Cheng Xie,Liang Qian,Lianghui Ding,Feng Yang

DOI: https://doi.org/10.1109/iceltics.2017.8253283

2017-01-01

Abstract:Real-time computing system attracts more and more attention in both academic researches and industrial applications. One of the real-time computing systems, Apache Storm, because of its characteristics of stream processing and high fault tolerance, is widely used for machine learning and distributed remote process call (RPC), etc. However, the existing approaches to decompose topology for Storm cannot ensure an optimized performance. In this paper, we propose an adaptive topology decomposition algorithm for Storm where topology decomposition based on cluster status and components of topology can be performed at run time. We have evaluated the processing performance and the load balancing of the algorithm. The evaluation results indicate that the proposed algorithm has better performances on task processing and load-balancing than the existing algorithms.

Wei Wei,Yabo Dong,Dongming Lu,Guang Jin,Honglan Lao

DOI: https://doi.org/10.1007/11760146_23

2006-01-01

Abstract:Low-rate TCP-targeted Denial-of-Service (DoS) attack (shrew) is a new kind of DoS attack which is based on TCP’s Retransmission Timeout (RTO) mechanism and can severely reduce the throughput of TCP traffic on victim. The paper proposes a novel mechanism which consists of effective detection and response methods. Through analyzing sampled attack traffic, we find that there is a stable difference between attack and legitimate traffic in frequency field, especially in low frequency. We use Sum of Low Frequency Power spectrum (SLFP) for detection. In our algorithm the destination IP address is used as flow label and SLFP is applied to every flow traversing edge router. If shrew is found, all flows to the destination are processed by Aggregated Flows Balance (AFB) at a proper upstream router. Simulation shows that attack traffics are restrained and TCP traffics can obtain enough bandwidth. The result indicates that our mechanism is effective and deployable.

Shengchao Liu,Jianping Weng,Jessie Hui Wang,Changqing An,Yipeng Zhou,Jilong Wang

DOI: https://doi.org/10.1109/tnet.2019.2918341

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:As more and more applications need to analyze unbounded data streams in a real-time manner, data stream processing platforms, such as Storm, have drawn the attention of many researchers, especially the scheduling problem. However, there are still many challenges unnoticed or unsolved. In this paper, we propose and implement an adaptive online scheme to solve three important challenges of scheduling. First, how to make a scaling decision in a real-time manner to handle the fluctuant load without congestion? Second, how to minimize the number of affected workers during rescheduling while satisfying the resource demand of each instance? We also point out that the stateful instances should not be placed on the same worker with stateless instances. Third, currently, the application performance cannot be guaranteed because of resource contention even if the computation platform implements an optimal scheduling algorithm. In this paper, we realize resource isolation using Cgroup, and then the performance interference caused by resource contention is mitigated. We implement our scheduling scheme and plug it into Storm, and our experiments demonstrate in some respects our scheme achieves better performance than the state-of-the-art solutions.

Jiahua Fan,Haopeng Chen,Fei Hu

DOI: https://doi.org/10.1109/ICCSNT.2015.7490758

2015-01-01

Abstract:Processing of stream data attracts more and more attention of many big companies and organizations. Storm is a well-known distributed stream processing system that is often used for real-time analysis, online machine learning, continuous computing, distributed remote process call (RPC), etc. In this paper, we study the default scheduler of Storm and other implementations of customized scheduler to discover the primary factors affecting the performance of the cluster. Then, we design and implement an adaptive task scheduler by adding load tracker to monitor the runtime status of the cluster and applying static and dynamic scheduling strategies. At last, we conduct experiments to assess our work by measuring average processing time, overall throughput and stability of the cluster through network bounded and CPU bounded benchmarks. As for average processing time of topologies, the adaptive scheduler achieves about 67% and 30% improvement on cluster of heavy and light load respectively.

