Stefanie Roos

Greedy Embedding, Routing and Content Addressing for Darknets

To achieve anonymous and censorship-resistant overlay communication, darknets restrict overlay links to trusted parties. Efficient data retrieval in such a restricted topology requires a decentralized addressing scheme. We propose a greedy embedding algorithm, which is used to realize efficient routing and content addressing for darknets. The embedding guarantees success of greedy routing using compact address representations. Evaluation on trust graphs obtained from PGPs web of trust shows that our embedding enables much more efficient routing than existing dark net embeddings. Though, content addressing based on the embedding exhibits unbalanced load.

Measuring Freenet in the Wild: Censorship-Resilience under Observation

Freenet, a fully decentralized publication system designed for censorship-resistant communication, exhibits long delays and low success rates for finding and retrieving content. In order to improve its performance, an in-depth understanding of the deployed system is required. Therefore, we performed an extensive measurement study accompanied by a code analysis to identify bottlenecks of the existing algorithms and obtained a realistic user model for the improvement and evaluation of new algorithms.

Enhancing compact routing in CCN with prefix embedding and topology-aware hashing

Information-centric networks are a new paradigm for addressing and accessing content on the Internet, with Content-Centric Networking (CCN) being one of the more popular candidate solutions. CCN de-couples content from the location it is hosted and allows for mobility of the node requesting the content. However, CCNs ability to handle the mobility of the content source are limited and so far little research has focused on how both endpoints would be able to be mobile. We focus on mobility of the content source, using network embeddings as a tool. Network embeddings have already been proposed for content addressing and mobility management in prior work. In this paper, we first show that previously designed embeddings lead to a highly unbalanced storage and traffic load: More than 90% of all stored references are mapped to one node, which is involved in more than 95% of all queries. We propose a modified embedding, Prefix-S embedding, and a topology-aware key assignment, which enable a uniform distribution of the storage load. The maximum traffic per node is also considerably reduced from more than 95% to 35%.

Attack Resistant Network Embeddings for Darknets

Darknets, connecting only devices between participants of mutual trust in the real world, rely on cooperative, precise, and attack resistant embeddings to evolve routing structures on the name space. Only precise embeddings allow for performant communication with low overhead on these networks. With Darknets being deployed in generally untrusted, even adverse environments, external or internal attacks have to be assumed commonplace. Their impact hence has to be limited and the embedding must be made resistant against even sophisticated attacks. Analysing Dark Freenet, the only current approach implementing a full Dark net, we devise simple attacks that render its embedding entirely corrupt. In response we derive a novel embedding that is based on local decisions only, and which not only is resistant to such attacks, but additionally outperforms the Dark Freenet in terms of precision.

Prognosis of breast cancer using genetic programming

Worldwide, breast cancer is the second most common type of cancer after lung cancer and the fifth most common cause of cancer death. In 2004, breast cancer caused 519,000 deaths worldwide. In order to reduce the cancer deaths and thereby increasing the survival rates an automatic approach is necessary to aid physicians in the prognosis of breast cancer. This paper investigates the prognosis of breast cancer using a machine learning approach, in particular genetic programming, whereas earlier work has approached the prognosis using linear programming. The genetic programming method takes a digitized image of a patient and automatically generates the prediction of the time to recur as well as the disease-free survival time. The breast cancer dataset from the University of California Irvine Machine Learning Repository was used for this study. The evaluation shows that the genetic programming approach outperforms the linear programming approach by 33%.

