| 217 | <b>Antequera, R. Bazan and Calyam, P. and Chemodanov, D. and de Donato, W. and Mishra, A. and Pescape, A. and Skubic, M.</b>, |
| 218 | "Socio-technical approach to engineer gigabit app performance for physicaltherapy-as-a-service." |
| 219 | 2017 IEEE 19th International Conference on e-Health Networking, Applications and Services (Healthcom), Dalian, China, IEEE, |
| 220 | 2017. |
| 221 | doi:10.1109/healthcom.2017.8210768. |
| 222 | <a href="http://dx.doi.org/10.1109/healthcom.2017.8210768">http://dx.doi.org/10.1109/healthcom.2017.8210768</a> |
| 223 | <br><br><b>Abstract: </b>The deployment of Gigabit Apps owing to their high-bandwidth and low-latency nature pushes the limits of today's end-to-end networking, and reveals new bottlenecks at multiple layers of networking, virtualization, application and user experience. In this paper, we use an exemplar smart health related Gigabit App use case viz., PhysicalTherapy-as-a-Service to show how a multi-layer instrumentation approach of measurement points was critical to successfully deploy our lab-tested App out to residential homes with Google Fiber connections. The salient instrumentation strategies involved an organized co-design method between the App Developer and Network Engineer roles, and a multi-domain network performance monitoring featuring perfSONAR extensions, both of which were realized through our Narada Metrics framework. Our instrumentation strategies engendered a ” socio-technical tool” for co-ordination between multi-layer stakeholders in identifying and overcoming the intertwined bottlenecks, and in tuning the App performance. Our results highlight the new instrumentation and measurement challenges to foster multi-layer stakeholder collaboration, and provide rare insights to the budding Gigabit App developer community for performance engineering their Apps to serve residential users. |
| 224 | </li> |
| 225 | <br> |
| 226 | |
| 227 | |
| 228 | |
| 229 | <li> |
| 269 | <b>Arezoumand, Saeed</b>, |
| 270 | "End to End Orchestration of Distributed Cloud Applications (Master's Thesis)." |
| 271 | |
| 272 | 2017. |
| 273 | |
| 274 | <a href="https://tspace.library.utoronto.ca/handle/1807/79499">https://tspace.library.utoronto.ca/handle/1807/79499</a> |
| 275 | <br><br><b>Abstract: </b>Centralized management provides benefits for cloud providers in terms of efficient and simple management of their infrastructure. However, tenants who use these infrastructures to deliver a software service to the end-users, are handicapped by having to work with traditional network primitives. Current service orchestration tools can automate most of the service configuration and deployment process, but these do not yet include significant SDN capabilities. In this thesis, we propose and examine high-level abstraction models for the orchestration of distributed cloud applications over multiple network domains and multiple infrastructure providers. We provide cloud application developers with a set of useful network functionalities that require no programming effort to provision and use. Our design relies on Hyperexchange, a protocol-agnostic exchange point for peering of virtual networks, to enable orchestration among multiple virtual network providers. |
| 276 | </li> |
| 277 | <br> |
| 278 | |
| 279 | |
| 280 | |
| 281 | <li> |
| 943 | <b>Cecil, J. and Gupta, Avinash and Pirela-Cruz, Miguel and Ramanathan, Parmesh</b>, |
| 944 | "A cyber training framework for orthopedic surgery." |
| 945 | Cogent Medicine, |
| 946 | 2017. |
| 947 | doi:10.1080/2331205x.2017.1419792. |
| 948 | <a href="http://dx.doi.org/10.1080/2331205x.2017.1419792">http://dx.doi.org/10.1080/2331205x.2017.1419792</a> |
| 949 | <br><br><b>Abstract: </b>Purpose: This paper focuses on the development of a cyber training framework for an orthopaedic process termed Less Invasive Stabilization System (LISS) plating surgery. Research methodology: The methodology involved developing a simulator framework which is a complex task involving multiple systems, technologies and human experts. Expert surgeons played an important role in the design and develop the IoT based simulator. Finally, simulator's impact was validated through learning interactions with residents. Hypothesis: The hypothesis was that interactions with the simulator improve the residents' understanding of the LISS plating surgical process. Results: The results from the learning interactions con rm the hypothesis that the interactions with the simulation framework improve the residents' understanding of the LISS plating surgical process. Among the twenty-eight participants in this study, the majority showed improvements in their understanding of the LISS plating surgical process. Conclusion: This paper shows the process of design and development of simulation framework. The learning interactions conducted suggest that this IoT based framework can be used as a tool in medical education. |
