skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Towards Efficient Traffic Monitoring for Science DMZ with Side-Channel based Traffic Winnowing
As data-intensive science becomes the norm in many fields of science, high-performance data transfer is rapidly becoming a core scientific infrastructure requirement. To meet such a requirement, there has been a rapid growth across university campus to deploy Science DMZs. However, it is challenging to efficiently monitor the traffic in Science DMZ because traditional intrusion detection systems (IDSes) are equipped with deep packet inspection (DPI), which is resource-consuming. We propose to develop a lightweight side-channel based anomaly detection system for traffic winnowing to reduce the volume of traffic finally monitored by the IDS. We evaluate our approach based on the experiments in a Science DMZ environment. Our evaluation demonstrates that our approach can significantly reduce the resource usage in traffic monitoring for Science DMZ.  more » « less
Award ID(s):
1723663 1700499 1642143 2128607 2128107
PAR ID:
10072682
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization
Page Range / eLocation ID:
55 to 58
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, 29th International Conference on Computer Communications and Networks (ICCCN))
    null (Ed.)
    Traffic classification has various applications in today's Internet, from resource allocation, billing and QoS purposes in ISPs to firewall and malware detection in clients. Classical machine learning algorithms and deep learning models have been widely used to solve the traffic classification task. However, training such models requires a large amount of labeled data. Labeling data is often the most difficult and time-consuming process in building a classifier. To solve this challenge, we reformulate the traffic classification into a multi-task learning framework where bandwidth requirement and duration of a flow are predicted along with the traffic class. The motivation of this approach is twofold: First, the bandwidth requirement and duration are useful in many applications, including routing, resource allocation, and QoS provisioning. Second, these two values can be obtained from each flow easily without the need for human labeling or capturing flows in a controlled and isolated environment. We show that with a large amount of easily obtainable data samples for bandwidth and duration prediction tasks, and only a few data samples for the traffic classification task, one can achieve high accuracy. Therefore, our proposed multi-task learning framework obviates the need for a large labeled traffic dataset. We conduct two experiments with ISCX and QUIC public datasets and show the efficacy of our approach 
    more » « less
  2. ; ; ; (, 2018 IEEE International Conference on Edge Computing (EDGE))
    The traffic congestion hits most big cities in the world - threatening long delays and serious reductions in air quality. City and local government officials continue to face challenges in optimizing crowd flow, synchronizing traffic and mitigating threats or dangerous situations. One of the major challenges faced by city planners and traffic engineers is developing a robust traffic controller that eliminates traffic congestion and imbalanced traffic flow at intersections. Ensuring that traffic moves smoothly and minimizing the waiting time in intersections requires automated vehicle detection techniques for controlling the traffic light automatically, which are still challenging problems. In this paper, we propose an intelligent traffic pattern collection and analysis model, named TPCAM, based on traffic cameras to help in smooth vehicular movement on junctions and set to reduce the traffic congestion. Our traffic detection and pattern analysis model aims at detecting and calculating the traffic flux of vehicles and pedestrians at intersections in real-time. Our system can utilize one camera to capture all the traffic flows in one intersection instead of multiple cameras, which will reduce the infrastructure requirement and potential for easy deployment. We propose a new deep learning model based on YOLOv2 and adapt the model for the traffic detection scenarios. To reduce the network burdens and eliminate the deployment of network backbone at the intersections, we propose to process the traffic video data at the network edge without transmitting the big data back to the cloud. To improve the processing frame rate at the edge, we further propose deep object tracking algorithm leveraging adaptive multi-modal models and make it robust to object occlusions and varying lighting conditions. Based on the deep learning based detection and tracking, we can achieve pseudo-30FPS via adaptive key frame selection. 
    more » « less
  3. ; ; (, Transportation Science)
    Well-calibrated traffic flow models are fundamental to understanding traffic phenomena and designing control strategies. Traditional calibration has been developed based on optimization methods. In this paper, we propose a novel physics-informed, learning-based calibration approach that achieves performances comparable to and even better than those of optimization-based methods. To this end, we combine the classical deep autoencoder, an unsupervised machine learning model consisting of one encoder and one decoder, with traffic flow models. Our approach informs the decoder of the physical traffic flow models and thus induces the encoder to yield reasonable traffic parameters given flow and speed measurements. We also introduce the denoising autoencoder into our method so that it can handle not only with normal data but also corrupted data with missing values. We verified our approach with a case study of Interstate 210 Eastbound in California. It turns out that our approach can achieve comparable performance to the-state-of-the-art calibration methods given normal data and outperform them given corrupted data with missing values. History: This paper has been accepted for the Transportation Science Special Issue on ISTTT25 Conference. Funding: This study was supported by the National Science Foundation [Grant CMMI-1949710] and the C2SMART Research Center, a Tier 1 University Transportation Center. 
    more » « less
  4. ; ; ; ; (, 2020 International Conference on Computing, Networking and Communications)
    null (Ed.)
    Science DMZs are specialized networks that enable large-scale distributed scientific research, providing efficient and guaranteed performance while transferring large amounts of data at high rates. The high-speed performance of a Science DMZ is made viable via data transfer nodes (DTNs), therefore they are a critical point of failure. DTNs are usually monitored with network intrusion detection systems (NIDS). However, NIDS do not consider system performance data, such as network I/O interrupts and context switches, which can also be useful in revealing anomalous system performance potentially arising due to external network based attacks or insider attacks. In this paper, we demonstrate how system performance metrics can be applied towards securing a DTN in a Science DMZ network. Specifically, we evaluate the effectiveness of system performance data in detecting TCP-SYN flood attacks on a DTN using DBSCAN (a density-based clustering algorithm) for anomaly detection. Our results demonstrate that system interrupts and context switches can be used to successfully detect TCP-SYN floods, suggesting that system performance data could be effective in detecting a variety of attacks not easily detected through network monitoring alone. 
    more » « less
  5. ; ; ; ; ; (, ICC 2022 - IEEE International Conference on Communications)
    In this work, we consider the network slice composition problem for Service Function Chains (SFCs), which addresses the issue of allocating bandwidth and VNF resources in a way that guarantees the availability of the SFC while minimizing cost. For the purpose of satisfying the availability requirement of the SFC, we adapt a traffic-weighted availability model which ensures that the long-term fraction of traffic supported by the slice topology remains above a desired threshold. We propose a method for composing a single or multi-path slice topology and for properly dimensioning VNF replicas and bandwidth on the slice paths. Through simulations, we show that our proposed algorithm can reduce the total cost of establishment compared to a dedicated protection approach in 5G networks. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email