Ziyu Wang,Jiahai Yang,Hui Zhang,Chenxi Li,Shize Zhang,Hui Wang

DOI: https://doi.org/10.1109/noms.2016.7502903

2016-01-01

Abstract:In this paper, we illustrate the significance and advantage of combining the results of multiple detection methods. We implement these methods as bolts in a Apache Storm cluster which is a famous real-time computation framework. We simulate two kinds of anomalies — one involving large number of small network flows and the other involving small number of large network flows. The experiments show that combining multiple methods outperforms any single detection method from the point of view of statistics. Besides, we observe that all the results are outputted in real time without delay, which means that our detection platform is indeed an effective online system.

Zhou Zhang,Pei-Quan Jin,Xi-Ke Xie,Xiao-Liang Wang,Rui-Cheng Liu,Shou-Hong Wan

DOI: https://doi.org/10.1007/s11390-021-1629-9

IF: 1.871

2024-04-11

Journal of Computer Science and Technology

Abstract:Most distributed stream processing engines (DSPEs) do not support online task management and cannot adapt to time-varying data flows. Recently, some studies have proposed online task deployment algorithms to solve this problem. However, these approaches do not guarantee the Quality of Service (QoS) when the task deployment changes at runtime, because the task migrations caused by the change of task deployments will impose an exorbitant cost. We study one of the most popular DSPEs, Apache Storm, and find out that when a task needs to be migrated, Storm has to stop the resource (implemented as a process of Worker in Storm) where the task is deployed. This will lead to the stop and restart of all tasks in the resource, resulting in the poor performance of task migrations. Aiming to solve this problem, in this paper, we propose N-Storm (Nonstop Storm), which is a task-resource decoupling DSPE. N-Storm allows tasks allocated to resources to be changed at runtime, which is implemented by a thread-level scheme for task migrations. Particularly, we add a local shared key/value store on each node to make resources aware of the changes in the allocation plan. Thus, each resource can manage its tasks at runtime. Based on N-Storm, we further propose Online Task Deployment (OTD). Differing from traditional task deployment algorithms that deploy all tasks at once without considering the cost of task migrations caused by a task re-deployment, OTD can gradually adjust the current task deployment to an optimized one based on the communication cost and the runtime states of resources. We demonstrate that OTD can adapt to different kinds of applications including computation- and communication-intensive applications. The experimental results on a real DSPE cluster show that N-Storm can avoid the system stop and save up to 87% of the performance degradation time, compared with Apache Storm and other state-of-the-art approaches. In addition, OTD can increase the average CPU usage by 51% for computation-intensive applications and reduce network communication costs by 88% for communication-intensive applications.

computer science, software engineering, hardware & architecture

Xiaofei He,Xinyu Yang,Rui Li,Qingyu Yang

DOI: https://doi.org/10.1007/978-3-642-39701-1_8

2013-01-01

Abstract:Smart measurement devices play an important role in smart grid and might always be connected through open network interfaces. In this scenario, the adversary could launch code injection attacks to compromise these measurement devices and gain benefits by these compromised devices. To deal with this issue, a number of attestation schemes have been designed to defense the malicious attacks in the past. However, because the detection methods of these schemes are based on extra CPU clock cycles, they could be ineffective when the network delivery delay is significant. To address this problem, in this paper we propose a novel Delay-resilient Remote Memory Attestation scheme (DRMA), which can eliminate the impact of network delivery delay in the multi-hop networks and achieve great accuracy on compromised measurement devices detection. Specially, without sending beacon packets periodically, the proposed scheme can not only get the real-time end-to-end delay via evaluating the time difference reported by the relay nodes in the challenge-response attestation process, but also reduce the network load and achieve great accuracy of network delay. Via extensive theoretical analysis and experiments, our scheme shows better performance and less computing overhead in comparison with existing schemes.

