Changes between Version 48 and Version 49 of GENIBibliography


Ignore:
Timestamp:
11/28/16 17:04:43 (8 years ago)
Author:
Mark Berman
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIBibliography

    v48 v49  
    902902<li>
    903903<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
     904, &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot;
     905Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
     9062015.
     907doi:10.1109/icdcsw.2015.27.
     908<a href="http://dx.doi.org/10.1109/icdcsw.2015.27">http://dx.doi.org/10.1109/icdcsw.2015.27</a>
     909<br><br><b>Abstract: </b>Software-defined networking (SDN) and Open Flow have been driving new security applications and services. However, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. In this paper, we discuss a novel attack detection approach that coordinates monitors distributed over a network and controllers centralized on an SDN Open Virtual Switch (OVS), selectively inspecting network packets on demand. With different scale of network views and information availability, these two elements collaboratively detect signature constituents of an attack. Therefore, this approach is able to quickly issue an alert against potential threats followed by careful verification for high accuracy, while balancing the workload on the OVS. We have applied this method for detection and mitigation of TCP SYN flood attacks on Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful toward a systematic methodology of SDN-supported attack detection and containment.
     910</li>
     911<br>
     912
     913<li>
     914<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
    904915, &quot;An SDN-supported collaborative approach for DDoS flooding detection and containment.&quot;
    905916Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE,
     
    908919<a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a>
    909920<br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability.
    910 </li>
    911 <br>
    912 
    913 <li>
    914 <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
    915 , &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot;
    916 Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
    917 2015.
    918 doi:10.1109/icdcsw.2015.27.
    919 <a href="http://dx.doi.org/10.1109/icdcsw.2015.27">http://dx.doi.org/10.1109/icdcsw.2015.27</a>
    920 <br><br><b>Abstract: </b>Software-defined networking (SDN) and Open Flow have been driving new security applications and services. However, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. In this paper, we discuss a novel attack detection approach that coordinates monitors distributed over a network and controllers centralized on an SDN Open Virtual Switch (OVS), selectively inspecting network packets on demand. With different scale of network views and information availability, these two elements collaboratively detect signature constituents of an attack. Therefore, this approach is able to quickly issue an alert against potential threats followed by careful verification for high accuracy, while balancing the workload on the OVS. We have applied this method for detection and mitigation of TCP SYN flood attacks on Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful toward a systematic methodology of SDN-supported attack detection and containment.
    921921</li>
    922922<br>
     
    14171417
    14181418<li>
     1419<b>Gosain, Abhimanyu and Seskar, Ivan</b>
     1420, &quot;GENI Wireless Testbed: A Flexible Open Ecosystem for Wireless Communications Research: Demo.&quot;
     1421Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking, New York City, New York, ACM, New York, NY, USA,
     14222016.
     1423doi:10.1145/2973750.2985627.
     1424<a href="http://dx.doi.org/10.1145/2973750.2985627">http://dx.doi.org/10.1145/2973750.2985627</a>
     1425<br><br><b>Abstract: </b>This demo presents the architecture of GENI (Global Environment of Network Innovations) [1] edge cloud computing network in the form of compute and storage resources, a mobile 4G LTE edge and a high speed campus network connecting these components. GENI's edge computing strategy proceeds by deploying self-contained packages of network, computing, storage resources, or GENI Racks [2] connected via high speed fiber to LTE BS(s) across twelve campuses in the US, all interconnected via a nationwide research network. The GENI mobile computing resource manager is based on the Orbit Management framework (OMF) [3] and provides seamless access to the edge computing resources via the GENI Portal for experimentation, scheduling, data collection and processing.
     1426</li>
     1427<br>
     1428
     1429
     1430
     1431<li>
    14191432<b>Grandl, Robert and Han, Dongsu and Lee, Suk B. and Lim, Hyeontaek and Machado, Michel and Mukerjee, Matthew and Naylor, David</b>
    14201433, &quot;Supporting network evolution and incremental deployment with XIA.&quot;
     
