2,036 research outputs found
A Computational Approach to Packet Classification
Multi-field packet classification is a crucial component in modern
software-defined data center networks. To achieve high throughput and low
latency, state-of-the-art algorithms strive to fit the rule lookup data
structures into on-die caches; however, they do not scale well with the number
of rules. We present a novel approach, NuevoMatch, which improves the memory
scaling of existing methods. A new data structure, Range Query Recursive Model
Index (RQ-RMI), is the key component that enables NuevoMatch to replace most of
the accesses to main memory with model inference computations. We describe an
efficient training algorithm that guarantees the correctness of the
RQ-RMI-based classification. The use of RQ-RMI allows the rules to be
compressed into model weights that fit into the hardware cache. Further, it
takes advantage of the growing support for fast neural network processing in
modern CPUs, such as wide vector instructions, achieving a rate of tens of
nanoseconds per lookup. Our evaluation using 500K multi-field rules from the
standard ClassBench benchmark shows a geometric mean compression factor of
4.9x, 8x, and 82x, and average performance improvement of 2.4x, 2.6x, and 1.6x
in throughput compared to CutSplit, NeuroCuts, and TupleMerge, all
state-of-the-art algorithms.Comment: To appear in SIGCOMM 202
Security at the Edge for Resource-Limited IoT Devices
The Internet of Things (IoT) is rapidly growing, with an estimated 14.4 billion active endpoints in 2022 and a forecast of approximately 30 billion connected devices by 2027. This proliferation of IoT devices has come with significant security challenges, including intrinsic security vulnerabilities, limited computing power, and the absence of timely security updates. Attacks leveraging such shortcomings could lead to severe consequences, including data breaches and potential disruptions to critical infrastructures.
In response to these challenges, this research paper presents the IoT Proxy, a modular component designed to create a more resilient and secure IoT environment, especially in resource-limited scenarios.
The core idea behind the IoT Proxy is to externalize security-related aspects of IoT devices by channeling their traffic through a secure network gateway equipped with different Virtual Network Security Functions (VNSFs). Our solution includes a Virtual Private Network (VPN) terminator and an Intrusion Prevention System (IPS) that uses a machine learning-based technique called oblivious authentication to identify connected devices. The IoT Proxy’s modular, scalable, and externalized security approach creates a more resilient and secure IoT environment, especially for resource-limited IoT devices. The promising experimental results from laboratory testing demonstrate the suitability of IoT Proxy to secure real-world IoT ecosystems
Training Passive Photonic Reservoirs with Integrated Optical Readout
As Moore's law comes to an end, neuromorphic approaches to computing are on
the rise. One of these, passive photonic reservoir computing, is a strong
candidate for computing at high bitrates (> 10 Gbps) and with low energy
consumption. Currently though, both benefits are limited by the necessity to
perform training and readout operations in the electrical domain. Thus, efforts
are currently underway in the photonic community to design an integrated
optical readout, which allows to perform all operations in the optical domain.
In addition to the technological challenge of designing such a readout, new
algorithms have to be designed in order to train it. Foremost, suitable
algorithms need to be able to deal with the fact that the actual on-chip
reservoir states are not directly observable. In this work, we investigate
several options for such a training algorithm and propose a solution in which
the complex states of the reservoir can be observed by appropriately setting
the readout weights, while iterating over a predefined input sequence. We
perform numerical simulations in order to compare our method with an ideal
baseline requiring full observability as well as with an established black-box
optimization approach (CMA-ES).Comment: Accepted for publication in IEEE Transactions on Neural Networks and
Learning Systems (TNNLS-2017-P-8539.R1), copyright 2018 IEEE. This research
was funded by the EU Horizon 2020 PHRESCO Grant (Grant No. 688579) and the
BELSPO IAP P7-35 program Photonics@be. 11 pages, 9 figure
An IoT Architecture Leveraging Digital Twins: Compromised Node Detection Scenario
Modern IoT (Internet of Things) environments with thousands of low-end and
diverse IoT nodes with complex interactions among them and often deployed in
remote and/or wild locations present some unique challenges that make
traditional node compromise detection services less effective. This paper
presents the design, implementation and evaluation of a fog-based architecture
that utilizes the concept of a digital-twin to detect compromised IoT nodes
exhibiting malicious behaviors by either producing erroneous data and/or being
used to launch network intrusion attacks to hijack other nodes eventually
causing service disruption. By defining a digital twin of an IoT infrastructure
at a fog server, the architecture is focused on monitoring relevant information
to save energy and storage space. The paper presents a prototype implementation
for the architecture utilizing malicious behavior datasets to perform
misbehaving node classification. An extensive accuracy and system performance
evaluation was conducted based on this prototype. Results show good accuracy
and negligible overhead especially when employing deep learning techniques such
as MLP (multilayer perceptron).Comment: This work has been submitted to the IEEE for possible publicatio
A Learning-based Approach to Exploiting Sensing Diversity in Performance Critical Sensor Networks
Wireless sensor networks for human health monitoring, military surveillance, and disaster warning all have stringent accuracy requirements for detecting and classifying events while maximizing system lifetime. to meet high accuracy requirements and maximize system lifetime, we must address sensing diversity: sensing capability differences among both heterogeneous and homogeneous sensors in a specific deployment. Existing approaches either ignore sensing diversity entirely and assume all sensors have similar capabilities or attempt to overcome sensing diversity through calibration. Instead, we use machine learning to take advantage of sensing differences among heterogeneous sensors to provide high accuracy and energy savings for performance critical applications.;In this dissertation, we provide five major contributions that exploit the nuances of specific sensor deployments to increase application performance. First, we demonstrate that by using machine learning for event detection, we can explore the sensing capability of a specific deployment and use only the most capable sensors to meet user accuracy requirements. Second, we expand our diversity exploiting approach to detect multiple events using a distributed manner. Third, we address sensing diversity in body sensor networks, providing a practical, user friendly solution for activity recognition. Fourth, we further increase accuracy and energy savings in body sensor networks by sharing sensing resources among neighboring body sensor networks. Lastly, we provide a learning-based approach for forwarding event detection decisions to data sinks in an environment with mobile sensor nodes
Real-time detection of grid bulk transfer traffic
The current practice of physical science research has yielded a continuously growing demand for interconnection network bandwidth to support the sharing of large datasets. Academic research networks and internet service providers have provisioned their networks to handle this type of load, which generates prolonged, high-volume traffic between nodes on the network. Maintenance of QoS for all network users demands that the onset of these (Grid bulk) transfers be detected to enable them to be reengineered through resources specifically provisioned to handle this type of traffic. This paper describes a real-time detector that operates at full-line-rate on Gb/s links, operates at high connection rates, and can track the use of ephemeral or non-standard ports
- …