Context Navigation

Changes between Version 48 and Version 49 of GENIBibliography

Timestamp:: 11/28/16 17:04:43 (7 years ago)
Author:: Mark Berman
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIBibliography

-                      v48
+                      v49
 <li>
 <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
+, &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot;
+Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
+.
+doi:10.1109/icdcsw.2015.27.
+<a href="http://dx.doi.org/10.1109/icdcsw.2015.27">http://dx.doi.org/10.1109/icdcsw.2015.27</a>
+<br><br><b>Abstract: </b>Software-defined networking (SDN) and Open Flow have been driving new security applications and services. However, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. In this paper, we discuss a novel attack detection approach that coordinates monitors distributed over a network and controllers centralized on an SDN Open Virtual Switch (OVS), selectively inspecting network packets on demand. With different scale of network views and information availability, these two elements collaboratively detect signature constituents of an attack. Therefore, this approach is able to quickly issue an alert against potential threats followed by careful verification for high accuracy, while balancing the workload on the OVS. We have applied this method for detection and mitigation of TCP SYN flood attacks on Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful toward a systematic methodology of SDN-supported attack detection and containment.
+</li>
+<br>
+<li>
+<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
 , &quot;An SDN-supported collaborative approach for DDoS flooding detection and containment.&quot;
 Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE,
 …
 <a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a>
 <br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability.
-</li>
-<br>
-<li>
-<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
-, &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot;
-Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
-.
-doi:10.1109/icdcsw.2015.27.
-<a href="http://dx.doi.org/10.1109/icdcsw.2015.27">http://dx.doi.org/10.1109/icdcsw.2015.27</a>
-<br><br><b>Abstract: </b>Software-defined networking (SDN) and Open Flow have been driving new security applications and services. However, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. In this paper, we discuss a novel attack detection approach that coordinates monitors distributed over a network and controllers centralized on an SDN Open Virtual Switch (OVS), selectively inspecting network packets on demand. With different scale of network views and information availability, these two elements collaboratively detect signature constituents of an attack. Therefore, this approach is able to quickly issue an alert against potential threats followed by careful verification for high accuracy, while balancing the workload on the OVS. We have applied this method for detection and mitigation of TCP SYN flood attacks on Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful toward a systematic methodology of SDN-supported attack detection and containment.
 </li>
 <br>
 …
 <li>
+<b>Gosain, Abhimanyu and Seskar, Ivan</b>
+, &quot;GENI Wireless Testbed: A Flexible Open Ecosystem for Wireless Communications Research: Demo.&quot;
+Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking, New York City, New York, ACM, New York, NY, USA,
+.
+doi:10.1145/2973750.2985627.
+<a href="http://dx.doi.org/10.1145/2973750.2985627">http://dx.doi.org/10.1145/2973750.2985627</a>
+<br><br><b>Abstract: </b>This demo presents the architecture of GENI (Global Environment of Network Innovations) [1] edge cloud computing network in the form of compute and storage resources, a mobile 4G LTE edge and a high speed campus network connecting these components. GENI's edge computing strategy proceeds by deploying self-contained packages of network, computing, storage resources, or GENI Racks [2] connected via high speed fiber to LTE BS(s) across twelve campuses in the US, all interconnected via a nationwide research network. The GENI mobile computing resource manager is based on the Orbit Management framework (OMF) [3] and provides seamless access to the edge computing resources via the GENI Portal for experimentation, scheduling, data collection and processing.
+</li>
+<br>
+<li>
 <b>Grandl, Robert and Han, Dongsu and Lee, Suk B. and Lim, Hyeontaek and Machado, Michel and Mukerjee, Matthew and Naylor, David</b>
 , &quot;Supporting network evolution and incremental deployment with XIA.&quot;
 …
 <li>
+<b>Hartpence, Bruce and Rosario, Rossi</b>
+, &quot;Software Defined Networking for Systems and Network Administration Programs.&quot;
+The USENIX Journal of Education in System Administration,
+.