    15451558
    15461559<li>
     1560<b>Hartpence, Bruce and Rosario, Rossi</b>
     1561, &quot;Software Defined Networking for Systems and Network Administration Programs.&quot;
     1562The USENIX Journal of Education in System Administration,
     15632016.
     1564
     1565<a href="https://www.usenix.org/sites/default/files/jesa&#x005F;0201&#x005F;issue.pdf&#x0023;page=21">https://www.usenix.org/sites/default/files/jesa&#x005F;0201&#x005F;issue.pdf&#x0023;page=21</a>
     1566<br><br><b>Abstract: </b>Academic programs can be very successful when they include industry best practices, innovations and techniques in addition to theory and background. This approach has historically been a tenet of the networking and systems administration program at the Rochester Institute of Technology. Software-defined networking is an excellent example of a technology which combines theory and emerging practice. Software Defined Networking or SDN includes components that stretch across networking and systems administration curricula including servers or controllers, virtualization, OpenFlow enabled network elements, communication pathways, opportunities for automation, telemetry from the network, dynamic response to system demand and more. These characteristics, and because SDN experiments and courses can be implemented in either virtual or non-virtual facilities, make SDN an outstanding platform for teaching the principles of network and systems administration. Graduate students can also take advantage of the environment encompassed by SDN topologies to further their understanding of systems design, management, testing and communication protocols. This paper will describe some of the SDN projects run at the Rochester Institute of Technology (RIT), the impact on curriculum and some of the environments used. The challenges associated with running the projects and courses within a lab environment will also be illustrated. How and why many of the ideas and new industrial developments were integrated into the classroom will be central to the ideas presented.
     1567</li>
     1568<br>
     1569
     1570
     1571
     1572<li>
    15471573<b>Hemmings, Matt and Krahn, Robert and Lary, David and McGeer, Rick and Ricart, Glenn and R&#x6f;&#x0308;der, Marko</b>
    15481574, &quot;The Ignite Distributed Collaborative Scientific Visualization System.&quot;
     
    17021728<li>
    17031729<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
     1730, &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot;
     1731NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
     17322016.
     1733doi:10.1109/noms.2016.7502805.
     1734<a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a>
     1735<br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them.
     1736</li>
     1737<br>
     1738
     1739<li>
     1740<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
    17041741, &quot;SARA: Segment aware rate adaptation algorithm for dynamic adaptive streaming over HTTP.&quot;
    17051742Communication Workshop (ICCW), 2015 IEEE International Conference on, IEEE,
     
    17081745<a href="http://dx.doi.org/10.1109/iccw.2015.7247436">http://dx.doi.org/10.1109/iccw.2015.7247436</a>
    17091746<br><br><b>Abstract: </b>Dynamic adaptive HTTP (DASH) based streaming is steadily becoming the most popular online video streaming technique. DASH streaming provides seamless playback by adapting the video quality to the network conditions during the video playback. A DASH server supports adaptive streaming by hosting multiple representations of the video and each representation is divided into small segments of equal playback duration. At the client end, the video player uses an adaptive bitrate selection (ABR) algorithm to decide the bitrate to be selected for each segment depending on the current network conditions. Currently, proposed ABR algorithms ignore the fact that the segment sizes significantly vary for a given video bitrate. Due to this, even though an ABR algorithm is able to measure the network bandwidth, it may fail to predict the time to download the next segment In this paper, we propose a segment-aware rate adaptation (SARA) algorithm that considers the segment size variation in addition to the estimated path bandwidth and the current buffer occupancy to accurately predict the time required to download the next segment We also developed an open source Python based emulated DASH video player, that was used to compare the performance of SARA and a basic ABR. Our results show that SARA provides a significant gain over the basic algorithm in the video quality delivered, without noticeably impacting the video switching rates.
    1710 </li>
    1711 <br>
    1712 
    1713 <li>
    1714 <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
    1715 , &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot;
    1716 NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
    1717 2016.
    1718 doi:10.1109/noms.2016.7502805.
    1719 <a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a>
    1720 <br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them.
    17211747</li>
    17221748<br>
     
