Search for: All records

The number of engineering doctoral degrees awarded to foreign-born (international) students has increased in the past three decades. It has resulted in an increase in the foreign-born professoriate across the USA. To address gender parity and address the needs of a diverse student population, many universities are increasingly recruiting foreign-born women faculty. While their immigration status is their transitional identity, they do have a distinctive racial/ethnic identity. Unfortunately, issues of foreign-born faculty, especially women, are understudied. A pilot study was carried out at the California State University System to assess the needs of women faculty. A survey was administered to the engineering faculty (all identity groups) across California State University System. This paper examines the tenure navigation of foreign-born women faculty to identify their needs to attain tenure and promotion successfully. Resource satisfaction between the populations based on gender and foreign-born status are compared. Based on the evidence presented, the authors argue that foreign-born status should be considered as one of the parameters in planning retention programs and addressing intersectionality for engineering academics. Some ongoing efforts at the California State University System are also reported. 

Network intrusion detection systems (IDS) has efficiently identified the profiles of normal network activities, extracted intrusion patterns, and constructed generalized models to evaluate (un)known attacks using a wide range of machine learning approaches. In spite of the effectiveness of machine learning-based IDS, it has been still challenging to reduce high false alarms due to data misclassification. In this paper, by using multiple decision mechanisms, we propose a new classification method to identify misclassified data and then to classify them into three different classes, called a malicious, benign, and ambiguous dataset. In other words, the ambiguous dataset contains a majority of the misclassified dataset and is thus the most informative for improving the model and anomaly detection because of the lack of confidence for the data classification in the model. We evaluate our approach with the recent real-world network traffic data, Kyoto2006+ datasets, and show that the ambiguous dataset contains 77.2% of the previously misclassified data. Re-evaluating the ambiguous dataset effectively reduces the false prediction rate with minimal overhead and improves accuracy by 15%. 

Collaborative intrusion detection system (CIDS) shares the critical detection-control information across the nodes for improved and coordinated defense. Software-defined network (SDN) introduces the controllers for the networking control, including for the networks spanning across multiple autonomous systems, and therefore provides a prime platform for CIDS application. Although previous research studies have focused on CIDS in SDN, the real-time secure exchange of the detection relevant information (e.g., the detection signature) remains a critical challenge. In particular, the CIDS research still lacks robust trust management of the SDN controllers and the integrity protection of the collaborative defense information to resist against the insider attacks transmitting untruthful and malicious detection signatures to other participating controllers. In this paper, we propose a blockchain-enabled collaborative intrusion detection in SDN, taking advantage of the blockchain’s security properties. Our scheme achieves three important security goals: to establish the trust of the participating controllers by using the permissioned blockchain to register the controller and manage digital certificates, to protect the integrity of the detection signatures against malicious detection signature injection, and to attest the delivery/update of the detection signature to other controllers. Our experiments in CloudLab based on a prototype built on Ethereum, Smart Contract, and IPFS demonstrates that our approach efficiently shares and distributes detection signatures in real-time through the trustworthy distributed platform. 

Collaborative intrusion detection system (CIDS) shares the critical detection-control information across the nodes for improved and coordinated defense. Software-defined network (SDN) introduces the controllers for the networking control, including for the networks spanning across multiple autonomous systems, and therefore provides a prime platform for CIDS application. Although previous research studies have focused on CIDS in SDN, the real-time secure exchange of the detection relevant information (e.g., the detection signature) remains a critical challenge. In particular, the CIDS research still lacks robust trust management of the SDN controllers and the integrity protection of the collaborative defense information to resist against the insider attacks transmitting untruthful and malicious detection signatures to other participating controllers. In this paper, we propose a blockchain-enabled collaborative intrusion detection in SDN, taking advantage of the blockchain’s security properties. Our scheme achieves three important security goals: to establish the trust of the participating controllers by using the permissioned blockchain to register the controller and manage digital certificates, to protect the integrity of the detection signatures against malicious detection signature injection, and to attest the delivery/update of the detection signature to other controllers. Our experiments in CloudLab based on a prototype built on Ethereum, Smart Contract, and IPFS demonstrates that our approach efficiently shares and distributes detection signatures in real-time through the trustworthy distributed platform. 

Software-Defined Networking (SDN) represents a major transition from traditional hardware-based networks to programmable software-based networks. While SDN brings visibility, elasticity, flexibility, and scalability, it also presents security challenges. This paper describes some of the hands-on labs we developed for teaching SDN security using the CloudLab platform. The hands-on labs have been used in a graduate level course on SDN/NFV related technologies. Our teaching experience of the hands-on labs is discussed. The hands-on labs can be adopted by other instructors to teach SDN security. 

Domain name system (DNS) resolves the IP addresses of domain names and is critical for IP networking. Recent denial-of-service (DoS) attacks on the Internet targeted the DNS system (e.g., Dyn), which has the cascading effect of denying the availability of the services and applications relying on the targeted DNS. In view of these attacks, we investigate the DoS on the DNS system and introduce the query-crafting threats where the attacker controls the DNS query payload (the domain name) to maximize the threat impact per query (increasing the communications between the DNS servers and the threat time duration), which is orthogonal to other DoS approaches to increase the attack impact such as flooding and DNS amplification. We model the DNS system using a state diagram and comprehensively analyze the threat space, identifying the threat vectors which include not only the random/invalid domains but also those using the domain name structure to combine valid strings and random strings. Query-crafting DoS threats generate new domain-name payloads for each query and force increased complexity in the DNS query resolution. We test the query-crafting DoS threats by taking empirical measurements on the Internet and show that they amplify the DoS impact on the DNS system (recursive resolver) by involving more communications and taking greater time duration. To defend against such DoS or DDoS threats, we identify the relevant detection features specific to query-crafting threats and evaluate the defense using our prototype in CloudLab. 

For the past decade, botnets have dominated network attacks in spite of significant research advances in defending against them. The distributed attack sources, the network size, and the diverse botnet attack techniques challenge the effectiveness of a single-point centralized security solution. This paper proposes a distributed security system against largescale disruptive botnet attacks by using SDN/NFV and machinelearning. In our system, a set of distributed network functions detect network attacks for each protocol and to collect real-time traffic information, which also gets relayed to the SDN controller for more sophisticated analyses. The SDN controller then analyzes the real-time traffic with the only forwarded information using machine learning and updates the flow rule or take routing/bandwidth-control measures, which get executed on the nodes implementing the security network functions. Our evaluations show the proposed system to be an efficient and effective defense method against botnet attacks. The evaluation results demonstrated that the proposed system detects large-scale distributed network attacks from botnets at the SDN controller while the network functions locally detect known attacks across different networking protocols.