| | 87 | <b>Akella, Anand V. and Xiong, Kaiqi</b>, |
| | 88 | "Quality of Service (QoS)-Guaranteed Network Resource Allocation via Software Defined Networking (SDN)." |
| | 89 | 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing, Dalian, China, IEEE, |
| | 90 | 2014. |
| | 91 | doi:10.1109/dasc.2014.11. |
| | 92 | <a href="http://dx.doi.org/10.1109/dasc.2014.11">http://dx.doi.org/10.1109/dasc.2014.11</a> |
| | 93 | <br><br><b>Abstract: </b>Quality of Service (QoS) -- based bandwidth allocation plays a key role in real-time computing systems and applications such as voice IP, teleconferencing, and gaming. Likewise, customer services often need to be distinguished according to their service priorities and requirements. In this paper, we consider bandwidth allocation in the networks of a cloud carrier in which cloud users' requests are processed and transferred by a cloud provider subject to QoS requirements. We present a QoS-guaranteed approach for bandwidth allocation that satisfies QoS requirements for all priority cloud users by using Open vSwitch, based on software defined networking (SDN). We implement and test the proposed approach on the Global Environment for Networking Innovations (GENI). Experimental results show the effectiveness of the proposed approach. |
| | 94 | </li> |
| | 95 | <br> |
| | 96 | |
| | 97 | |
| | 98 | |
| | 99 | <li> |
| | 126 | <b>Alaoui, Sara E. and Ramamurthy, Byrav</b>, |
| | 127 | "EAODR: A Novel Routing Algorithm Based on the Modified Temporal Graph Network Model for DTN-Based Interplanetary Networks." |
| | 128 | Computer Networks, |
| | 129 | 2017. |
| | 130 | doi:10.1016/j.comnet.2017.09.012. |
| | 131 | <a href="http://dx.doi.org/10.1016/j.comnet.2017.09.012">http://dx.doi.org/10.1016/j.comnet.2017.09.012</a> |
| | 132 | <br><br><b>Abstract: </b>The Interplanetary Internet is a network that interconnects objects traveling in space and on planets such as satellites, rovers and comets. This network has very different communication conditions than the networks deployed on the surface of Earth. The large delays, intermittent connections and rough environment in space require the adoption of the Delay/Disruption Tolerant Network architecture/techniques. The currently used implementation of DTN interplanetary networks uses the Contact Graph Routing mechanism that we show, using the Interplanetary Overlay Network (ION) based experiments, has some shortcomings leading to less efficient use of the network. In this paper, we propose a novel model to represent such networks based on temporal graphs obtaining a near-real-time representation of these deterministic dynamic networks. This Modified Temporal Graph (MTG) model is then used for the implementation of our proposed routing algorithm, the Earliest Arrival Optimal Delivery Ratio (EAODR) routing algorithm. We provide the proof of correctness of EAODR, and we use our routing simulator to run experiments on a real-world network and also on large networks. We prove that EAODR outperforms the Contact Graph Routing (CGR) in terms of a decrease in delay of up to 12.9%. |
| | 133 | </li> |
| | 134 | <br> |
| | 135 | |
| | 136 | |
| | 137 | |
| | 138 | <li> |
| | 293 | <b>Avgeris, Marios and Kalatzis, Nikos and Dechouniotis, Dimitrios and Roussaki, Ioanna and Papavassiliou, Symeon</b>, |
| | 294 | "Semantic Resource Management of Federated IoT Testbeds." |
| | 295 | Ad-hoc, Mobile, and Wireless Networks, Springer International Publishing, |
| | 296 | 2017. |
| | 297 | doi:10.1007/978-3-319-67910-5_3. |
| | 298 | <a href="http://dx.doi.org/10.1007/978-3-319-67910-5_3">http://dx.doi.org/10.1007/978-3-319-67910-5_3</a> |
| | 299 | <br><br><b>Abstract: </b>Testbeds and experimental network facilities accelerate the expansion of disruptive Internet services and support their evolution. The integration of IoT technologies in the context of Unmanned Vehicles (UxVs) and their deployment in federated, real–world testbeds introduce various challenging research issues. This paper presents the Semantic Aggregate Manager (SAM) that exploits semantic technologies for modeling and managing resources of federated IoT Testbeds. SAM introduces new semantics–based features tailored to the needs of IoT enabled UxVs, but on the same time allows the compatibility with existing legacy, ” de facto” standardised protocols, currently utilized by multiple federated testbed management systems. The proposed framework is currently being deployed in order to be evaluated in real–world testbeds across several sites in Europe. |
| | 300 | </li> |
| | 301 | <br> |
| | 302 | |
| | 303 | |
| | 304 | |
| | 305 | <li> |
| 1020 | | "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
