Qinghua Xiao,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/wcica.2004.1340889

2004-01-01

Abstract:With the emergence of network real time application, the need for quality of service (QoS) in the Internet has been given a rise. IETF has proposed a service model - DiffServ, which for its extensibility, has been widely accepted as a promising model. However, researchers found unfairness in DiffServ network. To solve this problem, this paper analyzed the inherent shortcomings of marker based on token bucket (TB) and time sliding window (TSW) in DiffServ, and proposed a new traffic rate estimator algorithm. This algorithm can tolerate the short-term burst of IP flows as well as reflecting the flows' temporal-behavior. Afterwards, a modified fair aggregate marking (MFAM) algorithm was presented based on the traffic rate estimator algorithm mentioned above. It contributes to fair sharing of excess bandwidth among aggregates. The author validated MFAM algorithm through simulation experimentation, and compared its performance with some other marking algorithms. The results show that MFAM algorithm has better fairness than others.

Yan WANG,Lingdi PING

2011-01-01

Abstract:IP traceback is the technology to control Internet crime. A promising solution to IP traceback is probabilistic packet marking (PPM). In this paper we present a novel and practical IP traceback algorithm which can improve the PPM convergency and computational overhead. This scheme may also reduce the deployment overhead without requiring the participation of all routers on the attack path. It has been used not only to trace Distributed Denial of Service (DDoS) attacking packets but also to enhance filtering attacking traffic. It has wide applications for other security systems. To the best of our knowledge, this thesis is the first of its kind considering the impact of packet loss in designing packet marking scheme.

CHEN Jian-le,LIU Ji-lin,CHEN Guo-bin,XUE Quan

DOI: https://doi.org/10.3969/j.issn.1006-8961.2007.01.006

2007-01-01

Journal of Image and Graphics

Abstract:In low bit-rate packet-based video communications,loss of packet usually results in whole-frame losses.The algorithm dealing with the problem of whole frame loss is proposed in this paper.Rational interpolation is firstly applied to generate accurate dense motion field based on decoded block-based motion field.Then the previous image pixels are projected onto missing frame along the motion vector direction.The identification of overlapped and occluded areas is also used to improve error concealment performance.Experimental results show that the proposed algorithm outperforms other techniques in peak signal-to-noise ratio(PSNR) and provides good visual quality.

Jl Chen,Jl Liu,Xg Wang,Gb Chen

DOI: https://doi.org/10.1109/ICIP.2005.1530539

2005-01-01

Abstract:In this paper, a low-complexity spatial-domain error concealment algorithm is proposed for recovering consecutive blocks error in still images or intra-coded (1) frames of video sequences. The proposed algorithm works with the following steps. Firstly the Sobel operator is performed on the top and bottom adjacent pixels to detect the most likely edge direction of current block area. After that one-dimensional (ID) matching is used on the available block boundaries. Displacement between edge direction candidate and most likely edge direction is taken into consideration as an important factor to improve stability of ID boundary matching. Then the corrupted pixels are recovered by linear weighting interpolation along the estimated edge direction. Finally the interpolated values are merged to get last recovered picture. Simulation results demonstrate that the proposed algorithms obtain good subjective quality and higher PSNR than the methods in literatures for most images.

刘正蓝,朱淼良,董亚波

2004-01-01

Abstract:Researchers found unfairness in DiffServ network. To solve this problem, a TSW-based marker is proposed, which is called TCP-friendly fair packet marking algorithm (TFPM). With this marker, proportional fair sharing of excess bandwidth among aggregate can be achieved, and so the better fairness between TCP and UDP flows in an aggregate. The validation of this marking algorithm through simulation experimentation is made, and the simulation result is compared with some other marking algorithms, which verifies that the TFPM algorithm has better fairness than other algorithms.

W Liu,Hx Duan,Y Feng,Yb Li,P Ren

2004-01-01

Abstract:This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. We first analyze the limitation of Edge Sampling Algorithm (ESA) [1], then present a new scheme IESA for providing traceback information in IP packets, which marking the packet with a dynamic marking probability to ensure that the victim receives all the marked packets with equal probability. This scheme can reduce greatly the possibility that a marked packet farther away from victim is remarked by the router nearer to the victim, hence greatly reduces the number of packets needed to reconstruct the attack path, and therefore greatly reduces the reconstruction time.

