LAMP: Prompt Layer 7 Attack Mitigation with Programmable Data Planes

While there are various methods to detect application layer attacks or intrusion attempts on an individual end host, it is not efficient to provide all end hosts in the network with heavy-duty defense systems or software firewalls. In this work, we leverage a new concept of programmable data planes, to directly react on alerts raised by a victim and prevent further attacks on the whole network by blocking the attack at the network edge. We call our design LAMP, Layer 7 Attack Mitigation with Programmable data planes. We implemented LAMP using the P4 data plane programming language and evaluated its effectiveness and efficiency in the Behavioral Model (bmv2) environment

Toward incremental FIB aggregation with quick selections (FAQS)

Several approaches to mitigating the Forwarding Information Base (FIB) overflow problem were developed and software solutions using FIB aggregation are of particular interest. One of the greatest concerns to deploy these algorithms to real networks is their high running time and heavy computational overhead to handle thousands of FIB updates every second. In this work, we manage to use a single tree traversal to implement faster aggregation and update handling algorithm with much lower memory footprint than other existing work. We utilize 6-year realistic IPv4 and IPv6 routing tables from 2011 to 2016 to evaluate the performance of our algorithm with various metrics. To the best of our knowledge, it is the first time that IPv6 FIB aggregation has been performed. Our new solution is 2.53 and 1.75 times as fast as the-state-of-the-art FIB aggregation algorithm for IPv4 and IPv6 FIBs, respectively, while achieving a near-optimal FIB aggregation ratio

Toward a Programmable FIB Caching Architecture

The current Internet routing ecosystem is neither sustainable nor economical. More than 711K IPv4 routes and more than 41K IPv6 routes exist in current global Forwarding Information Base (FIBs) with growth rates increasing. This rapid growth has serious consequences, such as creating the need for costly FIB memory upgrades and increased potential for Internet service outages. And while FIB memories are power-hungry and prohibitively expensive, more than 70\% of the routes in FIBs carry no traffic for long time periods, a wasteful use of these expensive resources. Taking advantage of the emerging concept of programmable data plane, we design a programmable FIB caching architecture to address the existing concerns. Our preliminary evaluation results show that the architecture can significantly mitigate the global routing scalability and poor FIB utilization issues

Understading Multiple Origin AS Conflicts

Internet routing problems are often difficult to detect and diagnose because one address prefix can be originated by multiple ASes. There is, however, no comprehensive analysis on the causes of Multiple Origin AS (MOAS) conflicts. In this paper, we study the characteristics of MOAS conflicts and compare them with those from 10 years ago. We also provide an in-depth examination of four MOAS causes--IXP, anycast, false origin AS, and origin-AS transition. Furthermore, we propose two heuristics to identify MOAS conflicts caused by false origin ASes and origin-AS transitions. The findings from our study and proposed heuristics can help us design effective mechanisms to distinguish legitimate MOAS conflicts from illegitimate ones, thus improving the reliability and security of Internet routing

Reducing Router Forwarding Table Size Using Aggregation and Caching

The fast growth of global routing table size has been causing concerns that the Forwarding Information Base (FIB) will not be able to fit in existing routers\u27 expensive line-card memory, and upgrades will lead to a higher cost for network operators and customers. FIB Aggregation, a technique that merges multiple FIB entries into one, is probably the most practical solution since it is a software solution local to a router, and does not require any changes to routing protocols or network operations. While previous work on FIB aggregation mostly focuses on reducing table size, this work focuses on algorithms that can update compressed FIBs quickly and incrementally. Quick updates are critical to routers because they have very limited time to process routing updates without impacting packet delivery performance. We have designed three algorithms: FIFA-S for the smallest table size, FIFA-T for the shortest running time, and FIFA-H for both small tables and short running time, and operators can use the one best suited to their needs. These algorithms significantly improve over existing work in terms of reducing routers\u27 computation overhead and limiting impact on the forwarding plane while maintaining a good compression ratio. Another potential solution is to install only the most popular FIB entries into the fast memory (e.g., an FIB cache), while storing the complete FIB in slow memory. In this paper, we propose an effective FIB caching scheme that achieves a considerably higher hit ratio than previous approaches while preventing the cache-hiding problem. Our experimental results using data traffic from a regional network show that with only 20K prefixes in the cache (5.36% of the actual FIB size), the hit ratio of our scheme is higher than 99.95%. Our scheme can also efficiently handle cache misses, cache replacement and routing updates

