In cloud computing, a cloud user pays proportionally to the amount of the consumed resources (bandwidth, memory, and CPU cycles etc.). We posit that such a cloud computing system is vulnerable to DDoS (Distributed Denial-of-Service) attacks against quota. Attackers can force a cloud user to pay more and more money by exhausting its quota without crippling its execution system or congesting links. In this paper, we address this issue and claim that cloud should enable users to pay only for their admitted traffic. We design and prototype such a charging model in a CoreLab testbed infrastructure and show an example application.

Multiuser diversity, identified by recent information theoretic results, is a form of diversity inherent in a wireless network. The diversity gain is obtained from independent time-varying fading channels across different users. The main practical issue in multiuser diversity is lack of Quality of Service (QoS) guarantees. This study proposes a wireless scheduling algorithm named MUDSEQ for downlink channels exploiting multiuser diversity under explicit QoS constraints. The numerical results demonstrate that the novel algorithm can yield non-negligible diversity gain even under tight QoS constraints and little scattering or slow fading environments. Additionally, a system framework for dynamic resource allocation based on the proposed algorithm is developed.

Burst assembly at edge nodes is an important issue for the Optical Burst Switching (OBS) networks because it has a great impact on the traffic characteristics. We analyze the assembled traffic of the Science Information Network (SINET) by using the Fractional Brownian Motion (FBM) model. The analytical and simulation results show that existing assembly schemes cannot avoid increasing the burstiness, which will deteriorate the network performance. Here, burstiness is defined as the variance of the bitrate in small timescales. Therefore, we address the issue of how to reduce the burstiness of the assembled network traffic. Firstly, a sliding window-based assembly algorithm is introduced to reduce the burstiness of assembled traffic by transmitting bursts at an average rate in a small timescale. Next, an advanced timer-based assembly algorithm is introduced, by which the traffic rate is smoothed out by restricting the burst length to a threshold. The simulation results show that both the sliding window-based and advanced timer-based assembly algorithms perform better than existing assembly algorithms do in terms of the burst loss ratio. The simulation also indicates that the advanced timer-based assembly algorithm performs better in terms of the edge buffering delay than the sliding window-based assembly algorithm does.

In the coming smart-home era, more and more household electrical appliances are generating more and more sensor data and transmitting them over the home networks, which are often connected to Internet through Point-to-Point Protocol over Ethernet (PPPoE) for desirable authentication and accounting. However, according to our knowledge, high-speed commercial home PPPoE router is still absent for a home network environment. In this paper, we first introduce and evaluate our programmable platform FLARE-DPDK for ease of programming network functions. Then we introduce our effort to build a compact 10Gbps software FLARE PPPoE router on a commercial mini-PC. In our implementation, the control plane is implemented with Linux PPPoE software for authentication-like signaling control. The data plane is implemented over FLARE-DPDK platform, where we get packets from physical network interfaces directly bypassing Linux kernel and distribute packets to multiple CPU cores for data processing in parallel. We verify our software PPPoE router in both lab and production network environment. The experimental results show that our FLARE software PPPoE router can achieve much higher throughput than a commercial PPPoE router tested in a production environment.

Denial of service (DoS) attacks have become one of the most serious threats to the Internet. Enabling detection of attacks in network traffic is an important and challenging task. However, most existing volume-based schemes can not detect short-term attacks that have a minor effect on traffic volume. On the other hand, feature-based schemes are not suitable for real-time detection because of their complicated calculations. In this paper, we develop an IP packet size entropy (IPSE)-based DoS/DDoS detection scheme in which the entropy is markedly changed when traffic is affected by an attack. Through our analysis, we find that the IPSE-based scheme is capable of detecting not only long-term attacks but also short-term attacks that are beyond the volume-based schemes' ability to detect. Moreover, we test our proposal using two typical Internet traffic data sets from DARPA and SINET, and the test results show that the IPSE-based detection scheme can provide detection of DoS/DDoS attacks not only in a local area network (DARPA) and but also in academic backbone network (SINET).

In most cases, the programmability of Software Defined Network (SDN) refers to the flexibility existing in northbound interface that enables network managers to control the behaviors of the networks. However, the lack of flexibility in data plane conversely results in wasting potentially usable information for controlling flows, especially from network services and applications point of view. For example, OpenFlow switches only deal with L2-L4 headers and ignore the other parts of packet. We propose Ouroboros as a programmable switch logic to increase the flexibility of SDN southbound interface. Ouroboros switches not only remove the limitation of regular OpenFlow switches using packet headers as the reference for packet switching, but also provides a highly flexible interface for network managers to conduct application-specific flow control according to packet content at any arbitrary offsets. Ouroboros can penetrate deeply into packet (e.g., RTP or SIP) protocol headers, or further into packet payload, to process user-defined switching protocol. Our evaluations of Ouroboros on 10Gbps traffic indicates the effectiveness of proposed method.

In this paper, we apply the concept of software-defined data plane to defining new services for Mobile Virtual Network Operators (MVNOs). Although there are a large number of MVNOs proliferating all over the world and most of them provide low bandwidth at low price, we propose a new business model for MVNOs and empower them with capability of tailoring fine-grained subscription plans that can meet users' demands. For example, abundant bandwidth can be allocated for some specific applications, while the rest of the applications are limited to low bandwidth. For this purpose, we have recently proposed the concept of application and/or device specific slicing that classifies application and/or device specific traffic into slices and applies fine-grained quality of services (QoS), introducing various applications of our proposed system [9]. This paper reports the prototype implementation of such proposal in the real MVNO connecting customized smartphones so that we can identify applications from the given traffic with 100% accuracy. In addition, we propose a new method of identifying applications from the traffic of unmodified smartphones by machine learning using the training data collected from the customized smartphones. We show that a simple machine learning technique such as random forest achives about 80% of accuracy in applicaton identification.

In this paper, we posit that, in future mobile network, network softwarization will be prevalent, and it becomes important to utilize deep machine learning within network to classify mobile traffic into fine grained slices, by identifying application types and devices so that we can apply Quality-of-Service (QoS) control, mobile edge/multi-access computing, and various network function per application and per device. This paper reports our initial attempt to apply deep machine learning for identifying application types from actual mobile network traffic captured from an MVNO, mobile virtual network operator and to design the system for classifying it to application specific slices.

Traffic volume anomalies refer to apparently abrupt changes in the time series of traffic volume, which can propagate through the network. Detecting and tracing these anomalies is a critical and difficult task for network operators. In this paper, we first propose a traffic decomposition method, which decomposes the traffic into three components: the trend component, the autoregressive (AR) component, and the noise component. A traffic volume anomaly is detected when the AR component is outside the prediction band for multiple links simultaneously. Then, the anomaly is traced using the projection of the detection result matrices for the observed links which are selected by a shortest-path-first algorithm. Finally, we validate our detection and tracing method by using the real traffic data from the third-generation Science Information Network (SINET3) and show the detected and traced results.