Qian Ye,Minyan Lu

DOI: https://doi.org/10.3390/app11125523

2021-06-15

Applied Sciences

Abstract:The main purpose of our provenance research for DSP (distributed stream processing) systems is to analyze abnormal results. Provenance for these systems is not nontrivial because of the ephemerality of stream data and instant data processing mode in modern DSP systems. Challenges include but are not limited to an optimization solution for avoiding excessive runtime overhead, reducing provenance-related data storage, and providing it in an easy-to-use fashion. Without any prior knowledge about which kinds of data may finally lead to the abnormal, we have to track all transformations in detail, which potentially causes hard system burden. This paper proposes s2p (Stream Process Provenance), which mainly consists of online provenance and offline provenance, to provide fine- and coarse-grained provenance in different precision. We base our design of s2p on the fact that, for a mature online DSP system, the abnormal results are rare, and the results that require a detailed analysis are even rarer. We also consider state transition in our provenance explanation. We implement s2p on Apache Flink named as s2p-flink and conduct three experiments to evaluate its scalability, efficiency, and overhead from end-to-end cost, throughput, and space overhead. Our evaluation shows that s2p-flink incurs a 13% to 32% cost overhead, 11% to 24% decline in throughput, and few additional space costs in the online provenance phase. Experiments also demonstrates the s2p-flink can scale well. A case study is presented to demonstrate the feasibility of the whole s2p solution.

Thomas Pasquier,Xueyuan Han,Mark Goldstein,Thomas Moyer,David Eyers,Margo Seltzer,Jean Bacon

DOI: https://doi.org/10.48550/arXiv.1711.05296

2017-11-14

Cryptography and Security

Abstract:Data provenance describes how data came to be in its present form. It includes data sources and the transformations that have been applied to them. Data provenance has many uses, from forensics and security to aiding the reproducibility of scientific experiments. We present CamFlow, a whole-system provenance capture mechanism that integrates easily into a PaaS offering. While there have been several prior whole-system provenance systems that captured a comprehensive, systemic and ubiquitous record of a system's behavior, none have been widely adopted. They either A) impose too much overhead, B) are designed for long-outdated kernel releases and are hard to port to current systems, C) generate too much data, or D) are designed for a single system. CamFlow addresses these shortcoming by: 1) leveraging the latest kernel design advances to achieve efficiency; 2) using a self-contained, easily maintainable implementation relying on a Linux Security Module, NetFilter, and other existing kernel facilities; 3) providing a mechanism to tailor the captured provenance data to the needs of the application; and 4) making it easy to integrate provenance across distributed systems. The provenance we capture is streamed and consumed by tenant-built auditor applications. We illustrate the usability of our implementation by describing three such applications: demonstrating compliance with data regulations; performing fault/intrusion detection; and implementing data loss prevention. We also show how CamFlow can be leveraged to capture meaningful provenance without modifying existing applications.

Yongluan Zhou,Lidan Shou,Xuan Shang,Ke Chen

DOI: https://doi.org/10.1145/2675743.2771837

2015-01-01

Abstract:With the vision of the emergence of streaming data marketplaces, we study the problem of how to use a scalable dissemination infrastructure, composed by a number of brokers, to disseminate anonymized streaming data to a large number of clients. To satisfy the clients, who are trusted at different anonymity levels and have their own urgencies in requiring the data, we propose to deeply integrate the anonymization process into the dissemination infrastructure. More specifically, we extend the existing anonymization algorithms to derive the anonymity data from other anonymity data with different privacy constraints rather than only from the original microdata, in a technique which we call version derivation. With this flexibility, the anonymous data can be generated as needed, according to the available bandwidth, on the way from the data source to the end clients. Exploiting such new opportunities, we formulate the problem of dissemination planning which aims at minimizing the information loss of the disseminated data. Furthermore, we design two dissemination plan optimization strategies to solve the problem. The experimental study using both synthetic and real datasets verifies the effectiveness of our approach.