| 950 | </li> |
| 951 | <br> |
| 952 | |
| 953 | |
| 954 | |
| 955 | <li> |
| 996 | "Global optimization of file availability through replication for efficient file sharing in MANETs." |
| 997 | Network Protocols (ICNP), 2011 19th IEEE International Conference on, Vancouver, AB, Canada, IEEE, |
| 998 | 2011. |
| 999 | doi:10.1109/icnp.2011.6089056. |
| 1000 | <a href="http://dx.doi.org/10.1109/icnp.2011.6089056">http://dx.doi.org/10.1109/icnp.2011.6089056</a> |
| 1001 | <br><br><b>Abstract: </b>File sharing applications in mobile ad hoc networks (MANETs) have attracted more and more attention in recent years. The efficiency of file querying suffers from the distinctive properties of MANETs including node mobility and limited communication range and resource. An intuitive method to alleviate this problem is to create file replicas in the network. However, despite the efforts on file replication, no research has focused on the global optimal replica sharing with minimum average querying delay. Specifically, current file replication protocols in MANETs have two shortcomings. First, they lack a rule to allocate limited resource to different files in order to minimize the average querying delay. Second, they simply consider storage as resource for replicas, but neglect the fact that the file holders' frequency of meeting other nodes also plays an important role in determining file availability. A node having a higher meeting frequency with others provides higher availability to its files. In this paper, we introduce a new concept of resource for file replication, which considers both node storage and meeting frequency. We theoretically study the influence of resource allocation on the average querying delay and derive a resource allocation rule to minimize the average querying delay. We further propose a distributed file replication protocol that follows the rule. The trace-driven experiments on both the real-world GENI testbed and NS-2 show that our protocol can achieve shorter average querying delay at lower cost than current replication protocols, which justifies the correctness of our theoretical analysis and the effectiveness of the proposed protocol. |
| 1002 | </li> |
| 1003 | <br> |
| 1004 | |
| 1005 | <li> |
| 1006 | <b>Chen, Kang and Shen, Haiying</b>, |
963 | | </li> |
964 | | <br> |
965 | | |
966 | | <li> |
967 | | <b>Chen, Kang and Shen, Haiying</b>, |
968 | | "Global optimization of file availability through replication for efficient file sharing in MANETs." |
969 | | Network Protocols (ICNP), 2011 19th IEEE International Conference on, Vancouver, AB, Canada, IEEE, |
970 | | 2011. |
971 | | doi:10.1109/icnp.2011.6089056. |
972 | | <a href="http://dx.doi.org/10.1109/icnp.2011.6089056">http://dx.doi.org/10.1109/icnp.2011.6089056</a> |
973 | | <br><br><b>Abstract: </b>File sharing applications in mobile ad hoc networks (MANETs) have attracted more and more attention in recent years. The efficiency of file querying suffers from the distinctive properties of MANETs including node mobility and limited communication range and resource. An intuitive method to alleviate this problem is to create file replicas in the network. However, despite the efforts on file replication, no research has focused on the global optimal replica sharing with minimum average querying delay. Specifically, current file replication protocols in MANETs have two shortcomings. First, they lack a rule to allocate limited resource to different files in order to minimize the average querying delay. Second, they simply consider storage as resource for replicas, but neglect the fact that the file holders' frequency of meeting other nodes also plays an important role in determining file availability. A node having a higher meeting frequency with others provides higher availability to its files. In this paper, we introduce a new concept of resource for file replication, which considers both node storage and meeting frequency. We theoretically study the influence of resource allocation on the average querying delay and derive a resource allocation rule to minimize the average querying delay. We further propose a distributed file replication protocol that follows the rule. The trace-driven experiments on both the real-world GENI testbed and NS-2 show that our protocol can achieve shorter average querying delay at lower cost than current replication protocols, which justifies the correctness of our theoretical analysis and the effectiveness of the proposed protocol. |