    18821908<li>
    18831909<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
    1884 , &quot;Performance of GENI Cloud Testbeds for Real Time Scientific Application.&quot;
    1885 First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
    1886 2012.
    1887 
    1888 
    1889 <br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform.
    1890 </li>
    1891 <br>
    1892 
    1893 <li>
    1894 <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
    18951910, &quot;Network capabilities of cloud services for a real time scientific application.&quot;
    1896191137th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE,
     
    18991914<a href="http://dx.doi.org/10.1109/lcn.2012.6423665">http://dx.doi.org/10.1109/lcn.2012.6423665</a>
    19001915<br><br><b>Abstract: </b>Dedicating high-end servers for executing scientific applications that run intermittently, such as severe weather detection or generalized weather forecasting, wastes resources. While the Infrastructure-as-a-Service (IaaS) model used by today's cloud platforms is well-suited for the bursty computational demands of these applications, it is unclear if the network capabilities of today's cloud platforms are sufficient. In this paper, we analyze the networking capabilities of multiple commercial (Amazon's EC2 and Rackspace) and research (GENICloud and ExoGENI cloud) platforms in the context of a Nowcasting application, a forecasting algorithm for highly accurate, near-term, e.g., 5-20 minutes, weather predictions. The application has both computational and network requirements. While it executes rarely, whenever severe weather approaches, it benefits from an IaaS model; However, since its results are time-critical, enough bandwidth must be available to transmit radar data to cloud platforms before it becomes stale. We conduct network capacity measurements between radar sites and cloud platforms throughout the country. Our results indicate that ExoGENI cloud performs the best for both serial and parallel data transfer with an average throughput of 110.22 Mbps and 17.2 Mbps, respectively. We also found that the cloud services perform better in the distributed data transfer case, where a subset of nodes transmit data in parallel to a cloud instance. Ultimately, we conclude that commercial and research clouds are capable of providing sufficient bandwidth for our real-time Nowcasting application.
     1916</li>
     1917<br>
     1918
     1919<li>
     1920<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
     1921, &quot;Performance of GENI Cloud Testbeds for Real Time Scientific Application.&quot;
     1922First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
     19232012.
     1924
     1925
     1926<br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform.
    19011927</li>
    19021928<br>
     
    22812307<li>
    22822308<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
     2309, &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot;
     2310Computer Networks,
     23112014.
     2312doi:10.1016/j.bjp.2013.12.024.
     2313<a href="http://dx.doi.org/10.1016/j.bjp.2013.12.024">http://dx.doi.org/10.1016/j.bjp.2013.12.024</a>
     2314<br><br><b>Abstract: </b>Large scale national and international experimental research environments are required to advance communication services and supporting network architecture, technology, and infrastructure. Theories and concepts are often explored using simulation and modeling techniques within labs or on small scale testbeds. However, while such testbeds are valuable resources for the research process, these facilities alone cannot provide an appropriate approximation of the real world conditions required to explore ideas at scale. Very large scale global, experimental network research capabilities are required to deeply investigate innovative concepts. For many years, network testbeds were created to address fairly specific, well defined, limited research goals, and they were implemented for fairly short periods. Recently, taking advantage of a number of macro information technology trends, such as virtualization and programmable resources, several network research communities have been developing innovative types of network research environments. Instead of designing traditional network testbeds, research communities are designing large scale, highly flexible distributed platforms that can be used to create many different types of testbeds. Also, rather than creating short term testbeds for limited research objectives, these new environments are being designed as long term persistent resources to support many types of experimental research. This paper describes the motivations for this trend, provides several examples of large scale distributed network research environments based on the Global Lambda Integrated Facility (GLIF) and the StarLight Exchange Facility, including the Global Environment for Network Innovation (GENI), and indicates emerging future trends for these types of environments.
     2315</li>
     2316<br>
     2317
     2318<li>
     2319<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
    22832320, &quot;Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques.&quot;
    22842321Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA,
     