Distributed Flow Scheduling in an Unknown Environment

Flow scheduling tends to be one of the oldest and most stubborn problems in networking. It becomes more crucial in the next generation network, due to fast changing link states and tremendous cost to explore the global structure. In such situation, distributed algorithms often dominate. In this paper, we design a distributed virtual game to solve the flow scheduling problem and then generalize it to situations of unknown environment, where online learning schemes are utilized. In the virtual game, we use incentives to stimulate selfish users to reach a Nash Equilibrium Point which is valid based on the analysis of the `Price of Anarchy'. In the unknown-environment generalization, our ultimate goal is the minimization of cost in the long run. In order to achieve balance between exploration of routing cost and exploitation based on limited information, we model this problem based on Multi-armed Bandit Scenario and combined newly proposed DSEE with the virtual game design. Armed with these powerful tools, we find a totally distributed algorithm to ensure the logarithmic growing of regret with time, which is optimum in classic Multi-armed Bandit Problem. Theoretical proof and simulation results both affirm this claim. To our knowledge, this is the first research to combine multi-armed bandit with distributed flow scheduling.Comment: 10 pages, 3 figures, conferenc

VeriTable: Fast Equivalence Verification of Multiple Large Forwarding Tables

Due to network practices such as traffic engineering and multi-homing, the number of routes---also known as IP prefixes---in the global forwarding tables has been increasing significantly in the last decade and continues growing in a super linear trend. One of the most promising solutions is to use smart Forwarding Information Base (FIB) aggregation algorithms to aggregate the prefixes and convert a large table into a small one. Doing so poses a research question, however, i.e., how can we quickly verify that the original table yields the same forwarding behaviors as the aggregated one? We answer this question in this paper, including addressing the challenges caused by the longest prefix matching (LPM) lookups. In particular, we propose the VeriTable algorithm that can employ a single tree/trie traversal to quickly check if multiple forwarding tables are forwarding equivalent, as well as if they could result in routing loops or black holes. The VeriTable algorithm significantly outperforms the state-of-the-art work for both IPv4 and IPv6 tables in every aspect, including the total running time, memory access times and memory consumption.Comment: INFOCOM 201

Crystal Structure of the Receptor-Binding Domain from Newly Emerged Middle East Respiratory Syndrome Coronavirus

The newly emerged Middle East respiratory syndrome coronavirus (MERS-CoV) has infected at least 77 people, with a fatality rate of more than 50%. Alarmingly, the virus demonstrates the capability of human-to-human transmission, raising the possibility of global spread and endangering world health and economy. Here we have identified the receptor-binding domain (RBD) from the MERS-CoV spike protein and determined its crystal structure. This study also presents a structural comparison of MERS-CoV RBD with other coronavirus RBDs, successfully positioning MERS-CoV on the landscape of coronavirus evolution and providing insights into receptor binding by MERS-CoV. Furthermore, we found that MERS-CoV RBD functions as an effective entry inhibitor of MERS-CoV. The identified MERS-CoV RBD may also serve as a potential candidate for MERS-CoV subunit vaccines. Overall, this study enhances our understanding of the evolution of coronavirus RBDs, provides insights into receptor recognition by MERS-CoV, and may help control the transmission of MERS-CoV in humans