| 1021 | | Military Communications Conference, MILCOM 2015 - 2015 IEEE, IEEE, |
| 1022 | | 2015. |
| 1023 | | doi:10.1109/milcom.2015.7357519. |
| 1024 | | <a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a> |
| 1025 | | <br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability. |
| 1026 | | </li> |
| 1027 | | <br> |
| 1028 | | |
| 1029 | | <li> |
| 1030 | | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>, |
| 1040 | | |
| | 1068 | <li> |
| | 1069 | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>, |
| | 1070 | "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
| | 1071 | MILCOM 2015 - 2015 IEEE Military Communications Conference, Tampa, FL, USA, IEEE, |
| | 1072 | 2015. |
| | 1073 | doi:10.1109/milcom.2015.7357519. |
| | 1074 | <a href="http://dx.doi.org/10.1109/milcom.2015.7357519">http://dx.doi.org/10.1109/milcom.2015.7357519</a> |
| | 1075 | <br><br><b>Abstract: </b>Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability. |
| | 1076 | </li> |
| | 1077 | <br> |
| | 1078 | |
| | 1079 | |
| | 1080 | |
| | 1081 | <li> |
| | 1082 | <b>Chin, Tommy and Xiong, Kaiqi</b>, |
| | 1083 | "Dynamic generation containment systems (DGCS): A Moving Target Defense approach." |
| | 1084 | 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC), IEEE, |
| | 1085 | 2016. |
| | 1086 | doi:10.1109/eitec.2016.7503690. |
| | 1087 | <a href="http://dx.doi.org/10.1109/eitec.2016.7503690">http://dx.doi.org/10.1109/eitec.2016.7503690</a> |
| | 1088 | <br><br><b>Abstract: </b>Supervisory Control and Data Acquisition (SCADA) systems are critical assets to public utility and manufacturing organizations. These systems, although critical, are prone to numerous cyber security related threats and attacks. To combat such challenges, we propose a Dynamic Generated Containment System (DGCS), a moving target defense model as a method of threat evasion. Under the proposed approach, we employ the use of intrusion detection systems (IDS) in conjunction with virtualization solution - Docker. The proposed approach provides an individual Docker container for each threat detected by our IDS. We conduct several experiments using high performance computing systems to measure and demonstrate our proposed approach. |
| | 1089 | </li> |
| | 1090 | <br> |
| | 1091 | |
| | 1092 | <li> |
| | 1093 | <b>Chin, Tommy and Xiong, Kaiqi</b>, |
| | 1094 | "A Forensic Methodology for Software-Defined Network Switches." |
| | 1095 | Advances in Digital Forensics XIII, Springer International Publishing, Cham, |
| | 1096 | 2017. |
| | 1097 | doi:10.1007/978-3-319-67208-3_6. |
| | 1098 | <a href="http://dx.doi.org/10.1007/978-3-319-67208-3_6">http://dx.doi.org/10.1007/978-3-319-67208-3_6</a> |
| | 1099 | <br><br><b>Abstract: </b>This chapter presents a forensic methodology for computing systems in a software-defined networking environment that consists of an application plane, control plane and data plane. The methodology involves a forensic examination of the software-defined networking infrastructure from the perspective of a switch. Memory images of a live switch and southbound communications are leveraged to enable forensic investigators to identify and locate potential evidence for triage in real time. The methodology is evaluated using a real-world testbed exposed to network attacks. The experimental results demonstrate the effectiveness of the methodology for forensic investigations of software-defined networking infrastructures. |
| | 1100 | </li> |
| | 1101 | <br> |
| 1050 | | </li> |
| 1051 | | <br> |
| 1052 | | |
| 1053 | | <li> |
| 1054 | | <b>Chin, Tommy and Xiong, Kaiqi</b>, |
| 1055 | | "Dynamic generation containment systems (DGCS): A Moving Target Defense approach." |
| 1056 | | 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC), IEEE, |
| 1057 | | 2016. |
| 1058 | | doi:10.1109/eitec.2016.7503690. |
| 1059 | | <a href="http://dx.doi.org/10.1109/eitec.2016.7503690">http://dx.doi.org/10.1109/eitec.2016.7503690</a> |
| 1060 | | <br><br><b>Abstract: </b>Supervisory Control and Data Acquisition (SCADA) systems are critical assets to public utility and manufacturing organizations. These systems, although critical, are prone to numerous cyber security related threats and attacks. To combat such challenges, we propose a Dynamic Generated Containment System (DGCS), a moving target defense model as a method of threat evasion. Under the proposed approach, we employ the use of intrusion detection systems (IDS) in conjunction with virtualization solution - Docker. The proposed approach provides an individual Docker container for each threat detected by our IDS. We conduct several experiments using high performance computing systems to measure and demonstrate our proposed approach. |