YIN Jie,WANG Yuexuan,HU Meizhi,WU Cheng

DOI: https://doi.org/10.3321/j.issn:1000-0054.2008.07.041

2008-01-01

Abstract:Experiments can not be easily reproduced in equipment grid because of resource fluctuations.Hence the provenance service was imported into the equipment grid in the form of web services to record important information,such as service invoking times,service requests,service provider and user appraisals,which form the provenance information.The user appraisals are evaluated using fuzzy variables to depict their contentment with their experiment results.Provenance information system was implemented in an equipment scheduling algorithm for equipment pools to increase the utilization ratio of high demand items to improve user satisfaction.Simulations show that the provenance based equipment scheduling algorithm increases user satisfaction to 80% compared with the random scheduling algorithm.

Ruoyu Wang,Daniel Sun,Guoqiang Li,Raymond Wong,Shiping Chen

DOI: https://doi.org/10.1002/spe.2744

2019-01-01

Abstract:Provenance is information about the origin and creation of data. In data science and engineering related with cloud environment, such information is useful and sometimes even critical. In data analytics, it is necessary for making data‐driven decisions to trace back history and reproduce final or intermediate results, even to tune models and adjust parameters in a real‐time fashion. Particularly, in cloud, users need to evaluate data and pipeline trustworthiness. In this paper, we propose a solution: LogProv, toward realizing these functionalities for big data provenance, which needs to renovate data pipelines or some of big data software infrastructure to generate structured logs for pipeline events, and then stores data and logs separately in cloud space. The data are explicitly linked to the logs, which implicitly record pipeline semantics. Semantic information can be retrieved from the logs easily since they are well defined and structured beforehand. We implemented and deployed LogProv in Nectar Cloud,* associated with Apache Pig, Hadoop ecosystem, and adopted Elasticsearch to provide query service. LogProv was evaluated and empirically case studied. The results show that LogProv is efficient since the performance overhead is no more than 10%; the query can be responded within 1 second; the trustworthiness is marked clearly; and there is no impact on the data processing logic of original pipelines.

Ruoyu Wang,Daniel Sun,Guoqiang Li,Muhammad Atif,Surya Nepal

DOI: https://doi.org/10.1109/bigdata.2016.7840748

2016-01-01

Abstract:Provenance is information about the origin and creation of data. In data science and engineering, such information is useful and sometimes even critical. In spite of that, provenance for big data is under-explored due to the challenges from the `Vs' of big data. In data analytics, users need to query history, reproduce intermediate or final results, tune models, and adjust parameters in runtime for making data-driven decisions. In addition, users need to evaluate data and pipeline trustworthiness. Towards realising these functionalities for big data provenance, we propose a solution, called LogProv, which needs to renovate data pipelines or even some of big data software infrastructure to generate structured logs for pipeline events, and then stores data and logs separately. The data are explicitly linked to the logs, which implicitly record pipeline semantics. Semantic information can be retrieved from the logs easily since the logs are well defined and structured beforehand. We implemented LogProv in Apache Pig, and adopted ElasticSearch to provide query service. In this paper LogProv is evaluated in a Hadoop ecosystem hosted by a cloud and empirically case-studied. The results show that LogProv is efficient since the performance overhead is no more than 10%, the query can be responded within 1 second, the trustworthiness is marked clearly, and there is no impact on the data processing logic of original pipelines.

