Jiahai Yang
Tsinghua University, Computer Science, Faculty Member
With the advent of network function virtualization (NFV), outsourcing network functions (NFs) to the cloud is becoming increasingly popular for enterprises since it brings significant benefits for NF deployment and maintenance, such as... more
With the advent of network function virtualization (NFV), outsourcing network functions (NFs) to the cloud is becoming increasingly popular for enterprises since it brings significant benefits for NF deployment and maintenance, such as improved scalability and reduced overhead. However, NF outsourcing limits the control of customer enterprises over NF deployment and management, consequently raising serious security concerns. Enterprises cannot ensure whether their outsourced NFs and associated service function chains (SFCs) are correctly enforced according to their specifications. In this paper, we propose vSFC, an SFC verification scheme that allows an enterprise to accurately verify the correctness of SFC enforcement in real time. Specifically, it can detect a wide range of SFC violations including forwarding path incompliance, packet dropping, and flow dropping attacks. Meanwhile, it is generic and agile, which can be applied to arbitrary cloud architectures without requiring any modification to NFs. To demonstrate the feasibility and performance of vSFC, we implement a vSFC prototype on top of Linux kernel-based virtual machines (KVM) and conduct extensive experiments with real traffic. The experimental results show that vSFC can accurately detect SFC violations with negligible overhead.
Research Interests:
Research Interests:
Software-based network service chains in Network Function Virtualization (NFV) need to be dynamically allocated and scaled on hardware resources. This is because the resource demand of virtual network functions (VNFs) typically varies as... more
Software-based network service chains in Network Function Virtualization (NFV) need to be dynamically allocated and scaled on hardware resources. This is because the resource demand of virtual network functions (VNFs) typically varies as a results of network flow volume. NFV elastic solutions by coarse-grained horizontal scaling or fine-grained vertical scaling have been investigated in recent years. However, none of the existing solutions can achieve both efficiency and scalability. To address this challenge, we propose elastic network service chain (ENSC), which utilizes a fine-grained hybrid scaling method to achieve both NFV efficiency and scalability. We systematically compare horizontal scaling with vertical scaling from six aspects and determine the priority within hybrid scaling. We formulate the resource allocation problem in the cloud datacenter as an integer linear programming (ILP) model and develop a heuristic algorithm called Rubik. Our evaluation results show that ENS...
Research Interests:
With the rapid growth of the number of IoT devices on the Internet, security problems of IoT devices are becoming more and more serious, which bring more challenges to network administrators. The first task to solve these problems for... more
With the rapid growth of the number of IoT devices on the Internet, security problems of IoT devices are becoming more and more serious, which bring more challenges to network administrators. The first task to solve these problems for network administrators is being aware of IoT devices in the network. Previous IoT device identification methods typically use supervised machine learning methods, which require a large amount of labeled sample data. However, it is difficult to obtain a large number of labeled samples effectively. In order to address this problem, we propose an unsupervised IoT device fingerprinting method at the network level, which can effectively cluster IoT devices without labeled samples. We deeply analyze the temporal and spatial dimension characteristics of network traffic, which can adequately reflect the differences between different IoT devices. By using these features, we develop a clustering framework based on variational autoencoder and K-means algorithms. We conduct evaluation experiments on a public dataset including 24 different IoT devices. The experimental results show that our clustering algorithm can achieve accuracy of 86.7% outperforming a k-NN based state-of-art supervised approach.
Research Interests:
Anomaly detection has been a hot topic in recent years due to its capability of detecting zero day attacks. In this paper, we propose a new metric called Entropy-Ratio. We validate that the Entropy-Ratio is stationary. Making use of this... more
Anomaly detection has been a hot topic in recent years due to its capability of detecting zero day attacks. In this paper, we propose a new metric called Entropy-Ratio. We validate that the Entropy-Ratio is stationary. Making use of this observation, we combine the Least Mean Square algorithm and the Forward Linear Predictor to propose a new on-line detector called LMS-FLP detector. Using the two synthetic data sets - CEGI-6IX synthetic data and CERNET2 synthetic data, we validate that the LMS-FLP detector is very effective in detecting both anomalies involving many small IP flows and anomalies involving a few large IP flows.
