Ruiting Zhou,Yifan Zeng,Lei Jiao,Yi Zhong,Liujing Song

DOI: https://doi.org/10.1109/tmc.2024.3360077

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:To mitigate Distributed Denial-of-Service (DDoS) attacks towards enterprise networks, we study the problem of scheduling DDoS traffic through on-premises scrubbing at the local edge and on-demand scrubbing in the remote clouds. We model this problem as a nonlinear mixed- integer program, which is characterized by the inputs of arbitrary dynamics and the trade-offs between staying at suboptimal scrubbing locations and using different best locations with switching overhead. We first design a prediction-oblivious online algorithm which consists of a carefully-designed fractional algorithm to pursue the long-term total cost minimization but avoid excessive switching overhead over time, and a randomized rounding algorithm to derive the flow-based, integral decisions. We next design a prediction-aware online algorithm which leverages the predicted inputs and can make even better scheduling decisions through invoking our prediction-oblivious online algorithm and improving its solutions via re-solving the original problem slice over each prediction window. We further extend our study to prioritize local scrubbing, and adapt our algorithms to this case correspondingly. Then, we rigorously prove the worst-case, constant competitive performance guarantees of our online algorithms. Finally, we conduct extensive evaluations and validate the superiority of our approach over multiple existing alternatives approaches.

Lei Jiao,Ruiting Zhou,Xiaojun Lin,Xu Chen

DOI: https://doi.org/10.1145/3323679.3326525

2019-01-01

Abstract:Operating distributed Scrubbing Centers (SCs) to mitigate massive Distributed Denial of Service (DDoS) traffic in large-scale networks faces critical challenges. The operator needs to determine the diversion rule installation and elimination in the networks, as well as the scrubbing resource activation and revocation in the SCs, while minimizing the long-term cost and the cumulative decision-switching penalty without knowing the exact amount of the malicious traffic. We model and formulate this problem as an online nonlinear integer program. In contrast to many other online problems where future inputs are unknown but at least current inputs are known, a key new challenge here is that even part of the current inputs are unknown when decisions are made. To "learn" the best decisions online, we transform our problem via a gap-preserving approximation into an online optimization problem with only the known inputs, which is further relaxed and decoupled into a series of one-shot convex programs solvable in individual time slots. To overcome the intractability, we design a progressive rounding algorithm to convert fractional decisions into integral ones without violating the constraints. We characterize the competitive ratio of our approach as a function of the key parameters of our problem. We conduct evaluations using real-world data and confirm our algorithms' superiority over de facto practices and state-of-the-art methods.

Wencong You,Lei Jiao,Jun Li,Ruiting Zhou

DOI: https://doi.org/10.1109/infocom41043.2020.9155493

2020-01-01

Abstract:While both Internet Service Providers (ISPs) and third-party Security Service Providers (SSPs) offer Distributed Denial-of-Service (DDoS) mitigation services through cloud-based scrubbing centers, it is often beneficial for ISPs to outsource part of the traffic scrubbing to SSPs to achieve less economic cost and better network performance. To explore this potential, we design an online auction mechanism, featured by the challenge of the switching cost of using different winning bids over time. Formulating the social cost minimization as a nonconvex integer program, we firstly relax it and design an online algorithm that breaks it into a series of modified single-shot problems and solves each of them in polynomial time, without requiring knowledge of future inputs; then, we design a randomized rounding algorithm to convert the fractional decisions into integers without violating any constraints; and finally, we design the payment for each bid based on its winning probability. We rigorously prove that our mechanism achieves a parameterized-constant competitive ratio for the long-term social cost, with truthfulness and individual rationality in expectation. We also exhibit its superior practical performance via evaluations driven by real-world data traces.