| | 1714 | "The design of an instrumentation system for federated and virtualized network testbeds." |
| | 1715 | Network Operations and Management Symposium (NOMS), 2012 IEEE, IEEE, |
| | 1716 | 2012. |
| | 1717 | doi:10.1109/NOMS.2012.6212061. |
| | 1718 | <a href="http://dx.doi.org/10.1109/NOMS.2012.6212061">http://dx.doi.org/10.1109/NOMS.2012.6212061</a> |
| | 1719 | <br><br><b>Abstract: </b>Much of the GENI effort in developing network testbeds has been focused on building the control frameworks needed to allocate and initialize the network resources that make up an experiment. We argue that building the instrumentation and measurement system to monitor and capture the behavior of the network is just as important and challenging as setting up the network itself, especially in a virtualized and federated environment where getting information from experimental nodes is too complicated and too much to handle for a typical user. In this paper, we describe the design of an instrumentation and measurement infrastructure that allows users to monitor their experiments. The challenge that virtualization and federation of GENI testbeds bring to instrumentation and monitoring is how to hide the details of instrumentation setup from users so that users do not need to be experts in system administration or network management of virtualized and federated systems, but are still able to ” see” what is going on with their experiments. Our instrumentation tool sets up experiment-specific monitoring infrastructure that is tailored to capture, record, and display only information associated with that experiment. Our tools are currently available in GENI, and we present a simple example of how to use them to instrument an experiment. |
| | 1720 | </li> |
| | 1721 | <br> |
| | 1722 | |
| | 1723 | <li> |
| | 1724 | <b>Griffioen, J. and Fei, Zongming and Nasir, H. and Wu, Xiongqi and Reed, J. and Carpenter, C.</b>, |
| 1670 | | </li> |
| 1671 | | <br> |
| 1672 | | |
| 1673 | | <li> |
| 1674 | | <b>Griffioen, J. and Fei, Zongming and Nasir, H. and Wu, Xiongqi and Reed, J. and Carpenter, C.</b>, |
| 1675 | | "The design of an instrumentation system for federated and virtualized network testbeds." |
| 1676 | | Network Operations and Management Symposium (NOMS), 2012 IEEE, IEEE, |
| 1677 | | 2012. |
| 1678 | | doi:10.1109/NOMS.2012.6212061. |
| 1679 | | <a href="http://dx.doi.org/10.1109/NOMS.2012.6212061">http://dx.doi.org/10.1109/NOMS.2012.6212061</a> |
| 1680 | | <br><br><b>Abstract: </b>Much of the GENI effort in developing network testbeds has been focused on building the control frameworks needed to allocate and initialize the network resources that make up an experiment. We argue that building the instrumentation and measurement system to monitor and capture the behavior of the network is just as important and challenging as setting up the network itself, especially in a virtualized and federated environment where getting information from experimental nodes is too complicated and too much to handle for a typical user. In this paper, we describe the design of an instrumentation and measurement infrastructure that allows users to monitor their experiments. The challenge that virtualization and federation of GENI testbeds bring to instrumentation and monitoring is how to hide the details of instrumentation setup from users so that users do not need to be experts in system administration or network management of virtualized and federated systems, but are still able to ” see” what is going on with their experiments. Our instrumentation tool sets up experiment-specific monitoring infrastructure that is tailored to capture, record, and display only information associated with that experiment. Our tools are currently available in GENI, and we present a simple example of how to use them to instrument an experiment. |
| 1974 | | "QoE management in DASH systems using the segment aware rate adaptation algorithm." |
| 1975 | | NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, |
| 1976 | | 2016. |
| 1977 | | doi:10.1109/noms.2016.7502805. |
| 1978 | | <a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a> |
| 1979 | | <br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them. |
| 1980 | | </li> |
| 1981 | | <br> |
| 1982 | | |
| 1983 | | <li> |
| 1984 | | <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>, |
| | 2030 | </li> |
| | 2031 | <br> |
| | 2032 | |
| | 2033 | <li> |
| | 2034 | <b>Juluri, Parikshit and Tamarapalli, Venkatesh and Medhi, Deep</b>, |
| | 2035 | "QoE management in DASH systems using the segment aware rate adaptation algorithm." |
