Abhijit Bose

Delayed Internet routing convergence

This paper examines the latency in Internet path failure, failover, and repair due to the convergence properties of interdomain routing. Unlike circuit-switched paths which exhibit failover on the order of milliseconds, our experimental measurements show that interdomain routers in the packet-switched Internet may take tens of minutes to reach a consistent view of the network topology after a fault. These delays stem temporary routing table fluctuations formed during the operation of the Border Gateway Protocol (BGP) path selection process on Internet backbone routers. During these periods delayed convergence, we show that end-to-end Internet paths will experience intermittent loss of connectivity, as well as increased packet loss and latency. We present a two-year study of Internet routing convergence through the experimental instrumentation of key portions of the Internet infrastructure, including both passive data collection and fault-injection machines at Internet exchange points. Based on data from the injection and measurement of several hundred thousand interdomain routing faults, we describe several unexpected properties of convergence and show that the measured upperbound on Internet interdomain routing convergence delay is an order of magnitude slower than previously thought. Our analysis also shows that the upper theoretic computational bound on the number of router states and control messages exchanged during the process of BGP convergence is factorial with respect to the number of autonomous systems in the Internet. Finally, we demonstrate that much of the observed convergence delay stems form specific router vendor implementation decisions and ambiguity in the BGP specification.

Behavioral detection of malware on mobile handsets

A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices. First, we propose an efficient representation of malware behaviors based on a key observation that the logical ordering of an applications actions over time often reveals the malicious intent even when each action alone may appear harmless. Then, we generate a database of malicious behavior signatures by studying more than 25 distinct families of mobile viruses and worms targeting the Symbian OS - the most widely-deployed handset OS - and their variants. Next, we propose a two-stage mapping technique that constructs these signatures at run-time from the monitored system events and API calls in Symbian OS. We discriminate the malicious behavior of malware from the normal behavior of applications by training a classifier based on Support Vector Machines (SVMs). Our evaluation on both simulated and real-world malware samples indicates that behavioral detection can identify current mobile viruses and worms with more than 96% accuracy. We also find that the time and resource overheads of constructing the behavior signatures from low-level API calls are acceptably low for their deployment in mobile devices.

On Mobile Viruses Exploiting Messaging and Bluetooth Services

The exponential growth of mobile messaging worldwide has made it an indispensable tool for social and business interactions. The interoperability between SMS (short messaging service) and IM (instant messaging) networks has enabled mobile users to communicate over the Internet seamlessly. However, the proliferation of cellular phones and handheld devices with messaging capability has also attracted virus writers who increasingly develop malware targeted to mobile handheld devices. The mobile viruses discovered so far have exploited vulnerabilities in Bluetooth to infect a nearby device and then use SMS to spread itself to other devices in the mobile network. This problem is expected to become worse with the growth of MMS (multimedia messaging service), mobile games, mobile commerce and peer-to-peer file-sharing in the near future. We investigate the propagation of mobile worms and viruses that spread primarily via SMS/MMS messages and short-range radio interfaces such as Bluetooth. First, we study these vulnerabilities in-depth so that appropriate malware behavior models can be developed. Next, we study the propagation of a mobile virus similar to Commwarrior in a cellular network using data from a real-life SMS customer network. Each handheld device is modeled as an autonomous mobile agent capable of sending SMS messages to others (via an SMS center), and is capable of discovering other devices equipped with Bluetooth. Since mobile malware targets specific mobile OSs, we consider diversity of deployed software stacks in the network. Our results reveal that hybrid worms that use SMS/MMS and proximity scanning (via Bluetooth) can spread rapidly within a cellular network, making them potential threats in public meeting places such as sports stadiums, train stations, and airports