| 1098 | "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
| 1099 | MILCOM 2015 - 2015 IEEE Military Communications Conference, Tampa, FL, USA, IEEE, |
| 1100 | 2015. |
| 1101 | doi:10.1109/milcom.2015.7357519. |
| 1102 | <a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a> |
| 1103 | <br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability. |
| 1104 | </li> |
| 1105 | <br> |
| 1106 | |
| 1107 | <li> |
| 1108 | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>, |
1068 | | <li> |
1069 | | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>, |
1070 | | "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
1071 | | MILCOM 2015 - 2015 IEEE Military Communications Conference, Tampa, FL, USA, IEEE, |
1072 | | 2015. |
1073 | | doi:10.1109/milcom.2015.7357519. |
1074 | | <a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a> |
1075 | | <br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability. |
1076 | | </li> |
1077 | | <br> |
1078 | | |
1079 | | |
1080 | | |
1081 | | <li> |
1082 | | <b>Chin, Tommy and Xiong, Kaiqi</b>, |
1083 | | "Dynamic generation containment systems (DGCS): A Moving Target Defense approach." |
1084 | | 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC), IEEE, |
1085 | | 2016. |
1086 | | doi:10.1109/eitec.2016.7503690. |
1087 | | <a href="http://dx.doi.org/10.1109/eitec.2016.7503690">http://dx.doi.org/10.1109/eitec.2016.7503690</a> |
1088 | | <br><br><b>Abstract: </b>Supervisory Control and Data Acquisition (SCADA) systems are critical assets to public utility and manufacturing organizations. These systems, although critical, are prone to numerous cyber security related threats and attacks. To combat such challenges, we propose a Dynamic Generated Containment System (DGCS), a moving target defense model as a method of threat evasion. Under the proposed approach, we employ the use of intrusion detection systems (IDS) in conjunction with virtualization solution - Docker. The proposed approach provides an individual Docker container for each threat detected by our IDS. We conduct several experiments using high performance computing systems to measure and demonstrate our proposed approach. |
1089 | | </li> |
1090 | | <br> |
| 1118 | |
| 1133 | "Dynamic generation containment systems (DGCS): A Moving Target Defense approach." |
| 1134 | 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC), IEEE, |
| 1135 | 2016. |
| 1136 | doi:10.1109/eitec.2016.7503690. |
| 1137 | <a href="http://dx.doi.org/10.1109/eitec.2016.7503690">http://dx.doi.org/10.1109/eitec.2016.7503690</a> |
| 1138 | <br><br><b>Abstract: </b>Supervisory Control and Data Acquisition (SCADA) systems are critical assets to public utility and manufacturing organizations. These systems, although critical, are prone to numerous cyber security related threats and attacks. To combat such challenges, we propose a Dynamic Generated Containment System (DGCS), a moving target defense model as a method of threat evasion. Under the proposed approach, we employ the use of intrusion detection systems (IDS) in conjunction with virtualization solution - Docker. The proposed approach provides an individual Docker container for each threat detected by our IDS. We conduct several experiments using high performance computing systems to measure and demonstrate our proposed approach. |
| 1139 | </li> |
| 1140 | <br> |
| 1141 | |
| 1142 | <li> |
| 1143 | <b>Chin, Tommy and Xiong, Kaiqi</b>, |
| 2063 | "QoE management in DASH systems using the segment aware rate adaptation algorithm." |
| 2064 | NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, |
| 2065 | 2016. |
| 2066 | doi:10.1109/noms.2016.7502805. |
| 2067 | <a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a> |
| 2068 | <br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them. |
| 2069 | </li> |
| 2070 | <br> |
| 2071 | |
| 2072 | <li> |
| 2073 | <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>, |
2030 | | </li> |
2031 | | <br> |
2032 | | |
2033 | | <li> |
2034 | | <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>, |
2035 | | "QoE management in DASH systems using the segment aware rate adaptation algorithm." |
2036 | | NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, |
2037 | | 2016. |
2038 | | doi:10.1109/noms.2016.7502805. |
2039 | | <a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a> |
2040 | | <br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them. |
| 2243 | "Performance of GENI Cloud Testbeds for Real Time Scientific Application." |
| 2244 | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
| 2245 | 2012. |
| 2246 | |
| 2247 | |