| | 2036 | NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, |
| | 2037 | 2016. |
| | 2038 | doi:10.1109/noms.2016.7502805. |
| | 2039 | <a href="http://dx.doi.org/10.1109/noms.2016.7502805">http://dx.doi.org/10.1109/noms.2016.7502805</a> |
| | 2040 | <br><br><b>Abstract: </b>Dynamic Adaptive Streaming over HTTP (DASH) enables the video player to adapt the bitrate of the video while streaming to ensure playback without interruptions even with varying throughput. A DASH server hosts multiple representations of the same video, each of which is broken down into small segments of fixed playback duration. The video bitrate adaptation is purely driven by the player at the endhost. Typically, the player employs an Adaptive Bitrate (ABR) algorithm, that determines the most appropriate representation for the next segment to be downloaded, based on the current network conditions and user preferences. The aim of an ABR algorithm is to dynamically manage the Quality of Experience (QoE) of the user during the playback. ABR algorithms manage the QoE by maximizing the bitrate while at the same time trying to minimize the other QoE metrics: playback start time, duration and number of buffering events, and the number of bitrate switching events. Typically, the ABR algorithms manage the QoE by using the measured network throughput and buffer occupancy to adapt the playback bitrate. However, due to the video encoding schemes employed, the sizes of the individual segments may vary significantly. For low bandwidth networks, fluctuation in the segment sizes results in inaccurate estimation the expected segment fetch times, thereby resulting in inaccurate estimation of the optimum bitrate. In this paper we demonstrate how the Segment-Aware Rate Adaptation (SARA) algorithm, that considers the measured throughput, buffer occupancy, and the variation in segment sizes helps in better management of the users' QoE in a DASH system. By comparing with a typical throughput-based and buffer-based adaptation algorithm under varying network conditions, we demonstrate that SARA manages the QoE better, especially in a low bandwidth network. We also developed AStream, an open-source Python-based emulated DASH-video player that was used to evaluate three different ABR algor- thms and measure the QoE metrics with each of them. |
| 2154 | | "Performance of GENI Cloud Testbeds for Real Time Scientific Application." |
| 2155 | | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
| 2156 | | 2012. |
| 2157 | | |
| 2158 | | |
| 2159 | | <br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform. |
| 2160 | | </li> |
| 2161 | | <br> |
| 2162 | | |
| 2163 | | <li> |
| 2164 | | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>, |
| 2169 | 2208 | <a href="http://dx.doi.org/10.1109/lcn.2012.6423665">http://dx.doi.org/10.1109/lcn.2012.6423665</a> |
| 2170 | 2209 | <br><br><b>Abstract: </b>Dedicating high-end servers for executing scientific applications that run intermittently, such as severe weather detection or generalized weather forecasting, wastes resources. While the Infrastructure-as-a-Service (IaaS) model used by today's cloud platforms is well-suited for the bursty computational demands of these applications, it is unclear if the network capabilities of today's cloud platforms are sufficient. In this paper, we analyze the networking capabilities of multiple commercial (Amazon's EC2 and Rackspace) and research (GENICloud and ExoGENI cloud) platforms in the context of a Nowcasting application, a forecasting algorithm for highly accurate, near-term, e.g., 5-20 minutes, weather predictions. The application has both computational and network requirements. While it executes rarely, whenever severe weather approaches, it benefits from an IaaS model; However, since its results are time-critical, enough bandwidth must be available to transmit radar data to cloud platforms before it becomes stale. We conduct network capacity measurements between radar sites and cloud platforms throughout the country. Our results indicate that ExoGENI cloud performs the best for both serial and parallel data transfer with an average throughput of 110.22 Mbps and 17.2 Mbps, respectively. We also found that the cloud services perform better in the distributed data transfer case, where a subset of nodes transmit data in parallel to a cloud instance. Ultimately, we conclude that commercial and research clouds are capable of providing sufficient bandwidth for our real-time Nowcasting application. |
| | 2210 | </li> |
| | 2211 | <br> |
| | 2212 | |
| | 2213 | <li> |
| | 2214 | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>, |
