Xiangzhan Yu

Feature selection for optimizing traffic classification

Machine learning (ML) algorithms have been widely applied in recent traffic classification. However, due to the imbalance in the number of traffic flows, ML based classifiers are prone to misclassify flows as the traffic type that occupies the majority of flows on the Internet. To address the problem, a novel feature selection metric named Weighted Symmetrical Uncertainty (WSU) is proposed. We design a hybrid feature selection algorithm named WSU_AUC, which prefilters most of features with WSU metric and further uses a wrapper method to select features for a specific classifier with Area Under roc Curve (AUC) metric. Additionally, to overcome the impacts of dynamic traffic flows on feature selection, we propose an algorithm named SRSF that Selects the Robust and Stable Features from the results achieved by WSU_AUC. We evaluate our approaches using three classifiers on the traces captured from entirely different networks. Experimental results obtained by our algorithms are promising in terms of true positive rate (TPR) and false positive rate (FPR). Moreover, our algorithms can achieve >94% flow accuracy and >80% byte accuracy on average.

Prometheus: Privacy-aware data retrieval on hybrid cloud

With the advent of cloud computing, data owner is motivated to outsource their data to the cloud platform for great flexibility and economic savings. However, the development is hampered by data privacy concerns: Data owner may have privacy data and the data cannot be outsourced to cloud directly. Previous solutions mainly use encryption. However, encryption causes a lot of inconveniences and large overheads for other data operations, such as search and query. To address the challenge, we adopt hybrid cloud. In this paper, we present a suit of novel techniques for efficient privacy-aware data retrieval. The basic idea is to split data, keeping sensitive data in trusted private cloud while moving insensitive data to public cloud. However, privacy-aware data retrieval on hybrid cloud is not supported by current frameworks. Data owners have to split data manually. Our system, called Prometheus, adopts the popular MapReduce framework, and uses data partition strategy independent to specific applications. Prometheus can automatically separate sensitive information from public data. We formally prove the privacy-preserving feature of Prometheus. We also show that our scheme can defend against the malicious cloud model, in addition to the semi-honest cloud model. We implement Prometheus on Hadoop and evaluate its performance using real data set on a large-scale cloud test-bed. Our extensive experiments demonstrate the validity and practicality of the proposed scheme.

A PSO-Based Hierarchical Resource Scheduling Strategy on Cloud Computing

Cloud computing environments facilitate applications by providing virtualized resources that can be provisioned dynamically. Computing resources are delivered by Virtual Machines (VMs). In such a scenario, resource scheduling algorithms play an important role where the aim is to schedule applications effectively so as to reduce the turn-around time and improve resource utilization. In this paper, we present a Particle Swarm Optimization (PSO) based strategy schedules applications to cloud resource taking into account both transmission cost and current load. In addition, a novel inertia weight was introduced in order to get the global search and local search effectively and avoid plunging into the local optimum. Finally, we experiment with application workflows by varying its performance and convergence analysis.

Towards Efficient Anonymous Communications in Sensor Networks

Anonymous communication is a challenging task in resource constrained wireless sensor networks (WSN). However, anonymity is important for many sensor networks, in which we want to conceal the location and identify of important nodes (such as source nodes and base stations) from attackers. Existing WSN anonymous protocols either cannot achieve complete anonymity, or have large computation and/or storage overheads. In this paper, we present an efficient anonymous communication protocol for sensor networks. Our protocol can achieve sender/source anonymity, communication -relationship anonymity, and the base station anonymity simultaneously, while having small overheads on computation, storage and communication.

A Privacy-aware Virtual Machine Migration Framework on Hybrid Clouds

With the proliferation of hybrid clouds in both cost-saving and effectiveness, a growing number of users are building their own private cloud. However, private cloud can only provide limited resource, and always resorts to public cloud in order to meet elastic service requirements. Generally, public cloud is operated by commercial service providers (CSPs) who are not completely honest with users to some extent. So, existing hybrid clouds service models are hampered by privacy concerns, and one of the main reasons is that a majority of users’ workloads involves sensitive contents and therefore can’t be directly outsourced to public cloud without proper protection. In this paper, we present a novel framework that makes such privacy-aware VM migration effectively. At First, all the users’ workloads are uploading and running in private cloud VMs then labeling the sensitive and non-sensitive VMs. Then, we design an effective way focusing on how to get VM migration queue without introducing heavy inter-cloud communication traffic after migration. Finally, non-sensitive VMs are migrated to public cloud with utmost effort by live migration premised on minimal service level agreement (SLA) disruption. Experiment results illustrate that our proposed framework is effective while occurring an acceptable communication overhead