    22872324<a href="http://dx.doi.org/10.1145/2955193.2955194">http://dx.doi.org/10.1145/2955193.2955194</a>
    22882325<br><br><b>Abstract: </b>Providing services for multiple tenants within a single or federated distributed cloud environment requires a variety of special considerations related to network design, provisioning, and operations. Especially important are multiple topics concerning the implementation of multiple parallel programmable virtual networks for large numbers of tenants, who require autonomous management, control, and data planes. This paper provides an overview of some of the challenges that arise from developing and implementing parallel programmable virtual networks, describes experiences with several experimental techniques for addressing those challenges based on large scale distributed testbeds, and presents the results of the experiments that were conducted. Distributed environments used include a distributed cloud testbed, the Chameleon Cloud, sponsored by the National Science Foundation's NSFCloud program, the NSF's Global Environment for Network Innovations (GENI), an international distributed OpenFlow testbed, and the Open Science Data Cloud.
    2289 </li>
    2290 <br>
    2291 
    2292 <li>
    2293 <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
    2294 , &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot;
    2295 Computer Networks,
    2296 2014.
    2297 doi:10.1016/j.bjp.2013.12.024.
    2298 <a href="http://dx.doi.org/10.1016/j.bjp.2013.12.024">http://dx.doi.org/10.1016/j.bjp.2013.12.024</a>
    2299 <br><br><b>Abstract: </b>Large scale national and international experimental research environments are required to advance communication services and supporting network architecture, technology, and infrastructure. Theories and concepts are often explored using simulation and modeling techniques within labs or on small scale testbeds. However, while such testbeds are valuable resources for the research process, these facilities alone cannot provide an appropriate approximation of the real world conditions required to explore ideas at scale. Very large scale global, experimental network research capabilities are required to deeply investigate innovative concepts. For many years, network testbeds were created to address fairly specific, well defined, limited research goals, and they were implemented for fairly short periods. Recently, taking advantage of a number of macro information technology trends, such as virtualization and programmable resources, several network research communities have been developing innovative types of network research environments. Instead of designing traditional network testbeds, research communities are designing large scale, highly flexible distributed platforms that can be used to create many different types of testbeds. Also, rather than creating short term testbeds for limited research objectives, these new environments are being designed as long term persistent resources to support many types of experimental research. This paper describes the motivations for this trend, provides several examples of large scale distributed network research environments based on the Global Lambda Integrated Facility (GLIF) and the StarLight Exchange Facility, including the Global Environment for Network Innovation (GENI), and indicates emerging future trends for these types of environments.
    23002326</li>
    23012327<br>
     
    26692695<li>
    26702696<b>Ozcelik, Ilker and Brooks, Richard R.</b>
    2671 , &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot;
    2672 First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
    2673 2012.
    2674 
    2675 
    2676 <br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic.
     2697, &quot;Operational System Testing for Designed in Security.&quot;
     2698Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
     26992013.
     2700doi:10.1145/2459976.2460038.
     2701<a href="http://dx.doi.org/10.1145/2459976.2460038">http://dx.doi.org/10.1145/2459976.2460038</a>
     2702<br><br><b>Abstract: </b>To design secure systems, one needs to understand how attackers use system vulnerabilities in their favor. This requires testing vulnerabilities on operational systems. However, working on operational systems is not always possible because of the risk of disturbance. In this study, we introduce an approach to experimenting using operational system data and performing real attacks without disturbing the original system. We applied this approach to a network security experiment and tested the performance of three detection methods. The approach used in this study can be used when developing systems with Designed-in Security to identify and test system vulnerabilities.
    26772703</li>
    26782704<br>
     