| | 2215 | "Performance of GENI Cloud Testbeds for Real Time Scientific Application." |
| | 2216 | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
| | 2217 | 2012. |
| | 2218 | |
| | 2219 | |
| | 2220 | <br><br><b>Abstract: </b>Dedicating high end servers for short-term execution of scientific applications such as weather forecasting wastes resources. Cloud platforms IaaS model seems well suited for applications which are executed on an irregular basis and for short duration. In this paper, we evaluate the performance of research testbed cloud platforms such as GENICloud and ORCA cloud clusters for our real-time scientific application of short-term weather forecasting called Nowcasting. In this paper, we evaluate the network capabilities of these research cloud testbeds for our real-time application of weather forecasting. In addition, we evaluate the computation time of executing Nowcasting on each cloud platform for weather data collected from real weather events. We also evaluate the total time taken to generate and transmit short-term forecast images to end users with live data from our own radar on campus. We also compare the performance of each of these clusters for Nowcasting with commercial cloud services such as Amazon's EC2. The results obtained from our measurement show that cloud testbeds are suitable for real-time application experiments to be carried out on a cloud platform. |
| | 2605 | "Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques." |
| | 2606 | Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA, |
| | 2607 | 2016. |
| | 2608 | doi:10.1145/2955193.2955194. |
| | 2609 | <a href="http://dx.doi.org/10.1145/2955193.2955194">http://dx.doi.org/10.1145/2955193.2955194</a> |
| | 2610 | <br><br><b>Abstract: </b>Providing services for multiple tenants within a single or federated distributed cloud environment requires a variety of special considerations related to network design, provisioning, and operations. Especially important are multiple topics concerning the implementation of multiple parallel programmable virtual networks for large numbers of tenants, who require autonomous management, control, and data planes. This paper provides an overview of some of the challenges that arise from developing and implementing parallel programmable virtual networks, describes experiences with several experimental techniques for addressing those challenges based on large scale distributed testbeds, and presents the results of the experiments that were conducted. Distributed environments used include a distributed cloud testbed, the Chameleon Cloud, sponsored by the National Science Foundation's NSFCloud program, the NSF's Global Environment for Network Innovations (GENI), an international distributed OpenFlow testbed, and the Open Science Data Cloud. |
| | 2611 | </li> |
| | 2612 | <br> |
| | 2613 | |
| | 2614 | <li> |
| | 2615 | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
| | 2616 | "Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange." |
| | 2617 | Computer Networks, |
| | 2618 | 2014. |
| | 2619 | doi:10.1016/j.bjp.2013.12.024. |
| | 2620 | <a href="http://dx.doi.org/10.1016/j.bjp.2013.12.024">http://dx.doi.org/10.1016/j.bjp.2013.12.024</a> |
| | 2621 | <br><br><b>Abstract: </b>Large scale national and international experimental research environments are required to advance communication services and supporting network architecture, technology, and infrastructure. Theories and concepts are often explored using simulation and modeling techniques within labs or on small scale testbeds. However, while such testbeds are valuable resources for the research process, these facilities alone cannot provide an appropriate approximation of the real world conditions required to explore ideas at scale. Very large scale global, experimental network research capabilities are required to deeply investigate innovative concepts. For many years, network testbeds were created to address fairly specific, well defined, limited research goals, and they were implemented for fairly short periods. Recently, taking advantage of a number of macro information technology trends, such as virtualization and programmable resources, several network research communities have been developing innovative types of network research environments. Instead of designing traditional network testbeds, research communities are designing large scale, highly flexible distributed platforms that can be used to create many different types of testbeds. Also, rather than creating short term testbeds for limited research objectives, these new environments are being designed as long term persistent resources to support many types of experimental research. This paper describes the motivations for this trend, provides several examples of large scale distributed network research environments based on the Global Lambda Integrated Facility (GLIF) and the StarLight Exchange Facility, including the Global Environment for Network Innovation (GENI), and indicates emerging future trends for these types of environments. |