Proactive security for mobile messaging networks

The interoperability of IM (Instant Messaging) and SMS (Short Messaging Service) networks allows users to seamlessly use a variety of computing devices from desktops to cellular phones and mobile handhelds. However, this increasing convergence has also attracted the attention of malicious software writers. In the past few years, the number of malicious codes that target messaging networks, primarily IM and SMS, has been increasing exponentially. Large message volume and number of users in these networks renders manual mitigation of malicious software nearly impossible. This paper proposes automated and proactive security models to protect messaging networks from mobile worms and viruses. First, we present an algorithm for automated identification of the most vulnerable clients in the presence of a malicious attack, based on interactions among the clients. The simplicity of our approach enables easy integration in most client-server messaging systems. Next, we describe a proactive containment framework that applies two commonly-used mechanisms---rate-limiting and quarantine---to the dynamically-generated list of vulnerable clients in a messaging network whenever a worm or virus attack is suspected. Finally, we evaluate the effectiveness of proactive security in a cellular network using data from a large real-life SMS customer network, and compare it against other existing approaches. Most messaging networks can implement our proposed framework without any major modification of their existing infrastructure.

A parallel Monte Carlo code for planar and SPECT imaging: implementation, verification and applications in 131I SPECT

This paper reports the implementation of the SIMIND Monte Carlo code on an IBM SP2 distributed memory parallel computer. Basic aspects of running Monte Carlo particle transport calculations on parallel architectures are described. Our parallelization is based on equally partitioning photons among the processors and uses the Message Passing Interface (MPI) library for interprocessor communication and the Scalable Parallel Random Number Generator (SPRNG) to generate uncorrelated random number streams. These parallelization techniques are also applicable to other distributed memory architectures. A linear increase in computing speed with the number of processors is demonstrated for up to 32 processors. This speed-up is especially significant in Single Photon Emission Computed Tomography (SPECT) simulations involving higher energy photon emitters, where explicit modeling of the phantom and collimator is required. For (131)I, the accuracy of the parallel code is demonstrated by comparing simulated and experimental SPECT images from a heart/thorax phantom. Clinically realistic SPECT simulations using the voxel-man phantom are carried out to assess scatter and attenuation correction.

MARS: a metascheduler for distributed resources in campus grids

Computational grids are increasingly being deployed in campus environments to provide unified access to distributed and heterogeneous resources such as clusters, storage arrays, networks, and scientific instruments. While the existing grid computing frameworks and protocols provide a robust set of mechanisms for user authentication, security, workflow and resource management; efficient scheduling of tasks on distributed and heterogeneous resources, termed as metascheduling, is an active area of research. In this paper, we describe MARS, an open-source metascheduling framework that can be integrated into existing campus infrastructure to provide robust task scheduling and resource management capabilities. MARS uses a forecasting algorithm to predict resource-level scheduling parameters such as queue lengths, turn-around times, and resource utilization. These predicted values are then used to schedule tasks based on their priority levels. It allows preemption of lower-priority running tasks in favor of on-demand tasks. We have implemented heuristic and evolutionary scheduling algorithms in the present framework and evaluated it in a production environment consisting of several large Linux clusters. Our simulation results using actual workload traces from these clusters demonstrate the effectiveness of the current metascheduling framework.

Implementation of the DPM Monte Carlo code on a parallel architecture for treatment planning applications.

We have parallelized the Dose Planning Method (DPM), a Monte Carlo code optimized for radiotherapy class problems, on distributed-memory processor architectures using the Message Passing Interface (MPI). Parallelization has been investigated on a variety of parallel computing architectures at the University of Michigan-Center for Advanced Computing, with respect to efficiency and speedup as a function of the number of processors. We have integrated the parallel pseudo random number generator from the Scalable Parallel Pseudo-Random Number Generator (SPRNG) library to run with the parallel DPM. The Intel cluster consisting of 800 MHz Intel Pentium III processor shows an almost linear speedup up to 32 processors for simulating 1 x 10(8) or more particles. The speedup results are nearly linear on an Athlon cluster (up to 24 processors based on availability) which consists of 1.8 GHz+ Advanced Micro Devices (AMD) Athlon processors on increasing the problem size up to 8 x 10(8) histories. For a smaller number of histories (1 x 10(8)) the reduction of efficiency with the Athlon cluster (down to 83.9% with 24 processors) occurs because the processing time required to simulate 1 x 10(8) histories is less than the time associated with interprocessor communication. A similar trend was seen with the Opteron Cluster (consisting of 1400 MHz, 64-bit AMD Opteron processors) on increasing the problem size. Because of the 64-bit architecture Opteron processors are capable of storing and processing instructions at a faster rate and hence are faster as compared to the 32-bit Athlon processors. We have validated our implementation with an in-phantom dose calculation study using a parallel pencil monoenergetic electron beam of 20 MeV energy. The phantom consists of layers of water, lung, bone, aluminum, and titanium. The agreement in the central axis depth dose curves and profiles at different depths shows that the serial and parallel codes are equivalent in accuracy.

