On the Efficacy of Live DDoS Detection with Hadoop

Distributed Denial of Service flooding attacks are one of the biggest challenges to the availability of online services today. These DDoS attacks overwhelm the victim with huge volume of traffic and render it incapable of performing normal communication or crashes it completely. If there are delays in detecting the flooding attacks, nothing much can be done except to manually disconnect the victim and fix the problem. With the rapid increase of DDoS volume and frequency, the current DDoS detection technologies are challenged to deal with huge attack volume in reasonable and affordable response time. In this paper, we propose HADEC, a Hadoop based Live DDoS Detection framework to tackle efficient analysis of flooding attacks by harnessing MapReduce and HDFS. We implemented a counter-based DDoS detection algorithm for four major flooding attacks (TCP-SYN, HTTP GET, UDP and ICMP) in MapReduce, consisting of map and reduce functions. We deployed a testbed to evaluate the performance of HADEC framework for live DDoS detection. Based on the experiments we showed that HADEC is capable of processing and detecting DDoS attacks in affordable time

Measurement and field observation of atmospheric nanoparticles

13301甲第4638号博士（工学）金沢大学博士論文要旨Abstract 要旨Outline 以下に掲載：Atmospheric Environment 141 pp.30-40 2016. Elsevier. 共著者：Indra Chandra, Seyoung Kim, Takafumi Seto, Yoshio Otani, Akinori Takami, Ayako Yoshino, Satoshi Irei, Kihong Park, Tamio Takamura, Naoki Kaneyashu, Shiro Hatakeyam

On the Effectiveness of Genetic Search in Combinatorial Optimization

In this paper, we study the efficacy of genetic algorithms in the context of combinatorial optimization. In particular, we isolate the effects of cross-over, treated as the central component of genetic search. We show that for problems of nontrivial size and difficulty, the contribution of cross-over search is marginal, both synergistically when run in conjunction with mutation and selection, or when run with selection alone, the reference point being the search procedure consisting of just mutation and selection. The latter can be viewed as another manifestation of the Metropolis process. Considering the high computational cost of maintaining a population to facilitate cross-over search, its marginal benefit renders genetic search inferior to its singleton-population counterpart, the Metropolis process, and by extension, simulated annealing. This is further compounded by the fact that many problems arising in practice may inherently require a large number of state transitions for a near-optimal solution to be found, making genetic search infeasible given the high cost of computing a single iteration in the enlarged state-space.NSF (CCR-9204284

Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks

Denial of Service (DoS) attacks are one of the most challenging threats to Internet security. An attacker typically compromises a large number of vulnerable hosts and uses them to flood the victim's site with malicious traffic, clogging its tail circuit and interfering with normal traffic. At present, the network operator of a site under attack has no other resolution but to respond manually by inserting filters in the appropriate edge routers to drop attack traffic. However, as DoS attacks become increasingly sophisticated, manual filter propagation becomes unacceptably slow or even infeasible. In this paper, we present Active Internet Traffic Filtering, a new automatic filter propagation protocol. We argue that this system provides a guaranteed, significant level of protection against DoS attacks in exchange for a reasonable, bounded amount of router resources. We also argue that the proposed system cannot be abused by a malicious node to interfere with normal Internet operation. Finally, we argue that it retains its efficiency in the face of continued Internet growth.Comment: Briefly describes the core ideas of AITF, a protocol for facing Denial of Service Attacks. 6 pages lon

Estimasi Parameter Hurst Pada Trafik Internet Untuk Analisis Kinerja Jaringan Internet Kampus

Salah satu cara untuk mengetahui kinerja jaringan internet adalah dengan mengukur trafik internetnya pada periode dan interval tertentu dan mengolahnya dengan menggunakan estimasi parameter Hurst. Estimasi parameter Hurst-nya menggunakan pemodelan FARIMA(p,d,q) sehingga diperoleh besaran parameter Hurst (H), yaitu H Î (½, 1) di mana semakin mendekati nilai 1 semakin berat beban jaringannya. Pada makalah ini trafik internet yang digunakan adalah aliran paket data internet (internet packet-flow traffic) yang mengalir melewati 4 router yang berbeda tempat di kampus Universitas Surabaya (Ubaya) yaitu router di Fakultas Teknik (FT), Fakultas Bisnis dan Ekonomika (FBE), Gedung Perpustakaan dan kampus A Ubaya Ngagel. Pengukuran trafik internet menggunakan perangkat lunak tcpdump pada tanggal 11 Juli 2013 dilakukan dari jam 06.00 WIB sampai 18.00 WIB dengan sampel pengukuran 1 detik. Hasil perhitungan dan analisis menunjukkan bahwa nilai parameter Hurst di lokasi router kampus A Ubaya Ngagel dengan nilai H = 0,81878, lokasi Perpustakaan H = 0,9799354, FT dengan H = 0,999987 dan FBE dengan nilai H = 0,999997. Dengan demikian dapat disimpulkan bahwa kinerja jaringan internet terbaik ada pada kampus A Ubaya Ngagel