    26912717<li>
    26922718<b>Ozcelik, Ilker and Brooks, Richard R.</b>
    2693 , &quot;Operational System Testing for Designed in Security.&quot;
    2694 Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
    2695 2013.
    2696 doi:10.1145/2459976.2460038.
    2697 <a href="http://dx.doi.org/10.1145/2459976.2460038">http://dx.doi.org/10.1145/2459976.2460038</a>
    2698 <br><br><b>Abstract: </b>To design secure systems, one needs to understand how attackers use system vulnerabilities in their favor. This requires testing vulnerabilities on operational systems. However, working on operational systems is not always possible because of the risk of disturbance. In this study, we introduce an approach to experimenting using operational system data and performing real attacks without disturbing the original system. We applied this approach to a network security experiment and tested the performance of three detection methods. The approach used in this study can be used when developing systems with Designed-in Security to identify and test system vulnerabilities.
     2719, &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot;
     2720First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
     27212012.
     2722
     2723
     2724<br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic.
    26992725</li>
    27002726<br>
     
    37543780
    37553781<li>
     3782<b>Vanhove, Thomas and Seghbroeck, Gregory V. and Wauters, Tim and Turck, Filip D. and Vermeulen, Brecht and Demeester, Piet</b>
     3783, &quot;Tengu: An Experimentation Platform for Big Data Applications.&quot;
     37842015 IEEE 35th International Conference on Distributed Computing Systems Workshops, Columbus, OH, USA, IEEE,
     37852015.
     3786doi:10.1109/icdcsw.2015.19.
     3787<a href="http://dx.doi.org/10.1109/icdcsw.2015.19">http://dx.doi.org/10.1109/icdcsw.2015.19</a>
     3788<br><br><b>Abstract: </b>Big data applications have stringent service requirements for scalability and fault-tolerance and involve high volumes of data, high processing speeds and large varieties of database technologies. In order to test big data management solutions, large experimentation facilities are needed, which are expensive in terms of both resource cost and configuration time. This paper presents Tengu, an experimentation platform for big data applications that can automatically be instantiated on GENI (US federation of test beds) and Fed FIRE (EU federation of test beds)compatible test beds. Tengu allows for automatic deployments of several data processing, storage and cloud technologies, including Hadoop, Storm and Open Stack. The paper discusses the Tengu architecture, the Tengu-as-a-service approach and a demonstration of an automated instantiation of the Tengu experimentation suite on the Virtual Wall, a large-scale Emulab testbed at the Minds research institute in Europe.
     3789</li>
     3790<br>
     3791
     3792
     3793
     3794<li>
    37563795<b>Velusamy, G. and Gurkan, D. and Narayan, S. and Baily, S.</b>
    37573796, &quot;Fault-Tolerant OpenFlow-Based Software Switch Architecture with LINC Switches for a Reliable Network Data Exchange.&quot;
     
    39894028<li>
    39904029<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
     4030, &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot;
     4031Teletraffic Congress (ITC), 2014 26th International, IEEE,
     40322014.
     4033doi:10.1109/itc.2014.6932973.
     4034<a href="http://dx.doi.org/10.1109/itc.2014.6932973">http://dx.doi.org/10.1109/itc.2014.6932973</a>
     4035<br><br><b>Abstract: </b>In this paper, we study the problem of provisioning large-scale virtual clusters over federated clouds connected by multi-domain, layer-2 wide area networks. We first present the virtual cluster request abstraction and the abstraction models for substrate resource pools. Based on these two abstraction models, we developed a novel layer-2 exchange mechanism and an implementation of it in a multi-domain networked cloud environment. The design of the mechanism takes into consideration the realistic constraints in current network and cloud systems. We show that efficient cluster splitting, cloud data center selection and resource allocation algorithms can be developed to provision large-scale virtual clusters across cloud sites. A prototype system has been deployed and integrated into the ExoGENI testbed for about a year, and is being heavily used by scientific and data analytic applications.
     4036</li>
     4037<br>
     4038
     4039<li>
     4040<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
    39914041, &quot;Capacity of Inter-cloud Layer-2 Virtual Networking.&quot;
    39924042Proceedings of the 2014 ACM SIGCOMM Workshop on Distributed Cloud Computing, Chicago, Illinois, USA, ACM, New York, NY, USA,
     