+<a href="https://www.usenix.org/sites/default/files/jesa&#x005F;0201&#x005F;issue.pdf&#x0023;page=21">https://www.usenix.org/sites/default/files/jesa&#x005F;0201&#x005F;issue.pdf&#x0023;page=21</a>
+<br><br><b>Abstract: </b>Academic programs can be very successful when they include industry best practices, innovations and techniques in addition to theory and background. This approach has historically been a tenet of the networking and systems administration program at the Rochester Institute of Technology. Software-defined networking is an excellent example of a technology which combines theory and emerging practice. Software Defined Networking or SDN includes components that stretch across networking and systems administration curricula including servers or controllers, virtualization, OpenFlow enabled network elements, communication pathways, opportunities for automation, telemetry from the network, dynamic response to system demand and more. These characteristics, and because SDN experiments and courses can be implemented in either virtual or non-virtual facilities, make SDN an outstanding platform for teaching the principles of network and systems administration. Graduate students can also take advantage of the environment encompassed by SDN topologies to further their understanding of systems design, management, testing and communication protocols. This paper will describe some of the SDN projects run at the Rochester Institute of Technology (RIT), the impact on curriculum and some of the environments used. The challenges associated with running the projects and courses within a lab environment will also be illustrated. How and why many of the ideas and new industrial developments were integrated into the classroom will be central to the ideas presented.
+</li>
+<br>
+<li>
 <b>Hemmings, Matt and Krahn, Robert and Lary, David and McGeer, Rick and Ricart, Glenn and R&#x6f;&#x0308;der, Marko</b>
 , &quot;The Ignite Distributed Collaborative Scientific Visualization System.&quot;
 …
 <li>
 <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
+, &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot;
+NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
+.
+doi:10.1109/noms.2016.7502805.
+<a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a>
+<br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them.
+</li>
+<br>
+<li>
+<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
 , &quot;SARA: Segment aware rate adaptation algorithm for dynamic adaptive streaming over HTTP.&quot;
 Communication Workshop (ICCW), 2015 IEEE International Conference on, IEEE,
 …
 <a href="http://dx.doi.org/10.1109/iccw.2015.7247436">http://dx.doi.org/10.1109/iccw.2015.7247436</a>
 <br><br><b>Abstract: </b>Dynamic adaptive HTTP (DASH) based streaming is steadily becoming the most popular online video streaming technique. DASH streaming provides seamless playback by adapting the video quality to the network conditions during the video playback. A DASH server supports adaptive streaming by hosting multiple representations of the video and each representation is divided into small segments of equal playback duration. At the client end, the video player uses an adaptive bitrate selection (ABR) algorithm to decide the bitrate to be selected for each segment depending on the current network conditions. Currently, proposed ABR algorithms ignore the fact that the segment sizes significantly vary for a given video bitrate. Due to this, even though an ABR algorithm is able to measure the network bandwidth, it may fail to predict the time to download the next segment In this paper, we propose a segment-aware rate adaptation (SARA) algorithm that considers the segment size variation in addition to the estimated path bandwidth and the current buffer occupancy to accurately predict the time required to download the next segment We also developed an open source Python based emulated DASH video player, that was used to compare the performance of SARA and a basic ABR. Our results show that SARA provides a significant gain over the basic algorithm in the video quality delivered, without noticeably impacting the video switching rates.
-</li>
-<br>
-<li>
-<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
-, &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot;
-NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
-.
-doi:10.1109/noms.2016.7502805.
-<a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a>
-<br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them.
 </li>
 <br>
 …
 <li>
 <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
-, &quot;Performance of GENI Cloud Testbeds for Real Time Scientific Application.&quot;
-First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
-.
-<br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform.