ZHANG Li-li,CAO Tian-jie,TANG Li-juan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.07.052

2008-01-01

Abstract:It is an important network security problem that how to solve Denial of Service(DoS) attack. Several countermeasures are proposed for it in the literature, among which, the Probabilistic Packet Marking(PPM) scheme developed by Savage et al is promising. This paper improves PPM. Compared with PPM, it only needs four efficient fragments to build one edge, and is more efficient to reconstruct the attack path. Analysis and experiments show the effect of the scheme.

Bin Pang,Wen Gao

DOI: https://doi.org/10.1109/ICON.2002.1033309

2002-01-01

Abstract:The differentiated services (DiffServ) architecture is proposed to enable service differentiation for aggregated flows in an IP network. One of the critical requirements to guarantee QoS (quality of service) across a DiffServ network is the use of an effective congestion control scheme. We present an edge-to-edge congestion control scheme (E2E-CCS) to provide (proportional) fairness among competing aggregates and improvement in packet loss ratio. The simulation results show that the proposed scheme is capable of protecting aggregated TCP flows from congestion caused by unresponsive UDP flows, sharing excessive bandwidth among aggregates according to their committed information rate, and reducing the packet loss ratio.

Gil Einziger,Benny Fellman,Roy Friedman,Yaron Kassner

DOI: https://doi.org/10.48550/arXiv.1606.01364

2016-06-04

Abstract:Measurement capabilities are essential for a variety of network applications, such as load balancing, routing, fairness and intrusion detection. These capabilities require large counter arrays in order to monitor the traffic of all network flows. While commodity SRAM memories are capable of operating at line speed, they are too small to accommodate large counter arrays. Previous works suggested estimators, which trade precision for reduced space. However, in order to accurately estimate the largest counter, these methods compromise the accuracy of the smaller counters. In this work, we present a closed form representation of the optimal estimation function. We then introduce Independent Counter Estimation Buckets (ICE-Buckets), a novel algorithm that improves estimation accuracy for all counters. This is achieved by separating the flows to buckets and configuring the optimal estimation function according to each bucket's counter scale. We prove a tighter upper bound on the relative error and demonstrate an accuracy improvement of up to 57 times on real Internet packet traces.

Networking and Internet Architecture

Haipeng Qu,Purui Su,Dongdai Lin,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-540-31957-3_109

2005-01-01

Abstract:DDoS attack is a big problem to the Internet community due to its high-profile, severe damage, and the difficulty in defending against it. Several countermeasures are proposed for it in the literature, among which, Probabilistic Packet Marking (PPM) first developed by Savage et al. is promising. However, the PPM marking schemes have the limitations in two main aspects: high computation overhead and large number of false positives. In this paper, a new packet marking scheme is proposed, which is more practical because of higher precision, and computationally more efficient compared with the PPM scheme proposed by Savage. Furthermore, this scheme can achieve a more higher precision than Advanced Marking Schemes in case of the victim knowing the map of its upstream routers.

Changhua Sun,Chengchen Hu,Yi Tang,Bin Liu

DOI: https://doi.org/10.1109/icccn.2009.5235270

2009-01-01

Abstract:SYN flood attacks still dominate distributed denial of service attacks. It is a great challenge to accurately detect the SYN flood attacks in high speed networks. An intelligent attacker would evade the public detection methods by suitably spoofing the attack to pretend to be benign. Keeping per-flow or per-connection state could eliminate such a spoofing, but meanwhile, it also consumes extremely huge resources. We propose a more accurate and fast SYN flood detection method, named SACK2, which could detect all kinds of SYN flood attacks with limited implementation costs. SACK2 exploits the behavior of the SYN/ACK-CliACK pair to identify the victim server and the TCP port being attacked, where a SYN/ACK packet is sent by a server when receiving a connection request and a CliACK packet is the ACK packet sent by the client to complete the three-way handshake. We utilize the space efficient data structure, counting Bloom filter, to recognize the CliACK packet. Comprehensive experiments demonstrate that, SACK2 is the fastest and most accurate detection method compared with related methods which also leverage the packet pair's behavior. The memory cost of SACK2 for a 10 Gbps link is 364 KB and can be easily accommodated in modern routers.