Zeus Milker: Circumventing the P2P Zeus Neighbor List Restriction Mechanism

The emerging trend of highly-resilient P2P botnets poses a huge security threat to our modern society. Carefully designed countermeasures as applied in sophisticated P2P botnets such as P2P Zeus impede botnet monitoring and successive takedown. These countermeasures reduce the accuracy of the monitored data, such that an exact reconstruction of the botnets topology is hard to obtain efficiently. However, an accurate topology snapshot, revealing particularly the identities of all bots, is crucial to execute effective botnet takedown operations. With the goal of obtaining the required snapshot in an efficient manner, we provide a detailed description and analysis of the P2P Zeus neighbor list restriction mechanism. As our main contribution, we propose ZeusMilker, a mechanism for circumventing the existing anti-monitoring countermeasures of P2P Zeus. In contrast to existing approaches, our mechanism deterministically reveals the complete neighbor lists of bots and hence can efficiently provide a reliable topology snapshot of P2P Zeus. We evaluated ZeusMilker on a real-world dataset and found that it outperforms state-of-the-art techniques for botnet monitoring with regard to the number of queries needed to retrieve a bots complete neighbor list. Furthermore, ZeusMilker is provably optimal in retrieving the complete neighbor list, requiring at most 2n queries for an n-elemental list. Moreover, we also evaluated how the performance of ZeusMilker is impacted by various protocol changes designed to undermine its provable performance bounds.

Mitigating Eclipse attacks in Peer-To-Peer networks

Peer-to-Peer (P2P) protocols usage is proliferating for a variety of applications including time- and safety-critical ones. While the distributed design of P2P provides inherent fault tolerance to certain failures, the large-scale decentralized coordination exhibits various exploitable security threats. One of these key threats are Eclipse attacks, where a large fraction of malicious peers can surround, i.e., eclipse benign peers. Topology-aware localized Eclipse attacks (taLEAs) are a new class of such attacks that allows for highly efficient denial of service attacks with a small amount of malicious resources. Our contribution is twofold: First, we show the generic susceptibility of structured P2P protocols to taLEAs. Second, we propose a new lookup mechanism for the proactive and reactive detection and mitigation of such attacks. Our novel lookup mechanism complements the common deterministic lookup with randomized decisions in order to reduce the predictability of the lookup. We validate our proposed technique via extensive simulations, increasing the lookup success to 100% in many scenarios.

A contribution to analyzing and enhancing Darknet routing

Routing in Darknets, membership concealing overlays for pseudonymous communication, like for instance Freenet, is insufficiently analyzed, barely understood, and highly inefficient. These systems at higher performance are promising privacy preserving solutions for social applications. This paper contributes a realistic analytical model and a novel routing algorithm with provable polylog expected routing length. Using the model, we additionally prove that this can not be achieved by Freenets routing. Simulations support that our proposed algorithm achieves a better performance than Freenet for realistic network sizes.

Provable Polylog Routing for Darknets

Darknets, anonymous and membership-concealing P2P networks, aim at providing censorship-resistance without relying on a central authority. An efficient routing algorithm is needed to create Darknets that offer an acceptable performance to a large number of users. Designing such an algorithm is hard due to the restricted topology of Darknets, which has not been modelled adequately up to now. We present such a model of Darknets by modifying Kleinbergs small-world model [1] and a new algorithm, NextBestOnce. It is shown analytically that NextBestOnce takes O(log2 n) steps on our model, simulations show that it performs better than existing Darknet routing algorithms such as the one used in the dark Freenet [2], especially with regard to the maximal path length which is bounded by O(log2 n) for NextBestOnce, but scales linearly in case of Freenet.

Network Motifs Are a Powerful Tool for Semantic Distinction

Motifs are a general network analysis technique, which statistically relates network structure to epiphenomena on the network. This technique has been developed and brought to maturity in molecular biology, where it has been successfully applied to network-based chemical and biological dynamics of various types. Early on, the motif technique has been successfully applied outside biology as well – to social networks, electrical networks, and many more. Results by Milo et al. showed that the motif signature of a network varies from realm to realm to some extent but is significantly more homogenous within a realm. This observation has been the starting point of the thread of research presented in this paper. More specifically, we do not compare networks from different realms but focus on networks from a given realm. In several case studies on particular realms, we found that motif signatures suffice to distinguish certain classes of networks from each other. In this paper, we summarize our previous work, and present some new results. In particular, in Biemann et al. (2012), we found that natural and artificially generated language can be distinguished from each other through the motif signatures of the co-occurrence graphs. Based on that, we present work on co-occurrence graphs that are restricted to word classes. We found that the co-occurrence graphs of verbs (and other word classes used like predicates) exhibit strongly different motif signatures and can be distinguished by that. To demonstrate the general power of the approach, we present further original work on co-authorship networks, peer-to-peer streaming networks, and mailing networks.