| 2248 | <br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform. |
| 2249 | </li> |
| 2250 | <br> |
| 2251 | |
| 2252 | <li> |
| 2253 | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>, |
2208 | 2258 | <a href="http://dx.doi.org/10.1109/lcn.2012.6423665">http://dx.doi.org/10.1109/lcn.2012.6423665</a> |
2209 | 2259 | <br><br><b>Abstract: </b>Dedicating high-end servers for executing scientific applications that run intermittently, such as severe weather detection or generalized weather forecasting, wastes resources. While the Infrastructure-as-a-Service (IaaS) model used by today's cloud platforms is well-suited for the bursty computational demands of these applications, it is unclear if the network capabilities of today's cloud platforms are sufficient. In this paper, we analyze the networking capabilities of multiple commercial (Amazon's EC2 and Rackspace) and research (GENICloud and ExoGENI cloud) platforms in the context of a Nowcasting application, a forecasting algorithm for highly accurate, near-term, e.g., 5-20 minutes, weather predictions. The application has both computational and network requirements. While it executes rarely, whenever severe weather approaches, it benefits from an IaaS model; However, since its results are time-critical, enough bandwidth must be available to transmit radar data to cloud platforms before it becomes stale. We conduct network capacity measurements between radar sites and cloud platforms throughout the country. Our results indicate that ExoGENI cloud performs the best for both serial and parallel data transfer with an average throughput of 110.22 Mbps and 17.2 Mbps, respectively. We also found that the cloud services perform better in the distributed data transfer case, where a subset of nodes transmit data in parallel to a cloud instance. Ultimately, we conclude that commercial and research clouds are capable of providing sufficient bandwidth for our real-time Nowcasting application. |
2210 | | </li> |
2211 | | <br> |
2212 | | |
2213 | | <li> |
2214 | | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>, |
2215 | | "Performance of GENI Cloud Testbeds for Real Time Scientific Application." |
2216 | | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
2217 | | 2012. |
2218 | | |
2219 | | |
2220 | | <br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform. |
| 2513 | <b>Liu, Shuhao and Li, Baochun</b>, |
| 2514 | "Stemflow: Software-Defined Inter-Datacenter Overlay as a Service." |
| 2515 | IEEE Journal on Selected Areas in Communications, |
| 2516 | 2017. |
| 2517 | doi:10.1109/jsac.2017.2760159. |
| 2518 | <a href="http://dx.doi.org/10.1109/jsac.2017.2760159">http://dx.doi.org/10.1109/jsac.2017.2760159</a> |
| 2519 | <br><br><b>Abstract: </b>Modern Internet applications are typically hosted in the public cloud, with multiple server instances running within geographically distributed datacenters. Thanks to the abundantly available bandwidth on wide-area links that interconnect these datacenters, it is conceivable that bandwidth-intensive applications may improve their performance by relaying their traffic through such an inter-datacenter network. However, there does not yet exist a cloud service that provides a turn-key solution to tap into such available bandwidth resources conveniently. In this paper, we design and implement Stemflow, a new system framework that provides Inter-Datacenter Overlay as a Service based on the software-defined networking principle. It offers an attractive foundation that helps an Internet application to transparently improve its scalability and performance by using inter-datacenter networks for its traffic. With Stemflow, all deployed server instances will construct an overlay atop an interdatacenter network, and the routing decisions to relay application traffic are made by a centralized controller. The algorithms needed to make these decisions are customized to meet the needs of individual applications, and are cached within the data plane. We motivate and describe the design decisions, and present an extensive experimental evaluation in public cloud infrastructures, using two example applications as our case studies. |
| 2520 | </li> |
| 2521 | <br> |
| 2522 | |
| 2523 | |
| 2524 | |
| 2525 | <li> |
| 2657 | "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
| 2658 | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
| 2659 | 2014. |
| 2660 | doi:10.1109/itc.2014.6932970. |
| 2661 | <a href="http://dx.doi.org/10.1109/itc.2014.6932970">http://dx.doi.org/10.1109/itc.2014.6932970</a> |