-</li>
-<br>
-<li>
-<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
 , &quot;Network capabilities of cloud services for a real time scientific application.&quot;
 th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE,
 …
 <a href="http://dx.doi.org/10.1109/lcn.2012.6423665">http://dx.doi.org/10.1109/lcn.2012.6423665</a>
 <br><br><b>Abstract: </b>Dedicating high-end servers for executing scientific applications that run intermittently, such as severe weather detection or generalized weather forecasting, wastes resources. While the Infrastructure-as-a-Service (IaaS) model used by today's cloud platforms is well-suited for the bursty computational demands of these applications, it is unclear if the network capabilities of today's cloud platforms are sufficient. In this paper, we analyze the networking capabilities of multiple commercial (Amazon's EC2 and Rackspace) and research (GENICloud and ExoGENI cloud) platforms in the context of a Nowcasting application, a forecasting algorithm for highly accurate, near-term, e.g., 5-20 minutes, weather predictions. The application has both computational and network requirements. While it executes rarely, whenever severe weather approaches, it benefits from an IaaS model; However, since its results are time-critical, enough bandwidth must be available to transmit radar data to cloud platforms before it becomes stale. We conduct network capacity measurements between radar sites and cloud platforms throughout the country. Our results indicate that ExoGENI cloud performs the best for both serial and parallel data transfer with an average throughput of 110.22 Mbps and 17.2 Mbps, respectively. We also found that the cloud services perform better in the distributed data transfer case, where a subset of nodes transmit data in parallel to a cloud instance. Ultimately, we conclude that commercial and research clouds are capable of providing sufficient bandwidth for our real-time Nowcasting application.
+</li>
+<br>
+<li>
+<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
+, &quot;Performance of GENI Cloud Testbeds for Real Time Scientific Application.&quot;
+First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
+.
+<br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform.
 </li>
 <br>
 …
 <li>
 <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
+, &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot;
+Computer Networks,
+.
+doi:10.1016/j.bjp.2013.12.024.
+<a href="http://dx.doi.org/10.1016/j.bjp.2013.12.024">http://dx.doi.org/10.1016/j.bjp.2013.12.024</a>
+<br><br><b>Abstract: </b>Large scale national and international experimental research environments are required to advance communication services and supporting network architecture, technology, and infrastructure. Theories and concepts are often explored using simulation and modeling techniques within labs or on small scale testbeds. However, while such testbeds are valuable resources for the research process, these facilities alone cannot provide an appropriate approximation of the real world conditions required to explore ideas at scale. Very large scale global, experimental network research capabilities are required to deeply investigate innovative concepts. For many years, network testbeds were created to address fairly specific, well defined, limited research goals, and they were implemented for fairly short periods. Recently, taking advantage of a number of macro information technology trends, such as virtualization and programmable resources, several network research communities have been developing innovative types of network research environments. Instead of designing traditional network testbeds, research communities are designing large scale, highly flexible distributed platforms that can be used to create many different types of testbeds. Also, rather than creating short term testbeds for limited research objectives, these new environments are being designed as long term persistent resources to support many types of experimental research. This paper describes the motivations for this trend, provides several examples of large scale distributed network research environments based on the Global Lambda Integrated Facility (GLIF) and the StarLight Exchange Facility, including the Global Environment for Network Innovation (GENI), and indicates emerging future trends for these types of environments.
+</li>
+<br>
+<li>
+<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
 , &quot;Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques.&quot;
 Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA,
 …
 <a href="http://dx.doi.org/10.1145/2955193.2955194">http://dx.doi.org/10.1145/2955193.2955194</a>
 <br><br><b>Abstract: </b>Providing services for multiple tenants within a single or federated distributed cloud environment requires a variety of special considerations related to network design, provisioning, and operations. Especially important are multiple topics concerning the implementation of multiple parallel programmable virtual networks for large numbers of tenants, who require autonomous management, control, and data planes. This paper provides an overview of some of the challenges that arise from developing and implementing parallel programmable virtual networks, describes experiences with several experimental techniques for addressing those challenges based on large scale distributed testbeds, and presents the results of the experiments that were conducted. Distributed environments used include a distributed cloud testbed, the Chameleon Cloud, sponsored by the National Science Foundation's NSFCloud program, the NSF's Global Environment for Network Innovations (GENI), an international distributed OpenFlow testbed, and the Open Science Data Cloud.
