Songnian Lu

An anti-attack model based on complex network theory in P2P networks

Complex network theory is a useful way to study many real systems. In this paper, an anti-attack model based on complex network theory is introduced. The mechanism of this model is based on a dynamic compensation process and a reverse percolation process in P2P networks. The main purpose of the paper is: (i) a dynamic compensation process can turn an attacked P2P network into a power-law (PL) network with exponential cutoff; (ii) a local healing process can restore the maximum degree of peers in an attacked P2P network to a normal level; (iii) a restoring process based on reverse percolation theory connects the fragmentary peers of an attacked P2P network together into a giant connected component. In this way, the model based on complex network theory can be effectively utilized for anti-attack and protection purposes in P2P networks.

Note on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking

Distributed denial-of-serviceDDoSflood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Lis work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the Hurst parameter of normal traffic. If the actual Hurst parameter varies significantly from the estimation, we assume that DDoS attack happens. Meanwhile, we propose two methods to determine the change point of Hurst parameter that indicates the occurrence of DDoS attacks. The detection rate associated with one method and false alarm rate for the other method are also derived. The test results on DARPA intrusion detection evaluation data show that the proposed approaches can achieve better detection performance than some well-known self-similarity-based detection methods.

A mechanism based on reputation in P2P networks to counter malicious packet dropping

In P2P (Peer-to-Peer) networks, some malicious peers can impact on overall networks performance. One of the malicious behaviors of these peers is malicious packet dropping. In this paper, our focus is to detect and to exclude peers that misbehave by dropping some or all packets. Here, we propose a reputation-based mechanism for solving the problem efficiently. The proposed mechanism uses both direct reputation information and indirect reputation information to compute comprehensive reputation of a peer. At the same time, history reputation information is also taken into account to provide faults tolerance capability and we regulate the imprecision based on the fact that the cause of packet dropping can be complex. Finally, the peers with bad comprehensive reputation can be detected easily and then will be excluded from the network. In this way, our proposed mechanism improves the performance of P2P networks without increasing computational overhead.

An Anonymity Scheme Based on Pseudonym in P2P Networks

One of the fundamental challenges in P2P (Peer to Peer) networks is to protect peers’ identity privacy. Adopting anonymity scheme is a good choice in most of networks such as the Internet, computer and communication networks. In this paper, we proposed an anonymity scheme based on pseudonym in which peers are motivated not to share their identity. Compared with precious anonymous scheme such as RuP (Reputation using Pseudonyms), our scheme can reduce the overhead and minimize the trusted center’s involvement.

Real-Time and Self-adaptive Method for Abnormal Traffic Detection Based on Self-similarity

Abnormal traffic detection is a difficult problem in network management and network security. This paper proposes an abnormal traffic detection method based on a continuous LoSS (loss of self-similarity) through comparing the difference of Hurst parameter distribution under the network normal and abnormal traffic time series conditions. Due to the needs of fast and high accuracy for abnormal traffic detection, the on-line version of the Abry-Veitch wavelet-based estimator of the Hurst parameter in large time-scale is proposed, and the detection threshold could self-adjusted according to the extent of network traffic self-similarity under normal conditions. This work also investigates the effect of the parameters adjustment on the performance of abnormal traffic detection. The test results on data set from Lincoln lab of MIT demonstrate that the new abnormal traffic detection method has the characteristics of dynamic self-adaptive and higher detection rate, and can be implemented in a real-time way.

A LoSS based on-line detection of abnormal traffic using dynamic detection threshold

Abnormal traffic detection is a difficult problem in network management and network security. This paper proposed an abnormal traffic detection method based on LoSS (loss of self-similarity) through comparing the difference of Hurst parameter distribution under the network normal and abnormal traffic time series conditions. This method adopted wavelet analysis to estimate the Hurst parameter of network traffic in large time-scale, and the detection threshold could self-adjusted according to the extent of network traffic self-similarity under normal conditions. The test results on data set from Lincoln Lab of MIT demonstrate that the new detection method has the characteristics of dynamic self-adaptive and higher detection rate, and the detection speed is also improved by one time segment.