SaTC: CORE: Small: Hybrid Capability-Enforcement for Endpoint-Driven Traffic Control

SaTC：核心：小型：端点驱动流量控制的混合能力实施

• 批准号: 1717313
• 负责人: Yih-Chun Hu
• 金额: $ 50万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1717313&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Hybrid; Capability

The Internet has become a societally transformative technology. Because the design of the Internet allows any Internet-connected device to send any amount of traffic to any other Internet-connected device, attackers can send large volumes of traffic to a victim, overwhelming the ability of the network to carry legitimate traffic to the victim. When many different devices send such attack traffic in a coordinated manner, the attack is called a Distributed Denial-of-Service (DDoS) attack, and is difficult to filter in the current Internet architecture. This research investigates a new architecture for filtering DDoS attacks that is efficient, economical, and readily deployable. The proposed architecture aims to alleviate the burden of maintaining an Internet service in the presence of DDoS attacks, and to improve the availability of Internet services.The proposed architecture combines a filtering functionality deployed in the cloud with a network state estimation algorithm performed with the cooperation of the cloud and the victim server. Traffic is redirected to the cloud server using DNS; the cloud server then polices each sender's traffic according to a receiver-selected fair sharing policy. The fair sharing algorithm uses the bandwidth estimate derived from the network state estimator. The network state estimator uses capability feedback from the receiver to estimate the available bandwidth for fair-sharing. This research expands the proposed architecture to make it more secure, more effective at catching obvious Denial-of-Service attacks, and more robust against powerful adversaries. The research will also provide a more through evaluation of the proposed architecture. The work will advance the understanding of how incrementally-deployable approaches, deployed based on economic incentives rather than relying on altruistic deployments, can also provide strong properties. Specifically, it aims to develop and evaluate a collection of methods that when fully deployed would provide the same strengths as an approach like SIBRA, yet be incrementally deployable, providing benefits as each Internet entity deploys each individual mechanism.

互联网已成为一种具有社会变革性的技术。由于Internet的设计允许任何与Internet连接的设备向任何其他与Internet连接的设备一起发送任何流量，因此攻击者可以向受害者发送大量流量，从而压倒网络将合法流量运送到受害者的能力。当许多不同的设备以协调的方式发送此类攻击流量时，该攻击称为分布式拒绝服务（DDOS）攻击，并且在当前的Internet体系结构中很难过滤。这项研究调查了一种用于过滤DDOS攻击的新体系结构，该攻击效率高，经济且易于部署。拟议的架构旨在减轻在存在DDOS攻击的情况下维持互联网服务的负担，并提高互联网服务的可用性。拟议的体系结构将在云中部署的过滤功能与网络状态估计算法与云的合作和受害者服务器和受害者服务器一起执行。使用DNS将流量重定向到云服务器；然后，云服务器根据接收方选择的公平共享策略进行警察每个发件人的流量。博览会共享算法使用从网络状态估计器得出的带宽估计值。网络状态估计器使用接收器的功能反馈来估算可用的带宽以进行公平共享。这项研究扩大了拟议的体系结构，使其更加安全，更有效地捕捉明显的拒绝服务攻击，并对强大的对手更强大。这项研究还将通过评估所提出的体系结构提供更多。这项工作将促进对基于经济激励而不是依靠无私部署的逐步部署方法的逐步发展方法的理解，这也可以提供强大的财产。具体而言，它旨在开发和评估一系列方法，当完全部署时，这些方法将提供与Sibra这样的方法相同的优势，但可以逐步部署，并在每个Internet实体部署每个单个机制时提供好处。

项目成果

SmartCrowd: Decentralized and Automated Incentives for Distributed IoT System Detection

SmartCrowd：分布式物联网系统检测的去中心化和自动化激励

• DOI: 10.1109/icdcs.2019.00112
• 发表时间: 2019
• 期刊: SmartCrowd: Decentralized and Automated Incentives for Distributed IoT System Detection.
• 作者: Wu, Bo;Xu, Ke;Li, Qi;Liu, Zhuotao;Hu, Yih-Chun;Zhang, Zhichao;Du, Xinle;Liu, Bingyang;Ren, Shoushou
• 通讯作者: Ren, Shoushou

Enabling Work-Conserving Bandwidth Guarantees for Multi-Tenant Datacenters via Dynamic Tenant-Queue Binding

• DOI: 10.1109/infocom.2018.8486219
• 发表时间: 2018-01-01
• 期刊: IEEE CONFERENCE ON COMPUTER COMMUNICATIONS (IEEE INFOCOM 2018)
• 作者: Liu, Zhuotao;Chen, Kai;Zhang, Gong
• 通讯作者: Zhang, Gong

Enabling Efficient Source and Path Verification via Probabilistic Packet Marking

• DOI: 10.1109/iwqos.2018.8624169
• 发表时间: 2018-06
• 期刊: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)
• 作者: Bo Wu;Ke Xu;Qi Li;Zhuotao Liu;Yih-Chun Hu;M. Reed;Meng Shen;F. Yang

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids' Cyber-Physical Infrastructures

DefRec：建立物理功能虚拟化以中断电网网络物理基础设施的侦察

• DOI: 10.14722/ndss.2020.24365
• 发表时间: 2020
• 期刊: Network and Distributed Systems Security (NDSS
• 作者: Lin, Hui;Zhuang, Jianing;Hu, Yih-Chun;Zhou, Huayu
• 通讯作者: Zhou, Huayu

Double-Edge Embedding Based Provenance Recovery for Low-Latency Applications in Wireless Networks

• DOI: 10.1109/tdsc.2020.3001185
• 发表时间: 2022-03
• 期刊: IEEE Transactions on Dependable and Secure Computing
• 影响因子: 7.3
• 作者: Harshan Jagadeesh;Amogh Vithalkar;Naman Jhunjhunwala;Manthan Kabra;Prafull Manav;Yih-Chun Hu