| 2662 | <br><br><b>Abstract: </b>Software Defined Networks (SDNs), primarily based on OpenFlow, are being deployed in single domain networks around the world. The popularity of SDNs has given rise to multiple considerations about designing, implementing, and operating Software-Defined Network Exchanges (SDXs), to enable SDNs to interconnect SDN islands and to extend SDNs across multiple domains. These goals can be accomplished only by developing new techniques that extend the single domain orientation of current SDN/OpenFlow approaches to include capabilities for multidomain control, including those for resource discovery, signaling, and dynamic provisioning. Several networking research communities have begun to investigate these concepts. Early architectural models of SDXs have been designed and implemented as prototypes. These SDXs are being used to conduct experiments and to demonstrate the potentials of SDXs. |
| 2663 | </li> |
| 2664 | <br> |
| 2665 | |
| 2666 | <li> |
| 2667 | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
2620 | 2683 | <a href="http://dx.doi.org/10.1016/j.bjp.2013.12.024">http://dx.doi.org/10.1016/j.bjp.2013.12.024</a> |
2621 | 2684 | <br><br><b>Abstract: </b>Large scale national and international experimental research environments are required to advance communication services and supporting network architecture, technology, and infrastructure. Theories and concepts are often explored using simulation and modeling techniques within labs or on small scale testbeds. However, while such testbeds are valuable resources for the research process, these facilities alone cannot provide an appropriate approximation of the real world conditions required to explore ideas at scale. Very large scale global, experimental network research capabilities are required to deeply investigate innovative concepts. For many years, network testbeds were created to address fairly specific, well defined, limited research goals, and they were implemented for fairly short periods. Recently, taking advantage of a number of macro information technology trends, such as virtualization and programmable resources, several network research communities have been developing innovative types of network research environments. Instead of designing traditional network testbeds, research communities are designing large scale, highly flexible distributed platforms that can be used to create many different types of testbeds. Also, rather than creating short term testbeds for limited research objectives, these new environments are being designed as long term persistent resources to support many types of experimental research. This paper describes the motivations for this trend, provides several examples of large scale distributed network research environments based on the Global Lambda Integrated Facility (GLIF) and the StarLight Exchange Facility, including the Global Environment for Network Innovation (GENI), and indicates emerging future trends for these types of environments. |
2622 | | </li> |
2623 | | <br> |
2624 | | |
2625 | | <li> |
2626 | | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
2627 | | "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
2628 | | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
2629 | | 2014. |
2630 | | doi:10.1109/itc.2014.6932970. |
2631 | | <a href="http://dx.doi.org/10.1109/itc.2014.6932970">http://dx.doi.org/10.1109/itc.2014.6932970</a> |
2632 | | <br><br><b>Abstract: </b>Software Defined Networks (SDNs), primarily based on OpenFlow, are being deployed in single domain networks around the world. The popularity of SDNs has given rise to multiple considerations about designing, implementing, and operating Software-Defined Network Exchanges (SDXs), to enable SDNs to interconnect SDN islands and to extend SDNs across multiple domains. These goals can be accomplished only by developing new techniques that extend the single domain orientation of current SDN/OpenFlow approaches to include capabilities for multidomain control, including those for resource discovery, signaling, and dynamic provisioning. Several networking research communities have begun to investigate these concepts. Early architectural models of SDXs have been designed and implemented as prototypes. These SDXs are being used to conduct experiments and to demonstrate the potentials of SDXs. |
| 3042 | <b>Neupane, Roshan L. and Neely, Travis and Chettri, Nishant and Vassell, Mark and Zhang, Yuanxun and Calyam, Prasad and Durairajan, Ramakrishnan</b>, |
| 3043 | "Dolus: Cyber Defense using Pretense against DDoS Attacks in Cloud Platforms." |
| 3044 | Proceedings of the 19th International Conference on Distributed Computing and Networking (ICDCN '18), Varanasi, India, |
| 3045 | 2018. |
| 3046 | |
