Overview of UMass Activities D. Towsley W. Gong. Ongoing UMass MURI Research W. Gong, D. Towsley Poisson counter driven stochastic differential Equation

Overview of UMass Activities

D. Towsley

W. Gong

Ongoing UMass MURI Research W. Gong, D. Towsley

Poisson counter driven stochastic differential Equation (PCSDE) models of correlation attack (D. Towsley)

heavy tails (B. Jiang) queues fed by heavy-tailed traffic

multipath effects of heavy tails on performance (W. Wei)

graph sampling how does graph structure affect sampling (D.

Towsley)

UMASS, MURI Workshop, Sep 9, 2009 2

On the Mitigation of Traffic Correlation On the Mitigation of Traffic Correlation Attacks on Router QueuesAttacks on Router Queues

Yan Cai, Patrick P. C. Lee, Weibo Gong, Don TowsleyUMASS

MURI Workshop

Sep 9, 2009


Correlation Attack

definition adversary introduces traffic burstiness at routers introduce correlation among multiple attack flows degrades performance of normal flows

small buffers – more packet drops large buffers – higher end-to-end transfer delay

why daunting? low-rate: not to congest links

evade volume-based detection can be launched using botnets


Contributions

analytical framework to study correlation attack, using PCSDE fluid models: impact of inter-flow correlation on average queue

lengths impact of increased queue length on normal flows

defense strategy two-stage pacing: ON-OFF pacing, rate-limiting


Correlation-Attack Model

Parameters xi(t) = ON-OFF process of flow i, xi(t) {0,1}

hi = capacity of access link i

c = capacity of outgoing link v(t) = queue length of target router at time t

…

h1

h2

hn

x1

x2

c

xn

vSingle-Queue Model



SDE for v(t)

if xi(t) is Markov ON-OFF process

n

i iiv dtxhdtcIdv1

211 iiiii dNxdNxdx

Ni1 = ON Poisson counter

with rate λi1

Ni2 = OFF Poisson counter

with rate λi2…

h1

h2

hn

x1

x2

c

xn

v

Single-Queue Model



Theorem: If hi > c > hiE[xi],

…

h1

h2

hn

x1

x2

c

xn

v

n

i

n

ijjjijii

ii

in

i ii

xxEhxEchh

xEhcvE

1 ,1211

][][)(][

1][

inter-flow correlation

Single-Queue Model


Evaluation of Correlation Attack solution via numerical simulation from SDEs three cases:

Independent: xi’s have independent ON/OFF transitions Weakly correlated: xi’s have same ON transitions Identical: xi’s have same ON/OFF transitions

results: inter-flow correlation

increases buffer’s average queue length

PCSDE models conform to ns2 simulation


Defense using Pacing

put pacers on upstream routers to de-correlate flows, reduce burstiness at target router

…

h1

h2

hn

x1

x2

xn

v

c

PP

PP

PP


Two-Stage Pacing

rate-limiting: limit peak rate

using leaky bucket hici

ci < hivir

Markov ON-OFF: chop long bursts

into small bursts output bursts at

random times

hi

Ni3 = ON Poisson counter

Ni4 = OFF Poisson counter

vim

zi є {0,1}


Two-Stage Pacing

n

i v

riv

iviv

ri

ri

iiivimi

iiiii

dtIcdtcIdv

nidtzIhdtIcdv

nidtxhdtzIhdv

nidNzdNzdz

ri

mi

ri

mi

1

43

,...,1 ,

,...,1 ,

,...,1 ,)1(

SDEs :

two-stage pacing: combine above components

Markov ON-OFF Rate-limiting

hihi

vim vi

r

ci


Preliminary Results

Parameters: n = 60, hi=0.4Mbps, E[ON] = 1s, E[OFF] = 4s, ci = 0.2Mbps, c = 10Mbps

Two-stage pacing better than each pacing component alone


Preliminary Results

Pacing removes delay spikes of normal flows

Pacing in presence of correlation attack

RTTs of TCP packets(without pacing)

RTTs of TCP packets(with 2-stage pacing)


Open issues

adaptive pacing? ON-OFF pacing adds delay to normal traffic

pace only a subset of traffic classes? implementation?

impact of two-stage pacing on heavy-tailed bursts?

An SDE Model for Power LawAn SDE Model for Power Law

Bo Jiang, Weibo Gong, Don TowsleyUMASS

MURI Workshop

Sep 9, 2009


From Lognormal to Power LawFrom Lognormal to Power Law

, geometric Brownian motion

, standard Wiener process (Brownian motion) lognormally distributed

independent of has double Pareto distribution

[Reed 2001]


SDE Model for Double ParetoSDE Model for Double Pareto

Consider following SDE

95 95.5 96 96.5 97 97.5 98 98.5 99 99.5 1000

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

t

X(t

)

W, standard Wiener process

N, Poisson process with rate λ


Fokker-Planck EquationFokker-Planck Equation

Apply Itô’s rule to

Take expectation

Since is arbitary, density of evolves according to following Fokker-Planck equation


Steady-state DistributionSteady-state Distribution

In steady state,

where are roots of quadratic equation

If , degenerates to


Speed of ConvergenceSpeed of Convergence

Let

characteristic function of

Apply Itô’s rule to and take expectation,

Solution is

where

converges exponentially.

exponential convergence


Future WorkFuture Work

Application as traffic model for fluid queueing system Allows for power-law traffic rate May degrade queueing performance May have longer burst of output traffic

Pacing as potential mitigation mechanism Cost vs. benefit Expect overall performance improvement Need detailed analysis and simulations

Can Multipath Mitigate Power Law Delays?