-</li>
-<br>
-<li>
-<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
-, &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot;
-Computer Networks,
-.
-doi:10.1016/j.bjp.2013.12.024.
-<a href="http://dx.doi.org/10.1016/j.bjp.2013.12.024">http://dx.doi.org/10.1016/j.bjp.2013.12.024</a>
-<br><br><b>Abstract: </b>Large scale national and international experimental research environments are required to advance communication services and supporting network architecture, technology, and infrastructure. Theories and concepts are often explored using simulation and modeling techniques within labs or on small scale testbeds. However, while such testbeds are valuable resources for the research process, these facilities alone cannot provide an appropriate approximation of the real world conditions required to explore ideas at scale. Very large scale global, experimental network research capabilities are required to deeply investigate innovative concepts. For many years, network testbeds were created to address fairly specific, well defined, limited research goals, and they were implemented for fairly short periods. Recently, taking advantage of a number of macro information technology trends, such as virtualization and programmable resources, several network research communities have been developing innovative types of network research environments. Instead of designing traditional network testbeds, research communities are designing large scale, highly flexible distributed platforms that can be used to create many different types of testbeds. Also, rather than creating short term testbeds for limited research objectives, these new environments are being designed as long term persistent resources to support many types of experimental research. This paper describes the motivations for this trend, provides several examples of large scale distributed network research environments based on the Global Lambda Integrated Facility (GLIF) and the StarLight Exchange Facility, including the Global Environment for Network Innovation (GENI), and indicates emerging future trends for these types of environments.
 </li>
 <br>
 …
 <li>
 <b>Ozcelik, Ilker and Brooks, Richard R.</b>
 , &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot;
 First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
 .
 <br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic.
+, &quot;Operational System Testing for Designed in Security.&quot;
+Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
+.
+doi:10.1145/2459976.2460038.
+<a href="http://dx.doi.org/10.1145/2459976.2460038">http://dx.doi.org/10.1145/2459976.2460038</a>
+<br><br><b>Abstract: </b>To design secure systems, one needs to understand how attackers use system vulnerabilities in their favor. This requires testing vulnerabilities on operational systems. However, working on operational systems is not always possible because of the risk of disturbance. In this study, we introduce an approach to experimenting using operational system data and performing real attacks without disturbing the original system. We applied this approach to a network security experiment and tested the performance of three detection methods. The approach used in this study can be used when developing systems with Designed-in Security to identify and test system vulnerabilities.
 </li>
 <br>
 …
 <li>
 <b>Ozcelik, Ilker and Brooks, Richard R.</b>
 , &quot;Operational System Testing for Designed in Security.&quot;
 Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
 .
+doi:10.1145/2459976.2460038.
+<a href="http://dx.doi.org/10.1145/2459976.2460038">http://dx.doi.org/10.1145/2459976.2460038</a>
 <br><br><b>Abstract: </b>To design secure systems, one needs to understand how attackers use system vulnerabilities in their favor. This requires testing vulnerabilities on operational systems. However, working on operational systems is not always possible because of the risk of disturbance. In this study, we introduce an approach to experimenting using operational system data and performing real attacks without disturbing the original system. We applied this approach to a network security experiment and tested the performance of three detection methods. The approach used in this study can be used when developing systems with Designed-in Security to identify and test system vulnerabilities.
+, &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot;
+First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
+.
+<br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic.
 </li>
 <br>
 …
 <li>
+<b>Vanhove, Thomas and Seghbroeck, Gregory V. and Wauters, Tim and Turck, Filip D. and Vermeulen, Brecht and Demeester, Piet</b>
+, &quot;Tengu: An Experimentation Platform for Big Data Applications.&quot;
+IEEE 35th International Conference on Distributed Computing Systems Workshops, Columbus, OH, USA, IEEE,
+.
+doi:10.1109/icdcsw.2015.19.