    39954045<a href="http://dx.doi.org/10.1145/2627566.2627573">http://dx.doi.org/10.1145/2627566.2627573</a>
    39964046<br><br><b>Abstract: </b>Due to the economy of scale of Ethernet networks and available dynamic circuit capability from the major national research and educational networks, VLAN (Virtual LAN) based virtual networking solution has been successfully adopted in some advanced distributed cloud systems. However, there are two major constraints in this adaptation: (1) dynamic circuit service is far from pervasive; (2) there is only limited VLAN tags offered by regional network service providers. In this paper, after examining layer-2 networking in large-scale distributed cloud environments, we present a graph theoretical model to study the network capacity in terms of the number of inter-cloud connections that can co-exist. We further design the algorithms to achieve this capacity for both point-to-point and multi-point inter-cloud connections in both static and dynamic scenarios. We also study a general topology embedding problem based on this model. As tagging is a common mechanism for isolating communication channels in other network layers, the proposed models and algorithms can be extended to optical and IP networks.
    3997 </li>
    3998 <br>
    3999 
    4000 <li>
    4001 <b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
    4002 , &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot;
    4003 Teletraffic Congress (ITC), 2014 26th International, IEEE,
    4004 2014.
    4005 doi:10.1109/itc.2014.6932973.
    4006 <a href="http://dx.doi.org/10.1109/itc.2014.6932973">http://dx.doi.org/10.1109/itc.2014.6932973</a>
    4007 <br><br><b>Abstract: </b>In this paper, we study the problem of provisioning large-scale virtual clusters over federated clouds connected by multi-domain, layer-2 wide area networks. We first present the virtual cluster request abstraction and the abstraction models for substrate resource pools. Based on these two abstraction models, we developed a novel layer-2 exchange mechanism and an implementation of it in a multi-domain networked cloud environment. The design of the mechanism takes into consideration the realistic constraints in current network and cloud systems. We show that efficient cluster splitting, cloud data center selection and resource allocation algorithms can be developed to provision large-scale virtual clusters across cloud sites. A prototype system has been deployed and integrated into the ExoGENI testbed for about a year, and is being heavily used by scientific and data analytic applications.
    40084047</li>
    40094048<br>
     
    41944233
    41954234<li>
     4235<b>Zhao, Shuai and Sydney, Ali and Medhi, Deep</b>
     4236, &quot;Building Application-Aware Network Environments Using SDN for Optimizing Hadoop Applications.&quot;
     4237Proceedings of the 2016 Conference on ACM SIGCOMM 2016 Conference, Florianopolis, Brazil, ACM, New York, NY, USA,
     42382016.
     4239doi:10.1145/2934872.2959059.
     4240<a href="http://dx.doi.org/10.1145/2934872.2959059">http://dx.doi.org/10.1145/2934872.2959059</a>
     4241<br><br><b>Abstract: </b>Hadoop has become the de facto standard for Big Data analytics, especially for workloads that use the MapReduce (M/R) framework. However, the lack of network awareness of the default MapReduce resource manager in Hadoop can cause unbalanced job scheduling, network bottleneck, and eventually increase the Hadoop run time if Hadoop nodes are clustered in several geographically distributed locations. In this paper, we present an application-aware network approach using software-defined networking (SDN) for distributed Hadoop clusters. We develop the SDN applications for this environment that consider network topology discovery, traffic monitoring, and flow rerouting in addition to loop avoidance mechanisms.
     4242</li>
     4243<br>
     4244
     4245
     4246
     4247<li>
    41964248<b>Zhuang, Yanyan and Rafetseder, A. and Cappos, J.</b>
    41974249, &quot;Experience with Seattle: A Community Platform for Research and Education.&quot;
     