Wei Wei, Bo Jiang, Patrick Lee, Weibo Gong, Don Towsley

University of Massachusetts, Amherst

Outline

MotivationRedundant routingSplit RoutingConclusionsFuture Work

Motivation - Outages Lead to Power Law Retransmissions

Packet Length L: On-off Channel: A, U

N: # of transmissions needed to deliver a packet

If then

Jelenkovic & Tan, Infocom 2007

A1 A2 A3 AnU1 U2 U3

)()( xLPxF

)()( xAPxG

,)(log

)(loglim xG

xFx

.log

)(loglim n

nNPn

L L L L L

Light tail distributionsCan lead to power law N

Can Multipath Mitigate Power Law Delays?

Given K i.i.d. channels Redundant Routing

• Duplicate packet and send over K channels Split Routing

• Split packet into K equal length pieces and send over K channels

Question What is effect on number of transmissions?

1

2

K

3

1

2

K

3

Redundant Routing

Given a packet, packet transmission succeeds if one channel succeeds Given a packet, N = min{N1, N2, … , NK}

If then

Redundant routing does not mitigate power law retransmissions

.log

)(loglim n

nNPn

,)(log

)(loglim xG

xFn

Split Routing

Tradeoffs Smaller packet in each channel (L/K) For each packet, transmission succeeds iff when

all channels succeed• Given a packet, N = max{N1,N2,…,NK}

Looks ugly, Taylor expansion?

General result? Or depends on F and G?

])))/(1(1(1[()]|([)( KnLL KLGELnNPEnNP

Split Routing – No General Results

If F, G both Pareto F, G both Exponential F, G both Weibull

1

0

1

0

0

Kn

)()1))(1((

)(}])1(1[1{

(x)F}d](x/K))G-(1-[1-{1)(

ydHyoK

ydHy

nNP

n

Kn

))(()(,)(

)( 1 yFKFyHxG

xF

))(()( 1 yGKFyH Let , we have

Different H(y)Different P(N>n)

Split Routing - Pareto and Exponential

Pareto

Exponential

yKyH )(

KyyH )(

n

nNPn log

)(loglim

Kn

nNPn

log

)(loglim

Rate Unchanged!

Same as Redundant

Better than Redundant

Split Routing - Weibull

b > 1, tail lighter than exponential Rate better than exponential

0 < b < 1, tail heavier than exponential Rate worse than exponential

bb

bb

xxb

xxb

exGexbxg

exFexbxf)()(1

)()(1

)(,)()(

)(,)()(

bKyyH )( bn

Kn

nNP

log

)(loglim

b

Split Routing – Exponential Tail

/

,)(

)(lim

)(loglim

,)(

)(lim

)(loglim

xG

xg

x

xG

xF

xf

x

xF

xx

xxIf

then

for split routing over K i.i.d. channels.

.log

)(loglim K

n

nNPn

Conclusions

Power law retransmissions Redundant routing

• Does not mitigate power law retransmissions Split Routing

• Depends on distribution• Sometimes better than redundant routing• Sometimes same as redundant routing

Future Work

Complete analysis for split routing More general distributions

Analysis on packet delivery delayDifferent combinations of distributionsIndependent but not identical channels

Thank you!

Network Characterization via Sampling

B. Ribeiro, D. TowsleyUMass-Amherst

Problem

Given large, possibly dynamic, network, how does one efficiently sample/crawl to accurately characterize it?

degree distributionassortativityclustering coefficient…

Motivation

understanding technological networks Internet, wireless networks

social networks on-line social networks such as FaceBook,

MySpace, Orkut, YouTube, …

where network dataset not available size, lack of global view, dynamics

Sampling methods

random node sampling unbiased not always possible

• limited entry points high overhead

• on-line social networks sparsely populatedbreadth first, depth first crawling

snowball sampling – commonly used method random walk

Random sampling, snowball sampling

CC

DF

CC

DF

Snowball sampling highly biased

strong degree correlation

Orkut data set (Mislove 2007), 3M nodes, 200M edges

True distributionRandom node

sampling5000 samples

Random walk sampling random walk (RW)

produces biased estimate iRW

v – vertex in undirected graph G no. neighbors n(v )

P(v selected in RW) n(v)

iRW

i i

i = iRW

avg. degree/i

avg degree estimated during RW

CC

DF

RW sampling

^

Sampling error – independent degrees

degree distribution i, n samples random sampling

random walk

head: GOOD tail: BAD

Power-law tails easier to sample

head: BAD tail: GOOD

Node sampling vs. RW: Orkut

node sampling better for low degree nodes

RW better for high degree nodes

log(degree)

log(

CC

DF

)

random walk

log(degree)

log(

CC

DF

node sampling

Future work hybrid sampling: node sampling,

RW sampling) budget of m samples use m’ to sample nodes use RW to sample m-m’

example 10000 node power law

network 100 samples edge sampling – not feasible

MS

E/A

VG

Frontier sampling

Future workadaptive sampling

combine node sampling, RW sampling dynamically tradeoff accuracy

other statisticshow do graphs affect sampling efficiency

power law vs exponential tail spatial correlation, independence vs. SRD vs.

LRDapplication to different networks

wireless, social, wireless/social

Documents

Overview of UMass Activities D. Towsley W. Gong. Ongoing UMass MURI Research W. Gong, D. Towsley Poisson counter driven stochastic differential Equation