+<a href="http://dx.doi.org/10.1109/icdcsw.2015.19">http://dx.doi.org/10.1109/icdcsw.2015.19</a>
+<br><br><b>Abstract: </b>Big data applications have stringent service requirements for scalability and fault-tolerance and involve high volumes of data, high processing speeds and large varieties of database technologies. In order to test big data management solutions, large experimentation facilities are needed, which are expensive in terms of both resource cost and configuration time. This paper presents Tengu, an experimentation platform for big data applications that can automatically be instantiated on GENI (US federation of test beds) and Fed FIRE (EU federation of test beds)compatible test beds. Tengu allows for automatic deployments of several data processing, storage and cloud technologies, including Hadoop, Storm and Open Stack. The paper discusses the Tengu architecture, the Tengu-as-a-service approach and a demonstration of an automated instantiation of the Tengu experimentation suite on the Virtual Wall, a large-scale Emulab testbed at the Minds research institute in Europe.
+</li>
+<br>
+<li>
 <b>Velusamy, G. and Gurkan, D. and Narayan, S. and Baily, S.</b>
 , &quot;Fault-Tolerant OpenFlow-Based Software Switch Architecture with LINC Switches for a Reliable Network Data Exchange.&quot;
 …
 <li>
 <b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
+, &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot;
+Teletraffic Congress (ITC), 2014 26th International, IEEE,
+.
+doi:10.1109/itc.2014.6932973.
+<a href="http://dx.doi.org/10.1109/itc.2014.6932973">http://dx.doi.org/10.1109/itc.2014.6932973</a>
+<br><br><b>Abstract: </b>In this paper, we study the problem of provisioning large-scale virtual clusters over federated clouds connected by multi-domain, layer-2 wide area networks. We first present the virtual cluster request abstraction and the abstraction models for substrate resource pools. Based on these two abstraction models, we developed a novel layer-2 exchange mechanism and an implementation of it in a multi-domain networked cloud environment. The design of the mechanism takes into consideration the realistic constraints in current network and cloud systems. We show that efficient cluster splitting, cloud data center selection and resource allocation algorithms can be developed to provision large-scale virtual clusters across cloud sites. A prototype system has been deployed and integrated into the ExoGENI testbed for about a year, and is being heavily used by scientific and data analytic applications.
+</li>
+<br>
+<li>
+<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
 , &quot;Capacity of Inter-cloud Layer-2 Virtual Networking.&quot;
 Proceedings of the 2014 ACM SIGCOMM Workshop on Distributed Cloud Computing, Chicago, Illinois, USA, ACM, New York, NY, USA,
 …
 <a href="http://dx.doi.org/10.1145/2627566.2627573">http://dx.doi.org/10.1145/2627566.2627573</a>
 <br><br><b>Abstract: </b>Due to the economy of scale of Ethernet networks and available dynamic circuit capability from the major national research and educational networks, VLAN (Virtual LAN) based virtual networking solution has been successfully adopted in some advanced distributed cloud systems. However, there are two major constraints in this adaptation: (1) dynamic circuit service is far from pervasive; (2) there is only limited VLAN tags offered by regional network service providers. In this paper, after examining layer-2 networking in large-scale distributed cloud environments, we present a graph theoretical model to study the network capacity in terms of the number of inter-cloud connections that can co-exist. We further design the algorithms to achieve this capacity for both point-to-point and multi-point inter-cloud connections in both static and dynamic scenarios. We also study a general topology embedding problem based on this model. As tagging is a common mechanism for isolating communication channels in other network layers, the proposed models and algorithms can be extended to optical and IP networks.
-</li>
-<br>
-<li>
-<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
-, &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot;
-Teletraffic Congress (ITC), 2014 26th International, IEEE,
-.
-doi:10.1109/itc.2014.6932973.