Ludwig Stage,Dimka Karastoyanova

2023-10-18

Abstract:To benefit from the abundance of data and the insights it brings data processing pipelines are being used in many areas of research and development in both industry and academia. One approach to automating data processing pipelines is the workflow technology, as it also supports collaborative, trial-and-error experimentation with the pipeline architecture in different application domains. In addition to the necessary flexibility that such pipelines need to possess, in collaborative settings cross-organisational interactions are plagued by lack of trust. While capturing provenance information related to the pipeline execution and the processed data is a first step towards enabling trusted collaborations, the current solutions do not allow for provenance of the change in the processing pipelines, where the subject of change can be made on any aspect of the workflow implementing the pipeline and on the data used while the pipeline is being executed. Therefore in this work we provide a solution architecture and a proof of concept implementation of a service, called Provenance Holder, which enable provenance of collaborative, adaptive data processing pipelines in a trusted manner. We also contribute a definition of a set of properties of such a service and identify future research directions.

Cryptography and Security

Tianyu Zhang,Xin Jin,Song Bai,Yuxin Peng,Ye Li,Jun Zhang

DOI: https://doi.org/10.3390/s23229228

IF: 3.9

2023-11-17

Sensors

Abstract:The use of cloud computing, big data, IoT, and mobile applications in the public transportation industry has resulted in the generation of vast and complex data, of which the large data volume and data variety have posed several obstacles to effective data sensing and processing with high efficiency in a real-time data-driven public transportation management system. To overcome the above-mentioned challenges and to guarantee optimal data availability for data sensing and processing in public transportation perception, a public transportation sensing platform is proposed to collect, integrate, and organize diverse data from different data sources. The proposed data perception platform connects multiple data systems and some edge intelligent perception devices to enable the collection of various types of data, including traveling information of passengers and transaction data of smart cards. To enable the efficient extraction of precise and detailed traveling behavior, an efficient field-level data lineage exploration method is proposed during logical plan generation and is integrated into the FlinkSQL system seamlessly. Furthermore, a row-level fine-grained permission control mechanism is adopted to support flexible data management. With these two techniques, the proposed data management system can support efficient data processing on large amounts of data and conducts comprehensive analysis and application of business data from numerous different sources to realize the value of the data with high data safety. Through operational testing in real environments, the proposed platform has proven highly efficient and effective in managing organizational operations, data assets, data life cycle, offline development, and backend administration over a large amount of various types of public transportation traffic data.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhen Yang,Yongfeng Huang,Xing Li,Wenyu Wang

DOI: https://doi.org/10.3970/cmc.2018.03697

2018-01-01

Abstract:To cope with privacy leakage caused by multimedia outsourcing and sharing, data provenance is used to analyze leaked multimedia and provide reactive accountability. Existing schemes of multimedia provenance are based on watermarking protocols. In an outsourcing scenario, existing schemes face two severe challenges: 1) when data leakage occurs, there exists a probability that data provenance results can be repudiated, in which case data provenance tracking fails; and 2) when outsourced data are shared, data encryption transfer causes key management burden outside the schemes, and privacy leakage threatens users. In this paper, we propose a novel data provenance scheme with an improved LUT-based fingerprinting protocol, which integrates an asymmetric watermarking protocol, robust watermark algorithm and homomorphic encryption and digital signatures to achieve full non-repudiation provenance. We build an in-scheme stream cipher to protect outsourced multimedia data from privacy leakage and complicated key management. Our scheme is also lightweight and easy to deploy. Extensive security and performance analysis compares our scheme with the state of the art. The results show that our scheme has not only better provenance security and data confidentiality but also higher efficiency for multimedia outsourcing, sharing and provenance.

Chengxu Yang,Yuanchun Li,Mengwei Xu,Zhenpeng Chen,Yunxin Liu,Gang Huang,Xuanzhe Liu

DOI: https://doi.org/10.1145/3468264.3468532

2021-01-01

Abstract:Big data has become valuable property for enterprises and enabled various intelligent applications. Today, it is common to host data in big data platforms (e.g., Spark), where developers can submit scripts to process the original and intermediate data tables. Meanwhile, it is highly desirable to manage the data to comply with various privacy requirements. To enable flexible and automated privacy policy enforcement, we propose TaintStream, a fine-grained taint tracking framework for Spark-like big data platforms. TaintStream works by automatically injecting taint tracking logic into the data processing scripts, and the injected scripts are dynamically translated to maintain a taint tag for each cell during execution. The dynamic translation rules are carefully designed to guarantee non-interference in the original data operation. By defining different semantics of taint tags, TaintStream can enable various data management applications such as access control, data retention, and user data erasure. Our experiments on a self-crafted benchmarksuite show that TaintStream is able to achieve accurate cell-level taint tracking with a precision of 93.0% and less than 15% overhead. We also demonstrate the usefulness of TaintStream through several real-world use cases of privacy policy enforcement.