Research Interests:
Research Interests:
Internet Protocol (IP) is used to identify and locate computers on the Internet. Currently, IPv4 still routes most Internet traffic. However, with the exhausting of IPv4 addresses, the transition to IPv6 is imminent, because, as the... more
Internet Protocol (IP) is used to identify and locate computers on the Internet. Currently, IPv4 still routes most Internet traffic. However, with the exhausting of IPv4 addresses, the transition to IPv6 is imminent, because, as the successor of IPv4, IPv6 can provide a larger available address space. Existing studies have addressed the notion that IPv6-centric next generation networks are widely deployed and applied. In order to gain a deep understanding of IPv6, this paper revisits several critical IPv6 performance metrics. Our extensive measurement shows that packet delay and loss rate of IPv6 are similar to IPv4 when the AS-level paths are roughly the same. Specifically, when the link utilization exceeds a threshold, for example, 0.83 in our study, variation of packet delay presents a similar pattern with the variation of link utilization. If packet delay of a path is large, packet-loss rate of that path is more likely to fluctuate. In addition, we conduct a first-ever analysis ...
Research Interests:
Segment Routing (SR) is a source routing paradigm which is widely used in Traffic Engineering (TE). By using SR, a node steers a packet through an ordered list of instructions called segments. By some extensions of interior gateway... more
Segment Routing (SR) is a source routing paradigm which is widely used in Traffic Engineering (TE). By using SR, a node steers a packet through an ordered list of instructions called segments. By some extensions of interior gateway protocol, SR can be applied to IP/MPLS or IPv6 network without signal protocol. SR over IPv6 (SRv6) is attracting wide attention because of its interoperation ability with IPv6. However, upgrading the existing IPv6 network directly to a full SRv6 one can be difficult, because large-scale equipment replacement or software upgrade may cause economic and technical problems. TE in partially deployed SR network is becoming a hot research topic. In this paper, we propose the TE algorithm Weight Adjustment-SRTE (WA-SRTE) in partially deployed SRv6 network, in which SRv6 capable nodes are dispersedly deployed. Our objective is to minimize the network’s maximum link utilization. WA-SRTE converts the TE problem into a Deep Reinforcement Learning problem and optimizes the OSPF weight, SRv6 node deployment and traffic paths simultaneously. Besides, traffic variation is also considered and we use a representative Traffic Matrix (TM) to epitomize the traffic characteristics over a period of time. Experiments demonstrate that with 20% to 40% of the SRv6 nodes deployed, we can achieve TE performance as good as in a full SR network for the experiment topologies. The results with WA remarkably outperform the results without it. Our algorithm also gets near-optimal results with changing traffic.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
ABSTRACT With the rapid development of Internet, many network applications (e.g., P2P) use dynamic ports and encryption technology, which makes the traditional port and payload-based classification methods ineffective. Hence, it is... more
ABSTRACT With the rapid development of Internet, many network applications (e.g., P2P) use dynamic ports and encryption technology, which makes the traditional port and payload-based classification methods ineffective. Hence, it is important and necessary to find the more effective ones. Currently the machine learning (ML) techniques provide a promising alternative one for IP traffic classification. In this work, we use the ML-based classification method to identify the classes of the unknown flows using the payload-independent statistical features such as packet-length and arrival-interval. In order to improve the efficiency of the classification methods, the feature reduction techniques are further adopted to refine the selected features for attaining a best group of features. Finally we compare and evaluate the ML classification algorithms based on the BRASIL data source in terms of the three metrics such as overall accuracy, average precision and average recall. Our experiments show that the decision-tree algorithm is the best ML one for IP traffic classification and is able to construct the real-time classification system.
