Ying-Dar Lin

Using String Matching for Deep Packet Inspection

String matching has sparked renewed research interest due to its usefulness for deep packet inspection in applications such as intrusion detection, virus scanning, and Internet content filtering. Matching expressive pattern specifications with a scalable and efficient design, accelerating the entire packet flow, and string matching with high-level semantics are promising topics for further study.

Allocation and scheduling algorithms for IEEE 802.14 and MCNS in hybrid fiber coaxial networks

IEEE 802.14 and MCNS (multimedia cable network system) are two standards developed for the hybrid fiber coaxial (HFC) CATV networks. Both standards model an upstream channel as a stream of minislots. But their philosophies on resolving collisions in the shared upstream channel are rather different, where IEEE 802.14 adopts the priority+FIFO first-transmission rule and the n-ary tree retransmission rule, and MCNS adopts the binary exponential backoff algorithm with adjustable window sizes. Both provide reservation access, while IEEE 802.14 and MCNS also support isochronous access and immediate access, respectively. In this paper, we try to prepare a suggestion list for vendors on how to allocate minislots for reservation access and immediate access and how to schedule the reserved bandwidth, which greatly affect the performance of a cable network and are left open by the standards.

Research challenges towards the Future Internet

The convergence of computer-communication networks towards an all-IP integrated network has transformed Internet in a commercial commodity that has stimulated an un-precedent offer of novel communication services that are pushing the Internet architecture and protocols well beyond their original design. This calls for extraordinary research efforts at all levels of the protocol stack to address the challenges of existing and future networked applications and services in terms of scalability, mobility, flexibility, security, etc. In this article we focus on some hot research areas and discuss the research issues that need to be tackled for addressing the multiple challenges of the Future Internet. Far from being a comprehensive analysis of all the challenges faced by the Future Internet, this article tries to call the attention of Computer Communications readers to new and promising research areas, identified by members of the journal editorial board to stimulate further research activities in these areas. The survey of these research areas is then complemented with a brief review of the on-going activities in the other important research areas towards the Future Internet.

Review: Application classification using packet size distribution and port association

Traffic classification is an essential part in common network management applications such as intrusion detection and network monitoring. Identifying traffic by looking at port numbers is only suitable to well-known applications, while signature-based classification is not applicable to encrypted messages. Our preliminary observation shows that each application has distinct packet size distribution (PSD) of the connections. Therefore, it is feasible to classify traffic by analyzing the variances of packet sizes of the connections without analyzing packet payload. In this work, each connection is first transformed into a point in a multi-dimensional space according to its PSD. Then it is compared with the representative points of pre-defined applications and recognized as the application having a minimum distance. Once a connection is identified as a specific application, port association is used to accelerate the classification by combining it with the other connections of the same session because applications usually use consecutive ports during a session. Using the proposed techniques, packet size distribution and port association, a high accuracy rate, 96% on average, and low false positive and false negative rates, 4-5%, are achieved. Our proposed method not only works well for encrypted traffic but also can be easily incorporated with a signature-based method to provide better accuracy.

Identifying android malicious repackaged applications by thread-grained system call sequences

Android security has become highly desirable since adversaries can easily repackage malicious codes into various benign applications and spread these malicious repackaged applications (MRAs). Most MRA detection mechanisms on Android focus on detecting a specific family of MRAs or requiring the original benign application to compare with the malicious ones. This work proposes a new mechanism, SCSdroid (System Call Sequence Droid), which adopts the thread-grained system call sequences activated by applications. The concept is that even if MRAs can be camouflaged as benign applications, their malicious behavior would still appear in the system call sequences. SCSdroid extracts the truly malicious common subsequences from the system call sequences of MRAs belonging to the same family. Therefore, these extracted common subsequences can be used to identify any evaluated application without requiring the original benign application. Experimental results show that SCSdroid falsely detected only two applications among 100 evaluated benign applications, and falsely detected only one application among 49 evaluated malicious applications. As a result, SCSdroid achieved up to 95.97% detection accuracy, i.e., 143 correct detections among 149 applications.