XU Hong,QIN Zhi-guang

2010-01-01

Abstract:On the basis of analyzing AC algorithm in IDS,this paper presents an improved AC algorithm named double compression AC algorithm (DCAC),describes it's new state automaton storage compression and corresponding matching process. DCAC has been tested in Snort. The results show that DCAC can averagely enhance the performance of Snort by 52.2% in terms of memory usage and by 73.5% in terms of processing time compared to the standard AC algorithm.

Jin ZHANG,Jiang-Xing WU,Xiao-Na NIU

DOI: https://doi.org/10.3724/SP.J.1001.2010.03667

2010-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:Fair packet sampling can obtain a higher packet sampling ratio of short flows by sacrificing the packet sampling of long ones; thus, ensuring better fairness among all flows than uniform random sampling does. However, the previously proposed fair sampling algorithm of Sketch Guided Sampling (SGS) has the drawbacks of poor space efficiency and large estimation error for short flows. In this paper, a space-efficient fair packet sampling (SEFS) algorithm is proposed. The key innovation of SEFS is a multi-resolution d-left hashing schema for flow traffic estimation. The performance of SEFS is compared to that of SGS in contexts of both flow traffic measurements and a long flow identification process that uses real-world traffic traces collected from OC-48 and OC-192 backbone network. The experimental results show that the proposed SEFS is more accurate than SGS in both application contexts, while a reduction of 65 percent in space complexity can be achieved. The improvement of estimation accuracy of SEFS is remarkable, especially for short flows, which comprise as past of a large percentage of whole network traffic flows. © by Institute of Software, the Chinese Academy of Sciences.

C. Sun,C. Hu,B. Liu

DOI: https://doi.org/10.1049/iet-ifs.2010.0158

2012-01-01

IET Information Security

Abstract:SYN flood attacks still dominate distributed denial of service attacks. It is a great challenge to accurately detect the SYN flood attacks which utilise skillful spoofs to evade traditional detection methods. An intelligent attacker would evade the public detection methods by suitably spoofing the attack to appear benign. Keeping per-flow or per-connection state could eliminate such a spoofing, but meanwhile, it is very difficult to be implemented in practice. A more accurate and fast SYN flood detection method, named SACK2, is proposed to deal with all kinds of SYN flood attacks with limited implementation costs. SACK2 exploits the behaviour of the SYN/ACK-CliACK pair to identify the victim server and the TCP port being attacked, where a SYN/ACK packet is sent by a server when receiving a connection request and a CliACK packet is the ACK packet sent by the client to complete the three-way handshake. It also utilises the space efficient data structure, counting Bloom filter, to recognise the CliACK packet. The memory cost of SACK2 for a 10 Gbps link is 364 KB and can be easily accommodated in modern routers. SACK2 can report the start of the attack in less than one detection period, and the end of the attack less than two detection periods. It is also demonstrated that SACK2 is the most accurate detection method through comprehensive experiments.

Shuo Wang,Qingqi Pei,Yang Xiao,Feng Shao,Shuai Yuan,Jiang Chu,Renjie Liao

DOI: https://doi.org/10.1049/cmu2.12774

IF: 1.345

2024-04-25

IET Communications

Abstract:The threat of Scan and Foothold Attack to the Network Edge (SFANE) is increasing, which greatly affects the application and development of edge computing network architecture. According to the state‐of‐the‐art defense technologies, we illustrate three different defense strategies: no defense, address mutation, and fingerprint decoy. Subsequently, three different probabilistic models are constructed to provide a deeper analysis of the theoretical effect of these strategies on resisting the SFANE. The threat of Scan and Foothold Attack to the Network Edge (SFANE) is increasing, which greatly affects the application and development of edge computing network architecture. However, existing works focus on the implementation of specific technologies that resist the SFANE but ignore the effectiveness analysis of them. To overcome this limitation, this paper constructs probabilistic models for evaluating network edge's resistance against SFANE. In particular, the attacker models of the SFANE based on the ATT&CK model are first formalized. Afterward, according to the state‐of‐the‐art defense technologies, three different defense strategies are illustrated: no defense, address mutation, and fingerprint decoy. Subsequently, three different probabilistic models are constructed to provide a deeper analysis of the theoretical effect of these strategies on resisting the SFANE. Finally, the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.

engineering, electrical & electronic

Yinan Jing,Jingtao Li,Gendu Zhang

DOI: https://doi.org/10.1007/11534310_124

2005-01-01

Abstract:IP traceback is one of the most effective techniques to defeat the denial-of-service attacks and distributed denial-of-service attacks. And in terms of previous research fruits, the technique based on probabilistic packet marking (PPM) has been proven that it has more advantages than other IP traceback techniques. In this paper, we present a hierarchical IP traceback system, which is more practical and can be implemented and deployed more conveniently and securely than previous end-host schemes. We also present an improved edge marking algorithm called adaptive edge marking scheme (AEMS), which not only can shorten the convergence time, but also be more stable and robust. And detailed theoretical analysis and simulation results have also been presented to show the advantage and efficiency of this scheme.