Continuous resource allocation in cloud computing

With the advent of cloud computing, more and more enterprises and individuals are motivated to outsource their local complex applications into the cloud for its great flexibility and economic savings. For cloud server, however, the problem of how to optimize scheduling cloud resources to maximize the resource utilization and incorporate energy optimization is not trivial. In this paper, we present a continuous resource allocation strategy to solve this issue. Specifically, we first map all the remaining resources of the cloud into a ZBtree. Based on this, we propose an efficient resource allocation strategy for processing cloud resource requests, which adopts minimal domination matching as the greedy strategy to navigate the tradeoff space. Moreover, to reduce the rate of application migration, we propose a continuous monitoring strategy which adopts a resource reserve scheme to reduce the probability of application migration to the maximum extent. The extensive experiments further demonstrate the validity of the proposed mechanism with low computation overhead.

A large scale code resolution service network in the Internet of Things.

In the Internet of Things a code resolution service provides a discovery mechanism for a requester to obtain the information resources associated with a particular product code immediately. In large scale application scenarios a code resolution service faces some serious issues involving heterogeneity, big data and data ownership. A code resolution service network is required to address these issues. Firstly, a list of requirements for the network architecture and code resolution services is proposed. Secondly, in order to eliminate code resolution conflicts and code resolution overloads, a code structure is presented to create a uniform namespace for code resolution records. Thirdly, we propose a loosely coupled distributed network consisting of heterogeneous, independent; collaborating code resolution services and a SkipNet based code resolution service named SkipNet-OCRS, which not only inherits DHTs advantages, but also supports administrative control and autonomy. For the external behaviors of SkipNet-OCRS, a novel external behavior mode named QRRA mode is proposed to enhance security and reduce requester complexity. For the internal behaviors of SkipNet-OCRS, an improved query algorithm is proposed to increase query efficiency. It is analyzed that integrating SkipNet-OCRS into our resolution service network can meet our proposed requirements. Finally, simulation experiments verify the excellent performance of SkipNet-OCRS.

An Efficient Trust Evaluation Approach in Attacker Dominated Networks in Internet of Things

Malicious organizations deploy numerous RFID readers in a partial region with low cost to gain superiority therefore its readers may perform attacks and other conspirators generate false reports to cover such malicious events. In this paper, we first introduce a simple game approach which only achieves Bayes equilibrium in a regular network between combined report readers and a detecting reader, then in the attacker dominated network, we propose an improved cooperative game where detecting nodes cooperate to evaluate trust of an unknown node from its organization reputation, the node’s prior trust and utility function is updated according to a reference report, therefore malicious node weights are reduced meanwhile a new Bayes equilibrium is achieved. The simulations show that the cooperative game improves successful deduction rate and decreases forged reports significantly.

Practical and privacy-assured data indexes for outsourced cloud data

Cloud computing allows individuals and organizations outsource their data to cloud server due to the flexibility and cost savings. However, data privacy is a major concern that hampers the wide adoption of cloud services. Data encryption ensures data content confidentiality and fine-grained data access control prevents unauthorized user from accessing data. An unauthorized user may still be able to infer privacy information from encrypted data by using indexing techniques. In this paper, we investigate the problem of sensitive information leakage caused by orthogonal use of these two kinds of techniques. Based on that, we propose “core attribute”-aware techniques that can ensure privacy of outsourced data. The techniques focus on confidential attribute set of outsourced data. We adopt k-anonymity technique for the attribute indexes to prevent user from inferring privacy from unauthorized data. We formally prove the privacy-preserving guarantee of the proposed mechanism. Our extensive experiments demonstrate the practicality of the proposed mechanism, which has low computation and communication overhead.

Comparison and Analysis of Flow Features at the Packet Level for Traffic Classification

Recently, flow features at the packet level for traffic classification have been paid more attention to since they are simple and observable even if encrypted tunnels are applied in the network, such as SSL tunnel. However, how to use flow features at the packet level for effective classification of traffic flows is still a significant issue to be solved. The objective of this paper is to compare and analyze three typical flow features at the packet level: packet size combined with packet direction, packet size combined with interarrival time, and protocol fingerprint. The amount of information carried by each feature is presented with mutual information measurement. Based on the traffic traces captured from two different network environments, our experimental results indicate that when C4.5 algorithm classifies traffic flows with the first two packets of each flow, packet size combined with packet interarrival time, which is generated from the client-to-server direction of a TCP connection, is more accurate and stable across space and time.