Paving the first mile for QoS-dependent applications and appliances

Paving the first mile of quality-of-service (QoS) support has become essential for full deployment and utilization of QoS proposals in the Internet. Most of existing efforts have been made to provide network services and control without paying much attention to how applications can use these services. In this paper, we design and implement a two-tier architecture, called QoS Gateway (QoSGW), that acts as an interface between application QoS requirements and network-provided QoS capabilities. The QoSGW is to support small embedded network devices that rely on network-provided QoS. Our architecture, in its full version, is composed of two key components: (i) an agent that resides on the end-host and provides an adequate interface for QoS-dependent applications, and (ii) a QoS manager that provides an interface to network services for the agents. Using these two components enhances generality and scalability in providing QoS support for Internet applications and end-devices. The QoSGW is intended to promote QoS deployment and facilitate construction of QoS-aware access networks.

On capturing malware dynamics in mobile power-law networks

The increasing convergence of power-law networks such as social networking and peer-to-peer sites, web applications and mobile platforms makes todays users highly vulnerable to entirely new generations of malware that exploit vulnerabilities in web applications and mobile platforms for new infections, while using the power-law connectivity for finding new victims. The traditional epidemic models based on assumptions of homogeneity, averagedegree distributions, and perfect-mixing are inadequate to model this type of malware propagation. In this paper, we study three aspects crucial to modeling malware propagation in such environments: application-level interactions among users of such networks, local network structure, and user mobility. Since closed-form solutions of malware propagation in such environments are difficult to obtain, we describe an open-source, flexible agent-based emulation framework that can be used by malware researchers for studying todays complex malware. The framework, called Agent-Based Malware Modeling (AMM), allows different applications, network structure and user mobility in either a geographic or a logical domain to study various infection and propagation scenarios. The majority of the parameters used in the framework can be derived from real-life network traces collected from these networks, and therefore, represent realistic malware propagation and infection scenarios. As representative examples, we examine two well-known malware spreading mechanisms: (i) a malicious virus such as Cabir spreading among the subscribers of a cellular network using Bluetooth, and (ii) a hybrid worm that exploit email and file-sharing to infect users of a social network. In both cases, we identify the parameters most important to the spread of the epidemic based upon our extensive simulation results.

IP easy-pass: edge resource access control

Providing real-time communication services to multimedia applications and subscription-based Internet access often requires sufficient network resources to be reserved for real-time traffic. However, the reserved network resource is susceptible to resource theft and abuse. Without a resource access control mechanism that can efficiently differentiate legitimate real-time traffic from attacking packets, the traffic conditioning and policing enforced at ISP (Internet service provider) edge routers cannot protect the reserved network resource from embezzlement. On the contrary, the traffic policing at edge routers aggravates their vulnerability to flooding attacks by blindly dropping packets. We propose a fast and light-weighted IP network-edge resource access control mechanism, called IP easy-pass to prevent unauthorized access to reserved network resources at edge devices. We attach a unique pass to each legitimate real-time packet so that an ISP edge router can validate the legitimacy of an incoming IP packet very quickly and simply by checking its pass. We present the generation of easy-pass, its embedding, and verification procedures. We implement the IP easy-pass mechanism in the Linux kernel, analyze its effectiveness against packet forgery and resource embezzlement attempts. Finally, we measure the overhead incurred by easy-pass.