Yanhua Cao,Li Lu,Jiadi Yu,Shiyou Qian,Yanmin Zhu,Minglu Li,Jian Cao,Zhong Wang,Juan Li,Guangtao Xue

DOI: https://doi.org/10.1007/978-3-319-68783-4_18

2017-01-01

Abstract:The hybrid cloud computing model has been attracting considerable attention in the past years. Due to security and controllability of private cloud, some special requests ask to be scheduled on private cloud, when requests are “bursting”, the requests may be rejected because of the limited resources of private cloud. In this paper, we propose the online cost-aware service requests scheduling strategy in hybrid clouds (OCS) which could make suitable requests placement decisions real-time and minimize the cost of renting public cloud resources with a low rate of rejected requests. All service requests are divided into two categories, the special requests ask to be accepted on private cloud, and the normal requests are insensitive on private or public cloud. In addition, all requests arrive in random, without any prior knowledge of future arrivals. We transform the online model into a one-shot optimization problem by taking advantage of Lyapunov optimization techniques, then employ the optimal decay algorithm to solve the one-shot problem. The simulation results demonstrate that OCS is trade-off between cost and rejection rate, meanwhile it can let the resource utilization arbitrarily close to the optimum.

Lei Xu,Zonghui Wang,Wenzhi Chen

2014-01-01

Journal of information science and engineering

Abstract:The biggest advantage of employing virtualization in cloud is the ability to provision resource flexibly which makes "pay-as-use" model possible. However, since the workload of virtual machine constantly changes, it is still a challenge that efficiently schedule resource by migrating virtual machines among lots of hosts, especially with multi-objective to meet, like power and QoS constraints. In this paper, we present a dynamic resource scheduling solution, named Smart-DRS, which can well determines when to schedule, which to schedule, and where to schedule. It is an integrated framework that aims to deal well with hotspot mitigation, load balancing and server consolidation which are classic problems to solve in on-demand clouds. The experimental results show that our framework strikes a balance between efficiency, overhead and instantaneity.

Lei Xu,Zonghui Wang,Wenzhi Chen

2014-01-01

Journal of information science and engineering

Abstract:The biggest advantage of employing virtualization in cloud is the ability to provision resource flexibly which makes “pay-as-use” model possible. However, since the workload of virtual machine constantly changes, it is still a challenge that efficiently schedule resource by migrating virtual machines among lots of hosts, especially with multi-objective to meet, like power and QoS constraints. In this paper, we present a dynamic resource scheduling solution, named Smart-DRS, which can well determines when to schedule, which to schedule, and where to schedule. It is an integrated framework that aims to deal well with hotspot mitigation, load balancing and server consolidation which are classic problems to solve in on-demand clouds. The experimental results show that our framework strikes a balance between efficiency, overhead and instantaneity.

Minghui Zhao,Wei Wang,Yitu Wang,Zhaoyang Zhang

DOI: https://doi.org/10.1007/s12083-018-0695-4

IF: 3.488

2018-01-01

Peer-to-Peer Networking and Applications

Abstract:Due to the intensive computation requirements of emerging applications and the limited computational capability of edge computing servers, the computation task must be executed on multiple edge servers in a distributive and cooperative manner. However, the large amount of information exchanged among the edge servers is a major obstacle for improving the computing performance. By utilizing the excess computational resource, coded MapReduce provides an effective approach to reduce the communication load. In this paper, we develop a stochastic load scheduling framework to complete the computation tasks with coded MapReduce considering the intrinsic tradeoff between the communication and computation loads. Our goal is to minimize the communication load under time-varying excess computational resources. We first reduce this problem to a task scheduling problem by exploiting the property of the computing repetition in the coded MapReduce framework. Since the task scheduling problem is still a stochastic optimization problem, it is generally difficult to solve. In the offline setting, we obtain the optimal computation load scheduling algorithm by adopting the augmented Lagrangian method. In the online setting, we derive a worst-case performance bound of the online equal task scheduling (ETS) algorithm by using competitive analysis. Furthermore, we make full use of past state information of computing resources for pre-planing and propose an improved algorithm based on the ETS algorithm in a learning manner. Finally, our proposed algorithm is evaluated by simulation to demonstrate that the proposed algorithms are superior over the conventional algorithms, and the performance gap between the online and offline algorithms is fairly small.