| | 2622 | </li> |
| | 2623 | <br> |
| | 2624 | |
| | 2625 | <li> |
| | 2626 | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
| 2561 | | </li> |
| 2562 | | <br> |
| 2563 | | |
| 2564 | | <li> |
| 2565 | | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
| 2566 | | "Next Generation Virtual Network Architecture for Multi-tenant Distributed Clouds: Challenges and Emerging Techniques." |
| 2567 | | Proceedings of the 4th Workshop on Distributed Cloud Computing, Chicago, Illinois, ACM, New York, NY, USA, |
| 2568 | | 2016. |
| 2569 | | doi:10.1145/2955193.2955194. |
| 2570 | | <a href="http://dx.doi.org/10.1145/2955193.2955194">http://dx.doi.org/10.1145/2955193.2955194</a> |
| 2571 | | <br><br><b>Abstract: </b>Providing services for multiple tenants within a single or federated distributed cloud environment requires a variety of special considerations related to network design, provisioning, and operations. Especially important are multiple topics concerning the implementation of multiple parallel programmable virtual networks for large numbers of tenants, who require autonomous management, control, and data planes. This paper provides an overview of some of the challenges that arise from developing and implementing parallel programmable virtual networks, describes experiences with several experimental techniques for addressing those challenges based on large scale distributed testbeds, and presents the results of the experiments that were conducted. Distributed environments used include a distributed cloud testbed, the Chameleon Cloud, sponsored by the National Science Foundation's NSFCloud program, the NSF's Global Environment for Network Innovations (GENI), an international distributed OpenFlow testbed, and the Open Science Data Cloud. |
| 2572 | | </li> |
| 2573 | | <br> |
| 2574 | | |
| 2575 | | <li> |
| 2576 | | <b>Mambretti, Joe and Chen, Jim and Yeh, Fei</b>, |
| 2577 | | "Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange." |
| 2578 | | Computer Networks, |
| 2579 | | 2014. |
| 2580 | | doi:10.1016/j.bjp.2013.12.024. |
| 2581 | | <a href="http://dx.doi.org/10.1016/j.bjp.2013.12.024">http://dx.doi.org/10.1016/j.bjp.2013.12.024</a> |
| 2582 | | <br><br><b>Abstract: </b>Large scale national and international experimental research environments are required to advance communication services and supporting network architecture, technology, and infrastructure. Theories and concepts are often explored using simulation and modeling techniques within labs or on small scale testbeds. However, while such testbeds are valuable resources for the research process, these facilities alone cannot provide an appropriate approximation of the real world conditions required to explore ideas at scale. Very large scale global, experimental network research capabilities are required to deeply investigate innovative concepts. For many years, network testbeds were created to address fairly specific, well defined, limited research goals, and they were implemented for fairly short periods. Recently, taking advantage of a number of macro information technology trends, such as virtualization and programmable resources, several network research communities have been developing innovative types of network research environments. Instead of designing traditional network testbeds, research communities are designing large scale, highly flexible distributed platforms that can be used to create many different types of testbeds. Also, rather than creating short term testbeds for limited research objectives, these new environments are being designed as long term persistent resources to support many types of experimental research. This paper describes the motivations for this trend, provides several examples of large scale distributed network research environments based on the Global Lambda Integrated Facility (GLIF) and the StarLight Exchange Facility, including the Global Environment for Network Innovation (GENI), and indicates emerging future trends for these types of environments. |
| 3004 | | "Performance Analysis of DDoS Detection Methods on Real Network." |
| 3005 | | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
| 3006 | | 2012. |
| 3007 | | |
| 3008 | | |
| 3009 | | <br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic. |