QoS routing granularity in MPLS networks

This study investigates how constraint-based routing decision granularity significantly affects the scalability and blocking performance of QoS routing in an MPLS network. Coarse granularity, such as per-destination, has lower storage and computational overheads but is only suitable for best effort traffic. On the other hand, fine granularity, such as per-flow, provides lower blocking probability for bandwidth requests, but requires a huge number of states and high computational cost. To achieve cost-effective scalability, this study proposes using hybrid granularity schemes. The overflowed cache of the per-pair/flow scheme adds a per-pair cache and a per-flow cache as the routing cache, and performs well in blocking probability. The per-pair/class scheme groups the flows into several paths using routing marks, thus allowing packets to be label-forwarded with a bounded cache.

Taxonomy and Evaluation of TCP-Friendly Congestion-Control Schemes on Fairness, Aggressiveness, and Responsiveness

Many TCP-friendly congestion control schemes have been proposed to pursue the TCP-equivalence criterion, which states that a TCP-equivalent flow should have the same throughput with TCP if it experiences identical network conditions as TCP. Additionally, the throughput should converge as fast as TCP when the packet-loss conditions change. This study classifies eight typical TCP-friendly schemes according to their underlying policies on fairness, aggressiveness, and responsiveness. The schemes are evaluated to verify whether they meet TCP-equivalence and TCP-equal share. TCP-equal share is a more realistic but more challenging criterion than TCP-equivalence and states that a flow should have the same throughput with TCP if competing with TCP for the same bottleneck. Simulation results indicate that one of the selected schemes, TCP-friendly rate control (TFRC), meets both criteria under more testing scenarios than the others. Additionally, the results under non-periodic losses, low-multiplexing, two-state losses, and bursty losses reveal the causes that bring fault cases to the schemes. Finally, appropriate policies are recommended for an ideal scheme.

A Latency and Modulation Aware Bandwidth Allocation Algorithm for WiMAX Base Stations

The mobile WiMAX systems based on IEEE 802.16e-2005 provide high data rate for the mobile wireless network. However, the link quality is frequently unstable owing to the long-distance and air interference and therefore impacts real-time applications. Thus, a bandwidth allocation algorithm is required to be modulation-aware, while further satisfying the latency guarantee, service differentiation and fairness. This work proposes the Highest Urgency First (HUF) algorithm to conquer the above challenges by taking into consideration the adaptive modulation and coding scheme (MCS) and the urgency of requests. Downlink and uplink sub-frames are determined by reserving the bandwidth for the most urgent requests and proportionating the remaining bandwidth for others. Then, independently in the downlink and uplink, the HUF allocates bandwidth to every mobile station according to a pre-calculated U-factor which considers urgency, priority and fairness. Simulation results prove the HUF is modulation-aware and achieves the above three objectives, notably the zero violation rate within system capacity as well as the throughput paralleling to the best of the existing approaches.

Direct Web switch routing with state migration, TCP masquerade, and cookie name rewriting

Existing layer 4 load balancers are content-blind and often have difficulty in redirecting HTTP requests to the appropriate server in the session manner. Layer 7 load balancers, also referred to as Web switches, are content-aware and support session persistence. However, most Web switches employ a bidirectional architecture, which means that request and response traffic must both pass through the load balancer. This means a Web switch can easily become a bottleneck. We present a direct routing architecture to prevent response traffic from passing through the Web switch. Our solution is highly scalable in the number of back-end servers. In addition, two simple but effective mechanisms, one-packet TCP state migration and cookie name rewriting to packet filter, are presented to support persistent connection and session persistence. Through the external benchmark, we prove that our system outperforms existing solutions. The internal benchmark investigates the bottlenecks of our system and suggests areas for future improvement.

Multihop wireless IEEE 802.11 LANs: a prototype implementation

We present a prototype for a new architecture, MCN (multihop cellular network), implemented over a wireless LAN platform. MCN preserves the virtue of traditional single-hop cellular networks where the service infrastructure is constructed by many bases, but it also adds the flexibility of ad-hoc networks where wireless transfer through mobile stations in multiple hops is allowed. The MCN can reduce the number of required bases or improve the throughput performance. On IEEE 802.11 compliant wireless LAN products, a bridging protocol, our BMBP (base-driven multihop bridging protocol), runs between mobile stations and access points to build bridging tables. The demonstration shows that MCN is a feasible architecture for wireless LANs.