| 3047 | <a href="https://www.semanticscholar.org/paper/Dolus-Cyber-Defense-using-Pretense-against-DDoS-At-Neupane-Neely/763f3e0d97a0b6acc96bdc8dd55212387164fbac">https://www.semanticscholar.org/paper/Dolus-Cyber-Defense-using-Pretense-against-DDoS-At-Neupane-Neely/763f3e0d97a0b6acc96bdc8dd55212387164fbac</a> |
| 3048 | <br><br><b>Abstract: </b>Cloud-hosted services are being increasingly used in online businesses in e.g., retail, healthcare, manufacturing, entertainment due to benefits such as scalability and reliability. These benefits are fueled by innovations in orchestration of cloud platforms that make them totally programmable as Software Defined everything Infrastructures (SDxI). At the same time, sophisticated targeted attacks such as Distributed Denial-of-Service (DDoS) are growing on an unprecedented scale threatening the availability of online businesses. In this paper, we present a novel defense system called Dolus to mitigate the impact of DDoS attacks launched against high-value services hosted in SDxI-based cloud platforms. Our Dolus system is able to initiate a 'pretense' in a scalable and collaborative manner to deter the attacker based on threat intelligence obtained from attack feature analysis in a two-stage ensemble learning scheme. Using foundations from pretense theory in child play, Dolus takes advantage of elastic capacity provisioning via 'quarantine virtual machines' and SDxI policy co-ordination across multiple network domains to deceive the attacker by creating a false sense of success. From the time gained through pretense initiation, Dolus enables cloud service providers to decide on a variety of policies to mitigate the attack impact, without disrupting the cloud services experience for legitimate users. We evaluate the efficacy of Dolus using a GENI Cloud testbed and demonstrate its real-time capabilities to: (a) detect DDoS attacks and redirect attack traffic to quarantine resources to engage the attacker under pretense, and (b) coordinate SDxI policies to possibly block DDoS attacks closer to the attack source(s). |
| 3049 | </li> |
| 3050 | <br> |
| 3051 | |
| 3052 | |
| 3053 | |
| 3054 | <li> |
| 3108 | "Performance Analysis of DDoS Detection Methods on Real Network." |
| 3109 | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
| 3110 | 2012. |
| 3111 | |
| 3112 | |
| 3113 | <br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic. |
| 3114 | </li> |
| 3115 | <br> |
| 3116 | |
| 3117 | <li> |
| 3118 | <b>Ozcelik, Ilker and Brooks, Richard R.</b>, |
3063 | | <li> |
3064 | | <b>Ozcelik, Ilker and Brooks, Richard R.</b>, |
3065 | | "Performance Analysis of DDoS Detection Methods on Real Network." |
3066 | | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
3067 | | 2012. |
3068 | | |
3069 | | |
3070 | | <br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic. |
3071 | | </li> |
3072 | | <br> |
3073 | | |
| 3363 | <b>Rezgui, Abdelmounaam and Davis, Nickolas and Malik, Zaki and Medjahed, Brahim and Soliman, Hamdy</b>, |
| 3364 | "CloudFinder: A System for Processing Big Data Workloads on Volunteered Federated Clouds." |
| 3365 | IEEE Transactions on Big Data, |
| 3366 | 2017. |
| 3367 | doi:10.1109/tbdata.2017.2703830. |
| 3368 | <a href="http://dx.doi.org/10.1109/tbdata.2017.2703830">http://dx.doi.org/10.1109/tbdata.2017.2703830</a> |
| 3369 | <br><br><b>Abstract: </b>The proliferation of private clouds that are often underutilized and the tremendous computational potential of these clouds when combined has recently brought forth the idea of volunteer cloud computing (VCC), a computing model where cloud owners contribute underutilized computing and/or storage resources on their clouds to support the execution of applications of other members in the community. This model is particularly suitable to solve big data scientific problems. Scientists in data-intensive scientific fields increasingly recognize that sharing volunteered resources from several clouds is a cost-effective alternative to solve many complex, data- and/or compute-intensive science problems. Despite the promise of the idea of VCC, it still remains at the vision stage at best. Challenges include the heterogeneity and autonomy of member clouds, access control and security, complex inter-cloud virtual machine scheduling, etc. In this paper, we present CloudFinder, a system that supports the efficient execution of big data workloads on volunteered federated clouds (VFCs). Our evaluation of the system indicates that VFCs are a promising cost-effective approach to enable big data science. |
| 3370 | </li> |
| 3371 | <br> |
| 3372 | |
| 3373 | |
| 3374 | |
| 3375 | <li> |
| 4711 | <b>Xu, Zhiguang</b>, |
