aping Hu

Robustness of RED in Mitigating LDoS Attack

The Random Early Detection algorithm is widely used in the queue management mechanism of the router. We find that the parameters of the RED algorithm have a significant influence on the defense performance of the random early detection algorithm and discuss the robust of the algorithm in mitigating Low-rate Denial-of-Service attack in details. Simulation results show that the defense performance can be effectively improved by adjusting the parameters of Q min andQ max . Some suggestions are given for mitigating the LDoS attack at the end of this paper.

Simulation and Analysis of LDoS Attacks

Low-rate denial-of-service attack is a novel category of attacks that are based on exploiting the adaptive behavior exhibited by several network and system protocols. This attack through periodically non-suspicious low-rate attack pulsing, to reduce the performance of the victims. Based on the simulation of low-rate denial-of-service on NS2 platform, we analyze the defense performance of queue management mechanism itself to count the LDoS attack. Under the analysis of experiments result, we give some suggestions about counter technology.

An advanced method of process reconstruction based on VMM

Recently, VMM-based anti-malware systems have become a hot research topic in finding ways of overcoming the fundamental limitations of traditional host-based anti-malware systems, which are likely to be deceived and attacked by malicious codes. Guest system semantic views (e.g., files, processes) must be reconstructed to overcome the semantic gap challenge. As a result of frequent switching between processes, process reconstruction based on CR3 register causes many VM EXIT events and some performance losses. In the current study, an advanced method to reconstruct processes is presented. Utilizing the features of hardware virtualization technology, this method reduces VM EXIT events caused by process switching; thus, the efficiency of process reconstruction is improved. Experiments show that the method can reduce nearly 85% of VM EXIT events caused by process switching.

Simulation and Analysis of Quiet DDOS Attacks

The Quiet DDoS attack was proposed in 2009 by Amey and Nirwan. It launches certain number of TCP flows to reduce the transferring ability of normal TCP flows by using botnet. By the simulation experiments on the NS2 platform, we analyze the factors and their impacts on the attack in detail. According to the results of simulation, we give some suggestion to counter the Quiet DDoS attack.

ALHACF: An Anonymity-Level Selected Hierarchical Anonymous Communication Framework

With the more emphasis paid on network security and privacy, the research on anonymous communication system has developed quickly. In the past, researchers mainly focused on how to improve the anonymity, but few focused on the usability. This paper presents an anonymity-level selected hierarchical anonymous communication framework (ALHACF). In this framework, firstly the anonymity-level is selected by users according to his requirement, and then the path length and set of relay routers will be determined by the anonymity-level. The anonymity and communication performance of ALHACF are analyzed. The analysis indicates that ALHACF inherits the merit of HLLACF, and it can prevent some kinds of attack, keep good anonymity and increase the communication performance markedly.

LCrawler: An enhanced measurement tool for Peer-to-Peer content sharing networks

During recent years, Peer-to-Peer (P2P) Content Sharing Networks (CSNs) have intrigued researchers to measure and analyze them for the dominant proportion of P2P traffic volume and wide applications of the sharing platform. However, to the best of our knowledge, most of the measurement tools have not been updated under the current situations of P2P CSNs. In this paper, we develop an enhanced measurement tool named LCrawler with a versatile and cyclic framework during a longest ever measurement on Kad lasting for three years. The continuous experiments and further analysis indicate that LCrawler can obtain complete snapshots of P2P CSNs with a higher efficiency by adopting the optimized and adjustable crawling algorithm and strategy.

SMCSN: A New Secure Model of Content Sharing Network by Using Multi-roles Sybil Nodes

Considering the serious security trend of Content Sharing Networks (CSNs) and the advantages of Sybil nodes, a new Secure Model of Content Sharing Network by using multi-roles Sybil nodes (SMCSN) is hereby proposed. In SMCSN, we introduce three different kinds of Sybil nodes and discuss some issues of exploiting Sybil nodes like infiltrating collision, hotspots sensing and importance improvement, etc.. Further simulation experiments and analysis indicate the effectiveness and feasibility of SMCSN to enhance the security of CSNs.

Hub search method based on sampling

Hubs play important roles in scale-free networks. Existing hub search algorithms mostly assume the availability of the global network structure and use a variety of centrality metrics to search the hubs in the network. However, when it is very difficult to obtain the network topology in large-scale networks, how we can search the hubs? In this paper, a hub search method based on sampling with biased algorithms is proposed and further four algorithms are compared, including improved MHRW (Metropolis-Hasting Random Walk), MDF (Maximum-Degree First), BFS (Breadth-First Search) and RW (Random Walk). The experiments on several datasets show that both MDF and improved MHRW algorithm can reach a higher HDR (Hub Detection Rate) than BFS and RW, and when the sampling rate goes above 10%, MDF and improved MHRW can find an average of more than 70% of hubs in scale-free network.

A Facebook crawler based on interaction simulation and MHRW-DA

Data acquisition is a precondition to conduct online social network (OSN) research. Based on the interaction simulation, we have implemented a Facebook crawler with unbiased MHRW-DA (Metropolis-Hasting Random Walk with Delayed Acceptance) algorithm, which can obtain the complete friend list of a Facebook user. We make an analysis on the crawled dataset, and find out that (1) 34.2% of Facebook users have changed the default privacy setting, implying that the awareness of privacy protection of Facebook users has been greatly improved; (2) the percentage of female users in those that have changed the default privacy setting is higher than male by 16.8%, implying the awareness of privacy protection of female users is much higher than that of male.

NBHU-based method to counter quiet DDoS attacks

The Quiet DDoS attack becomes one of the most severely threat to the network safety, because this kind of attack completely adopts legal TCP flow while distributing its destination IP to evade various countermeasures deployed in the network. However, the high distributed degree of the destination IP becomes one characteristics of the attack. However, we think this characteristic make partially of the attack flow not match the behavior habit of network users. Inspired by this viewpoint, we propose a novel method to counter the Quiet DDoS attack based on the NBHU (network behavior habit of users). Furthermore, we carry on simulation of our method using NS2 platform, and the results show that this method can reduce the attack performance.