Fangyuan Xing,Fei Tong,Jialong Yang,Guang Cheng,Shibo He

DOI: https://doi.org/10.1109/tcc.2024.3480194

IF: 5.697

2024-01-01

IEEE Transactions on Cloud Computing

Abstract:Distributed Denial of Service (DDoS) attacks threaten cloud servers by flooding redundant requests, leading to system resource exhaustion and legitimate service shutdown. Existing DDoS attack mitigation mechanisms mainly rely on resource expansion, which may result in unexpected resource over-provisioning and accordingly increase cloud system costs. To effectively mitigate DDoS attacks without consuming extra resources, the main challenges lie in the compromise between incoming requests and available cloud resources. This paper proposes a resource-aware DDoS attack mitigation framework named RAM, where the mechanism of feedback in control theory is employed to adaptively adjust the interaction between incoming requests and available cloud resources. Specifically, two indicators including request confidence level and maximum cloud workload are designed. In terms of these two indicators, the incoming requests will be classified using proportional-integralderivative (PID) feedback control-based classification scheme with request determination adaptation. The incoming requests can be subsequently processed according to their confidence levels as well as the workload and available resources of cloud servers, which achieves an effective resource-aware mitigation of DDoS attacks. Extensive experiments have been conducted to verify the effectiveness of RAM, which demonstrate that the proposed RAM can improve the request classification performance and guarantee the quality of service.

Yajie Li,Yingqi Zhao,Jun Li,Xiaosong Yu,Yongli Zhao,Jie Zhang

DOI: https://doi.org/10.1109/access.2021.3134671

IF: 3.9

2021-01-01

IEEE Access

Abstract:Time-Wavelength Division Multiplexing Passive Optical Network (TWDM-PON) is considered as a promising solution of next generation PON (NG-PON). The integration of Edge Computing (EC) and TWDM-PON can satisfy the QoS requirements of delay-sensitive applications by providing storage, processing and caching capabilities at the network edge. However, with limited resource capacity, edge nodes in TWDM-PON are vulnerable to network attacks, e.g., Distributed Denial of Service (DDoS) attacks. Resource exhaustion in the attacked nodes easily leads to QoS degradation and even service blocking. This paper investigates how to effectively schedule traffic to mitigate the DDoS attack in EC-enabled TWDM-PON. Based on the collaboration of edge nodes, an adaptive traffic scheduling algorithm is designed to minimize the impact of DDoS attacks on delay sensitive services. The performance of the proposed algorithm is evaluated in simulation, where direct and indirect DDoS attacks are simulated. Besides, the attack duration and the number of attacked nodes are considered in the evaluation. Simulation results show that the proposed algorithm can effectively mitigate DDoS attacks in terms of reducing the QoS degradation rate and blocking rate of delay-sensitive services.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tong Liu,Lu Fang,Yanmin Zhu,Weiqin Tong,Yuanyuan Yang

DOI: https://doi.org/10.1109/tmc.2020.3045471

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Due to the explosion of mobile devices and the evolution of wireless communication technologies, novel applications with intensive computation demands and low-latency requirements have arisen. Edge computing has been proposed as an extension of cloud computing, which moves computation workloads from remote cloud to network edge. Cooperating edge computing and cloud computing can significantly reduce the latency of computation tasks. However, considering the heterogeneity and stochastic arrivals of tasks and the limited computation and communication resources on the edge, task offloading and resource allocation are two joint crucial problems in an edge-cloud orchestrated computing system. In this paper, we propose an online task offloading and resource allocation approach for edge-cloud orchestrated computing, with the aim to minimize the average latency of tasks over time. We first build system models to analyze the latency and energy consumption incurred under different computing modes and formally formulate the joint problem as a mixed-integer optimal decision problem. Then, we employ Lyapunov optimization and duality theory to decompose the problem into a set of subproblems, which can be solved in a semi-decentralized way. We also formally analyze that our approach can achieve near-optimal performance. Extensive simulations are conducted to verify the superiority of our approach.

