Searching for widespread events in large networks is a fundamental function that underlies many important applications of distributed anomaly detection, traffic measurement, online data mining, etc. This function can be performed by a cooperative monitoring system consisting of a central coordinator and a number of monitors that are deployed at a set of vantage points. We formulate a network primitive function, called multi-monitor joint detection, which is to find the common events observed by all or a given subset of monitors during each measurement period. It is a challenging problem because large-scale cooperative monitoring can generate tremendous communication overhead. Therefore, it is critical to design a solution for multi-monitor joint detection which controls communication overhead to a low level. We thoroughly examine existing techniques that may be applied, and identify their performance limitations. We then propose two new techniques, called combinable filters and progressive filtering, which address the performance limitations from different angles. We formally prove the correctness of our new solutions based on a probabilistic joint detection model. Numerical evaluation shows that our best solution achieves an overhead reduction in the range of 63% to 91% over the Bloom filter solution under various simulation settings when the number of monitors is 10 or more.

Zhiping Cai;Min Chen;式刚 陈;Yan Qiao

2016-3-18

Application-level multicast is a promising alternative to IP multicast due to its independence to the IP routing infrastructure and its flexibility in constructing the delivery trees. The existing overlay multicast systems either support a single data source or have high maintenance overhead when multiple sources are allowed. They are inefficient for applications that require any-source multicast with varied host capacities and dynamic membership. This paper proposes ACOM, an any-source overlay multicast system, consisting of three distributed multicast algorithms on top of a non-DHT overlay network with simple structures (random overlay with a non-DHT ring) that are easy to manage as nodes join and depart. The nodes have different capacities, and they can support different numbers of direct children during a multicast session. No explicit multicast trees are maintained on top of the overlay. The distributed execution of the algorithms naturally defines an implicit, roughly-balanced, capacity-constrained multicast tree for each source node. We prove that the system can deliver a multicast message from any source to all nodes in expected O(logc n) hops, which is asymptotically optimal, where c is the average node capacity and n is the number of members in a multicast group.

Shiping Chen;Baile Shi;式刚 陈;Ye Xia

IEEE Transactions on Parallel and Distributed Systems

2007-9

Computing constrained shortest paths is fundamental to some important network functions such as QoS routing, MPLS path selection, ATM circuit routing, and traffic engineering. The problem is to find the cheapest path that satisfies certain constraints. In particular, finding the cheapest delay-constrained path is critical for real-time data flows such as voice/video calls. Because it is NP-complete, much research has been designing heuristic algorithms that solve the ε-approximation of the problem with an adjustable accuracy. A common approach is to discretize (i.e., scale and round) the link delay or link cost, which transforms the original problem to a simpler one solvable in polynomial time. The efficiency of the algorithms directly relates to the magnitude of the errors introduced during discretization. In this paper, we propose two techniques that reduce the discretization errors, which allows faster algorithms to be designed. Reducing the overhead of computing constrained shortest paths is practically important for the successful design of a high-throughput QoS router, which is limited at both processing power and memory space. Our simulations show that the new algorithms reduce the execution time by an order of magnitude on power-law topologies with 1000 nodes. The reduction in memory space is similar.

式刚 陈;Meongchul Song;Sartaj Sahni

IEEE/ACM Transactions on Networking

2008-2

In this paper, we consider an important problem of privacy-preserving point-to-point traffic volume measurement in vehicular cyber physical systems (VCPS), whose focus is utilizing VCPS to enable automatic traffic data collection, and measuring point-to-point traffic volume while preserving the location privacy of all participating vehicles. The novel scheme that we propose tackles the efficiency, privacy, and accuracy problems encountered by previous solutions. Its applicability is demonstrated through both mathematical and numerical analysis. The simulation results also show its superior performance.

Yian Zhou;式刚 陈;Zhen Mo;Qingjun Xiao

2015-7-22

Managing the security of enterprise networks has emerged to be a critical problem in the era of Internet economy. Arising as a leading threat, worms repetitively caused enormous damage to the Internet community during the past years. A new security service that monitors the ongoing worm activities on the Internet will greatly contribute to the security management of modern enterprise networks. This paper proposes an Internet-worm early warning system that automatically detects concerted scan activities and derives possible signatures of worm attacks. Its goal is to issue warning at the early stage of worm propagation and to provide necessary information for security analysts to control the damage. It reduces false positives by filtering out false scan sources. The system is locally deployable or can be codeployed amongst a group of enterprise networks. We provide both analytical and simulation studies on the responsiveness of this early warning system.