Hang Zhang

DOI: https://doi.org/10.1088/1742-6596/2504/1/012053

2023-05-01

Journal of Physics: Conference Series

Abstract:Abstract Real-time big data analysis provides a better value than standard offline big data analysis. Academic groups are still researching and exploring the technologies of real-time big data analysis. Due to the vast scale and poor transmission rate of big data, there are several impediments in the research process, making it hard to fully access the potential value of data.A real-time large data visualization analysis platform based on Flink is presented to overcome this challenge.The platform first collects data in real time and sends it to the message middleware Kafka, and then the big data analysis platform reads the data stream in Kafka in real time and transmits it to the multidimensional operator developed with Flink as the framework for real-time Calculate, and uses WebSocket technology to push the calculation results to the front end in real time, and perform visual display, enabling real-time monitoring and analysis of data flow.The experimental findings suggest that the real-time big data analysis platform based on the integration of Flink and Kafka can accurately, promptly, and clearly portray the real-time data flow process and visual analysis.

Adam Bates,Kevin Butler,Alin Dobra,Brad Reaves,Patrick Cable,Thomas Moyer,Nabil Schear

DOI: https://doi.org/10.48550/arXiv.1609.00266

2016-09-01

Abstract:Data provenance is a valuable tool for detecting and preventing cyber attack, providing insight into the nature of suspicious events. For example, an administrator can use provenance to identify the perpetrator of a data leak, track an attacker's actions following an intrusion, or even control the flow of outbound data within an organization. Unfortunately, providing relevant data provenance for complex, heterogenous software deployments is challenging, requiring both the tedious instrumentation of many application components as well as a unified architecture for aggregating information between components. In this work, we present a composition of techniques for bringing affordable and holistic provenance capabilities to complex application workflows, with particular consideration for the exemplar domain of web services. We present DAP, a transparent architecture for capturing detailed data provenance for web service components. Our approach leverages a key insight that minimal knowledge of open protocols can be leveraged to extract precise and efficient provenance information by interposing on application components' communications, granting DAP compatibility with existing web services without requiring instrumentation or developer cooperation. We show how our system can be used in real time to monitor system intrusions or detect data exfiltration attacks while imposing less than 5.1 ms end-to-end overhead on web requests. Through the introduction of a garbage collection optimization, DAP is able to monitor system activity without suffering from excessive storage overhead. DAP thus serves not only as a provenance-aware web framework, but as a case study in the non-invasive deployment of provenance capabilities for complex applications workflows.

Cryptography and Security

Zhenyuan Li,Yehua Dennis Wei,X. Y. Shen,Lingzhi Wang,Yan Chen,Haitao Xu,Shouling Ji,Fan Zhang