-<a href="http://dx.doi.org/10.1109/itc.2014.6932973">http://dx.doi.org/10.1109/itc.2014.6932973</a>
-<br><br><b>Abstract: </b>In this paper, we study the problem of provisioning large-scale virtual clusters over federated clouds connected by multi-domain, layer-2 wide area networks. We first present the virtual cluster request abstraction and the abstraction models for substrate resource pools. Based on these two abstraction models, we developed a novel layer-2 exchange mechanism and an implementation of it in a multi-domain networked cloud environment. The design of the mechanism takes into consideration the realistic constraints in current network and cloud systems. We show that efficient cluster splitting, cloud data center selection and resource allocation algorithms can be developed to provision large-scale virtual clusters across cloud sites. A prototype system has been deployed and integrated into the ExoGENI testbed for about a year, and is being heavily used by scientific and data analytic applications.
 </li>
 <br>
 …
 <li>
+<b>Zhao, Shuai and Sydney, Ali and Medhi, Deep</b>
+, &quot;Building Application-Aware Network Environments Using SDN for Optimizing Hadoop Applications.&quot;
+Proceedings of the 2016 Conference on ACM SIGCOMM 2016 Conference, Florianopolis, Brazil, ACM, New York, NY, USA,
+.
+doi:10.1145/2934872.2959059.
+<a href="http://dx.doi.org/10.1145/2934872.2959059">http://dx.doi.org/10.1145/2934872.2959059</a>
+<br><br><b>Abstract: </b>Hadoop has become the de facto standard for Big Data analytics, especially for workloads that use the MapReduce (M/R) framework. However, the lack of network awareness of the default MapReduce resource manager in Hadoop can cause unbalanced job scheduling, network bottleneck, and eventually increase the Hadoop run time if Hadoop nodes are clustered in several geographically distributed locations. In this paper, we present an application-aware network approach using software-defined networking (SDN) for distributed Hadoop clusters. We develop the SDN applications for this environment that consider network topology discovery, traffic monitoring, and flow rerouting in addition to loop avoidance mechanisms.
+</li>
+<br>
+<li>
 <b>Zhuang, Yanyan and Rafetseder, A. and Cappos, J.</b>
 , &quot;Experience with Seattle: A Community Platform for Research and Education.&quot;
 …
 <li>
 <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
+, &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot
+Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
+.
+doi:10.1109/icdcsw.2015.27.
+</li>
+<br>
+<li>
+<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
 , &quot;An SDN-supported collaborative approach for DDoS flooding detection and containment.&quot
 Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE,
 .
 doi:10.1109/milcom.2015.7357519.
-</li>
-<br>
-<li>
-<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
-, &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot
-Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
-.
-doi:10.1109/icdcsw.2015.27.
 </li>
 <br>
 …
 <li>
+<b>Gosain, Abhimanyu and Seskar, Ivan</b>
+, &quot;GENI Wireless Testbed: A Flexible Open Ecosystem for Wireless Communications Research: Demo.&quot
+Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking, New York City, New York, ACM, New York, NY, USA,
+.
+doi:10.1145/2973750.2985627.
+</li>
+<br>
+<li>
 <b>Grandl, Robert and Han, Dongsu and Lee, Suk B. and Lim, Hyeontaek and Machado, Michel and Mukerjee, Matthew and Naylor, David</b>
 , &quot;Supporting network evolution and incremental deployment with XIA.&quot
 …
 <li>
+<b>Hartpence, Bruce and Rosario, Rossi</b>
+, &quot;Software Defined Networking for Systems and Network Administration Programs.&quot
+The USENIX Journal of Education in System Administration,
+.
+</li>
+<br>
+<li>
 <b>Hemmings, Matt and Krahn, Robert and Lary, David and McGeer, Rick and Ricart, Glenn and R&#x6f;&#x0308;der, Marko</b>
 , &quot;The Ignite Distributed Collaborative Scientific Visualization System.&quot
 …
 <li>
 <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
+, &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot
+NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
+.
+doi:10.1109/noms.2016.7502805.
+</li>
+<br>
+<li>
+<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
 , &quot;SARA: Segment aware rate adaptation algorithm for dynamic adaptive streaming over HTTP.&quot
 Communication Workshop (ICCW), 2015 IEEE International Conference on, IEEE,
 .
 doi:10.1109/iccw.2015.7247436.
