rlss
   | Home | Current Projects | Real-Time Systems | Secure Systems
 

Secure Computing and Communication

Today, many networking and distributed systems are highly vulnerable to faults or attacks, which can compromise the system performance, corrupt important data, or expose private information. Research on secure computing and communication has gained more and more attention and its major goal is to make systems more sustainable, secure and trustworthy. In our research, we investigated secure computing and communication issues, such as defending against distributed denial-of-service attacks, analyzing and enhancing resilience of peer-to-peer systems, and preserving privacy in data mining.

Defending against Distributed Denial-of-Service Attacks

A Distributed Denial of Service (DDoS) attack is one in which many compromised machines attack a server, thereby causing denial of service for users of the targeted server. DDoS attacks are currently major threats to the Internet. A recent approach to protect communication from DDoS attacks involved the usage of overlay systems. The overlay system served as an intermediate forwarding system between the clients and the server, where the system typically had a fixed architecture that employed a set of overlay nodes controlling access to the server. Although such system performed well under random DDoS attacks, we observed that it was vulnerable under more intelligent attacks. We defined several intelligent DDoS attack models and developed analytical/simulation approaches to study the impact of architectural design features on the system performance in terms of path availability between clients and the server. Our observations provided important guidelines in the design of such secure overlay forwarding system. In addition, we designed a gateway-based defense system, where deployed gateway devices coordinately performed the desired countermeasure functions including detection of DDoS attacks and access control of network traffic.

  1. D. Xuan, S. Chellappan, X. Wang, and S. Wang, "Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks," in Proc. IEEE International Conference on Distributed Computing Systems (ICDCS), March 2004.
  2. D. Xuan, S. Wang, Y. Zhu, R. Bettati, and W. Zhao, "A Gateway-based Defense System for Distributed Denial-of-Service Attacks in High-Speed Networks," to appear in IEEE Transactions on System, Man, and Cybernetics (TSMC).

Analyzing and Enhancing Resilience of Peer-to-Peer Systems

Peer-to-Peer (P2P) has rapidly evolved and emerged as a promising new paradigm for distributed computing. All existing P2P systems are built using application-layer overlays on top of the Internet. Due to the transient nature of users or in the presence of malicious users, the resilience of routing to failures and attacks is a very important issue. We proposed a Markov-chain-based approach to analyze the resilience to failures and attacks of P2P systems. The resilience was measured in terms of the average path length and the hit ratio. We applied our method to existing P2P systems and analyzed their performance in terms of resilience. Based on our observations from theoretical analysis and the small-world phenomenon, we introduced the short-cut links into P2P systems to improve the resilience to failures and attacks of P2P systems.

  1. S. Wang and D. Xuan, "A Markov-Chain Based Analytical Approach to Resilience of Structured P2P Systems," in the poster session of IEEE International Conference on Distributed Computing Systems (ICDCS), May 2003.
  2. S. Wang, D. Xuan, and W. Zhao, "On Resilience of Structured Peer-to-Peer Systems," in Proc. IEEE Global Communications Conference (GLOBECOM), December 2003.
  3. S. Wang, D. Xuan, and W. Zhao, " Analyzing and Enhancing the Resilience of Structured Peer-to-Peer Systems," in Journal of Parallel and Distributed Computing (JPDC), Vol. 65, No. 2, pp. 207-219, February 2005.

Preserving Privacy in Data Mining

The goal of data mining is to extract interesting patterns from a large amount of data. Traditional data mining algorithms deal with centralized data. Recently, a number of applications on the Internet lead to a need for mining distributed data. In this circumstance, a privacy concern arises from the distributed data providers. The main objective in privacy-preserving data mining is to develop algorithms for modifying the original data in some way, so that the private data and private knowledge remain private even after the mining process. The literature had tacitly assumed that randomization on the original data is the only effective approach to preserving privacy. We challenged this assumption by introducing an algebraic-techniques-based scheme. Compared to previous approaches, our new scheme could help obtain more accurate data mining results but disclose less private information. Furthermore, our new scheme could be readily integrated as a middleware with existing systems.

  1. N. Zhang, S. Wang, and W. Zhao, "A New Scheme on Privacy Preserving Association Rule Mining," in Proc. European Conference on Principles and Practice of Knowledge Discovery in Databases (PKDD), September 2004.
  2. N. Zhang, S. Wang, and W. Zhao, "On A New Scheme on Privacy Preserving Data Classification," in Proc. ACM International Conference on Knowledge Discovery and Data Mining (SIGKDD), August 2005.
  3. N. Zhang, S. Wang, and W. Zhao, "A New Scheme on Privacy Preserving Data Mining," submitted for journal publication.