DOI: https://doi.org/10.48550/arxiv.2403.12541

2024-01-01

Abstract:The evolution and advancement of cyberattacks pose challenges to existing security products. Recent concentrated research on provenance graph-based detection has proved its effectiveness in attack detection and investigation. However, implementing these approaches in practice encounters challenges such as high overhead, slow responsiveness, and low interpretability and extensibility. Towards practical attack detection and investigation with provenance graphs, we propose TAGS, a tag-propagation-based streaming provenance graph alignment system. Utilizing the tag-based intermediate result caching mechanism alongside carefully crafted propagation rules, we eliminate the need to store and duplicate raw data processing. This approach effectively mitigates in-memory storage requirements and minimizes data processing overhead, facilitating rapid on-stream graph alignment while significantly conserving CPU and memory resources. As a result, TAGS can detect and investigate various cyber-attacks in real-time. Moreover, TAGS allows analysts to customize attack query graphs flexibly to identify extended attacks in data streams. We conduct experimental evaluations on two large-scale public datasets containing 257.42 GB of audit logs with 12 relevant query graphs of varying sizes, covering multiple attack techniques and scenarios. The results demonstrate that TAGS is sufficiently efficient to process 176K events per second while sufficiently accurately identifying all 29 alignments in massive data. Moreover, it can effectively handle the dependency explosion problem with steady, low-level memory consumption (less than 300MB), producing only 3 false positives. Overall, the performance of TAGS significantly outperforms the state-of-the-art methods.

Yuan Zhang,Xiaodong Lin,Chunxiang Xu

DOI: https://doi.org/10.1007/978-3-030-01950-1_1

2018-01-01

Abstract:Data provenance, which records the history of the ownership and process of a document during its lifecycle, is essential for the success of cloud storage systems. However, it also inevitably incurs some challenging security and privacy issues. In this paper, to address these challenging issues, we present an efficient and secure data provenance scheme and realize it in a system called ESP. ESP is characterized by employing a blockchain-based provenance record chain and can provide a secure and efficient system for data outsourcing, where the correctness, integrity, and timeliness of provenance records can be ensured. Furthermore, we introduce a concept of window of latching (WoL) to assess the practicality of secure provenance schemes. We analyze the security of ESP and evaluate the performance of ESP via implementation, which shows WoL of ESP is short and demonstrates ESP is secure and practical.

An Changqing,Yang Jiahai

2006-01-01

Abstract:Understanding the characteristics of the traffic in operational network is crucial to network design and operation. As the network bandwidth grows, it's difficult for capturing and recording network traffic information. We overcome this by introducing network processor to conduct network traffic capture and export flow information. We proposed an algorithm based on packet classification to aggregate packets to flow. The algorithm makes use of the characteristics of flow aggregating. The space of it can be discontinuous and the rule of it can be updated dynamically, it's scalable and flexible. Both laboratory testing and practical operation proved that the system has high performance and is stable.

Maya Kapoor,Joshua Melton,Michael Ridenhour,Mahalavanya Sriram,Thomas Moyer,Siddharth Krishnan

DOI: https://doi.org/10.48550/arXiv.2203.02744

2022-03-05

Abstract:Complex heterogeneous dynamic networks like knowledge graphs are powerful constructs that can be used in modeling data provenance from computer systems. From a security perspective, these attributed graphs enable causality analysis and tracing for analyzing a myriad of cyberattacks. However, there is a paucity in systematic development of pipelines that transform system executions and provenance into usable graph representations for machine learning tasks. This lack of instrumentation severely inhibits scientific advancement in provenance graph machine learning by hindering reproducibility and limiting the availability of data that are critical for techniques like graph neural networks. To fulfill this need, we present Flurry, an end-to-end data pipeline which simulates cyberattacks, captures provenance data from these attacks at multiple system and application layers, converts audit logs from these attacks into data provenance graphs, and incorporates this data with a framework for training deep neural models that supports preconfigured or custom-designed models for analysis in real-world resilient systems. We showcase this pipeline by processing data from multiple system attacks and performing anomaly detection via graph classification using current benchmark graph representational learning frameworks. Flurry provides a fast, customizable, extensible, and transparent solution for providing this much needed data to cybersecurity professionals.