Boyang Peng,Mohammad Hosseini,Zhihao Hong,Reza Farivar,Roy Campbell

DOI: https://doi.org/10.1145/2814576.2814808

2019-04-11

Abstract:The era of big data has led to the emergence of new systems for real-time distributed stream processing, e.g., Apache Storm is one of the most popular stream processing systems in industry today. However, Storm, like many other stream processing systems lacks an intelligent scheduling mechanism. The default round-robin scheduling currently deployed in Storm disregards resource demands and availability, and can therefore be inefficient at times. We present R-Storm (Resource-Aware Storm), a system that implements resource-aware scheduling within Storm. R-Storm is designed to increase overall throughput by maximizing resource utilization while minimizing network latency. When scheduling tasks, R-Storm can satisfy both soft and hard resource constraints as well as minimizing network distance between components that communicate with each other. We evaluate R-Storm on set of micro-benchmark Storm applications as well as Storm applications used in production at Yahoo! Inc. From our experimental results we conclude that R-Storm achieves 30-47% higher throughput and 69-350% better CPU utilization than default Storm for the micro-benchmarks. For the Yahoo! Storm applications, R-Storm outperforms default Storm by around 50% based on overall throughput. We also demonstrate that R-Storm performs much better when scheduling multiple Storm applications than default Storm.

Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture,Performance

Xi Ling,Jiongchi Yu,Ziming Zhao,Zhihao Zhou,Haitao Xu,Binbin Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-031-54773-7_12

2024-01-01

Abstract:With the proliferation of Internet development, Distributed Denial of Service (DDoS) attacks are on the rise. As rule-based traffic analysis frameworks and Deep Packet Inspection (DPI) defense measures can effectively thwart many DDoS attacks, attackers keep exploring various attack surfaces and traffic amplification strategies to nullify the defense. In this paper, we propose DDoSMiner, an automated framework for DDoS attack characterization and vulnerability mining. DDoSMiner analyzes system call patterns of the TCP-based DDoS attack family, then generates Attack Call Flow Graph (ACFG) by discerning the differences between DDoS attack traffic and benign traffic. Furthermore, DDoSMiner identifies and extracts drop nodes and pivotal TCP states from the distinctive characteristics of attack traffic, then passes to the symbolic execution framework for exploring variants of the DDoS attack. We collectively analyze six types of TCP-based DDoS attacks, construct the corresponding ACFG, and identify a set of attack traffic variants. The attack traffic variants are evaluated on the widely used Network Intrusion Detection System (NIDS) Snort with three popular rule sets. The result shows that DDoSMiner indeed discovers the new DDoS attack trace, and the corresponding attack traffic can bypass all three defense toolkits.

Zhou Zhang,Peiquan Jin,Xiaoliang Wang,Ruicheng Liu,Shouhong Wan

DOI: https://doi.org/10.1109/HPCC/SmartCity/DSS.2019.00219

2019-01-01

Abstract:Apache Storm is a widely used stream processing system, but it only supports offline task scheduling. Recently, some online task scheduling approaches were proposed to offer task migrations in Storm at runtime. However, most of them have to cost more than 10 seconds during a task migration, because they employed a Worker-level scheme to stop or start Workers (implemented as processes in Storm). When an Executor within a Worker needs migrating, Storm has to kill the Worker, leading to the stop and restart of all Executors in the Worker. This process-level scheme introduces unnecessary stop and restart of Executors and Workers, resulting in poor performance of task migrations. Aiming to solve this problem, we propose N-Storm (Non-stop Storm). Instead of using the process-level migration scheme, N-Storm employs a thread-level scheme for task migrations. Particularly, we add a key/value store on each Worker node to make Workers be aware of the changes of the task schedule, so that the Workers on a Worker node can manage their Executors at runtime, i.e., killing existing Executors or starting new Executors. With this mechanism, we can avoid the unnecessary stop of Executors and Workers during a task migration, and thus improve the performance of task migrations. We further propose two optimizations to make N-Storm efficient for multiple tasks migrations. Our experimental results on a real Storm cluster show that N-Storm is able to reduce the stop time, increase the system throughput, and save significant migration time, compared with Storm and other approaches.

