differentially private synopsis of the data is a well studied problem in the field of privacy research, and it has numerous applications in geo-spatial decomposition. We highlight how our data independent methods based on Sparse Vector Techniques and optimal analysis of error components are offering better accuracy to this problem than existing published literature approaches
Proceedings of the 25th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, 2017
Recent years witnessed a tremendous growth in the area of mobile computing. Users with mobile dev... more Recent years witnessed a tremendous growth in the area of mobile computing. Users with mobile devices are able to access services customized to their geographical coordinates, and to engage in complex interactions with other users in their proximity. However, in addition to its many benefits, sharing location with service providers and other users also introduces serious privacy threats. If not properly addressed, the loss of location privacy can bring significant harm to mobile users. Currently, there is a low level of awareness among mobile users with respect to the contingent threats on location privacy, and to the approaches available to mitigate such threats. We propose an educational capture-the-flag (CTF) - style tool designed to raise the level of awareness about the dangers of uncontrolled sharing of location data, and to illustrate prominent location protection techniques. The game-based approach represents an effective and engaging educational tool, suitable for high-school and college students, as well as computer-literate general population mobile users.
XRDS: Crossroads, The ACM Magazine for Students, 2018
XRDS: Crossroads, The ACM Magazine for Students, 2018
X R D S • F A L L 2 0 1 8 • V O L . 2 5 • N O . 1 W hat do we mean when we say we are trying to f... more X R D S • F A L L 2 0 1 8 • V O L . 2 5 • N O . 1 W hat do we mean when we say we are trying to find anomalies in a data set? What are anomalies? How can we find the point at which the data is becoming anomalous just by looking at previous data behavior? Those are the questions we are going to try to answer in this introductory article about anomaly detection. By the end of this, and with the help of a running example using network data, you will be able to devise a few simple algorithms for anomaly detection.
XRDS: Crossroads, The ACM Magazine for Students, 2018
XRDS: Crossroads, The ACM Magazine for Students, 2019
Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017
High-speed research networks (e.g., Internet2, Géant) represent the backbone of large-scale resea... more High-speed research networks (e.g., Internet2, Géant) represent the backbone of large-scale research projects that bring together stakeholders from academia, industry and government. Such projects have increasing demands on throughput (e.g., 100Gbps line rates), and require a high amount of configurability. Collecting and sharing traffic data for such networks can help in detecting hotspots, troubleshooting, and designing novel routing protocols. However, sharing network data directly introduces serious privacy breaches, as an adversary may be able to derive private details about individual users (e.g., personal preferences or activity patterns). Our objective is to sanitize high-speed research network data according to the de-facto standard of differential privacy (DP), thus supporting benefic applications of traffic measurement without compromising individuals' privacy. In this paper, we present an initial framework for computing DP-compliant big data analytics for high-speed research network data. Specifically, we focus on sharing data at flow-level granularity, and we describe our initial steps towards an environment that relies on Hadoop and HBase to support privacy-preserving NetFlow analytics.
2014 RoEduNet Conference 13th Edition: Networking in Education and Research Joint Event RENAM 8th Conference, 2014
It is always a challenge to keep the state of the network consistent and to be able to say at any... more It is always a challenge to keep the state of the network consistent and to be able to say at any moment what packets are getting through it. Software Defined Networking comes in aid and offers an alternative to the old way networking administration is done, offering the administrators the possibility to control the network through a custom written software. In this paper, we propose a solution for automatic discovery of the network topology and packet generations from a central point with some troubleshooting capabilities. We use the onePK Software Defined Networking solution to implement an application that offers at any time a consistent view of the network topology and permits packet generation. The general purpose of the application is network troubleshooting.
XRDS: Crossroads, The ACM Magazine for Students, 2019
It is always a challenge to keep the state of the network consistent and to be able to say at any... more It is always a challenge to keep the state of the network consistent and to be able to say at any moment what packets are getting through it. Software Defined Networking comes in aid and offers an alternative to the old way networking administration is done, offering the administrators the possibility to control the network through a custom written software. In this paper, we propose a solution for automatic discovery of the network topology and packet generations from a central point with some troubleshooting capabilities. We use the onePK Software Defined Networking solution to implement an application that offers at any time a consistent view of the network topology and permits packet generation. The general purpose of the application is network troubleshooting.
Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy
High-speed research networks developed significantly in the past decade, and they are becoming an... more High-speed research networks developed significantly in the past decade, and they are becoming an essential infrastructure component for supporting large-scale data-intensive scientific projects. With the increased use of high-speed research networks, a large amount of network measurement data is becoming available at flow granularity. Such data has many uses, such as performance analysis, diagnostics, security incident response, etc. However, collecting and sharing such data raises important concerns related to individual users’ privacy. Once the network data are released, personal details like website browsing access patterns may be extracted from the network flows. Such details can be inferred even when payloads are suppressed, by inspecting only flow metadata. In this thesis, I propose a framework for collecting and sanitizing network flow data to provide various stakeholders (e.g. network researchers, engineers) with accurate aggregate query results, while preserving the privacy of individual users of the network. Using big data tools and techniques, as well as the de-facto standard in data protection (differential privacy) the proposed framework is capable to process high-rate and high- volume network flows in an efficient manner. The framework uses state-of-the-art adaptations of differential privacy techniques customized for network flow sanitization, as well as efficient data storage and organization strategies on top of prominent BigData technologies like Apache Hadoop, HBase and MapReduce. We further enhance the capabilities of the framework by devising a series of algorithms that construct differentially private synopsis of datasets in order to improve the accuracy of users’ queries over that data. The differentially private synopsis of the data is a well studied problem in the field of privacy research, and it has numerous applications in geo-spatial decomposition. We highlight how our data independent methods based on Sparse Vector Techniques and optimal analysis of error components are offering better accuracy to this problem than existing published literature approaches
Proceedings of the 25th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, 2017
Recent years witnessed a tremendous growth in the area of mobile computing. Users with mobile dev... more Recent years witnessed a tremendous growth in the area of mobile computing. Users with mobile devices are able to access services customized to their geographical coordinates, and to engage in complex interactions with other users in their proximity. However, in addition to its many benefits, sharing location with service providers and other users also introduces serious privacy threats. If not properly addressed, the loss of location privacy can bring significant harm to mobile users. Currently, there is a low level of awareness among mobile users with respect to the contingent threats on location privacy, and to the approaches available to mitigate such threats. We propose an educational capture-the-flag (CTF) - style tool designed to raise the level of awareness about the dangers of uncontrolled sharing of location data, and to illustrate prominent location protection techniques. The game-based approach represents an effective and engaging educational tool, suitable for high-school and college students, as well as computer-literate general population mobile users.
XRDS: Crossroads, The ACM Magazine for Students, 2018
XRDS: Crossroads, The ACM Magazine for Students, 2018
X R D S • F A L L 2 0 1 8 • V O L . 2 5 • N O . 1 W hat do we mean when we say we are trying to f... more X R D S • F A L L 2 0 1 8 • V O L . 2 5 • N O . 1 W hat do we mean when we say we are trying to find anomalies in a data set? What are anomalies? How can we find the point at which the data is becoming anomalous just by looking at previous data behavior? Those are the questions we are going to try to answer in this introductory article about anomaly detection. By the end of this, and with the help of a running example using network data, you will be able to devise a few simple algorithms for anomaly detection.
XRDS: Crossroads, The ACM Magazine for Students, 2018
XRDS: Crossroads, The ACM Magazine for Students, 2019
Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017
High-speed research networks (e.g., Internet2, Géant) represent the backbone of large-scale resea... more High-speed research networks (e.g., Internet2, Géant) represent the backbone of large-scale research projects that bring together stakeholders from academia, industry and government. Such projects have increasing demands on throughput (e.g., 100Gbps line rates), and require a high amount of configurability. Collecting and sharing traffic data for such networks can help in detecting hotspots, troubleshooting, and designing novel routing protocols. However, sharing network data directly introduces serious privacy breaches, as an adversary may be able to derive private details about individual users (e.g., personal preferences or activity patterns). Our objective is to sanitize high-speed research network data according to the de-facto standard of differential privacy (DP), thus supporting benefic applications of traffic measurement without compromising individuals' privacy. In this paper, we present an initial framework for computing DP-compliant big data analytics for high-speed research network data. Specifically, we focus on sharing data at flow-level granularity, and we describe our initial steps towards an environment that relies on Hadoop and HBase to support privacy-preserving NetFlow analytics.
2014 RoEduNet Conference 13th Edition: Networking in Education and Research Joint Event RENAM 8th Conference, 2014
It is always a challenge to keep the state of the network consistent and to be able to say at any... more It is always a challenge to keep the state of the network consistent and to be able to say at any moment what packets are getting through it. Software Defined Networking comes in aid and offers an alternative to the old way networking administration is done, offering the administrators the possibility to control the network through a custom written software. In this paper, we propose a solution for automatic discovery of the network topology and packet generations from a central point with some troubleshooting capabilities. We use the onePK Software Defined Networking solution to implement an application that offers at any time a consistent view of the network topology and permits packet generation. The general purpose of the application is network troubleshooting.
XRDS: Crossroads, The ACM Magazine for Students, 2019