84 research outputs found
Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks
Denial of Service (DoS) attacks are one of the most challenging threats to
Internet security. An attacker typically compromises a large number of
vulnerable hosts and uses them to flood the victim's site with malicious
traffic, clogging its tail circuit and interfering with normal traffic. At
present, the network operator of a site under attack has no other resolution
but to respond manually by inserting filters in the appropriate edge routers to
drop attack traffic. However, as DoS attacks become increasingly sophisticated,
manual filter propagation becomes unacceptably slow or even infeasible.
In this paper, we present Active Internet Traffic Filtering, a new automatic
filter propagation protocol. We argue that this system provides a guaranteed,
significant level of protection against DoS attacks in exchange for a
reasonable, bounded amount of router resources. We also argue that the proposed
system cannot be abused by a malicious node to interfere with normal Internet
operation. Finally, we argue that it retains its efficiency in the face of
continued Internet growth.Comment: Briefly describes the core ideas of AITF, a protocol for facing
Denial of Service Attacks. 6 pages lon
Verifiable Network-Performance Measurements
In the current Internet, there is no clean way for affected parties to react
to poor forwarding performance: when a domain violates its Service Level
Agreement (SLA) with a contractual partner, the partner must resort to ad-hoc
probing-based monitoring to determine the existence and extent of the
violation. Instead, we propose a new, systematic approach to the problem of
forwarding-performance verification. Our mechanism relies on voluntary
reporting, allowing each domain to disclose its loss and delay performance to
its neighbors; it does not disclose any information regarding the participating
domains' topology or routing policies beyond what is already publicly
available. Most importantly, it enables verifiable performance measurements,
i.e., domains cannot abuse it to significantly exaggerate their performance.
Finally, our mechanism is tunable, allowing each participating domain to
determine how many resources to devote to it independently (i.e., without any
inter-domain coordination), exposing a controllable trade-off between
performance-verification quality and resource consumption. Our mechanism comes
at the cost of deploying modest functionality at the participating domains'
border routers; we show that it requires reasonable processing and memory
resources within modern network capabilities.Comment: 14 page
Generating Steganographic Text with LSTMs
Motivated by concerns for user privacy, we design a steganographic system
("stegosystem") that enables two users to exchange encrypted messages without
an adversary detecting that such an exchange is taking place. We propose a new
linguistic stegosystem based on a Long Short-Term Memory (LSTM) neural network.
We demonstrate our approach on the Twitter and Enron email datasets and show
that it yields high-quality steganographic text while significantly improving
capacity (encrypted bits per word) relative to the state-of-the-art.Comment: ACL 2017 Student Research Worksho
Evaluation of network coding techniques for a sniper detection application
This paper experimentally studies the reliability and delay of flooding based multicast protocols for a sniper detection application. In particular using an emulator it studies under which conditions protocols based on network coding deliver performance improvements compared to classic flooding. It then presents an implementation of such protocols on mobile phones
Software Dataplane Verification
Software dataplanes are emerging as an alternative to traditional hardware switches and routers, promising programmability and short time to market. These advantages are set against the risk of disrupting the network with bugs, unpredictable performance, or security vulnerabilities. We explore the feasibility of verifying software dataplanes to ensure smooth network operation. For general programs, verifiability and performance are competing goals; we argue that software dataplanes are different -- we can write them in a way that enables verification and preserves performance. We present a verification tool that takes as input a software dataplane, written in a way that meets a given set of conditions, and (dis)proves that the dataplane satisfies crash-freedom, bounded-execution, and filtering properties. We evaluate our tool on stateless and simple stateful Click pipelines; we perform complete and sound verification of these pipelines within tens of minutes, whereas a state-of-the-art general-purpose tool fails to complete the same task within several hours
- …