| 4712 | "Adaptive Flow Admission Control in a Software-Defined Network." |
| 4713 | 2017 IEEE International Conference on Smart Cloud (SmartCloud), New York, NY, IEEE, |
| 4714 | 2017. |
| 4715 | doi:10.1109/smartcloud.2017.27. |
| 4716 | <a href="http://dx.doi.org/10.1109/smartcloud.2017.27">http://dx.doi.org/10.1109/smartcloud.2017.27</a> |
| 4717 | <br><br><b>Abstract: </b>In this paper, we have followed the idea of exploiting the highly flexible architecture of Software-Defined Network (SDN) to provide an adaptive packet Flow Admission Control (FAC) system. Both Quality of Service (QoS) requirements of the packet flow and the current state and situation in the network are put under consideration when admission decisions are made. Furthermore, our proposed FAC monitors and dynamically adapts to the changes of network parameters such as bandwidth, delay, jitter, latency, and classification of traffics for better overall user experience. This paper finds ways to implement the proposed adaptive FAC for improved QoS using a custom built OpenFlow controller based on Floodlight in the production environment of GENI, a national testbed for innovative networking and distributed systems experiments. The experimental results indicate that the adaptive FAC delivers an improvement of up to 67% in comparison with the traditional FAC when unsatisfied user percentage is measured. Also, the adaptive FAC enhanced the average end-to-end delay and network resource (i.e. bandwidth) utilization by up to 30% and 50\\ respectively. |
| 4718 | </li> |
| 4719 | <br> |
| 4720 | |
| 4721 | |
| 4722 | |
| 4723 | <li> |
| 4724 | <b>Yan, Bo and Shi, Shu and Liu, Yong and Yuan, Weizhe and He, Haoqin and Jana, Rittwik and Xu, Yang and Chao, H. Jonathan</b>, |
| 4725 | "LiveJack." |
| 4726 | Proceedings of the 2017 ACM on Multimedia Conference - MM '17, Mountain View, California, USA, ACM Press, |
| 4727 | 2017. |
| 4728 | doi:10.1145/3123266.3123283. |
| 4729 | <a href="http://dx.doi.org/10.1145/3123266.3123283">http://dx.doi.org/10.1145/3123266.3123283</a> |
| 4730 | <br><br><b>Abstract: </b>Emerging commercial live content broadcasting platforms are facing great challenges to accommodate large scale dynamic viewer populations. Existing solutions constantly suffer from balancing the cost of deploying at the edge close to the viewers and the quality of content delivery. We propose LiveJack, a novel network service to allow CDN servers to seamlessly leverage ISP edge cloud resources. LiveJack can elastically scale the serving capacity of CDN servers by integrating Virtual Media Functions (VMF) in the edge cloud to accommodate flash crowds for very popular contents. LiveJack introduces minor application layer changes for streaming service providers and is completely transparent to end users. We have prototyped LiveJack in both LAN and WAN environments. Evaluations demonstrate that LiveJack can increase CDN server capacity by more than six times, and can effectively accommodate highly dynamic workloads with an improved service quality. |
| 4731 | </li> |
| 4732 | <br> |
| 4733 | |
| 4734 | |
| 4735 | |
| 4736 | <li> |
| 4828 | <b>Zhang, Yuanxun and Calyam, Prasad and Debroy, Saptarshi and Nuguri, Sai S.</b>, |
| 4829 | "Social Plane for Recommenders in Network Performance Expectation Management." |
| 4830 | IEEE Transactions on Network and Service Management, |
| 4831 | 2017. |
| 4832 | doi:10.1109/tnsm.2017.2772905. |
| 4833 | <a href="http://dx.doi.org/10.1109/tnsm.2017.2772905">http://dx.doi.org/10.1109/tnsm.2017.2772905</a> |
| 4834 | <br><br><b>Abstract: </b>Multi-domain end-to-end network performance monitoring (NPM) federations such as perfSONAR are increasingly being used in Big Data application management. They rely on trustworthy collaborative measurement intelligence to identify and diagnose network anomaly events that impact application performance. Large volumes of end-to-end measurement traces are generated on a daily basis, and new Big Data analysis techniques are needed to isolate network-wide anomaly event(s) and to diagnose the root-cause(s). In addition, not all network operators and application users have enough knowledge and experience to understand the anomaly events. The lack of a platform for sharing knowledge and working collaboratively makes it difficult to isolate and diagnose network-wide anomaly events quickly and accurately. In this paper, we define a ” social plane” that relies on recommended measurements based on ” content-based filtering” and ” collaborative filtering” approaches to enable network performance expectation management. Based on similarity analysis, the ” content-based filtering” facilitates users to subscribe to useful measurements, and the ” collaborative filtering” promotes users to share knowledge on anomaly symptoms. Using real perfSONAR measurements and synthetic events, we show the effectiveness of our social plane approach within a SoyKB Big Data application case study using social network creation and mingling of experts. Our experimental results show that our measurements recommendation scheme has high precision, recall and accuracy, as well as efficiency in terms of the time taken for large volume measurement trace analysis. |
