Kaiqi Xiong

Gaussian filters for nonlinear filtering problems

We develop and analyze real-time and accurate filters for nonlinear filtering problems based on the Gaussian distributions. We present the systematic formulation of Gaussian filters and develop efficient and accurate numerical integration of the optimal filter. We also discuss the mixed Gaussian filters in which the conditional probability density is approximated by the sum of Gaussian distributions. A new update rule of weights for Gaussian sum filters is proposed. Our numerical tests demonstrate that new filters significantly improve the extended Kalman filter with no additional cost, and the new Gaussian sum filter has a nearly optimal performance.

SLA-based resource allocation in cluster computing systems

Resource allocation is a fundamental but challenging problem due to the complexity of cluster computing systems. In enterprise service computing, resource allocation is often associated with a service level agreement (SLA) which is a set of quality of services and a price agreed between a customer and a service provider. The SLA plays an important role in an e-business application. A service provider uses a set of computer resources to support e-business applications subject to an SLA. In this paper, we present an approach for computer resource allocation in such an environment that minimizes the total cost of computer resources used by a service provider for an e-business application while satisfying the quality of service (QoS) defined in an SLA. These QoS metrics include percentile response time, cluster utilization, packet loss rate and cluster availability. Simulation results show the applicability of the approach and validate its accuracy.

Trust-based Resource Allocation in Web Services

With the number of e-Business applications dramatically increasing, service level agreement (SLA) plays an important part in Web services. A SLA is a combination of several quality of services (QoS), such as security, performance, and availability, agreed between a customer and a service provider. Most existing research addresses only one QoS metric, and in the case of the response time, the average time to process and complete a job is typically used. In this paper, we study trustworthiness, percentile response time and availability. We consider all these qualities for a trust-based resource allocation problem which typically arises in Web services applications. We formulate the trust-based resource allocation problem as an optimization problem under SLA constraints, and we solve it using an efficient numerical procedure

Security Risk Assessment of Cloud Carrier

Cloud computing based delivery model has been adopted by end-users and enterprises to reduce IT costs and complexities. The ability to offload user software and data to cloud data centers has raised many security and privacy concerns over the cloud computing model. Significant research efforts have focused on hyper visor security and low-layer operating system implementations in cloud data centers. Unfortunately, the role of cloud carrier in the security and privacy of user software and data has not been well studied. Cloud carrier represents the wide area network that provides the connectivity and transport of cloud services between cloud consumers and cloud providers. In this paper, we present a risk assessment framework to study the security risk of the cloud carrier between cloud consumers and cloud providers. The risk assessment framework leverages the National Vulnerability Database (NVD) to examine the security vulnerabilities of operating systems of routers within the cloud carrier. This framework provides quantifiable security metrics for cloud carrier, which enables cloud consumers to establish the quality of security services among cloud providers. Such security metric information is very useful in the Service Level Agreement (SLA) negotiation between a cloud consumer and a cloud provider. It can be also be used to build a tool to verify SLA compliance. Furthermore, we implement this framework for the cloud carriers of Amazon Web Services and Windows Azure Platform. Our experiments show that the security risks of cloud carriers on these two commercial clouds are significantly different. This finding provides guidance for a network provider to improve the security of cloud carriers.

SLA-Based Service Composition in Enterprise Computing

The composition of services has been a useful approach to integrating business applications within and across organizational boundaries. In this approach, individual services are federated into composite services which are able to execute a given task subject to a service level agreement (SLA). An SLA is a contract agreed between a customer and a service provider who define a set of several quality of services (QoS). An SLA violation penalty is a way to ensure the credibility of an advertised SLA by a service provider. In this paper, we consider a set of computer resources used by a service broker who represents service providers to host enterprise applications for differentiated customer services subject to an SLA and its violation penalty. We present a novel framework for a QoS-constrained resource provisioning problem, and propose a capacity planning approach to optimizing computer resources for all service sites owned by service providers subject to multiple QoS metrics defined in the SLA and their violation penalties. Simulation results show that the proposed approach is efficient for reliable resource planning in service composition.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN)

Software-defined networking (SDN) and Open Flow have been driving new security applications and services. However, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. In this paper, we discuss a novel attack detection approach that coordinates monitors distributed over a network and controllers centralized on an SDN Open Virtual Switch (OVS), selectively inspecting network packets on demand. With different scale of network views and information availability, these two elements collaboratively detect signature constituents of an attack. Therefore, this approach is able to quickly issue an alert against potential threats followed by careful verification for high accuracy, while balancing the workload on the OVS. We have applied this method for detection and mitigation of TCP SYN flood attacks on Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful toward a systematic methodology of SDN-supported attack detection and containment.

Multiple priority customer service guarantees in cluster computing

Cluster computing is an efficient computing paradigm for solving large-scale computational problems. Resource management is an essential part in such a computing system. A service provider uses computational resources to process a customers service request. In an effort to maximize a service providers profit, it becomes commonplace and important to prioritize services in favor of customers who pay higher fees. In this paper, we present an approach for optimal resource management in cluster computing that minimizes the total cost of computer resources owned by a service provider while satisfying multiple priority customer service requirements. Simulation examples show that the proposed approach is efficient and accurate for resource management in a cluster computing system with multiple customer services.

QRP01-6: Resource Optimization Subject to a Percentile Response Time SLA for Enterprise Computing

We consider a set of computer resources used by a service provider to host enterprise applications subject to service level agreements. We present an approach for resource optimization in such an environment that minimizes the total cost of computer resources used by a service provider for an enterprise application while satisfying the QoS metric that the response time for executing service requests is statistically bounded. That is, gamma% of the time the response time is less than a pre-defined value. This QoS metric is more realistic than the mean response time typically used in the literature. Numerical results show the applicability of the approach and validate its accuracy.

An SDN-supported collaborative approach for DDoS flooding detection and containment

Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for attack signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding attack signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability.

Computer Resource Optimization for Differentiated Customer Services

In enterprise computing, customer requests often need to be distinguished, with different request characteristics and customer’s different service requirements. In this paper, we consider a set of computer resources used by a service provider to host enterprise applications for differentiated customer services subject to a service level agreement. We present an approach for resource optimization in such an environment that minimizes the total cost of computer resources used by a service provider for such an application while satisfying the QoS metric that the response time for executing differentiated service requests is statistically bounded. That is, each ã(r)% of the time the response time is less than a pre-defined value for class r customers. This QoS metric is more realistic than the mean response time typically used in the literature. Numerical results show the applicability of the approach and validate its accuracy.