Research Interests:
ABSTRACT The fine-grained flow level measurement is getting increasing demand in recent years. Though it fails to be a generic solution for its biased sampling, NetFlow is promising for its compatibility with major routers and its... more
ABSTRACT The fine-grained flow level measurement is getting increasing demand in recent years. Though it fails to be a generic solution for its biased sampling, NetFlow is promising for its compatibility with major routers and its convenience to perform direct flow level measurement of both IPv4 and IPv6 traffic. Traditional flow level measurement systems based on NetFlow are mostly centralized and each of them independently performs traffic analysis of its local flow records without any coordination in a large-scale network, suffering from unbalancing workload and bad scalability. In this paper we present the design, implementation and evaluation of FlowInfra which is a fault-resilient scalable infrastructure for network-wide flow measurement of pure IPv6 flow records from NetFlow v9 exports. Through the assessment of its performance and flexible features, we show that FlowInfra achieved enhanced ability and robustness to perform network-wide flow level measurement and satisfied the goal for IPv6 network operation and management with better scalability.
Research Interests:
We present a hierarchical, Web- and platform-based network management architecture for resolving problems of scalability, management efficiency, and manager autonomy in large, multiple domain networks. The proposed architecture consists... more
We present a hierarchical, Web- and platform-based network management architecture for resolving problems of scalability, management efficiency, and manager autonomy in large, multiple domain networks. The proposed architecture consists of multiple domain managers and a manager of managers, each responsible for a different management domain, and each can run independently or cooperatively. The structure of the SuperDomain, an implemented network
Research Interests:
Research Interests:
This paper presents a novel Management-as-a-Service (MaaS) architecture which is based on cloud computing architecture and provides more scalable network management capabilities to network managers. Ontology based semantic information... more
This paper presents a novel Management-as-a-Service (MaaS) architecture which is based on cloud computing architecture and provides more scalable network management capabilities to network managers. Ontology based semantic information model which supports communications between management services described by heterogeneous information, and functional model which schedules the deployment of each management service are designed to support the cloud network management architecture by providing appropriate management information description and service deployment method. We realize a prototype of cloud network management architecture based on the MaaS model, evaluate the performance of cloud network management services and validate the functional model used in the MaaS cloud. Experiment results show that our functional model provides optimal deployment of each cloud service and the elasticity of cloud management services improve both the management efficiencies and the utilization of m...
Research Interests:
ABSTRACT In this paper, many aspects related to characteristics and development of IPv6 network are investigated. Additionally, in order to gain a deep view of IPv6 network, we correlate our system with a user authentication system, so we... more
ABSTRACT In this paper, many aspects related to characteristics and development of IPv6 network are investigated. Additionally, in order to gain a deep view of IPv6 network, we correlate our system with a user authentication system, so we explore some meaningful user behaviors. According to the analysis, we obtain a comprehensive knowledge of current operating situation of IPv6 network which, we believe, can provide an experimental basis for IPv6 network operators and researchers.
Research Interests: Computer Science and IPV
Research Interests:
As a crucial function of network management, network topology discovery provides a basis for lots of network analysis, such as network monitoring and performance management, etc. With the undergoing deployment of IPv6, the importance of... more
As a crucial function of network management, network topology discovery provides a basis for lots of network analysis, such as network monitoring and performance management, etc. With the undergoing deployment of IPv6, the importance of precise topology discovery method in IPv6 networks becomes more and more evident. However, IPv6 network topology discovery faces new challenges due to different characteristics between IPv4 and IPv6, and the lack of well support of IPv6 related MIBs from device manufacturers in current state. At present, there are no well-accepted topology discovery methods for pure IPv6 networks with high accuracy, high coverage and less reliance on network configuration and device support. In this paper, we propose an IPv6 network topology discovery solution combining the advantages of two discovery methods, based on ICMP and routing protocol respectively. We model the mapping process of topology results from the two methods above into a graph mapping problem, which is the key point of the entire solution, and design novel mapping algorithms. We focus on the mapping coverage and accuracy and validate the mapping algorithms by large scale simulation. We also implement and test the proposed algorithms on the real network CERNET2. The experiments and simulation results verify the practicability and excellent performance of our solutions, with 100% discovery accuracy and over 99% discovery coverage while spending less time and producing lower overhead.
