Futai Zou

A Survey on Security in Wireless Mesh Networks

Abstract Wireless mesh networks is a new emerging field with its potential applications in extremely unpredictable and dynamic environments. However, it is particularly vulnerable due to its features of open medium, dynamic changing topology, and cooperative routing algorithms. The article surveys the state of the art in security for wireless mesh networks. First, we analyze various possible threats to security in wireless mesh networks. Second, we introduce some representative solutions to these threats, including solutions to the problems of key management, secure network routing, and intrusion detection. We also provide a comparison and discussion of their respective merits and drawbacks, and propose some improvements for these drawbacks. Finally, we also discuss the remaining challenges in the area.

On Efficient Content Matching in Distributed Pub/Sub Systems

The efficiency of matching structures is the key issue for content publish/subscribe systems. In this paper, we propose an efficient matching tree structure, named CobasTree, for a distributed environment. Particularly, we model a predicate in each subscription filter as an interval and published content value as a data point. The CobasTree is designed to index all subscription intervals and a matching algorithm is proposed to match the data points to these indexed intervals. Through a set of techniques including selective multicast by bounding intervals, cost model-based interval division, and CobasTree merging, CobasTree can match the published contents against subscription filters with a high efficiency. We call the whole framework including CobasTree and the associated techniques as COBAS. The performance evaluation in simulation environment and PlanetLab environment shows COBAS significantly outperforms two counterparts with low cost and fast forwarding.

Building efficient super-peer overlay network for DHT systems

DHT technique has been widely applied in P2P systems because it provides reliable services. However, large overheads are inevitable for maintaining the topology of DHT overlay, which limits its application especially in highly dynamic network environments. This paper proposes a DHT based super-peer overlay network called SPChord in which peer nodes are clustered according to the session time and physical network locality. With an evolving process, SPChord gradually makes DHT overlay stable and reliable. Therefore the high maintaining overheads for DHT overlay are effectively controlled. Experimental results show that the DHT overlay maintaining overheads are reduced dramatically while the overlay stability and the data availability are also greatly improved.

Detecting malware based on DNS graph mining

Malware remains a major threat to nowadays Internet. In this paper, we propose a DNS graph mining-based malware detection approach. A DNS graph is composed of DNS nodes, which represent server IPs, client IPs, and queried domain names in the process of DNS resolution. After the graph construction, we next transform the problem of malware detection to the graph mining task of inferring graph nodes reputation scores using the belief propagation algorithm. The nodes with lower reputation scores are inferred as those infected by malwares with higher probability. For demonstration, we evaluate the proposed malware detection approach with real-world dataset. Our real-world dataset is collected from campus DNS servers for three months and we built a DNS graph consisting of 19,340,820 vertices and 24,277,564 edges. On the graph, we achieve a true positive rate 80.63% with a false positive rate 0.023%. With a false positive of 1.20%, the true positive rate was improved to 95.66%. We detected 88,592 hosts infected by malware or C&C servers, accounting for the percentage of 5.47% among all hosts. Meanwhile, 117,971 domains are considered to be related to malicious activities, accounting for 1.5% among all domains. The results indicate that our method is efficient and effective in detecting malwares.

Targeted local immunization in scale-free peer-to-peer networks

The power-law node degree distributions of peer-to-peer overlay networks make them extremely robust to random failures whereas highly vulnerable under intentional targeted attacks. To enhance attack survivability of these networks, DeepCure, a novel heuristic immunization strategy, is proposed to conduct decentralized but targeted immunization. Different from existing strategies, DeepCure identifies immunization targets as not only the highly-connected nodes but also the nodes with high availability and/or high link load, with the aim of injecting immunization information into just right targets to cure. To better trade off the cost and the efficiency, DeepCure deliberately select these targets from 2-local neighborhood, as well as topologically-remote but semantically-close friends if needed. To remedy the weakness of existing strategies in case of sudden epidemic outbreak, DeepCure is also coupled with a local-hub oriented rate throttling mechanism to enforce proactive rate control. Extensive simulation results show that DeepCure outperforms its competitors, producing an arresting increase of the network attack tolerance, at a lower price of eliminating viruses or malicious attacks.

MDPAS: Markov Decision Process Based Adaptive Security for Sensors in Internet of Things

Nowadays chipped based sensors and RFID tags are widely employed in Internet of Things; however, for those devices, effective and flexible security mechanisms lack. In this paper we study the security requirement and propose an adaptive security framework for sensors in Internet of things, which provides dynamic confidentiality, authenticity and integrity in the networks with relative suitable overhead by context aware computing, decision making and dynamic enforcement of policies. We employ Markov Decision Process to make the decisions of security actions and adopt aspect-oriented programming technique to enforce the security policies dynamically in the working networks. We made simulations of our framework, and the performance is encouraging.

Survey on Domain Name System Security

Domain Name System (DNS) is one of the most crucial components of the Internet. However, due to the vulnerability of DNS, its security has been continuously challenged in recent years. In order to thoroughly understand the root cause of the security risks in the DNS, researches in DNS security are surveyed, and vulnerabilities in DNS and corresponding countermeasures are summarized. First, based on the protocol design and implementation of DNS, weaknesses in DNS fall into 5 categories: cache poisoning, denial of service, software vulnerabilities, information leakage and unauthorized data manipulation. Then, fundamental properties and defense approaches for the 5 categories are analyzed. Next, to improve the Internet name service, new secure DNS architectures are analyzed and compared. And finally, future aspects of research in DNS security are discussed.

Detecting malware based on expired command-and-control traffic:

In this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a fixed interval. In total, 3027 malware command-and-control domains in the network traffic of Shanghai Jiao Tong University, affecting 249 hosts, were successfully detected, with a high precision of 92.0%. This algorithm can find those malware with expired command-and-control domains that are usually ignored by current research and would have important value for eliminating network security risks and improving network security environment.

Detecting Malicious Server Based on Server-to-Server Realation Graph

The rapid development of Internet attack has posed severe threats to information security. Therefore, its of great interest to both the Internet security companies and researchers to develop novel methods which are capable of protecting users against new threats. However, the sources of these network attack varies. Existing malware detectors and intrusion detectors mostly treat the web logs separately using supervised learning algorithms. Meanwhile, using features beyond network connection content are starting to be leveraged for Internet server classification. In this paper, based on the Server-to-Server Relation Graph, we present a network Server classification method by analyzing the client distribution of each server. When constructing Server-to-Server Relation graph, k-nearest neighbors are chosen as adjacent nodes for each server node, and being compared with radial basis function network. Files are connected with edges representing the similarity of their client set. In the machine learning part, we used Label propagation algorithm, a semi-supervised learning algorithm which propagates class labels on a graph. We evaluate the effectiveness of our proposed method on a real and large dataset. Experimental results demonstrate that the precision of our method is acceptable and worthwhile.

A new graph drawing scheme for social network.

With the development of social networks, people have started to use social network tools to record their life and work more and more frequently. How to analyze social networks to explore potential characteristics and trend of social events has been a hot research topic. In order to analyze it effectively, a kind of techniques called information visualization is employed to extract the potential information from the large scale of social network data and present the information briefly as visualized graphs. In the process of information visualization, graph drawing is a crucial part. In this paper, we study the graph layout algorithms and propose a new graph drawing scheme combining multilevel and single-level drawing approaches, including the graph division method based on communities and refining approach based on partitioning strategy. Besides, we compare the effectiveness of our scheme and FM3 in experiments. The experiment results show that our scheme can achieve a clearer diagram and effectively extract the community structure of the social network to be applied to drawing schemes.