Neminath Hubballi,Jonathan Santini

DOI: https://doi.org/10.1049/iet-net.2018.5003

2018-11-01

IET Networks

Abstract:Ack‐storm DoS attacks are injection attacks against an active Transmission Control Protocol (TCP) connection. These attacks can be generated by a very weak adversary and can generate amplification factor of orders of magnitude by exploiting a weakness in the TCP protocol specification. This attack requires sending two packets by the adversary with acknowledgement number greater than the sequence number used in each direction and the two end hosts will attempt to re‐synchronise the sequence numbers by sending duplicate acknowledgement and enter a loop. In this study, the authors propose a state transition model based detection scheme to detect these DoS attacks. This state transition machine called constrained counting automata (CCA) has the ability to count the number of times a state has been revisited and its transitions are constrained by invariant conditions to be satisfied. They model the chances of receiving a packet with acknowledgement number greater than the sequence number used by its peer as a probability distribution and use it to set appropriate value of threshold on revisits of a state for detecting attack. By experimenting within a local network and in Internet, they show that CCA can detect Ack‐storm DoS attacks.

Jiawei Jiang,Zhipeng Zhang,Bin Cui,Yunhai Tong,Ning Xu

DOI: https://doi.org/10.1007/978-3-319-55699-4_17

2017-01-01

Abstract:With the increasing availability and scale of data from Web 2.0, the ability to efficiently and timely analyze huge amounts of data is important for industry success. A number of real-time stream processing platforms have been developed, such as Storm, S4, and Flume. A fundamental problem of these large scale decentralized stream processing systems is how to deploy the workload to each node so as to fully utilize the available resources and optimize the overall system performance. In this paper, we present StroMAX, a graph-partitioning based approach of workload scheduling for real-time stream processing systems. StroMAX uses two advanced generic schedulers to improve the performance of stream processing systems by reducing the inter-node communication cost while keeping the workload of nodes below a certain computational load threshold. The first scheduler analyzes the workload structure when a job is committed and uses the graph-partitioning result to determine the deployment of tasks. The second scheduler analyzes the statistical information of physical nodes, and dynamically reassigns the tasks during runtime to improve the overall performance. Besides, StroMAXcan be deployed to many other state-of-the-art real-time stream processing systems easily. We implemented StroMAX on Storm, a representative real-time stream processing system. Extensive experiments conducted with real-world workloads and datasets demonstrate the superiority of our approaches against the existing solutions.

Ziyu Zhang,Zitan Liu,Qingcai Jiang,Zheng Wu,Junshi Chen,Hong An

DOI: https://doi.org/10.1007/s10766-021-00696-0

2021-01-01

International Journal of Parallel Programming

Abstract:Apache Storm is a scalable fault-tolerant distributed real-time stream-processing framework widely used in big data applications. For distributed data-sensitive applications, low-latency, high-throughput communication modules have a critical impact on overall system performance. Apache Storm currently uses Netty as its communication component, an asynchronous server/client framework based on TCP/IP protocol stack. The TCP/IP protocol stack has inherent performance flaws due to frequent memory copying and context switching. The Netty component not only limits the performance of the Storm but also increases the CPU load in the IPoIB (IP over InfiniBand) communication mode. In this paper, we introduce two new implementations for Apache Storm communication components with the help of RDMA technology. The performance evaluation on Mellanox QDR Cards (40 Gbps) shows that our implementations can achieve speedup up to 5\(\times \) compared with IPoIB and 10\(\times \) with 1 Gigabit Ethernet. Our implementations also significantly reduce the CPU load and increase the throughput of the system.