Research Interests:
Research Interests:
Research Interests:
Trends in the network management product industry are to incrementally enhance traditional centralized management systems with Web-based user interfaces, which mainly resolve the distributed information browsing. Some of the main... more
Trends in the network management product industry are to incrementally enhance traditional centralized management systems with Web-based user interfaces, which mainly resolve the distributed information browsing. Some of the main deficiencies of such systems are their inability to carry out real-time event processing and alarm, and their security. So we believe pure and integrated Web-based network management means more. In
Research Interests:
Research Interests:
Research and promotion of next generation Internet have drawn attention of researchers in many countries. In USA, FIND initiative takes a clean-slate approach. In EU, EIFFEL think tank concludes that both clean slate and evolutionary... more
Research and promotion of next generation Internet have drawn attention of researchers in many countries. In USA, FIND initiative takes a clean-slate approach. In EU, EIFFEL think tank concludes that both clean slate and evolutionary approach are needed. While in China, researchers and the country are enthusiastic on the promotion and immediate deployment of IPv6 due to the imminent problem of IPv4 address exhaustion. Since 2003, China launched a strategic programme called China Next Generation Internet (CNGI). China is expecting that Chinese industry is better positioned on future Internet technologies and services than it was for the first generation. Under the support of CNGI grant, China Education and Research Network (CERNET) started to build an IPv6-only network, i.e. CNGI-CERNET2. Currently it provides IPv6 access service for students and staff in many Chinese universities. In this article, we will introduce the CNGI programme, the architecture of CNGI-CERNET2, and some aspec...
Research Interests:
ABSTRACT Our understanding of IPv6 traffic cannot keep up with the growth of IPv6 traffic. Unraveling the characteristics of traffic is essential for network scale expansion, network technology selection, network management and security... more
ABSTRACT Our understanding of IPv6 traffic cannot keep up with the growth of IPv6 traffic. Unraveling the characteristics of traffic is essential for network scale expansion, network technology selection, network management and security enhancement. In this paper, we conduct a comprehensive study of IPv6 traffic based on the packet-level traces of a nation-wide pure IPv6 network – CERNET2, and track user behaviors in 6TUNET, one of the largest campus network in CERNET2, by binding IP address with user name. We first analyze the usage and development of IPv6 network, especially user behaviors and new technologies, e.g. the efficiency of fine-grained source address validation technology which is widely deployed in CERNET2. Then we investigate the distribution of the aggregate traffic and the results reveal that traffic distribution is highly skewed among protocols, ports, applications and hosts. We pay particular attention to dominating protocols, ports, applications and hosts, as well as special protocols of IPv6 network, e.g. the usage of extension headers, which supplement the simplified basic header of IPv6. At last, we model the skewness in traffic distribution and present the dynamics of the traffic from the aspects of traffic prediction and inference. Based on the analysis, we obtain a comprehensive knowledge of IPv6 traffic which, we believe, can provide an experimental basis for IPv6 network operators and researchers.
