Marina Thottan

Anomaly detection in IP networks

Network anomaly detection is a vibrant research area. Researchers have approached this problem using various techniques such as artificial intelligence, machine learning, and state machine modeling. In this paper, we first review these anomaly detection methods and then describe in detail a statistical signal processing technique based on abrupt change detection. We show that this signal processing technique is effective at detecting several network anomalies. Case studies from real network data that demonstrate the power of the signal processing approach to network anomaly detection are presented. The application of signal processing techniques to this area is still in its infancy, and we believe that it has great potential to enhance the field, and thereby improve the reliability of IP networks.

Market sharing games applied to content distribution in ad hoc networks

In third-generation (3G) wireless data networks, repeated requests for popular data items can exacerbate the already scarce wireless spectrum. In this paper, we propose an architectural and protocol framework that allows 3G service providers to host efficient content distribution services. We offload the spectrum intensive task of content distribution to an ad hoc network. Less mobile users (resident subscribers) are provided incentives to cache popular data items, while mobile users (transit subscribers) access this data from resident subscribers through the ad hoc network. Since the participants of this data distribution network act as selfish agents, they may collude to maximize their individual payoff. Our proposed protocol discourages potential collusion scenarios. In this architecture, the goal (social function) of the 3G service provider is to have the selfishly motivated resident subscribers service as many data requests as possible. However, the choice of which set of items to cache is left to the individual user. The caching activity among the different users can be modeled as a market sharing game. In this work, we study the Nash equilibria of market sharing games and the performance of such equilibria in terms of a social function. These games are a special case of congestion games that have been studied in the economics literature. In particular, pure strategy Nash equilibria for this set of games exist. We give a polynomial-time algorithm to find a pure strategy Nash equilibrium for a special case, while it is NP-hard to do so in the general case. As for the performance of Nash equilibria, we show that the price of anarchy-the worst case ratio between the social function at any Nash equilibrium and at the social optimum-can be upper bounded by a factor of 2. When the popularity follows a Zipf distribution, the price of anarchy is bounded by 1.45 in the special case where caching any item has a positive reward for all players. We prove that the selfish behavior of computationally bounded agents converges to an approximate Nash equilibrium in a finite number of improvements. Furthermore, we prove that, after each agent computes its response function once using a constant factor approximation algorithm, the outcome of the game is within a factor of O(logn) of the optimal social value, where n is the number of agents. Our simulation scenarios show that the price of anarchy is 30% better than that of the worst case analysis and that the system quickly (1 or 2 steps) converges to a Nash equilibrium.

A secure decentralized data-centric information infrastructure for smart grid

In recent years the power grid has been undergoing transformative changes due to the greater penetration of renewable energy sources and increased focus on power demand shaping. These innovative transformations on the grid require a flexible IP-based communication grid that is reliable and secure. In this article we describe an IPbased decentralized and data-centric information infrastructure that can reliably, securely, and cost-effectively support the operation and innovative applications of the next generation grid. The proposed infrastructure differs from a typical distributed system since it addresses the specific requirements of power applications such as security, distributed data sources, latency sensitive data transactions and real time event updates. The work presented here paves the way for a future data-centric power network infrastructure.

Perspectives on router buffer sizing: recent results and open problems

The past few years have witnessed a lot of debate on how large Internet router buffers should be. The widely believed rule-of-thumb used by router manufacturers today mandates a buffer size equal to the delay-bandwidth product. This rule was first challenged by researchers in 2004 who argued that if there are a large number of long-lived TCP connections flowing through a router, then the buffer size needed is equal to the delay-bandwidth product divided by the square root of the number of long-lived TCP flows. The publication of this result has since reinvigorated interest in the buffer sizing problem with numerous other papers exploring this topic in further detail - ranging from papers questioning the applicability of this result to proposing alternate schemes to developing new congestion control algorithms, etc. This paper provides a synopsis of the recently proposed buffer sizing strategies and broadly classifies them according to their desired objective: link utilisation, and per-flow performance. We discuss the pros and cons of these different approaches. These prior works study buffer sizing purely in the context of TCP. Subsequently, we present arguments that take into account both real-time and TCP traffic. We also report on the performance studies of various high-speed TCP variants and experimental results for networks with limited buffers. We conclude this paper by outlining some interesting avenues for further research.

Distributed network monitoring with bounded link utilization in IP networks

Designing optimal measurement infrastructure is a key step for network management. In this work we address the problem of optimizing a scalable distributed polling system. The goal of the optimization is to reduce the cost of deployment of the measurement infrastructure by identifying a minimum poller set subject to bandwidth constraints on the individual links. We show that this problem is NP-hard and propose three different heuristics to obtain a solution. We evaluate our heuristics on both hierarchical and flat topologies with different network sizes under different polling bandwidth constraints. We find that the heuristic of choosing the poller that can poll the maximum number of unpolled nodes is the best approach. Our simulation studies show that the results obtained by our best heuristic is close to the lower bound obtained using LP relaxation.