    49525004<li>
    49535005<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
     5006, &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot
     5007Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
     50082015.
     5009doi:10.1109/icdcsw.2015.27.
     5010</li>
     5011<br>
     5012
     5013<li>
     5014<b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
    49545015, &quot;An SDN-supported collaborative approach for DDoS flooding detection and containment.&quot
    49555016Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE,
    495650172015.
    49575018doi:10.1109/milcom.2015.7357519.
    4958 </li>
    4959 <br>
    4960 
    4961 <li>
    4962 <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>
    4963 , &quot;Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN).&quot
    4964 Distributed Computing Systems Workshops (ICDCSW), 2015 IEEE 35th International Conference on, IEEE,
    4965 2015.
    4966 doi:10.1109/icdcsw.2015.27.
    49675019</li>
    49685020<br>
     
    53875439
    53885440<li>
     5441<b>Gosain, Abhimanyu and Seskar, Ivan</b>
     5442, &quot;GENI Wireless Testbed: A Flexible Open Ecosystem for Wireless Communications Research: Demo.&quot
     5443Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking, New York City, New York, ACM, New York, NY, USA,
     54442016.
     5445doi:10.1145/2973750.2985627.
     5446</li>
     5447<br>
     5448
     5449
     5450
     5451<li>
    53895452<b>Grandl, Robert and Han, Dongsu and Lee, Suk B. and Lim, Hyeontaek and Machado, Michel and Mukerjee, Matthew and Naylor, David</b>
    53905453, &quot;Supporting network evolution and incremental deployment with XIA.&quot
     
    54955558
    54965559<li>
     5560<b>Hartpence, Bruce and Rosario, Rossi</b>
     5561, &quot;Software Defined Networking for Systems and Network Administration Programs.&quot
     5562The USENIX Journal of Education in System Administration,
     55632016.
     5564
     5565</li>
     5566<br>
     5567
     5568
     5569
     5570<li>
    54975571<b>Hemmings, Matt and Krahn, Robert and Lary, David and McGeer, Rick and Ricart, Glenn and R&#x6f;&#x0308;der, Marko</b>
    54985572, &quot;The Ignite Distributed Collaborative Scientific Visualization System.&quot
     
    56285702<li>
    56295703<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
     5704, &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot
     5705NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
     57062016.
     5707doi:10.1109/noms.2016.7502805.
     5708</li>
     5709<br>
     5710
     5711<li>
     5712<b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
    56305713, &quot;SARA: Segment aware rate adaptation algorithm for dynamic adaptive streaming over HTTP.&quot
    56315714Communication Workshop (ICCW), 2015 IEEE International Conference on, IEEE,
    563257152015.
    56335716doi:10.1109/iccw.2015.7247436.
    5634 </li>
    5635 <br>
    5636 
    5637 <li>
    5638 <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>
    5639 , &quot;QoE management in DASH systems using the segment aware rate adaptation algorithm.&quot
    5640 NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE,
    5641 2016.
    5642 doi:10.1109/noms.2016.7502805.
    56435717</li>
    56445718<br>
     
    57805854<li>
    57815855<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
     5856, &quot;Network capabilities of cloud services for a real time scientific application.&quot
     585737th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE,
     58582012.
     5859doi:10.1109/lcn.2012.6423665.
     5860</li>
     5861<br>
     5862
     5863<li>
     5864<b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
    57825865, &quot;Performance of GENI Cloud Testbeds for Real Time Scientific Application.&quot
    57835866First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
    578458672012.
    57855868
    5786 </li>
    5787 <br>
    5788 
    5789 <li>
    5790 <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>
    5791 , &quot;Network capabilities of cloud services for a real time scientific application.&quot
    5792 37th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE,
    5793 2012.
    5794 doi:10.1109/lcn.2012.6423665.
    57955869</li>
    57965870<br>
     