computer science, information systems,telecommunications

Haiou Huang,Bangyi Sun,Liang Hu

DOI: https://doi.org/10.1016/j.cose.2024.103789

IF: 5.105

2024-02-01

Computers & Security

Abstract:Edge computing mitigates the high latency and other issues associated with cloud computing, but it also introduces new risks. One such issue is DDoS attacks on edge servers, which arise when edge tasks are offloaded. There is a dearth of research on countermeasures for these kinds of DDoS attacks. Consequently, we present EDM_TOS, a task offloading strategy. This technique makes sure that tasks are transferred to dependable edge nodes based on the edge nodes' risk assessment mechanism, thereby reducing edge DDoS attacks. On the other hand, EDM_TOS works better than current approaches in five domains of evaluating awareness and capacity limitations for resolving edge DDoS attacks and issues with edge computing offloading. The edge computing task offloading algorithm, weighted cluster analysis algorithm, and risk assessment algorithm, respectively, are used to implement the risk assessment module, cluster analysis module, and task offloading module of the EDM_TOS mechanism. The three modules were evaluated experimentally. The findings demonstrate that the task offloading module's transactions per second (TPS) and the risk assessment module's malicious detection rate (MDR) respectively outperform to those of other policies. The cluster analysis module's clustering effect is superior to that of the conventional K-means algorithm. EDM_TOS performs better than current methods for thwarting edge DDoS attacks, according to performance assessments on five datasets. EDM_TOS can successfully fend off edge DDoS attacks, as demonstrated by practice.

computer science, information systems

Haisheng Tan,Zhenhua Han,Xiang-Yang Li,Francis C. M. Lau

DOI: https://doi.org/10.1109/infocom.2017.8057116

2017-01-01

Abstract:In edge-cloud computing, a set of edge servers are deployed near the mobile devices such that these devices can offload jobs to the servers with low latency. One fundamental and critical problem in edge-cloud systems is how to dispatch and schedule the jobs so that the job response time (defined as the interval between the release of a job and the arrival of the computation result at its device) is minimized. In this paper, we propose a general model for this problem, where the jobs are generated in arbitrary order and times at the mobile devices and offloaded to servers with both upload and download delays. Our goal is to minimize the total weighted response time over all the jobs. The weight is set based on how latency sensitive the job is. We derive the first online job dispatching and scheduling algorithm in edge-clouds, called OnDisc, which is scalable in the speed augmentation model; that is, OnDisc is (1 + ε)-speed O(1/ε)-competitive for any constant ε ϵ (0,1). Moreover, OnDisc can be easily implemented in distributed systems. Extensive simulations on a real-world data-trace from Google show that OnDisc can reduce the total weighted response time dramatically compared with heuristic algorithms.

Shui Yu,Yonghong Tian,Song Guo,Dapeng Oliver Wu

DOI: https://doi.org/10.1109/tpds.2013.181

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud is becoming a dominant computing platform. Naturally, a question that arises is whether we can beat notorious DDoS attacks in a cloud environment. Researchers have demonstrated that the essential issue of DDoS attack and defense is resource competition between defenders and attackers. A cloud usually possesses profound resources and has full control and dynamic allocation capability of its resources. Therefore, cloud offers us the potential to overcome DDoS attacks. However, individual cloud hosted servers are still vulnerable to DDoS attacks if they still run in the traditional way. In this paper, we propose a dynamic resource allocation strategy to counter DDoS attacks against individual cloud customers. When a DDoS attack occurs, we employ the idle resources of the cloud to clone sufficient intrusion prevention servers for the victim in order to quickly filter out attack packets and guarantee the quality of the service for benign users simultaneously. We establish a mathematical model to approximate the needs of our resource investment based on queueing theory. Through careful system analysis and real-world data set experiments, we conclude that we can defeat DDoS attacks in a cloud environment.