Pei Zhang,Yanpeng He,Li Ma,Changkui Cong

DOI: https://doi.org/10.1002/ese3.1953

IF: 4.0349

2024-12-11

Energy Science & Engineering

Abstract:Real‐time monitoring, prediction, and early warning of operating status during intelligent mining are the key to ensuring stable production. To solve the problem of lag in determining the operating status of a shearer, this study proposes a new method for predicting and warning the real‐time operating status of the shearer involving the Storm framework, based on parallel optimization of data processing and the gated recurrent unit (GRU) model based on hyperparameter optimization. First, the GRU model is optimized through hyperparameter optimization to achieve adaptive and accurate prediction and early warning of multidimensional state parameters of the shearer. Second, a virtual machine is constructed to host the Storm framework, parallel optimized real‐time processing of data is performed on the Storm framework, and real‐time data flow patterns are constructed to speed up data processing and retrieval, ensuring each tuple is fully processed through the topology structure. Finally, the optimized GRU model is embedded into the optimized Storm framework to achieve real‐time prediction and early warning of different dimensional data of the shearer. The prediction accuracy, early warning accuracy, and processing efficiency of the Storm platform are used as evaluation indicators to analyze and evaluate the model, verifying the efficiency and applicability of the proposed model. Experimental results show that the model has a prediction accuracy of 93%, an early warning accuracy of 93.05%, and consumes 10 s. It can achieve high performance, low latency, and high precision in predicting and providing early warnings for the shearer's state parameters, greatly improving the efficiency of predicting and early warning the operating status parameters of the shearer. This model realizes real‐time prediction and early warning of the shearer's operating status, providing technical support for intelligent mining in coal mines.

energy & fuels

Gaoqiang Dong,Jia Wang,Mingjing Wang,Tingting Su

2023-12-07

Abstract:Various resources as the essential elements of data centers, and the completion time is vital to users. In terms of the persistence, the periodicity and the spatial-temporal dependence of stream workload, a new Storm scheduler with Advantage Actor-Critic is proposed to improve resource utilization for minimizing the completion time. A new weighted embedding with a Graph Neural Network is designed to depend on the features of a job comprehensively, which includes the dependence, the types and the positions of tasks in a job. An improved Advantage Actor-Critic integrating task chosen and executor assignment is proposed to schedule tasks to executors in order to better resource utilization. Then the status of tasks and executors are updated for the next scheduling. Compared to existing methods, experimental results show that the proposed Storm scheduler improves resource utilization. The completion time is reduced by almost 17\% on the TPC-H data set and reduced by almost 25\% on the Alibaba data set.

Distributed, Parallel, and Cluster Computing

Jun Li,HanPing Hu,Qiao Ke,Naixue Xiong

DOI: https://doi.org/10.3390/s17030553

2017-03-09

Abstract:With the rapid development of virtual machine technology and cloud computing, distributed denial of service (DDoS) attacks, or some peak traffic, poses a great threat to the security of the network. In this paper, a novel topology link control technique and mitigation attacks in real-time environments is proposed. Firstly, a non-invasive method of deploying virtual sensors in the nodes is built, which uses the resource manager of each monitored node as a sensor. Secondly, a general topology-controlling approach of resisting the tolerant invasion is proposed. In the proposed approach, a prediction model is constructed by using copula functions for predicting the peak of a resource through another resource. The result of prediction determines whether or not to initiate the active defense. Finally, a minority game with incomplete strategy is employed to suppress attack flows and improve the permeability of the normal flows. The simulation results show that the proposed approach is very effective in protecting nodes.

Wenjun Qian,Qingni Shen,Jia Qin,Dong Yang,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1109/hpcc-smartcity-dss.2016.0093

2016-01-01

Abstract:Storm has been a popular distributed real-time computation system for stream data processing, which currently provides an even scheduler to distribute all executors and workers of topology among all worker nodes. In this paper, we find that the even scheduler ignores the allocation and dependence relationship among slots. This would bring the load-unbalancing problem when the topology run failed and is killed by its user, or more new machines are extended in Storm cluster. Aiming at solving them, we design the S-Storm, a slot-aware scheduling strategy for even scheduler in Storm, which achieves a fine-grained EvenScheduler using the slot-aware sorting queue and merger factor. S-Storm has the following desirable features: 1) It evenly allocates slots for multi-topologies in a load-balancing cluster. 2) When load-unbalancing happen, it distributes workers to slots among light-load worker nodes. 3) It achieves a fine-grained EvenScheduler by accessing one slot to the slot-aware sorting queue, and the slot is on the minimum load worker node. 4) It uses the merger factor to avoid over competition of the same resources among the same Spout/Bolt tasks in machine. We implemented S-Storm based on Storm 0.10.0 and used two different applications for performance evaluation. Extensive experimental results show that compared to Storm, S-Storm can achieve a better performance in the average processing time and throughput, while recovering balance from load-unbalancing.