Research Interests:
Research Interests:
Research Interests:
For network fault management, we present a new technique that is based on on-line monitoring of networks with link state routing protocols, such as OSPF (open shortest path first) and integrated IS-IS. Our approach employs an agent that... more
For network fault management, we present a new technique that is based on on-line monitoring of networks with link state routing protocols, such as OSPF (open shortest path first) and integrated IS-IS. Our approach employs an agent that monitors the on-line information of the network link state database, analyzes the events generated by network faults for event correlation, and detects
Research Interests:
Research Interests:
For network fault management, we present a new technique that is based on on-line monitoring of networks with link state routing protocols, such as OSPF (open shortest path first) and integrated IS-IS. Our approach employs an agent that... more
For network fault management, we present a new technique that is based on on-line monitoring of networks with link state routing protocols, such as OSPF (open shortest path first) and integrated IS-IS. Our approach employs an agent that monitors the on-line information of the network link state database, analyzes the events generated by network faults for event correlation, and detects
Research Interests:
Recently, the cloud systems face an increasing number of big data applications. It becomes an important issue for the cloud providers to allocate resources so as to accommodate as many of these big data applications as possible. In... more
Recently, the cloud systems face an increasing number of big data applications. It becomes an important issue for the cloud providers to allocate resources so as to accommodate as many of these big data applications as possible. In current cloud service, e.g., Amazon EMR, a job runs on a fixed cluster. This means that a fixed amount of resources (e.g. CPU, memory) is allocated to the life cycle of this job. We observe that the resources are inefficiently used in such services because of resources usage unbalance. Therefore, we propose a runtime elastic VM approach where the cloud system can increase or decrease the number of CPUs at different time periods for the jobs. There is little change to such services as Amazon EMR, yet the cloud system can accommodate many more jobs. In this paper, we first present a measurement study to show the feasibility and the quantitative impact of adjusting VM configurations dynamically. We then model the task and job completion time of big data appl...
Research Interests:
Recently, the cloud systems face an increasing number of big data applications. It becomes an important issue for the cloud providers to allocate resources so as to accommodate as many of these big data applications as possible. In... more
Recently, the cloud systems face an increasing number of big data applications. It becomes an important issue for the cloud providers to allocate resources so as to accommodate as many of these big data applications as possible. In current cloud service, e.g., Amazon EMR, a job runs on a fixed cluster. This means that a fixed amount of resources (e.g. CPU, memory) is allocated to the life cycle of this job. We observe that the resources are inefficiently used in such services because of resources usage unbalance. Therefore, we propose a runtime elastic VM approach where the cloud system can increase or decrease the number of CPUs at different time periods for the jobs. There is little change to such services as Amazon EMR, yet the cloud system can accommodate many more jobs. In this paper, we first present a measurement study to show the feasibility and the quantitative impact of adjusting VM configurations dynamically. We then model the task and job completion time of big data appl...
Research Interests:
Network anomalies have been a serious challenge for the Internet nowadays. In this paper, two new metrics, IGTE (Inter-group Traffic Entropy) and IGFE (Inter-group Flow Entropy), are proposed for network anomaly detection. It is observed... more
Network anomalies have been a serious challenge for the Internet nowadays. In this paper, two new metrics, IGTE (Inter-group Traffic Entropy) and IGFE (Inter-group Flow Entropy), are proposed for network anomaly detection. It is observed that IGTE and IGFE are highly correlated and usually change synchronously when no anomaly occurs. However, once anomalies occur, this highly linear correlation would be destroyed. Based on this observation, we propose a linear regression model built upon IGTE and IGFE, to detect the network anomalies. We use both CERNET2 netflow data and synthetic data to validate the regression model and its corresponding detection method. The results show that the regression-based method works well and outperforms the well known wavelet-based detection method.
