1,721,123 research outputs found
Mobius: Packet Re-processing Hardware Architecture for Rich Policy Handling on a Network Processor
No full textNetwork devices generally handle traffic with predefinedpolicies that describe the operation of packets. Since these policies explain network operation, the number of policies in network devices naturally increases as the scale of a network. Unfortunately, processing a large number of policies may lead to performance loss; Although many policies can be stored in memory, a network processor in a network device can only handle a limited number of policies at once so that the policies should be divided and processed into several groups. Thus, the processing time for one packet will be delayed, and it can fill up an input buffer of the device and drop packets. However, improving a processor that supports large capacity is not an efficient way because it also increases the cost of the processor. To address these challenges, we propose a hardware architecture for network processors called Mobius. It allows a processor to re-process packets n more times with different policies by utilizing the idle resources of the processor caused by the propagation time of packets on a wire. Consequently, Mobius extends the capacity of the processor at a low-cost so that more policies can be processed for packets without performance loss. We implement the prototype of Mobius using NetFPGA-SUME and our evaluation demonstrates that Mobius achieves a line-rate throughput with a tiny latency overhead. A comparison with other network processor models shows that Mobius exhibits a similar performance but is more economical.
Verikube: Automatic and Efficient Verification for Container Network Policies
No full textRecently, Linux Container has been the de-facto standard for a cloud system, enabling cloud providers to create a virtual environment in a much more scaled manner. However, configuring container networks remains immature and requires automatic verification for efficient cloud management. We propose Verikube, which utilizes a novel graph structure representing policies to reduce memory consumption and accelerate verification. Moreover, unlike existing works, Verikube is compatible with the complex semantics of Cilium Policy which a cloud adopts from its advantage of performance. Our evaluation results show that Verikube performs at least seven times better for memory efficiency, at least 1.5 times faster for data structure management, and 20K times better for verification.
Efficient Network Administration for Smart Grid Data Center
No full textNowadays, the smart grid systems, which are intelligent electrical grid systems, are being installed in the real world. According to the statistics, about 79 million Advanced Metering Infrastructure is deployed in the United States and these devices generate terabytes to petabyte levels of electricity data. As IT technology developed, the energy provider can get beneficial information by processing the data in the way such as Machine Learning or Deep Learning. So smart grid administrator utilizes a data center to store the energy data and to process them. The amount of power data is increasing rapidly and the type of power data becoming more and more diverse. In addition, as computing power improves, a lot of advantageous applications such as blackout prediction is developed. In the smart grid, the importance of the data center becomes higher and higher. However, the traditional data center is designed in strict. Because the traditional data centers are designed by vendors, the operations of each component of centers are ineffective on the smart grid system. So in this paper, we applied the Software-Defined Data Center, which controls the data center in a virtualized and programmable manner, to operate the data in a more flexible and interoperable way
Witnessing Erosion of Membership Inference Defenses: Understanding Effects of Data Drift in Membership Privacy
No full textData drift is the phenomenon when the input data distribution in testing time is different from the training time. This strengthens the generalization gap in a model, which is known to severely deteriorate the model’s performance. Meanwhile, previous studies state that membership inference attacks (MIA) take advantage of the generalization gap of a machine learning model. By transitive logic, we can deduce that data drift would affect these privacy attacks. In this work, we consider data drift when applied to the privacy threat of MIA. As the first work to explore the detrimental extent of data drift on membership privacy, we conduct a literature review on current MIA defense works under selected dimensions associated with data drift. Our study reveals that not only has data drift never been tested in MIA defense, but there is also no infrastructure to juxtapose data drift with MIA defense. We overcome this by proposing a design for simulating authentic and synthetic data drift and evaluate the benchmark MIA defense methods on various settings. The evaluation shows that data drift strongly enhances the attack success rate of MIA, regardless of defense. In this, we propose MIAdapt, a proof of concept of a MIA defense that allows update in data drift. From this evaluation, we provide security insight into possible solutions in negating the effects of data drift. We hope our work brings attention to the threat of data drift and instigates the development of MIA defense that are adaptable to data drift
ASTRAEA: Towards an effective and usable application permission system for SDN
No full textToday, Software-defined networking (SDN), which decouples the control plane from the data plane, has quickly emerged as a new promising networking architecture. In SDN, a centralized control plane (a.k.a., SDN controller) manages the entire network; hence, the security of this control plane has become increasingly important. One of the critical security issues, recently raised, is that an SDN application can unrestrictedly access SDN resources, manipulate the operations of an SDN controller, and finally destroy the network. To address this issue, researchers have proposed permission-based access control models for an SDN controller, and well-known SDN controllers have recently started employing these ideas. However, permission-based access control mechanisms can be evaded by excessively/insufficiently privileged applications (i.e., permission gap), and SDN controllers employing such mechanisms are no exception. In addition, it is possible that the permissions required for an application are not clearly presented to an administrator (i.e., semantic gap). Since an SDN controller directly manages a network, the damage caused by this problem would be much more serious. To address this issue, in this paper, we introduce a novel and usable security mechanism called ASTRAEA that can effectively help SDN operators avoid such potentially dangerous SDN applications. (C) 2019 Published by Elsevier.B.V.
Evolving Bots: The New Generation of Comment Bots and their Underlying Scam Campaigns in YouTube
No full textThis paper presents a pioneering investigation into a novel form of scam advertising method on YouTube, termed "social scam bots'' (SSBs). These bots have evolved to emulate benign user behavior by posting comments and engaging with other users, oftentimes appearing prominently among the top rated comments. We analyzed the YouTube video comments and proposed a method to identify SSBs and extract the underlying scam domains. Our study revealed 1,134 SSBs promoting 72 scam campaigns responsible for infecting 31.73% of crawled videos. Further investigation revealed that SSBs exhibit advances that surpass traditional bots. Notably, they targeted specific audience by aligning scam campaigns with related video content, effectively leveraging the YouTube recommendation algorithm. We monitored these SSBs over a period of six months, enabling us to evaluate the effectiveness of YouTube's mitigation efforts. We also uncovered various strategies they use to evade mitigation attempts, including a novel strategy called "self-engagement,"aimed at boosting their comment ranking. By shedding light on the phenomenon of SSBs and their evolving tactics, our study aims to raise awareness and contribute to the prevention of these malicious actors, ultimately fostering a safer online platform
분산 소프트웨어 정의 네트워크 제어 평면의 보안을 위한 프로토콜 상태 퍼징 방법 및 그 시스템
No full textA protocol state fuzzing method for security of a control plane of a distributed software-defined network is provided. The protocol state fuzzing method includes receiving input alphabets being abstract symbols of a protocol message in an ambusher of a distributed network operating system (NOS), converting the input alphabets into the protocol message, and sending the protocol message to a cluster, monitoring, by the cluster, intercommunication between instances in the distributed NOS, and selecting a set of sequences executable in the cluster and searching a cluster log for an output by executing the sequence to generate an attack result
Obliviate: Neutralizing Task-agnostic Backdoors within the Parameter-efficient Fine-tuning Paradigm
No full text- …