| 4835 | </li> |
| 4836 | <br> |
| 4837 | |
| 4838 | |
| 4839 | |
| 4840 | <li> |
| 5033 | <b>Antequera, R. Bazan and Calyam, P. and Chemodanov, D. and de Donato, W. and Mishra, A. and Pescape, A. and Skubic, M.</b>, |
| 5034 | "Socio-technical approach to engineer gigabit app performance for physicaltherapy-as-a-service." |
| 5035 | 2017 IEEE 19th International Conference on e-Health Networking, Applications and Services (Healthcom), Dalian, China, IEEE, |
| 5036 | 2017. |
| 5037 | doi:10.1109/healthcom.2017.8210768. |
| 5038 | </li> |
| 5039 | <br> |
| 5040 | |
| 5041 | |
| 5042 | |
| 5043 | <li> |
| 5778 | "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
| 5779 | MILCOM 2015 - 2015 IEEE Military Communications Conference, Tampa, FL, USA, IEEE, |
| 5780 | 2015. |
| 5781 | doi:10.1109/milcom.2015.7357519. |
| 5782 | </li> |
| 5783 | <br> |
| 5784 | |
| 5785 | <li> |
| 5786 | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>, |
5635 | | <li> |
5636 | | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>, |
5637 | | "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
5638 | | MILCOM 2015 - 2015 IEEE Military Communications Conference, Tampa, FL, USA, IEEE, |
5639 | | 2015. |
5640 | | doi:10.1109/milcom.2015.7357519. |
5641 | | </li> |
5642 | | <br> |
5643 | | |
5648 | | "Dynamic generation containment systems (DGCS): A Moving Target Defense approach." |
5649 | | 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC), IEEE, |
5650 | | 2016. |
5651 | | doi:10.1109/eitec.2016.7503690. |
| 5798 | "MPBSD: A Moving Target Defense Approach for Base Station Security in Wireless Sensor Networks." |
| 5799 | Wireless Algorithms, Systems, and Applications, Springer International Publishing, |
| 5800 | 2016. |
| 5801 | doi:10.1007/978-3-319-42836-9_43. |
5666 | | "MPBSD: A Moving Target Defense Approach for Base Station Security in Wireless Sensor Networks." |
5667 | | Wireless Algorithms, Systems, and Applications, Springer International Publishing, |
5668 | | 2016. |
5669 | | doi:10.1007/978-3-319-42836-9_43. |
| 5816 | "Dynamic generation containment systems (DGCS): A Moving Target Defense approach." |
| 5817 | 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC), IEEE, |
| 5818 | 2016. |
| 5819 | doi:10.1109/eitec.2016.7503690. |
| 7095 | "Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques." |
| 7096 | Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA, |
| 7097 | 2016. |
| 7098 | doi:10.1145/2955193.2955194. |
| 7099 | </li> |
| 7100 | <br> |
| 7101 | |
| 7102 | <li> |
| 7103 | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
6938 | | </li> |
6939 | | <br> |
6940 | | |
6941 | | <li> |
6942 | | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
6943 | | "Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques." |
6944 | | Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA, |
6945 | | 2016. |
6946 | | doi:10.1145/2955193.2955194. |
| 7420 | <b>Neupane, Roshan L. and Neely, Travis and Chettri, Nishant and Vassell, Mark and Zhang, Yuanxun and Calyam, Prasad and Durairajan, Ramakrishnan</b>, |
| 7421 | "Dolus: Cyber Defense using Pretense against DDoS Attacks in Cloud Platforms." |
| 7422 | Proceedings of the 19th International Conference on Distributed Computing and Networking (ICDCN '18), Varanasi, India, |
| 7423 | 2018. |
| 7424 | |
| 7425 | </li> |
| 7426 | <br> |
| 7427 | |
| 7428 | |
| 7429 | |
| 7430 | <li> |
| 8831 | <b>Xu, Zhiguang</b>, |
| 8832 | "Adaptive Flow Admission Control in a Software-Defined Network." |
| 8833 | 2017 IEEE International Conference on Smart Cloud (SmartCloud), New York, NY, IEEE, |
| 8834 | 2017. |
| 8835 | doi:10.1109/smartcloud.2017.27. |
| 8836 | </li> |
| 8837 | <br> |
| 8838 | |
| 8839 | |
| 8840 | |
| 8841 | <li> |
| 8842 | <b>Yan, Bo and Shi, Shu and Liu, Yong and Yuan, Weizhe and He, Haoqin and Jana, Rittwik and Xu, Yang and Chao, H. Jonathan</b>, |
| 8843 | "LiveJack." |
| 8844 | Proceedings of the 2017 ACM on Multimedia Conference - MM '17, Mountain View, California, USA, ACM Press, |
| 8845 | 2017. |
| 8846 | doi:10.1145/3123266.3123283. |
| 8847 | </li> |
| 8848 | <br> |
| 8849 | |
| 8850 | |
| 8851 | |
| 8852 | <li> |