| 3010 | | </li> |
| 3011 | | <br> |
| 3012 | | |
| 3013 | | <li> |
| 3014 | | <b>Ozcelik, Ilker and Brooks, Richard R.</b>, |
| | 3060 | </li> |
| | 3061 | <br> |
| | 3062 | |
| | 3063 | <li> |
| | 3064 | <b>Ozcelik, Ilker and Brooks, Richard R.</b>, |
| | 3065 | "Performance Analysis of DDoS Detection Methods on Real Network." |
| | 3066 | First GENI Research and Educational Experiment Workshop (GREE 2012), Los Angeles, |
| | 3067 | 2012. |
| | 3068 | |
| | 3069 | |
| | 3070 | <br><br><b>Abstract: </b>Distributed Denial of Service (DDoS) attacks are major security threats to the Internet. The distributed structure of these attacks makes it difficult to distinguish between legitimate and attack traffic, making detection difficult. In addition to this challenge, researchers also have to study and find countermeasures against these attacks without using an operational network for testing, since attacks on operational networks inconvenience users. In this paper, we propose a method to perform DDoS analysis on real hardware using real traffic without jeopardizing the original network. We implement our experiments on the Geni testbed using Openflow. We present results from DDoS detection methods using operational traffic. |
| 4094 | | "PrimoGENI for hybrid network simulation and emulation experiments in GENI." |
| 4095 | | Journal of Simulation, |
| 4096 | | 2012. |
| 4097 | | doi:10.1057/jos.2012.5. |
| 4098 | | <a href="http://dx.doi.org/10.1057/jos.2012.5">http://dx.doi.org/10.1057/jos.2012.5</a> |
| 4099 | | <br><br><b>Abstract: </b>The Global Environment for Network Innovations (GENI) is a community-driven research and development effort to build a collaborative and exploratory network experimentation platform—a 'virtual laboratory' for the design, implementation, and evaluation of future networks. The PrimoGENI project enables real-time network simulation by extending an existing network simulator to become part of the GENI federation to support large-scale experiments involving physical, simulated, and emulated network entities. In this paper, we describe a novel design of PrimoGENI, which aims at supporting realistic, scalable, and flexible network experiments with real-time simulation and emulation capabilities. We present a flexible emulation infrastructure that allows both remote client machines, local cluster nodes running virtual machines, and external networks to seamlessly interoperate with the simulated network running within a designated 'slice' of resources. We present the results of our preliminary validation and performance studies to demonstrate the capabilities as well as limitations of our approach. |
| 4100 | | </li> |
| 4101 | | <br> |
| 4102 | | |
| 4103 | | <li> |
| 4104 | | <b>Van Vorst, N. and Erazo, M. and Liu, J.</b>, |
| | 4150 | </li> |
| | 4151 | <br> |
| | 4152 | |
| | 4153 | <li> |
| | 4154 | <b>Van Vorst, N. and Erazo, M. and Liu, J.</b>, |
| | 4155 | "PrimoGENI for hybrid network simulation and emulation experiments in GENI." |
| | 4156 | Journal of Simulation, |
| | 4157 | 2012. |
| | 4158 | doi:10.1057/jos.2012.5. |
| | 4159 | <a href="http://dx.doi.org/10.1057/jos.2012.5">http://dx.doi.org/10.1057/jos.2012.5</a> |
| | 4160 | <br><br><b>Abstract: </b>The Global Environment for Network Innovations (GENI) is a community-driven research and development effort to build a collaborative and exploratory network experimentation platform—a 'virtual laboratory' for the design, implementation, and evaluation of future networks. The PrimoGENI project enables real-time network simulation by extending an existing network simulator to become part of the GENI federation to support large-scale experiments involving physical, simulated, and emulated network entities. In this paper, we describe a novel design of PrimoGENI, which aims at supporting realistic, scalable, and flexible network experiments with real-time simulation and emulation capabilities. We present a flexible emulation infrastructure that allows both remote client machines, local cluster nodes running virtual machines, and external networks to seamlessly interoperate with the simulated network running within a designated 'slice' of resources. We present the results of our preliminary validation and performance studies to demonstrate the capabilities as well as limitations of our approach. |
| | 4980 | <b>Avgeris, Marios and Kalatzis, Nikos and Dechouniotis, Dimitrios and Roussaki, Ioanna and Papavassiliou, Symeon</b>, |
| | 4981 | "Semantic Resource Management of Federated IoT Testbeds." |
| | 4982 | Ad-hoc, Mobile, and Wireless Networks, Springer International Publishing, |
| | 4983 | 2017. |
