Zou Futai

Multi-agent cooperative intrusion response in mobile adhoc networks

The nature of adhoc networks makes them vulnerable to security attacks. Many security technologies such as intrusion prevention and intrusion detection are passive in response to intrusions in that their countermeasures are only to protect the networks, and there is no automated network-wide counteraction against detected intrusions. the architecture of cooperation intrusion response based multi-agent is propose. The architecture is composed of mobile agents. Monitor agent resides on every node and monitors its neighbor nodes. Decision agent collects information from monitor nodes and detects an intrusion by security policies. When an intruder is found in the architecture, the block agents will get to the neighbor nodes of the intruder and form the mobile firewall to isolate the intruder. In the end, we evaluate it by simulation.

Hybrid detection and tracking of fast-flux botnet on domain name system traffic

Fast-flux is a Domain Name System (DNS) technique used by botnets to organise compromised hosts into a high-availability, load-balancing network that is similar to Content Delivery Networks (CDNs). Fast-Flux Service Networks (FFSNs) are usually used as proxies of phishing websites and malwares, and hide upstream servers that host actual content. In this paper, by analysing recursive DNS traffic, we develop a fast-flux domain detection method which combines both real-time detection and long-term monitoring. Experimental results demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms, and is lightweight in terms of resource consumption. We evaluate the performance of the proposed fast-flux detection and tracking solution during a 180-day period of deployment on our universitys DNS servers. Based on the tracking results, we successfully identify the changes in the distribution of FFSN and their roles in recent Internet attacks.

KRBKSS: a keyword relationship based keyword-set search system for peer-to-peer networks

Distributed inverted index technology is used in many peer-to-peer (P2P) systems to help find rapidly document in which a given word appears. Distributed inverted index by keywords may incur significant bandwidth for executing more complicated search queries such as multiple-attribute queries. In order to reduce query overhead, KSS (keyword-set search) by Gnawali partitions the index by a set of keywords. However, a KSS index is considerably larger than a standard inverted index, since there are more word sets than there are individual words. And the insert overhead and storage overhead are obviously unacceptable for full-text search on a collection of documents even if KSS uses the distance window technology. In this paper, we extract the relationship information between query keywords from websites’ queries logs to improve performance of KSS system. Experiments results clearly demonstrated that the improved keyword-set search system based on keywords relationship (KRBKSS) is more efficient than KSS index in insert overhead and storage overhead, and a standard inverted index in terms of communication costs for query.

Securing Wireless Mesh Network with Mobile Firewall

With regard to the security problems in Wireless Mesh Networks, researches have mainly focused on Intrusion Prevention and Intrusion Detection methods. However, as the only method which can eliminate the malicious node thoroughly from the WMNs, Intrusion Response has not been paid enough attention. Traditional Intrusion Response method like Flooding Broadcast can effectively secure the MANET because of its limited scale and high dynamic. However, in a large-scale WMN, such method is infeasible and inappropriate because of large amounts of overheads and huge influence to the network. In this paper, we utilize the denseness of WMNs and propose an overhead-localized Intrusion Response mechanism which we call Mobile Firewall. It is both suitable and efficient to the WMN, as it localizes the packet overheads in prealarming other nodes as well as successfully defenses against the malicious node.

eDSR: a decentralized service registry for e-commerce

Electronic commerce is driving distributed computing towards a model of service based interactions. The core of service interaction relies on the discovery of services. In this paper we propose a decentralized registry, based on a peer-to-peer infrastructure called eDSR for e-commerce service discovery. In eDSR, the service descriptions are managed in a completely decentralized way. Experimental results show that eDSR has good robustness and scalability

SHT: adaptive DHT topology model based on session heterogeneity for dynamic network

Dynamic network environment has a great impact on the performance of DHT topology model, and even would lead to crash down the peer-to-peer (P2P) network in some situations. We focus on session heterogeneity of peer nodes existing in the dynamic network and propose Session Heterogeneity Topology (SHT) model, a new topology model based on traditional DHT topology model. In SHT topology model, dynamic nodes are clustered to stable nodes so as to reduce the dynamic changes of DHT topology network as well as perform well in dynamic network environment. The experimental results demonstrate (1) With a small cluster size, the model performs well in dynamic network environment, which means it is very practical for deploy it. (2) Under dynamic network environment, SHT topology model has an order of magnitude optimizing performance better than Chord in stability and search, while with maintenance overheads an order of magnitude less than Chord.

Control DHT maintenance costs with session heterogeneity

The maintaining overheads of Distributed Hash Table (DHT) topology have recently received considerable attention. This paper presents a novel SHT (Session Heterogeneity Topology) model, in which DHT is reconstructed with session heterogeneity. SHT clusters nodes by means of session heterogeneity among nodes and selects the stable nodes as the participants of DHT. With an evolving process, this model gradually makes DHT stable and reliable. Therefore the high maintaining overheads for DHT are effectively controlled. Simulation with real traces of session distribution showed that the maintaining overheads are reduced dramatically and that the data availability is greatly improved.