Jingping She,Ne Wang,Ruiting Zhou,Chen Tian

DOI: https://doi.org/10.1109/nana53684.2021.00031

2021-01-01

Abstract:Compared with traditional cloud computing, edge-cloud computing brings many benefits, such as low latency, low bandwidth cost, and high security. Thanks to these advantages, a large number of distributed machine learning (ML) jobs are trained on the edge-cloud network to support smart applications, adopting the parameter server (PS) architecture. The scheduling of such ML jobs needs to consider different data transmission delay and frequent communication between workers and PSs, which brings a fundamental challenge: how to deploy workers and PSs on edge-cloud networks for ML jobs to minimize the average job completion time. To solve this problem, we propose an online scheduling framework to determine the location and execution time window for each job upon its arrival. Our algorithm includes: (i) an online scheduling framework that groups unprocessed ML jobs iteratively into multiple batches; (ii) a batch scheduling algorithm that maximizes the number of scheduled jobs in the current batch; (iii) two greedy algorithms that deploy workers and PSs to minimize the deployment cost. Large-scale and trace-driven simulations show that our algorithm is superior to the most common and advanced schedulers in today’s cloud systems.

Ruiting Zhou,Ne Wang,Yifeng Huang,Jinlong Pang,Hao Chen

DOI: https://doi.org/10.1109/tmc.2022.3195765

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:5G and Internet of Things stimulate smart applications of edge computing, such as autonomous driving and smart city. As edge computing power increases, more and more machine learning (ML) jobs will be trained in the edge-cloud network, adopting the parameter server (PS) architecture. Due to the distinct features of the edge (low-latency and the scarcity of resources), the cloud (high delay and rich computing capacity) and ML jobs (frequent communication between workers and PSs and unfixed runtime), existing cloud job pricing and scheduling algorithms are not applicable. Therefore, how to price, deploy and schedule ML jobs in the edge-cloud network becomes a challenging problem. To solve it, we propose an auction-based online framework DPS. DPS consists of three major parts: job admission control, price function design and scheduling orchestrator. DPS dynamically prices workers and PSs based on historical job information and real-time system status, and decides whether to accept the job according to the deployment cost. DPS then deploys and schedules accepted ML jobs to pursue the maximum social welfare. Through theoretical analysis, we prove that DPS can achieve a good competition ratio and truthfulness in polynomial time. Large-scale simulations and testbed experiments show that DPS can improve social welfare by at least $95\%$, compared with benchmark algorithms in today's cloud system.

computer science, information systems,telecommunications

Liuyan Liu,Haoqiang Huang,Haisheng Tan,Wanli Cao,Panlong Yang,Xiang-Yang Li

DOI: https://doi.org/10.1007/978-3-030-23597-0_17

2019-01-01

Abstract:Modern applications in mobile computing become increasingly complex and computation intensive. Task offloading from mobile devices to the cloud is more and more frequent. Edge Computing, deploying relatively small-scale edge servers close to users, is a promising cloud computing paradigm to reduce the network communication delay. Due to the limited capability, each edge server can be configured with only a small amount of functions to run corresponding tasks. Moreover, a mobile application might consist of multiple dependent tasks, which can be modeled and scheduled as Directed Acyclic Graphs (DAGs). When an application request arrives online, typically with a deadline specified, we need to configure the edge servers and assign the dependent tasks for processing. In this work, we jointly tackle on-demand function configuration on edge servers and DAG scheduling to meet as many request deadlines as possible. Based on list scheduling methodologies, we propose a novel online algorithm, named OnDoc, which is efficient and easy to deploy in practice. Extensive simulations on the data trace from Alibaba (including more than 3 million application requests) demonstrate that OnDoc outperforms state-of-the-art baselines consistently on various experiment settings.

Bin Yuan,Huan Zhao,Chen Lin,Deqing Zou,Laurence Tianruo Yang,Hai Jin,Ligang He,Shui Yu

DOI: https://doi.org/10.1109/tnse.2020.2981449

IF: 6.6

2020-10-01

IEEE Transactions on Network Science and Engineering

Abstract:As the cloud systems gain in popularity, they suffer from cyber attacks. One of the most notorious cyber attacks is Distributed Denial of Service (DDoS) attack, which aims to drain the system resources so that the system becomes unresponsive to the genuine users. DDoS attack and defense essentially revolve around resource competition. Many efforts have been made from the perspective of resource investment and management. However, these defending schemes assume that the resources available to defend the attacks are unlimited without taking the financial cost into account. Such coarse-grained defense strategies could cause the problem of resource overprovisioning, which would incur unwanted extra costs to the defender. To tackle this issue, we systematically investigate the problem and propose a birth-death-based fine-grained resource management mechanism, which can both scale in/out and scale down/up. That is, the proposed mechanism adaptively selects the optimal resource leasing mode for cloud service customers so that they can defeat the DDoS attack with minimal financial cost. Extensive analyses and empirical data-based experiments are conducted. The results show both the effectiveness and efficiency of the proposed approach. Comparing to existing work, our proposal can averagely save 53.58% (up to 93.75%) of the cost for the attack defense.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Yuquan Shan,George Kesidis,Daniel Fleck,Angelos Stavrou

