Kevin A. Kwiat

Modeling the spread of active worms

Active worms spread in an automated fashion and can flood the Internet in a very short time. Modeling the spread of active worms can help us understand how active worms spread, and how we can monitor and defend against the propagation of worms effectively. In this paper, we present a mathematical model, referred to as the Analytical Active Worm Propagation (AAWP) model, which characterizes the propagation of worms that employ random scanning. We compare our model with the Epidemiological model and Weavers simulator. Our results show that our model can characterize the spread of worms effectively. Taking the Code Red v2 worm as an example, we give a quantitative analysis for monitoring, detecting and defending against worms. Furthermore, we extend our AAWP model to understand the spread of worms that employ local subnet scanning. To the best of our knowledge, there is no model for the spread of a worm that employs the localized scanning strategy and we believe that this is the first attempt on understanding local subnet scanning quantitatively.

A Game Theoretic Framework for Power Control in Wireless Sensor Networks

In infrastructure-less sensor networks, efficient usage of energy is very critical because of the limited energy available to the sensor nodes. Among various phenomena that consume energy, radio communication is by far the most demanding one. One of the effective ways to limit unnecessary energy loss is to control the power at which the nodes transmit signals. In this paper, we apply game theory to solve the power control problem in a CDMA-based distributed sensor network. We formulate a noncooperative game under incomplete information and study the existence of Nash equilibrium. With the help of this equilibrium, we devise a distributed algorithm for optimal power control and prove that the system is power stable only if the nodes comply with certain transmit power thresholds. We show that even in a noncooperative scenario, it is in the best interest of the nodes to comply with these thresholds. The power level at which a node should transmit, to maximize its utility, is evaluated. Moreover, we compare the utilities when the nodes are allowed to transmit with discrete and continuous power levels; the performance with discrete levels is upper bounded by the continuous case. We define a distortion metric that gives a quantitative measure of the goodness of having finite power levels and also find those levels that minimize the distortion. Numerical results demonstrate that the proposed algorithm achieves the best possible payoff/utility for the sensor nodes even by consuming less power.

Survivable Virtual Infrastructure Mapping in Virtualized Data Centers

In a virtualized data center, survivability can be enhanced by creating redundant Virtual Machines (VMs) as backup for VMs such that after VM or server failures, affected services can be quickly switched over to backup VMs. To enable flexible and efficient resource management, we propose to use a service-aware approach in which multiple correlated VMs and their backups are grouped together to form a Survivable Virtual Infrastructure (SVI) for a service or a tenant. A fundamental problem in such a system is to determine how to map each SVI to a physical data center network such that operational costs are minimized subject to the constraints that each VMs resource requirements are met and bandwidth demands between VMs can be guaranteed before and after failures. This problem can be naturally divided into two sub-problems: VM Placement(VMP) and Virtual Link Mapping (VLM). We present a general optimization framework for this mapping problem. Then we present an efficient algorithm for the VMP sub problem as well as a polynomial-time algorithm that optimally solves the VLM sub problem, which can be used as subroutines in the framework. We also present an effective heuristic algorithm that jointly solves the two sub problems. It has been shown by extensive simulation results based on the real VM data traces collected from the green data center at Syracuse University that compared with the First Fit Descending (FFD) and single shortest path based baseline algorithm, both our VMP+VLM algorithm and joint algorithm significantly reduce the reserved bandwidth, and yield comparable results in terms of the number of active servers.

Profiling Users in GUI Based Systems for Masquerade Detection

Masquerading or impersonation attack refers to the illegitimate activity on a computer system when one user impersonates another user. Masquerade attacks are serious in nature due to the fact that they are mostly carried by insiders and thus are extremely difficult to detect. Detection of these attacks is done by monitoring significant changes in users behavior based on his/her profile. Currently, such profiles are based mostly on the user command line data and do not represent his/her complete behavior in a graphical user interface (GUI) based system and hence are not sufficient to quickly detect such masquerade attacks. In this paper, we present a new framework for creating a unique feature set for user behavior on GUI based systems. We have collected real user behavior data from live systems and extracted parameters to construct these feature vectors. These vectors contain user information such as mouse speed, distance, angles and amount of clicks during a user session. We model our technique of user identification and masquerade detection as a binary classification problem and use support vector machine (SVM) to learn and classify these feature vectors. We show that our technique can provide detection rates of up to 96% with few false positives based on these feature vectors. We have tested our technique with various feature vector parameters and conclude that these feature vectors can provide unique and comprehensive user behavior information and are powerful enough to detect masqueraders

Secure and fault-tolerant voting in distributed systems

Concerns about both security and fault-tolerance have had an important impact on the design and use of distributed information systems in the past. As such systems become more prevalent, as well as more pervasive, these concerns will become even more immediately relevant. We focus on integrating security and fault-tolerance into one, general-purpose protocol for secure distributed voting. Distributed voting is a well-known fault-tolerance technique. For the most part, however, security had not been a concern in systems that used voting. More recently, several protocols have been proposed to shore up this lack. These protocols, however, have limitations which make them particularly unsuitable for many aerospace applications, because those applications require very flexible voting schemes (e.g., voting among real-world sensor data). We present a new, more general voting protocol that reduces the vulnerability of the voting process to both attacks and faults. The algorithm is contrasted with the traditional 2-phase commit protocols typically used in distributed voting and with other proposed secure voting schemes. Our algorithm is applicable to exact and inexact voting in networks where atomic broadcast and predetermined message delays are present, such as local area networks. For wide area networks without these properties, we describe yet another approach that satisfies our goals of obtaining security and fault tolerance for a broad range of aerospace information systems.