| | 4984 | doi:10.1007/978-3-319-67910-5_3. |
| | 4985 | </li> |
| | 4986 | <br> |
| | 4987 | |
| | 4988 | |
| | 4989 | |
| | 4990 | <li> |
| 5561 | | |
| | 5635 | <li> |
| | 5636 | <b>Chin, Tommy and Mountrouidou, Xenia and Li, Xiangyang and Xiong, Kaiqi</b>, |
| | 5637 | "An SDN-supported collaborative approach for DDoS flooding detection and containment." |
| | 5638 | MILCOM 2015 - 2015 IEEE Military Communications Conference, Tampa, FL, USA, IEEE, |
| | 5639 | 2015. |
| | 5640 | doi:10.1109/milcom.2015.7357519. |
| | 5641 | </li> |
| | 5642 | <br> |
| | 5643 | |
| | 5644 | |
| | 5645 | |
| | 5646 | <li> |
| | 5647 | <b>Chin, Tommy and Xiong, Kaiqi</b>, |
| | 5648 | "Dynamic generation containment systems (DGCS): A Moving Target Defense approach." |
| | 5649 | 2016 3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems (EITEC), IEEE, |
| | 5650 | 2016. |
| | 5651 | doi:10.1109/eitec.2016.7503690. |
| | 5652 | </li> |
| | 5653 | <br> |
| | 5654 | |
| | 5655 | <li> |
| | 5656 | <b>Chin, Tommy and Xiong, Kaiqi</b>, |
| | 5657 | "A Forensic Methodology for Software-Defined Network Switches." |
| | 5658 | Advances in Digital Forensics XIII, Springer International Publishing, Cham, |
| | 5659 | 2017. |
| | 5660 | doi:10.1007/978-3-319-67208-3_6. |
| | 5661 | </li> |
| | 5662 | <br> |
| | 6181 | "The design of an instrumentation system for federated and virtualized network testbeds." |
| | 6182 | Network Operations and Management Symposium (NOMS), 2012 IEEE, IEEE, |
| | 6183 | 2012. |
| | 6184 | doi:10.1109/NOMS.2012.6212061. |
| | 6185 | </li> |
| | 6186 | <br> |
| | 6187 | |
| | 6188 | <li> |
| | 6189 | <b>Griffioen, J. and Fei, Zongming and Nasir, H. and Wu, Xiongqi and Reed, J. and Carpenter, C.</b>, |
| 6093 | | </li> |
| 6094 | | <br> |
| 6095 | | |
| 6096 | | <li> |
| 6097 | | <b>Griffioen, J. and Fei, Zongming and Nasir, H. and Wu, Xiongqi and Reed, J. and Carpenter, C.</b>, |
| 6098 | | "The design of an instrumentation system for federated and virtualized network testbeds." |
| 6099 | | Network Operations and Management Symposium (NOMS), 2012 IEEE, IEEE, |
| 6100 | | 2012. |
| 6101 | | doi:10.1109/NOMS.2012.6212061. |
| | 6595 | "Network capabilities of cloud services for a real time scientific application." |
| | 6596 | 37th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE, |
| | 6597 | 2012. |
| | 6598 | doi:10.1109/lcn.2012.6423665. |
| | 6599 | </li> |
| | 6600 | <br> |
| | 6601 | |
| | 6602 | <li> |
| | 6603 | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>, |
| 6507 | | </li> |
| 6508 | | <br> |
| 6509 | | |
| 6510 | | <li> |
| 6511 | | <b>Krishnappa, Dilip K. and Lyons, Eric and Irwin, David and Zink, Michael</b>, |
| 6512 | | "Network capabilities of cloud services for a real time scientific application." |
| 6513 | | 37th Annual IEEE Conference on Local Computer Networks, Clearwater Beach, FL, USA, IEEE, |
| 6514 | | 2012. |
| 6515 | | doi:10.1109/lcn.2012.6423665. |
| 6842 | | "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
| 6843 | | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
| 6844 | | 2014. |
| 6845 | | doi:10.1109/itc.2014.6932970. |
| | 6934 | "Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange." |
| | 6935 | Computer Networks, |
| | 6936 | 2014. |
| | 6937 | doi:10.1016/j.bjp.2013.12.024. |
| 6860 | | "Creating environments for innovation: Designing and implementing advanced experimental network research testbeds based on the Global Lambda Integrated Facility and the StarLight Exchange." |
| 6861 | | Computer Networks, |
| 6862 | | 2014. |
| 6863 | | doi:10.1016/j.bjp.2013.12.024. |
| | 6952 | "Software-Defined Network Exchanges (SDXs): Architecture, services, capabilities, and foundation technologies." |
| | 6953 | Teletraffic Congress (ITC), 2014 26th International, IEEE, |
| | 6954 | 2014. |
| | 6955 | doi:10.1109/itc.2014.6932970. |
| | 8530 | "Capacity of Inter-cloud Layer-2 Virtual Networking." |
| | 8531 | Proceedings of the 2014 ACM SIGCOMM Workshop on Distributed Cloud Computing, Chicago, Illinois, USA, ACM, New York, NY, USA, |
| | 8532 | 2014. |
| | 8533 | doi:10.1145/2627566.2627573. |
| | 8534 | </li> |
| | 8535 | <br> |
| | 8536 | |
| | 8537 | <li> |
| | 8538 | <b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>, |
| 8442 | | </li> |
| 8443 | | <br> |
| 8444 | | |
| 8445 | | <li> |
| 8446 | | <b>Xin, Yufeng and Baldin, Ilya and Heermann, Chris and Mandal, Anirban and Ruth, Paul</b>, |
| 8447 | | "Capacity of Inter-cloud Layer-2 Virtual Networking." |
| 8448 | | Proceedings of the 2014 ACM SIGCOMM Workshop on Distributed Cloud Computing, Chicago, Illinois, USA, ACM, New York, NY, USA, |
| 8449 | | 2014. |
| 8450 | | doi:10.1145/2627566.2627573. |