XING Rui,QI Qi,ZHENG Tao

DOI: https://doi.org/10.3969/j.issn.1000-7024.2013.02.025

2013-01-01

Abstract:Data compression is an effective way to reduce network data,avoid traffic congestion,and improve performance of control system.To solve this data compression problem,a range of existing compression algorithms are analyzed,and improved SDT(swing door trending) algorithm based on new idea is proposed.Two useful data is stored in each location to improve the SDT algorithm.The algorithm correctness and rationality is proved by experiment.Results of the experimental data indicate that this algorithm can improve the compression ratio without increasing the compression error.

Wu Liu,Hai-Xin Duan,Jian-Ping Wu,Ping Ren,Li-Hua Lu

DOI: https://doi.org/10.1007/978-3-540-24679-4_146

2004-01-01

Abstract:In this paper we present robust algorithms of transmission and reconstruction of attacking path(s) in IDS for providing traceback information in IP packets without requiring interactive operational support from Internet Service Providers, which is based on IP address compression techniques, polynomial theory and techniques from algebraic coding theory. Our best scheme has improved robustness over previous combinatorial approaches, both for noise elimination and multiple-path re-construction. Another key advantage of our schemes is that they will automatically benefit from any improvement in the underlying mathematical techniques, for which progress has been steady in recent years.

Lingchao Kong,Rui Dai

DOI: https://doi.org/10.1145/3226036

2018-08-31

Abstract:In many distributed wireless surveillance applications, compressed videos are used for performing automatic video analysis tasks. The accuracy of object detection, which is essential for various video analysis tasks, can be reduced due to video quality degradation caused by lossy compression. This article introduces a video encoding framework with the objective of boosting the accuracy of object detection for wireless surveillance applications. The proposed video encoding framework is based on systematic investigation of the effects of lossy compression on object detection. It has been found that current standardized video encoding schemes cause temporal domain fluctuation for encoded blocks in stable background areas and spatial texture degradation for encoded blocks in dynamic foreground areas of a raw video, both of which degrade the accuracy of object detection. Two measures, the sum-of-absolute frame difference (SFD) and the degradation of texture in 2D transform domain (TXD), are introduced to depict the temporal domain fluctuation and the spatial texture degradation in an encoded video, respectively. The proposed encoding framework is designed to suppress unnecessary temporal fluctuation in stable background areas and preserve spatial texture in dynamic foreground areas based on the two measures, and it introduces new mode decision strategies for both intra- and interframes to improve the accuracy of object detection while maintaining an acceptable rate distortion performance. Experimental results show that, compared with traditional encoding schemes, the proposed scheme improves the performance of object detection and results in lower bit rates and significantly reduced complexity with comparable quality in terms of PSNR and SSIM.

Xing Li,Qianli Zhang,Jichen Liu

DOI: https://doi.org/10.3969/j.issn.1001-0505.2017.S1.004

2017-01-01

Abstract:Aiming at the problem that the distributed denial of service(DDoS)attacks often use va-rious methods, a comprehensive scoring algorithm is designed.The algorithm can combine several detection algorithms and give a comprehensive score to alarm the attacks.Due to that current DDoS detection algorithms can not provide the specific features of the attacks, an Apriori-Geo-AS algo-rithm and Kolmogorov-Smirnov test based port usage pattern classification algorithm are designed. By improving the Apriori algorithm,the source-address,port and geographic location information of the attack source are extracted more effectively.Compared the port usage pattern with the ideal port usage pattern through the Kolmogorov-Smirnov test,the attacker摧s port usage pattern is further deter-mined.Experimental results show that the comprehensive scoring based detection algorithm can achieve a false alarm rate of less than 0.2%.An analysis on the attack case in Tsinghua University campus network demonstrates the effectiveness of the attack analysis.