Yibo Wu,Liang Wang,Xiaohang Wang,Jie Han,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/tcad.2020.3037310

IF: 2.9

2021-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Deadlock is a critical issue in faulty Networks-on-Chips (NoCs). Existing deadlock-free approaches on faulty NoCs suffer from low throughput and poor fairness when the network becomes oversaturated. This problem hinders their practical use as oversaturation scenarios are more frequent on faulty NoCs. To address this issue, a deflection-based deadlock recovery framework is proposed for higher oversaturation performance on faulty NoCs. First, we observe the low oversaturation performance of existing deadlock recovery approaches, and analyze the positive feedback loop that can amplify the negative impact of deadlocks and congestions, which necessitate handling both deadlocks and congestions in a deadlock recovery framework. Second, we propose a novel deadlock recovery framework, which includes an accurate, timely deadlock detection and a highly efficient deadlock recovery. Both the deadlock detection and recovery reduce the average packet traversal latency, thereby improving the average oversaturation throughput. Third, we propose a distributed implementation to make the entire network enter and exit the deflection mode, which is conducted by broadcasting special messages via a bufferless subnetwork. An average oversaturation throughput improvement of 1.1 similar to 8.1x over state-of-the-art approaches is achieved. In terms of fairness, the minimal over-saturation throughput is improved from near zero to half of the peak throughput.

Yunhao Liu,Xiaomei Liu,Chen Wang,Li Xiao

DOI: https://doi.org/10.1109/icpp.2007.31

2007-01-01

Abstract:A flooding-based search mechanism is often used in unstructured P2P systems. Although a flooding-based search mechanism is simple and easy to implement, it is vulnerable to overlay distributed denial-of-service (DDoS) attacks. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. Overlay flooding-based DDoS attacks can be more damaging in that a small number of messages are inherently propagated to consume a large amount of bandwidth and computation resources. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by comprehensive simulation studies. We believe that deploying DD-POLICE will make P2P systems more scalable and robust.

Praveen Shukla,C. Rama Krishna,Nilesh Vishwasrao Patil

DOI: https://doi.org/10.1007/s10586-024-04297-7

2024-03-02

Cluster Computing

Abstract:In the world of connected devices, there is huge growth of less secure Internet of Things (IoT) devices, and the ease of performing sophisticated cyberattacks using these devices has posed a serious threat to the security of Internet-based services or networks. Distributed Denial of Service (DDoS) attack is one of the most significant cyberattacks. It aims to damage or exhaust victims' resources, services, or networks and make them unavailable to legitimate users. Several solutions are available in the literature to detect DDoS attacks. However, it is difficult to detect them in real-time due to today's high speed or high volume of attack traffic. Therefore, this paper proposes an Apache Storm-based distributed detection approach for IoT network traffic-based DDoS attacks, namely SDDA-IoT. SDDA-IoT is composed of two primary modules: model development and model deployment. In the case of model development, we created five distributed detection models by utilizing a Hadoop cluster and the extremely scalable H2O.ai machine learning platform. In the case of model deployment, we deploy an efficient distributed detection model on the Apache Storm stream processing framework for analyzing ingress streaming data and classifying it into seven classes in near-real-time. To create new models or update existing ones, this module also saves the highly discriminating input features of each network flow along with the predicted outcome in the Hadoop Distributed File System (HDFS). The effectiveness of the SDDA-IoT approach has been examined using a variety of configured scenarios. The experimental results show that the SDDA-IoT approach detects DDoS attacks faster than recent state-of-the-art methods and more accurately with 99%+ accuracy.

computer science, information systems, theory & methods