式刚 陈;Sanjay Ranka

IEEE Journal on Selected Areas in Communications

2005-10

An integral part of any social or medical research is the availability of reliable data. For the integrity of participants'responses, a secure environment for collecting sensitive data is required. This paper introduces a novel privacy-preserving data collection method: collusion resistant multi-matrix masking (CRM3). The CRM3 method requires multiple masking service providers (MSP), each generating its own random masking matrices. The key step is that each participant's data is randomly decomposed into the sum of component vectors, and each component vector is sent to the MSPs for masking in a different order. The CRM3 method publicly releases two sets of masked data: one being right multiplied by random invertible matricesand the other being left multiplied by random orthogonalmatrices. Both MSPs and the released data may be hosted on cloud platforms. Our data collection and release procedure is designed so that MSPs and the data collector are not able to derive the original participants' data hence providing strong privacy protection. However, statistical inference on parameters of interest will produce exactly the same results from the masked data as from the original data, under commonly used statistical methods such as general linear model, contingency table analysis, logistic regression, and Cox proportional hazard regression.

Samuel S. Wu;式刚 陈;Abhishek Bhattacharjee;Ying He

2017-7-13

On the one hand, edge computing has the advantage of distributing the load to the edges of a computer network. Local computation at the edge is bandwidth-efficient and anonymous. On the other hand, cloud computing is the choice when it comes to computationally demanding tasks and big data. In this paper, we argue for edge-cloud computing (which blends the two together) with an experimental study on the impact of execution location on application performance. We answer the question of how to determine whether it should compute a task at the edge or on the cloud and what the criteria are. We analyze the factors of response time, memory space, data availability and privacy policy. We experimentally evaluate the impact of these factors on execution location based on a network visualizer software.

Dimitrios Melissourgos;Sishun Wang;式刚 陈;Youlin Zhang;Olufemi Odegbile;Yuanda Wang

2020-7

We study the power-aware buffering problem in battery-powered sensor networks, focusing on the fixed-size and fixed-interval buffering schemes. The main motivation is to address the yet poorly understood size variation-induced effect on power-aware buffering schemes. Our theoretical analysis elucidates the fundamental differences between the fixed-size and fixed-interval buffering schemes in the presence of data-size variation. It shows that data-size variation has detrimental effects on the power expenditure of the fixed-size buffering in general, and reveals that the size variation induced effects can be either mitigated by a positive skewness or promoted by a negative skewness in size distribution. By contrast, the fixed-interval buffering scheme has an obvious advantage of being eminently immune to the data-size variation. Hence the fixed-interval buffering scheme is a risk-averse strategy for its robustness in a variety of operational environments. In addition, based on the fixed-interval buffering scheme, we establish the power consumption relationship between child nodes and parent node in a static data-collection tree, and give an in-depth analysis of the impact of child bandwidth distribution on the parent's power consumption. This study is of practical significance: it sheds new light on the relationship among power consumption of buffering schemes, power parameters of radio module and memory bank, data arrival rate, and data-size variation, thereby providing well-informed guidance in determining an optimal buffer size (interval) to maximize the operational lifespan of sensor networks.

Yibei Ling;Chung Min Chen;式刚 陈

ACM Transactions on Sensor Networks

2010-9

Background: Many HIV research projects are plagued by the high missing rate of selfreported information during data collection. Also, due to the sensitive nature of the HIV research data, privacy protection is always a concern for data sharing in HIV studies. Methods: This paper applies a data masking approach, called triple-matrix masking [1], to the context of HIV research for ensuring privacy protection during the process of data collection and data sharing. Results: Using a set of generated HIV patient data, we show step by step how the data are randomly transformed (masked) before leaving the patients’ individual data collection device (which ensures that nobody sees the actual data) and how the masked data are further transformed by a masking service provider and a data collector. We demonstrate that the masked data retain statistical utility of the original data, yielding the exactly same inference results in the planned logistic regression on the effect of age on the adherence to antiretroviral therapy and in the Cox proportional hazard model for the age effect on time to viral load suppression. Conclusion: Privacy-preserving data collection method may help resolve the privacy protection issue in HIV research. The individual sensitive data can be completely hidden while the same inference results can still be obtained from the masked data, with the use of common statistical analysis methods.

Qinglin Pei;式刚 陈;Yao Xiao;Samuel S. Wu

Current HIV Research

2016-3-1

Due to the open nature of a sensor network, it is relatively easy for an adversary to eavesdrop and trace packet movement in the network in order to capture the receiver physically. After studying the adversary's behavior patterns, we present countermeasures to this problem. We propose a locationprivacy routing protocol (LPR) that is easy to implement and provides path diversity. Combining with fake packet injection, LPR is able to minimize the traffic direction information that an adversary can retrieve from eavesdropping. By making the directions of both incoming and outgoing traffic at a sensor node uniformly distributed, the new defense system makes it very hard for an adversary to perform analysis on locally gathered information and infer the direction to which the receiver locates. We evaluate our defense system based on three criteria: delivery time, privacy protection strength, and energy cost. The simulation results show that LPR with fake packet injection is capable of providing strong protection for the receiver's location privacy. Under similar energy cost, the safe time of the receiver provided by LPR is much longer than other methods, including Phantom routing [1] and DEFP [2]. The performance of our system can be tuned through a couple of parameters that determine the tradeoff between energy cost and the strength of location-privacy protection.

Ying Jian;式刚 陈;Zhan Zhang;Liang Zhang

2007