DOI: https://doi.org/10.48550/arXiv.1704.06794

2017-08-02

Abstract:We consider a cloud based multiserver system, that may be cloud based, consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We address cloud-side proactive and reactive defenses to combat DDoS attacks that may target this system. DDoS attacks are endemic with some notable attacks occurring just this past fall. Volumetric attacks may target proxies while "low volume" attacks may target replicas. After reviewing existing and proposed defenses, such as changing proxy IP addresses (a "moving target" technique to combat the reconnaissance phase of the botnet) and fission of overloaded servers, we focus on evaluation of defenses based on shuffling client-to-server assignments that can be both proactive and reactive to a DDoS attack. Our evaluations are based on a binomial distribution model that well agrees with simulations and preliminary experiments on a prototype that is also described.

Cryptography and Security

Ne Wang,Ruiting Zhou,Lei Jiao,Renli Zhang,Bo Li,Zongpeng Li

DOI: https://doi.org/10.1109/jsac.2022.3180772

IF: 16.4

2022-07-20

IEEE Journal on Selected Areas in Communications

Abstract:Recent advances in 5G and edge computing enable rapid development and deployment of edge-cloud systems, which are ideal for delay-sensitive machine learning (ML) applications such as autonomous driving and smart city. Distributed ML jobs often need to train a large model with enormous datasets, which can only be handled by deploying a distributed set of workers in an edge-cloud system. One common approach is to employ a parameter server (PS) architecture, in which training is carried out at multiple workers, while PSs are used for aggregation and model updates. In this architecture, one of the fundamental challenges is how to dispatch ML jobs to workers and PSs such that the average job completion time (JCT) can be minimized. In this work, we propose a novel online preemptive scheduling framework to decide the location and the execution time window of concurrent workers and PSs upon each job arrival. Specifically, our proposed scheduling framework consists of: i) a job dispatching and scheduling algorithm that assigns each ML job to workers and decides the schedule to train each data chunk; ii) a PS assignment algorithm that determines the placement of PS. We prove theoretically that our proposed algorithm is -competitive with -speed augmentation, where is the maximal number of data chunks in any job. Extensive testbed experiments and trace-driven simulations show that our algorithm can reduce the average JCT by up to 30% compared with state-of-the-art baselines.

telecommunications,engineering, electrical & electronic

Lei Jiao,Lingjun Pu,Lin Wang,Xiaojun Lin,Jun Lil,Jun Li

DOI: https://doi.org/10.1109/sahcn.2018.8397141

2018-06-01

Abstract:Operating distributed cloudlets at optimal cost is nontrivial when facing not only the dynamic and unpredictable resource prices and user requests, but also the low efficiency of today's immature cloudlet infrastructures. We propose to control cloudlet networks at multiple granularities-fine-grained control of servers inside cloudlets and coarse-grained control of cloudlets themselves. We model this problem as a mixed-integer nonlinear program with the switching cost over time. To solve this problem online, we firstly linearize, “regularize”, and decouple it into a series of one-shot subproblems that we solve at each corresponding time slot, and afterwards we design an iterative, dependent rounding framework using our proposed randomized pairwise rounding algorithm to convert the fractional control decisions into the integral ones at each time slot. Via rigorous theoretical analysis, we exhibit our approach's performance guarantee in terms of the competitive ratio and the multiplicative integrality gap towards the offline optimal integral decisions. Extensive evaluations with real-world data confirm the empirical superiority of our approach over the single granularity server control and the state-of-the-art algorithms.