John Dunagan

SSCH: slotted seeded channel hopping for capacity improvement in IEEE 802.11 ad-hoc wireless networks

Capacity improvement is one of the principal challenges in wireless networking. We present a link-layer protocol called Slotted Seeded Channel Hopping, or SSCH, that increases the capacity of an IEEE 802.11 network by utilizing frequency diversity. SSCH can be implemented in software over an IEEE 802.11-compliant wireless card. Each node using SSCH switches across channels in such a manner that nodes desiring to communicate overlap, while disjoint communications mostly do not overlap, and hence do not interfere with each other. To achieve this, SSCH uses a novel scheme for distributed rendezvous and synchronization. Simulation results show that SSCH significantly increases network capacity in several multi-hop and single-hop wireless networking scenarios.

BrowserShield: Vulnerability-driven filtering of dynamic HTML

Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [43]. In this paper, we take Shields vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at run-time. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at run-time. The rewritten pages contain logic for recursively applying run-time checks to dynamically generated or modified web content, based on known vulnerabilities. We have built and evaluated BrowserShield, a system that performs this dynamic instrumentation of embedded scripts, and that admits policies for customized run-time actions like vulnerability-driven filtering.

Smoothed analysis of the perceptron algorithm for linear programming

The smoothed complexity [1] of an algorithm is the expected running time of the algorithm on an arbitrary instance under a random perturbation. It was shown recently that the simplex algorithm has polynomial smoothed complexity. We show that a simple greedy algorithm for linear programming, the perceptron algorithm, also has polynomial smoothed complexity, in a high probability sense; that is, the running time is polynomial with high probability over the random perturbation.

A simple polynomial-time rescaling algorithm for solving linear programs

The perceptron algorithm, developed mainly in the machine learning literature, is a simple greedy method for finding a feasible solution to a linear program (alternatively, for learning a threshold function. ). In spite of its exponential worst-case complexity, it is often quite useful, in part due to its noise-tolerance and also its overall simplicity. In this paper, we show that a randomized version of the perceptron algorithm with periodic rescaling runs in polynomial-time. The resulting algorithm for linear programming has an elementary description and analysis.

Towards a self-managing software patching process using black-box persistent-state manifests

We describe an approach to self-managing software patching. We identify visibility into patch impact as the key missing component in automating the current patching process, and we present a suite of components that provides this visibility by constructing black-box persistent-state manifests through self-monitoring of dependencies. Additionally, we use the component suite to measure the actual impact of recent patches on several important commercial applications.

Finding diversity in remote code injection exploits

Remote code injection exploits inflict a significant societal cost, and an active underground economy has grown up around these continually evolving attacks. We present a methodology for inferring the phylogeny, or evolutionary tree, of such exploits. We have applied this methodology to traffic captured at several vantage points, and we demonstrate that our methodology is robust to the observed polymorphism. Our techniques revealed non-trivial code sharing among different exploit families, and the resulting phylogenies accurately captured the subtle variations among exploits within each family. Thus, we believe our methodology and results are a helpful step to better understanding the evolution of remote code injection exploits on the Internet.

On Euclidean Embeddings and Bandwidth Minimization

We study Euclidean embeddings of Euclidean metrics and present the following four results: (1) an O(log3 n√log log n) approximation for minimum bandwidth in conjunction with a semi-definite relaxation, (2) an O(log3 n) approximation in O(nlog n) time using a new constraint set, (3) a lower bound of θ(√log n) on the least possible volume distortion for Euclidean metrics, (4) a new embedding with O(√log n) distortion of point-to-subset distances.

Optimal outlier removal in high-dimensional spaces

We study the problem of finding an outlier-free subset of a set of points (or a probability distribution) in n-dimensional Euclidean space. As in [BFKV 99], a point x is defined to be a β-outlier if there exists some direction w in which its squared distance from the mean along w is greater than β times the average squared distance from the mean along w. Our main theorem is that for any e > 0, there exists a (1 - e) fraction of the original distribution that has no O(n/e(b + logn/e))-outliers, improving on the previous bound of O(n7b/e). This is asymptotically the best possible, as shown by a matching lower bound. The theorem is constructive, and results in a 1/1-e approximation to the following optimization problem: given a distribution µ (i.e. the ability to sample from it), and a parameter e > 0, find the minimum β for which there exists a subset of probability at least (1 - e) with no β-outliers.

Optimal outlier removal in high-dimensional

We study the problem of finding an outlier-free subset of a set of points (or a probability distribution) in <italic>n</italic>-dimensional Euclidean space. A point <italic>x</italic> is defined to be a β-outlier if there exists some direction <italic>w</italic> in which its squared distance from the mean along <italic>w</italic> is greater than β times the average squared distance from the mean along <italic>w</italic> [1]. Our main theorem is that for any ε>0, there exists a (1-ε) fraction of the original distribution that has no <italic>O</italic>(\frac{<italic>n</italic>}{ε}(<italic>b</italic>+log \frac{<italic>n</italic>}{ε))-outliers, improving on the previous bound of <italic>O(n</italic>^7<italic>b</italic>/ε). This bound is shown to be nearly the best possible. The theorem is constructive, and results in a \frac{1}{1-ε} approximation to the following optimization problem: given a distribution μ (i.e. the ability to sample from it), and a parameter ε>0, find the minimum β for which there exists a subset of probability at least (1-ε) with no β-outliers.

BLR-D: applying bilinear logistic regression to factored diagnosis problems

In this paper, we address a pattern of diagnosis problems in which each of J entities produces the same K features, yet we are only informed of overall faults from the ensemble. Furthermore, we suspect that only certain entities and certain features are leading to the problem. The task, then, is to reliably identify which entities and which features are at fault. Such problems are particularly prevalent in the world of computer systems, in which a datacenter with hundreds of machines, each with the same performance counters, occasionally produces overall faults. In this paper, we present a means of using a constrained form of bilinear logistic regression for diagnosis in such problems. The bilinear treatment allows us to represent the scenarios with J+K instead of JK parameters, resulting in more easily interpretable results and far fewer false positives compared to treating the parameters independently. We develop statistical tests to determine which features and entities, if any, may be responsible for the labeled faults, and use false discovery rate (FDR) analysis to ensure that our values are meaningful. We show results in comparison to ordinary logistic regression (with L1 regularization) on two scenarios: a synthetic dataset based on a model of faults in a datacenter, and a real problem of finding problematic processes/features based on user-reported hangs.