Yuji Sekiya

Proposal of a method to detect black hole attack in MANET

Black hole attack is a serious threat in a mobile ad hoc network (MANET). In this attack, a malicious node injects a faked Route Reply message to deceive the source node so that the source node establishes a route to the malicious node and sends all the data packets to the malicious node. Every conventional method to detect such an attack has a defect of rather high rate of misjudgment in the detection. In order to overcome this defect, we propose a new detection method based on checking the sequence number in the Route Reply message by making use of a new message originated by the destination node and also by monitoring the messages relayed by the intermediate nodes in the route. Computer simulation results demonstrate that our method has a feature of much lower false positive and negative rates in detecting any number of malicious nodes than the conventional methods.

Scheme of Resource Optimization using VM Migration for Federated Cloud

Recently, federation of clouds drew lots of attentions, by which we can share the virtual resources among private clouds. In the same time, how to provide an easier way of managing the virtual resources while meeting the needs of the users and the different polices of resources providers has become a challenge. In this paper we present a new scheme of VM migration using VM live migration technology in the federated cloud environment. This method will be used to detect the overloaded servers and initiate the migration to the optimized location in the cloud automatically, considering the different locations and policies, thus eliminating the hotspots and balancing the load including CPU, memory and network utilization. According to the experimental result, our technique has been proven that it can detect and remove the hotspots efficiently and balance the load.

MATATABI: Multi-layer Threat Analysis Platform with Hadoop

Threat detection and analysis are indispensable processes in todays cyberspace, but current state of the art threat detection is still limited to specific aspects of modern malicious activities due to the lack of information to analyze. By measuring and collecting various types of data, from traffic information to human behavior, at different vantage points for a long duration, the viewpoint seems to be helpful to deeply inspect threats, but faces scalability issues as the amount of collected data grows, since more computational resources are required for the analysis. In this paper, we report our experience from operating the Hadoop platform, called MATATABI, for threat detections, and present the micro-benchmarks with four different backends of data processing in typical use cases such as log data and packet trace analysis. The benchmarks demonstrate the advantages of distributed computation in terms of performance. Our extensive use cases of analysis modules showcase the potential benefit of deploying our threat analysis platform.

Protocol-Independent FIB Architecture for Network Overlays

We introduce a new forwarding information base architecture into the stacked layering model for network overlays. In recent data center networks, network overlay built upon tunneling protocols becomes an essential technology for virtualized environments. However, the tunneling stacks network layers twice in the host OS, so that processing to transmit packets increases and throughput will degrade. First, this paper shows the measurement result of the degradation on a Linux kernel, in which throughputs in 5 tunneling protocols degrade by over 30%. Then, we describe the proposed architecture that enables the shortcut for the second protocol processing for network overlays. In the evaluation with a dummy interface and a modified Intel 10-Gbps NIC driver, transmitting throughput is improved in 5 tunneling protocols and the throughput of the Linux kernel is approximately doubled in particular protocols.

ovstack: A protocol stack of common data plane for overlay networks

Various overlay networks have been proposed and developed to increase flexibility on networks to address issues of the IP network. However, the existing overlay networks have two problems: 1) the topology of existing overlays is essentially full-mesh tunneling topology, 2) dependence of control plane and data plane. The full-mesh tunneling topology cannot enable the overlay routing for performance improvement of networks. The dependence of them causes complication of operations due to the isolation of overlay networks, and increases development costs. To improve the problems, we propose a new abstraction layer provides a common architecture for data planes of overlay networks that can deploy overlay routing. Based on the architecture, we design and implement a protocol stack, called ovstack. In this paper, we describe the architecture, design and implementation, then evaluate the performance of overlays including ovstack. The ovstack can contribute to construct more flexible overlay networks on the current networks easily.

Grafting sockets for fast container networking

This paper proposes a novel approach for fast container networking that enables applications in containers to utilize host network stacks directly with proper access control. Our approach, called socket-grafting, offers a new socket-layer communication channel by grafting sockets in containers onto sockets in host network stacks. In contrast to recent approaches that make network stacks faster by using high-speed packet I/O techniques, socket-grafting makes container networking faster by bypassing a containers network stack and virtual interfaces. As a concrete implementation of socket-grafting, we designed AF_GRAFT, which is a new address family for the socket layer. AF_GRAFT performs interconnection between the two socket layers in the container and host network stacks. In this paper, we describe socket-grafting, AF_GRAFT design, and its implementation on Linux. Our evaluation results demonstrate that the proposed method doubled throughput and reduced latency by 23% compared with traditional NAT-based container networking, and improved the network performance of containerized HTTP servers and message queues.

Hayabusa: Simple and Fast Full-Text Search Engine for Massive System Log Data

In this study, we introduce a simple and high-speed search engine for large-scale system logs, called Hayabusa. Hayabusa uses SQLite, standard lightweight database software with GNU Parallel and general Linux commands, such that it can run efficiently without complex components. Network administrators can use Hayabusa to accumulate and store log information at high speeds and to search the logs quickly. In our experiments, Hayabusa required only 8 seconds to convert 1.2 M log messages into a database file. Moreover, Hayabusa required only 5 seconds to search a keyword from 1.7 billion records. Hayabusa achieved high-performance search speed in a stand-alone environment without a complex distributed environment. Compared with the distributed environment, Spark, the proposed stand-alone Hayabusa was approximately 27 times faster.

Offloading smartphone firewalling using OpenFlow-capable wireless access points

This paper proposes new firewall for protecting smartphone from cyber threats. The key idea is to offload firewall functions to OpenFlow-capable wireless access points (APs). The widespread use of smartphones requires protection against cyber threats targeted to the device. Our research group therefore explored the suitable protection schemes and found that the OpenFlow-capable APs are able to facilitate configuring filtering rules, and also make defense at the closest point to the issued device, as well as saving energy consumption whereas firewall applications work on smartphone heavily drain battery life. In this paper, we design and implement our proto-type implementation along with our consideration, show information pipelining in order to provide cyber defense from threat information, and discuss its interoperabiity aspect from international standardization work.

FlowFall: A Service Chaining Architecture with Commodity Technologies

Service chaining is an emerging architecture from the trend of Software Defined Networking and Network Functions Virtualization. This architecture is expected to improve network flexibility and reduce equipment and operational costs. However, recent approaches for service chaining require new networking technologies that need to be standardized, implemented and developed. In this paper, we present and demonstrate a scalable and deployable service chaining architecture, called FlowFall. FlowFall does not require any novel technologies, only requires OpenFlow and current Virtual Machines as Virtual Network Function. Moreover, we focus on the NFV backbone network and how to achieve scale-out its performance. We describe the approach of FlowFall and an evaluation in which our method achieves 10-gigabit wire-rate throughput with 128-byte packets on a single Hyper Visor and scale-out performance among multiple Hyper Visors. Finally, we demonstrate a proof-of-concept of FlowFall in an actual service network at Interop Tokyo 2015 ShowNet.

Layer-3 multipathing in commodity-based data center networks

Improving availability and throughput is a significant challenge for data center networks. Recent studies have attempted to use a variety of routing and multipathing techniques. However, no method has yet managed to combine availability and throughput improvement with actual deployability, usually because of dedicated hardware requirements. In this study, we focus on commodity-based layer-3 data center networks. We propose a method for layer-3 multipathing via the novel usage of common IP encapsulation techniques for throughput improvement. Our approach requires minimal software modifications at end hosts. The method enables us to construct an efficient data center network using commercial off-the-shelf (COTS) switches. In this paper, we describe the approach and an evaluation, in which our approach achieves an above-85% forwarding rate in general, and 100% for an experimental traffic pattern.