Market sharing games applied to content distribution in ad-hoc networks

In third-generation (3G) wireless data networks, repeated requests for popular data items can exacerbate the already scarce wireless spectrum. In this paper, we propose an architectural and protocol framework that allows 3G service providers to host efficient content distribution services. We offload the spectrum intensive task of content distribution to an ad hoc network. Less mobile users (resident subscribers) are provided incentives to cache popular data items, while mobile users (transit subscribers) access this data from resident subscribers through the ad hoc network. Since the participants of this data distribution network act as selfish agents, they may collude to maximize their individual payoff. Our proposed protocol discourages potential collusion scenarios. In this architecture, the goal (social function) of the 3G service provider is to have the selfishly motivated resident subscribers service as many data requests as possible. However, the choice of which set of items to cache is left to the individual user. The caching activity among the different users can be modeled as a market sharing game. In this work, we study the Nash equilibria of market sharing games and the performance of such equilibria in terms of a social function. These games are a special case of congestion games that have been studied in the economics literature. In particular, pure strategy Nash equilibria for this set of games exist. We give a polynomial-time algorithm to find a pure strategy Nash equilibrium for a special case, while it is NP-hard to do so in the general case. As for the performance of Nash equilibria, we show that the price of anarchy-the worst case ratio between the social function at any Nash equilibrium and at the social optimum-can be upper bounded by a factor of 2. When the popularity follows a Zipf distribution, the price of anarchy is bounded by 1.45 in the special case where caching any item has a positive reward for all players. We prove that the selfish behavior of computationally bounded agents converges to an approximate Nash equilibrium in a finite number of improvements. Furthermore, we prove that, after each agent computes its response function once using a constant factor approximation algorithm, the outcome of the game is within a factor of O(logn) of the optimal social value, where n is the number of agents. Our simulation scenarios show that the price of anarchy is 30% better than that of the worst case analysis and that the system quickly (1 or 2 steps) converges to a Nash equilibrium.

Cloud-based demand response for smart grid: Architecture and distributed algorithms

In this paper we propose cloud-based demand response (CDR), a novel demand response architecture for fast response times in large scale deployments. The proposed architecture is in contrast to master/slave based demand response where the participants directly interact with the utility using host address-centric communication. CDR leverages data-centric communication, publisher/subscriber and topic-based group communication to make demand response secure, scalable and reliable. To the utility, CDR appears to be a black box function call that takes an input from the utility, e.g., power deficit and gives an output to the utility, e.g., power reduction per customer and the corresponding price incentive. Using this implementation framework, we propose two market-based distributed algorithms (bisection and Illinois methods). The proposed algorithms exhibit at least exponentially fast convergence with O(1) iteration as the number of customers grows and outperform prior work of the dual gradient method in terms of convergence speed while keeping the same messaging overhead.

Demonstration of the interconnection of two optical packet rings with a hybrid optoelectronic packet router

We demonstrate the interconnection of two optical packet switching systems: a hybrid optoelectronic packet router and two optical packet rings. Error-free inter-ring and intra-ring optical packet transmission and unicast and multicast transport of encapsulated 10 GbE are achieved.

SeDAX: A Scalable, Resilient, and Secure Platform for Smart Grid Communications

Smart Grid applications are imposing challenging requirements of security and reliability on the N-way communication infrastructure being designed to support multiple grid applications. These challenges stem from the increasing incorporation of distributed renewable energy sources on to the grid, the rising deployment of electric vehicles, and active consumer participation into power grid operations, all of which communicate with the utility control center with varying degrees of priority and security. To address these challenging requirements, we propose SeDAX, a SEcure Data-centric Application eXtensible platform for Smart Grid applications. SeDAX implements scalable, resilient and secure data delivery and data sharing in a wide area network. The platform can scalably handle high volumes of data generated by both applications and sensors. The SeDAX architecture has as its basis a Delaunay Triangulation (DT) network. The properties of the DT graph are leveraged to scalably support secure data-centric (or information-centric) group communication. The primary goals of this platform are to support communication resilience and data availability. The key functional blocks of the SeDAX platform are: (1) a geographic hash forwarding algorithm that operates over the DT graph (DT-GHF), and (2) a DT-based data replication scheme. The forwarding and replication schemes are scalable and cost effective in terms of communication overhead and memory. We describe the design details of the SeDAX platform and present empirical results on the performance of SeDAX as compared with other geometric-based alternatives such as Geographic Hash Table (GHT) forwarding and Content Addressable Networking (CAN). The operation of SeDAX is illustrated in the context of implementing demand response, a known Smart Grid application.

An Online Mechanism for BGP Instability Detection and Analysis

The importance of border gateway protocol (BGP) as the primary interautonomous system (AS) routing protocol that maintains the connectivity of the Internet imposes stringent stability requirements on its route selection process. Accidental and malicious activities such as misconfigurations, failures, and worm attacks can induce severe BGP instabilities leading to data loss, extensive delays, and loss of connectivity. In this work, we propose an online instability detection architecture that can be implemented by individual routers. We use statistical pattern recognition techniques for detecting the instabilities, and the algorithm is evaluated using real Internet data for a diverse set of events including misconfiguration, node failures, and several worm attacks. The proposed scheme is based on adaptive segmentation of feature traces extracted from BGP update messages and exploiting the temporal and spatial correlations in the traces for robust detection of the instability events. Furthermore, we use route change information to pinpoint the culprit ASes where the instabilities have originated.