Anti-HIV-1 Activity of a New Scorpion Venom Peptide Derivative Kn2-7

For over 30 years, HIV/AIDS has wreaked havoc in the world. In the absence of an effective vaccine for HIV, development of new anti-HIV agents is urgently needed. We previously identified the antiviral activities of the scorpion-venom-peptide-derived mucroporin-M1 for three RNA viruses (measles viruses, SARS-CoV, and H5N1). In this investigation, a panel of scorpion venom peptides and their derivatives were designed and chosen for assessment of their anti-HIV activities. A new scorpion venom peptide derivative Kn2-7 was identified as the most potent anti-HIV-1 peptide by screening assays with an EC50 value of 2.76 µg/ml (1.65 µM) and showed low cytotoxicity to host cells with a selective index (SI) of 13.93. Kn2-7 could inhibit all members of a standard reference panel of HIV-1 subtype B pseudotyped virus (PV) with CCR5-tropic and CXCR4-tropic NL4-3 PV strain. Furthermore, it also inhibited a CXCR4-tropic replication-competent strain of HIV-1 subtype B virus. Binding assay of Kn2-7 to HIV-1 PV by Octet Red system suggested the anti-HIV-1 activity was correlated with a direct interaction between Kn2-7 and HIV-1 envelope. These results demonstrated that peptide Kn2-7 could inhibit HIV-1 by direct interaction with viral particle and may become a promising candidate compound for further development of microbicide against HIV-1

Antiinflammatory Therapy with Canakinumab for Atherosclerotic Disease

Background: Experimental and clinical data suggest that reducing inflammation without affecting lipid levels may reduce the risk of cardiovascular disease. Yet, the inflammatory hypothesis of atherothrombosis has remained unproved. Methods: We conducted a randomized, double-blind trial of canakinumab, a therapeutic monoclonal antibody targeting interleukin-1β, involving 10,061 patients with previous myocardial infarction and a high-sensitivity C-reactive protein level of 2 mg or more per liter. The trial compared three doses of canakinumab (50 mg, 150 mg, and 300 mg, administered subcutaneously every 3 months) with placebo. The primary efficacy end point was nonfatal myocardial infarction, nonfatal stroke, or cardiovascular death. RESULTS: At 48 months, the median reduction from baseline in the high-sensitivity C-reactive protein level was 26 percentage points greater in the group that received the 50-mg dose of canakinumab, 37 percentage points greater in the 150-mg group, and 41 percentage points greater in the 300-mg group than in the placebo group. Canakinumab did not reduce lipid levels from baseline. At a median follow-up of 3.7 years, the incidence rate for the primary end point was 4.50 events per 100 person-years in the placebo group, 4.11 events per 100 person-years in the 50-mg group, 3.86 events per 100 person-years in the 150-mg group, and 3.90 events per 100 person-years in the 300-mg group. The hazard ratios as compared with placebo were as follows: in the 50-mg group, 0.93 (95% confidence interval [CI], 0.80 to 1.07; P = 0.30); in the 150-mg group, 0.85 (95% CI, 0.74 to 0.98; P = 0.021); and in the 300-mg group, 0.86 (95% CI, 0.75 to 0.99; P = 0.031). The 150-mg dose, but not the other doses, met the prespecified multiplicity-adjusted threshold for statistical significance for the primary end point and the secondary end point that additionally included hospitalization for unstable angina that led to urgent revascularization (hazard ratio vs. placebo, 0.83; 95% CI, 0.73 to 0.95; P = 0.005). Canakinumab was associated with a higher incidence of fatal infection than was placebo. There was no significant difference in all-cause mortality (hazard ratio for all canakinumab doses vs. placebo, 0.94; 95% CI, 0.83 to 1.06; P = 0.31). Conclusions: Antiinflammatory therapy targeting the interleukin-1β innate immunity pathway with canakinumab at a dose of 150 mg every 3 months led to a significantly lower rate of recurrent cardiovascular events than placebo, independent of lipid-level lowering. (Funded by Novartis; CANTOS ClinicalTrials.gov number, NCT01327846.