Research Interests:
Machine learning (ML) techniques have been increasingly used in anomaly-based network intrusion detection systems (NIDS) to detect unknown attacks. However, ML has shown to be extremely vulnerable to adversarial attacks, aggravating the... more
Machine learning (ML) techniques have been increasingly used in anomaly-based network intrusion detection systems (NIDS) to detect unknown attacks. However, ML has shown to be extremely vulnerable to adversarial attacks, aggravating the potential risk of evasion attacks against learning-based NIDSs. In this situation, prior studies on evading traditional anomaly-based or signature-based NIDSs are no longer valid. Existing attacks on learning-based NIDSs mostly focused on feature-space and/or white-box attacks, leaving the study on practical gray/black-box attacks largely unexplored. To bridge this gap, we conduct the first systematic study of the practical traffic-space evasion attack on learning-based NIDSs. We outperform the previous work in the following aspects: (1) practical---instead of directly modifying features, we provide a novel framework to automatically mutate malicious traffic with extremely limited knowledge while preserving its functionality; (2) generic---the propos...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
DDoS flooding attack is one of the top threats to the Internet. However, due to the fast development of the Internet, current detection algorithms are already inadequate to meet the growth of network traffic. In this paper, we propose a... more
DDoS flooding attack is one of the top threats to the Internet. However, due to the fast development of the Internet, current detection algorithms are already inadequate to meet the growth of network traffic. In this paper, we propose a lightweight algorithm. We first observe the real Internet traffic, and find that flows of DDoS flooding attack traffic are persistent and synchronous while most flows of normal traffic are short-lived and non- synchronous. According to this difference, we propose our detection algorithm. We label the alarms firstly and then confirm the attack. Our algorithm is lightweight and sensitive to the ongoing attack. However, randomly spoofing the IP address of the attack source to different IP addresses can hide the synchronization of attack flows. Thus, we add a spoofing IP detection algorithm called hop-count filter (HCF) to our algorithm to strengthen the robustness. At last, we evaluate our detection algorithm based on the real Internet traffic from CAIDA. Results show that our detection algorithm has a high accuracy (93.3%), no false positive in attack confirmation and just 1.1% false positive rate in labeling alarms. In addition, we analyze the challenges we may face when dealing with distributed LDoS attack.
Research Interests:
Due to network dynamics, performance tuning is often indispensable in network management. In this paper, we propose MOE, a framework integrating network performance monitoring, optimization and evaluation. This is a trial towards the... more
Due to network dynamics, performance tuning is often indispensable in network management. In this paper, we propose MOE, a framework integrating network performance monitoring, optimization and evaluation. This is a trial towards the top-down and systematic management of network performance. We validate MOE based on a typical scenario in the real network environment. Results show that MOE can collect many kinds of network information, based on which it could conduct performance tuning automatically. In addition, MOE has the ability of evaluating the effect during and after performance tuning. Evaluation results are further analyzed and could fed back to provide positive advices to minimize the influence caused by network adjustments and maximize the performance profits.
Research Interests:
PCA-subspace method has been proposed for network-wide anomaly detection. Normal subspace contamination is still a great challenge for PCA although some methods are proposed to reduce the contamination. In this paper, we apply... more
PCA-subspace method has been proposed for network-wide anomaly detection. Normal subspace contamination is still a great challenge for PCA although some methods are proposed to reduce the contamination. In this paper, we apply PCA-subspace method to six-month Origin-Destination (OD) flow data from the Abilene. The result shows that normal subspace contamination is mainly caused by anomalies from a few strongest OD flows, and seems unavoidable for subspace method. Further comparison of anomalies detected by subspace method and manually tagged anomalies from each OD flows, we find that anomalies detected by subspace method are mainly caused by anomalies from medium and a few large OD flows, and most anomalies of minor OD flows are buried in abnormal subspace and hard to be detected by PCA-subspace method. We analyze the reason for those anomalies undetected by subspace method and suggest to use normal subspace to detect anomalies caused by a few strongest OD flows, and to further divide abnormal subspace to detect more anomalies from minor OD flows. The goal of this paper is to address limitations neglected by prior works and further improve the subspace method on one hand, also call for novel detection methods for network-wide traffic on another hand.
