Secure Computing and Communication
Today, many networking and distributed systems are
highly vulnerable to faults or attacks, which can compromise the system
performance, corrupt important data, or expose private information.
Research on secure computing and communication has gained more and more
attention and its major goal is to make systems more sustainable,
secure and trustworthy. In our research, we investigated secure
computing and communication issues, such as defending against
distributed denial-of-service attacks, analyzing and enhancing
resilience of peer-to-peer systems, and preserving privacy in data
mining.
Defending against Distributed Denial-of-Service
Attacks
A Distributed Denial of Service (DDoS) attack is one
in which many compromised machines attack a server, thereby causing
denial of service for users of the targeted server. DDoS attacks are
currently major threats to the Internet. A recent approach to protect
communication from DDoS attacks involved the usage of overlay systems.
The overlay system served as an intermediate forwarding system between
the clients and the server, where the system typically had a fixed
architecture that employed a set of overlay nodes controlling access to
the server. Although such system performed well under random DDoS
attacks, we observed that it was vulnerable under more intelligent
attacks. We defined several intelligent DDoS attack models and
developed analytical/simulation approaches to study the impact of
architectural design features on the system performance in terms of
path availability between clients and the server. Our observations
provided important guidelines in the design of such secure overlay
forwarding system. In addition, we designed a gateway-based defense
system, where deployed gateway devices coordinately performed the
desired countermeasure functions including detection of DDoS attacks
and access control of network traffic.
- D. Xuan, S. Chellappan, X. Wang, and S. Wang, "Analyzing
the Secure Overlay Services Architecture under Intelligent DDoS Attacks,"
in Proc. IEEE International Conference on Distributed
Computing Systems (ICDCS), March 2004.
- D. Xuan, S.
Wang, Y. Zhu, R. Bettati, and W. Zhao, "A
Gateway-based Defense System for Distributed Denial-of-Service Attacks
in High-Speed Networks," to appear in IEEE
Transactions on System, Man, and Cybernetics (TSMC).
Analyzing and Enhancing Resilience of Peer-to-Peer
Systems
Peer-to-Peer (P2P) has rapidly evolved and emerged as
a promising new paradigm for distributed computing. All existing P2P
systems are built using application-layer overlays on top of the
Internet. Due to the transient nature of users or in the presence of
malicious users, the resilience of routing to failures and attacks is a
very important issue. We proposed a Markov-chain-based approach to
analyze the resilience to failures and attacks of P2P systems. The
resilience was measured in terms of the average path length and the hit
ratio. We applied our method to existing P2P systems and analyzed their
performance in terms of resilience. Based on our observations from
theoretical analysis and the small-world phenomenon, we introduced the
short-cut links into P2P systems to improve the resilience to failures
and attacks of P2P systems.
- S. Wang
and D. Xuan, "A
Markov-Chain Based Analytical Approach to Resilience of Structured P2P
Systems," in the poster session of IEEE
International Conference on Distributed Computing Systems (ICDCS),
May 2003.
- S. Wang,
D. Xuan, and W. Zhao, "On
Resilience of Structured Peer-to-Peer Systems," in Proc.
IEEE Global Communications Conference (GLOBECOM), December
2003.
- S. Wang,
D. Xuan, and W. Zhao, "
Analyzing and Enhancing the Resilience of Structured Peer-to-Peer
Systems," in Journal of Parallel and Distributed
Computing (JPDC), Vol. 65, No. 2, pp. 207-219, February 2005.
Preserving Privacy in Data Mining
The goal of data mining is to extract interesting
patterns from a large amount of data. Traditional data mining
algorithms deal with centralized data. Recently, a number of
applications on the Internet lead to a need for mining distributed
data. In this circumstance, a privacy concern arises from the
distributed data providers. The main objective in privacy-preserving
data mining is to develop algorithms for modifying the original data in
some way, so that the private data and private knowledge remain private
even after the mining process. The literature had tacitly assumed that
randomization on the original data is the only effective approach to
preserving privacy. We challenged this assumption by introducing an
algebraic-techniques-based scheme. Compared to previous approaches, our
new scheme could help obtain more accurate data mining results but
disclose less private information. Furthermore, our new scheme could be
readily integrated as a middleware with existing systems.
- N. Zhang, S.
Wang, and W. Zhao, "A
New Scheme on Privacy Preserving Association Rule Mining," in
Proc. European Conference on Principles and
Practice of Knowledge Discovery in Databases (PKDD),
September 2004.
- N. Zhang, S.
Wang, and W. Zhao, "On
A New Scheme on Privacy Preserving Data Classification," in Proc.
ACM International Conference on Knowledge Discovery and Data Mining
(SIGKDD), August 2005.
- N. Zhang, S.
Wang, and W. Zhao, "A New Scheme on Privacy
Preserving Data Mining," submitted for journal publication.
|