Congestion control and fairness in wireless sensor networks

In this paper we propose a distributed congestion control algorithm for tree based communications in wireless sensor networks, that seeks to adaptively assign a fair and efficient transmission rate to each node. In our algorithm, each node monitors its aggregate output and input traffic rates. Based on the difference of the two, a node then decides either to increase or decrease the bandwidth allocable to a flow originating from itself and to those being routed through it. Since the application requirements in sensor network follows no common trait, our design abstracts the notion of fairness, allowing for the development of a generic utility controlling module. Such separation of the utility and fairness controlling modules enables each one to use a separate control law, thereby portraying a more flexible design. The working of our congestion control is independent of the underlying routing algorithm and is designed to adapt to changes in the underlying routing topology. We evaluate the performance of the algorithm via extensive simulations using an event-driven packet level simulator. The results suggest that the proposed protocol acquires a significantly high goodput of around 95% of the actual transmission rate, converges quickly to the optimal rate, and attains the desired fairness.

Coexistence with malicious nodes: A game theoretic approach

In this paper, we use game theory to study the interactions between a malicious node and a regular node in wireless networks with unreliable channels. Since the malicious nodes do not reveal their identities to others, it is crucial for the regular nodes to detect them through monitoring and observation. We model the malicious node detection process as a Bayesian game with imperfect information and show that a mixed strategy perfect Bayesian Nash Equilibrium (also a sequential equilibrium) is attainable. While the equilibrium in the detection game ensures the identification of the malicious nodes, we argue that it might not be profitable to isolate the malicious nodes upon detection. As a matter of fact, malicious nodes and regular nodes can co-exist as long as the destruction they bring is less than the contribution they make. To show how we can utilize the malicious nodes, a post-detection game between the malicious and regular nodes is formalized. Solution to this game shows the existence of a subgame perfect Nash Equilibrium and the conditions that achieve the equilibrium. Simulation results and their discussions are also provided to illustrate the properties of the derived equilibria.

ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability

Cloud data provenance is metadata that records the history of the creation and operations performed on a cloud data object. Secure data provenance is crucial for data accountability, forensics and privacy. In this paper, we propose a decentralized and trusted cloud data provenance architecture using blockchain technology. Blockchain-based data provenance can provide tamper-proof records, enable the transparency of data accountability in the cloud, and help to enhance the privacy and availability of the provenance data. We make use of the cloud storage scenario and choose the cloud file as a data unit to detect user operations for collecting provenance data. We design and implement ProvChain, an architecture to collect and verify cloud data provenance, by embedding the provenance data into blockchain transactions. ProvChain operates mainly in three phases: (1) provenance data collection, (2) provenance data storage, and (3) provenance data validation. Results from performance evaluation demonstrate that ProvChain provides security features including tamper-proof provenance, user privacy and reliability with low overhead for the cloud storage applications.

Traffic management in wireless sensor networks: Decoupling congestion control and fairness

In this paper, we propose a distributed congestion control algorithm for tree based communications in wireless sensor networks, that seeks to adaptively assign a fair and efficient transmission rate to each node. In our algorithm, each node monitors its aggregate output and input traffic rate. Based on the difference of the two, a node then decides to increase (if the output rate is more) or decrease (if the input rate is more) the bandwidth allocable to a flow originating from itself and to those being routed through it. Since the application requirements in sensor network follow no common trait, our design abstracts the notion of fairness, allowing for the development of a generic utility controlling module. Such separation of the utility and fairness controlling modules enable each one to use a separate control law, thereby portraying a more flexible design. The working of our congestion control is independent of the underlying routing algorithm and is designed to adapt to changes in the underlying routing topology. We evaluate the performance of the algorithm via extensive simulations using an event-driven packet level simulator. The results suggest that the proposed protocol acquires a significantly high goodput of around 95% of the actual transmission rate, converges quickly to the optimal rate, and attains the desired fairness.

An analytical framework for reasoning about intrusions

Local and wide area network information assurance analysts need current and precise knowledge about their system activities in order to address the challenges of critical infrastructure protection. In particular, the analyst needs to know in real-time that an intrusion has occurred so that an active response and recovery thread can be created rapidly. Existing intrusion detection solutions are basically after-the-fact, thereby offering very little in terms of damage confinement and restoration of service. Quick recovery is only possible if the assessment scheme has low latency and it occurs in real-time. The objective of the paper is to develop a reasoning framework to aid in the real-time detection and assessment task that is based on a novel idea of encapsulation of owners intent. The theoretical framework developed here will help resolve dubious circumstances that may arise while inferring the premises of operations (encapsulated from owners intent) by way of examining the observed conclusions resulting from the actual operations of the owner. This reasoning is significant in view of the fact that intrusion signaling is not a binary decision unlike error detection in traditional fault tolerance. Our reasoning framework has been developed by leveraging the concepts of cost analysis and pricing under uncertainty found in economics and finance. Our main result is the modeling of user activity on a computing system as a martingale and the subsequent quantification of the cost of performing a job to enable decision making.