Cryptography and Security,Machine Learning

Muhammad Jahanzeb Khan,Ruoyu Wang,Daniel Sun,Guoqiang Li

DOI: https://doi.org/10.1007/978-3-030-41418-4_19

2020-01-01

Abstract:Nowadays, data provenance is widely used to increase the accuracy of machine learning models. However, facing the difficulties in information heredity, these models produce data association. Most of the studies in the field of data provenance are focused on specific domains. And there are only a few studies on a machine learning (ML) framework with distinct emphasis on the accurate partition of coherent and physical activities with implementation of ML pipelines for provenance. This paper presents a novel approach to usage of data provenance which is also called data provenance based system for classification and linear regression in distributed machine learning (DPMLR). To develop the comprehensive approach for data analysis and visualization based on a collective set of functions for various algorithms and provide the ability to run large scale graph analysis, we apply StellarGraph as our primary ML structure. The preliminary results on the complex data stream structure showed that the overall overhead is no more than 20%. It opens up opportunities for designing an integrated system which performs dynamic scheduling and network bounded synchronization based on the ML algorithm.

Zhen Chen,Lingyun Ruan,Junwei Cao,Yifan Yu,Xin Jiang

DOI: https://doi.org/10.1109/tst.2013.6574679

2013-01-01

Tsinghua Science & Technology

Abstract:The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system （such as Hadoop, ZFS, etc.） and open cloud computing platform （such as OpenStack, CloudStack, and Eucalyptus, etc.）, it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit （TIFA） with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.

B. Gnana Deepthi,K. Sandhya Rani,P. Venkata Krishna,V. Saritha

DOI: https://doi.org/10.1007/s11042-023-17151-6

IF: 2.577

2023-10-02

Multimedia Tools and Applications

Abstract:Big Data technologies emerging day by day and are making drastic changes in various real-world applications. Traditional data mining tools adequate to process volumes of data but from past decades the rapid growth in data becomes difficult for processing. Due to continuous flow of data, data streams require additional computational processing than the traditional one. Big data stream processing considers different features of the data streams heterogeneity, scalability, fault tolerance and query optimization. Efficient implementation of these features in real-world applications using big data analytics is a challenging job during data storage, processing, and analysis phases. Therefore, the proposed model FRTSPS is a generic architecture which is influenced by popular big data processing Lambda architecture, based on distributed computing platform. The architecture using open-source platform Apache Flink for doing data processing. Flink is a popular platform for processing historical and stream data flows at once parallelly. Its stateful streaming can obtain more scalability and flexibility along with high throughput and low latency than the remaining stream processing programming models.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Li Zhao,Zhang Chuang,Xu Ke-fu

DOI: https://doi.org/10.1109/PCCC.2015.7410267

2015-01-01

Abstract:SpeedStream is a universal distributed platform that can handle with massive data flows with the features of low coupling, high availability, low latency and high scalability. Focusing on the core technologies of real-time stream computing platform in cloud environment, this paper conducts a series of researches and implementation of the system. First of all, aiming at the availability of real-time streaming computing platform, we design a high availability framework based on Zookeeper. It ensures fault detection and recovery of process level and node level timely by monitoring heartbreak of each modules and strategy of fault migration. Secondly, in order to increase the application types of the platform, by means of directed cycle detection and iteration protection, we design a real-time streaming computing model that based on directed graph with sources and sinks, which can not only satisfy the needs of common DAG computing services, but also support iteration computing services including directed cycle, bidirectional arcs and annular arcs. In addition, the platform can realize personalized task scheduling strategy for users by establishing task allocation matrix and optimize task allocation model. Finally, in order to solve the many-to-many dynamic load-balancing between tasks, we apply scheduler with status and distributed session table. It overcomes the difficulty of maintaining consistency of session without global session table. We also testified the convergence of this method. The experiment indicates that the throughput and data processing delay of SpeedStream are superior to other alternatives in dealing with the businesses of iteration applications, high traffic fluctuation applications, and high demand of load-balancing applications. This platform provides reliable, universal, and real-time solutions to process massive data flows, such as to process the real-time trading data in e-commerce, to analyze sensing flow in internet of things, and monitor traffics of the Internet.