-</li>
-<br>
-<li>
-<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
-, &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot
-NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
-.
-doi:10.1109/noms.2016.7502805.
 </li>
 <br>
 …
 <li>
 <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
+, &quot;Network capabilities of cloud services for a real time scientific application.&quot
+th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE,
+.
+doi:10.1109/lcn.2012.6423665.
+</li>
+<br>
+<li>
+<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
 , &quot;Performance of GENI Cloud Testbeds for Real Time Scientific Application.&quot
 First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
 .
-</li>
-<br>
-<li>
-<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
-, &quot;Network capabilities of cloud services for a real time scientific application.&quot
-th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE,
-.
-doi:10.1109/lcn.2012.6423665.
 </li>
 <br>
 …
 <li>
 <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
+, &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot
+Computer Networks,
+.
+doi:10.1016/j.bjp.2013.12.024.
+</li>
+<br>
+<li>
+<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
 , &quot;Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques.&quot
 Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA,
 .
 doi:10.1145/2955193.2955194.
-</li>
-<br>
-<li>
-<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
-, &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot
-Computer Networks,
-.
-doi:10.1016/j.bjp.2013.12.024.
 </li>
 <br>
 …
 <li>
 <b>Ozcelik, Ilker and Brooks, Richard R.</b>
 , &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot
 First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
 .
+, &quot;Operational System Testing for Designed in Security.&quot
+Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
+.
+doi:10.1145/2459976.2460038.
 </li>
 <br>
 …
 <li>
 <b>Ozcelik, Ilker and Brooks, Richard R.</b>
 , &quot;Operational System Testing for Designed in Security.&quot
 Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
 .
+doi:10.1145/2459976.2460038.
+, &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot
+First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
+.
 </li>
 <br>
 …
 <li>
+<b>Vanhove, Thomas and Seghbroeck, Gregory V. and Wauters, Tim and Turck, Filip D. and Vermeulen, Brecht and Demeester, Piet</b>
+, &quot;Tengu: An Experimentation Platform for Big Data Applications.&quot
+IEEE 35th International Conference on Distributed Computing Systems Workshops, Columbus, OH, USA, IEEE,
+.
+doi:10.1109/icdcsw.2015.19.
+</li>
+<br>
+<li>
 <b>Velusamy, G. and Gurkan, D. and Narayan, S. and Baily, S.</b>
 , &quot;Fault-Tolerant OpenFlow-Based Software Switch Architecture with LINC Switches for a Reliable Network Data Exchange.&quot
 …
 <li>
 <b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
+, &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot
+Teletraffic Congress (ITC), 2014 26th International, IEEE,
+.
+doi:10.1109/itc.2014.6932973.
+</li>
+<br>
+<li>
+<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
 , &quot;Capacity of Inter-cloud Layer-2 Virtual Networking.&quot
 Proceedings of the 2014 ACM SIGCOMM Workshop on Distributed Cloud Computing, Chicago, Illinois, USA, ACM, New York, NY, USA,
 .
 doi:10.1145/2627566.2627573.
-</li>
-<br>
-<li>
-<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
-, &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot
-Teletraffic Congress (ITC), 2014 26th International, IEEE,
-.
-doi:10.1109/itc.2014.6932973.
 </li>
 <br>
 …
 <li>
+<b>Zhao, Shuai and Sydney, Ali and Medhi, Deep</b>
+, &quot;Building Application-Aware Network Environments Using SDN for Optimizing Hadoop Applications.&quot
+Proceedings of the 2016 Conference on ACM SIGCOMM 2016 Conference, Florianopolis, Brazil, ACM, New York, NY, USA,
+.
+doi:10.1145/2934872.2959059.
+</li>
+<br>
+<li>
 <b>Zhuang, Yanyan and Rafetseder, A. and Cappos, J.</b>
 , &quot;Experience with Seattle: A Community Platform for Research and Education.&quot