    61176191<li>
    61186192<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
     6193, &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot
     6194Computer Networks,
     61952014.
     6196doi:10.1016/j.bjp.2013.12.024.
     6197</li>
     6198<br>
     6199
     6200<li>
     6201<b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
    61196202, &quot;Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques.&quot
    61206203Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA,
    612162042016.
    61226205doi:10.1145/2955193.2955194.
    6123 </li>
    6124 <br>
    6125 
    6126 <li>
    6127 <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>
    6128 , &quot;Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange.&quot
    6129 Computer Networks,
    6130 2014.
    6131 doi:10.1016/j.bjp.2013.12.024.
    61326206</li>
    61336207<br>
     
    64456519<li>
    64466520<b>Ozcelik, Ilker and Brooks, Richard R.</b>
    6447 , &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot
    6448 First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
    6449 2012.
    6450 
     6521, &quot;Operational System Testing for Designed in Security.&quot
     6522Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
     65232013.
     6524doi:10.1145/2459976.2460038.
    64516525</li>
    64526526<br>
     
    64636537<li>
    64646538<b>Ozcelik, Ilker and Brooks, Richard R.</b>
    6465 , &quot;Operational System Testing for Designed in Security.&quot
    6466 Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, ACM, New York, NY, USA,
    6467 2013.
    6468 doi:10.1145/2459976.2460038.
     6539, &quot;Performance Analysis of DDoS Detection Methods on Real Network.&quot
     6540First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles,
     65412012.
     6542
    64696543</li>
    64706544<br>
     
    73627436
    73637437<li>
     7438<b>Vanhove, Thomas and Seghbroeck, Gregory V. and Wauters, Tim and Turck, Filip D. and Vermeulen, Brecht and Demeester, Piet</b>
     7439, &quot;Tengu: An Experimentation Platform for Big Data Applications.&quot
     74402015 IEEE 35th International Conference on Distributed Computing Systems Workshops, Columbus, OH, USA, IEEE,
     74412015.
     7442doi:10.1109/icdcsw.2015.19.
     7443</li>
     7444<br>
     7445
     7446
     7447
     7448<li>
    73647449<b>Velusamy, G. and Gurkan, D. and Narayan, S. and Baily, S.</b>
    73657450, &quot;Fault-Tolerant OpenFlow-Based Software Switch Architecture with LINC Switches for a Reliable Network Data Exchange.&quot
     
    75617646<li>
    75627647<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
     7648, &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot
     7649Teletraffic Congress (ITC), 2014 26th International, IEEE,
     76502014.
     7651doi:10.1109/itc.2014.6932973.
     7652</li>
     7653<br>
     7654
     7655<li>
     7656<b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
    75637657, &quot;Capacity of Inter-cloud Layer-2 Virtual Networking.&quot
    75647658Proceedings of the 2014 ACM SIGCOMM Workshop on Distributed Cloud Computing, Chicago, Illinois, USA, ACM, New York, NY, USA,
    756576592014.
    75667660doi:10.1145/2627566.2627573.
    7567 </li>
    7568 <br>
    7569 
    7570 <li>
    7571 <b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>
    7572 , &quot;Scaling up applications over distributed clouds with dynamic layer-2 exchange and broadcast service.&quot
    7573 Teletraffic Congress (ITC), 2014 26th International, IEEE,
    7574 2014.
    7575 doi:10.1109/itc.2014.6932973.
    75767661</li>
    75777662<br>
     
    77347819
    77357820<li>
     7821<b>Zhao, Shuai and Sydney, Ali and Medhi, Deep</b>
     7822, &quot;Building Application-Aware Network Environments Using SDN for Optimizing Hadoop Applications.&quot
     7823Proceedings of the 2016 Conference on ACM SIGCOMM 2016 Conference, Florianopolis, Brazil, ACM, New York, NY, USA,
     78242016.
     7825doi:10.1145/2934872.2959059.
     7826</li>
     7827<br>
     7828
     7829
     7830
     7831<li>
    77367832<b>Zhuang, Yanyan and Rafetseder, A. and Cappos, J.</b>
    77377833, &quot;Experience with Seattle: A Community Platform for Research and Education.&quot