Research Interests:
Research Interests:
ABSTRACT With IPv4 addresses quickly dwindling, the Internet is forcing an evolution of itself. During the long term transition from IPv4 to IPv6, what's going on in IPv6 world becomes unknown for network operators and... more
ABSTRACT With IPv4 addresses quickly dwindling, the Internet is forcing an evolution of itself. During the long term transition from IPv4 to IPv6, what's going on in IPv6 world becomes unknown for network operators and researchers. In this paper, we propose a heuristic algorithm to identify p2p traffic accurately and implement traffic classification based on Netflow v9 exports to illustrate what applications Chinese IPv6 users are really running. Additionally, we present a detailed study of p2p traffic over IPv6 and advice ISPs to localize p2p traffic at the AS level for future IPv6 traffic management and network resources planning, leaving modeling traffic behavior and deeper classification of IPv6 traffic as our future work.
Research Interests:
In this paper, we present a statistical analysis of six traffic features based on entropy and distinct feature number at the packet level, and we find that, although these traffic features are unstable and show seasonal patterns like... more
In this paper, we present a statistical analysis of six traffic features based on entropy and distinct feature number at the packet level, and we find that, although these traffic features are unstable and show seasonal patterns like traffic volume for a long period, they are stable and consistent with Gaussian distribution in a short time period. However, this equilibrium property will be violated by some anomalies. Based on this observation, we propose a Multi-dimensional Clustering method for Short-time scale Traffic(MCST) to classify abnormal and normal traffic. We compare our new method to the well known wavelet technique. The detection result on synthetic anomaly traffic shows MCST can better detect the low-rate attacks than wavelet-based method, and detection result on real traffic demonstrates that MCST can detect more anomalies with low false alarm rate.
Research Interests:
ABSTRACT Monitoring inter-domain route timely and dynamically is a hard issue. The paper introduces a BGP passive model, and analyzes the possible BGP network events above the established model, proposes a novel approach to monitor BGP... more
ABSTRACT Monitoring inter-domain route timely and dynamically is a hard issue. The paper introduces a BGP passive model, and analyzes the possible BGP network events above the established model, proposes a novel approach to monitor BGP network and analyzes BGP dynamics based on the BGP routing interaction. A monitor agent (MA) partially implementing BGP protocol engine is introduced, so that it can listen and receive BGP routing update message by peering with any BGP speaker in the managed BGP network. Based on the collected routing information, the MA can re-construct the BGP topology, and dynamically reflect the topology change triggered by the incoming routing update message, and analyze the BGP network route flap with the inter-arrival time. Comparing with conventional approaches, the proposed approach has better feature in timeliness and dynamicity, and lower overhead incurring in both network and routers.
Research Interests:
Feeds are user-generated contents or actions in online social network (OSN). Users generate feeds for self-expression and view feeds generated by friends. In this paper, we try to analyze activities of users in one OSN by exploring two... more
Feeds are user-generated contents or actions in online social network (OSN). Users generate feeds for self-expression and view feeds generated by friends. In this paper, we try to analyze activities of users in one OSN by exploring two aspects: whether users are becoming inactive in generating feeds, and how these inactive users affect the feeds received by other users and thus cause collapse of the whole social network. We study the life cycle and feed inter-event time of users in a community of RenRen, and find that more and more users are decreasing the activity in generating feeds and as a result it causes the decrease of velocity and diversity of feeds received by users. Our simulation shows when 30% of users become inactive in generating feeds, the whole community will be affected and collapse in a short time.
Research Interests:
Research Interests:
Anomaly detection has been a hot topic in recent years due to its capability of detecting zero attacks. In this paper, we propose a new on-line anomaly detection method based on LMS algorithm. The basic idea of the LMS-based detector is... more
Anomaly detection has been a hot topic in recent years due to its capability of detecting zero attacks. In this paper, we propose a new on-line anomaly detection method based on LMS algorithm. The basic idea of the LMS-based detector is to predict IGTE using IGFE, given the high linear correlation between them. Using the artificial synthetic data, it is shown that the LMS-based detector possesses strong detection capability, and its false positive rate is within acceptable scope.