The increasing use of encryption blinds traditional network-based intrusion detection systems (IDS) from performing deep packet inspection. An alternative data source for detecting malicious activity is necessary. Log files found on servers and desktop systems provide an alternative data source containing information about activity occurring on the device and over the network. The log files can be sizeable, making the transport, storage, and analysis difficult. Malicious behavior may appear as normal events in logs, not triggering an error or another obvious indicator, making automated detection challenging. The research described here utilizes a Python-based toolkit approach with unsupervised machine learning to reduce log file sizes and detect malicious behavior.

Traditional corporate device and network security principles and threat modeling are largely based on the physical location of a device. It poses significant challenges in the new-norm of remote work era since employees' devices are no longer confined within company's physical perimeter. Employees are accessing critical corporate resources from anywhere with corporate-issued devices. Zero Trust networks is a promising solution since it provides a unified network security framework regardless of its location. However, it is challenging to implement Zero Trust networks due to the lack of standard technology and interoperable solution. In this paper, we propose a framework to materialize Zero Trust networks efficiently by introducing a novel concept - virtual device credit. Based on the proposed virtual credit concept, Zero Trust network can be materialized in a seamless way allowing reuse of existing network security and access control technologies.

Network testbed usually produces a closer realworld environment in comparison with emulators or simulators in network research and development. However, few question whether the results derived from those testbeds are credible. In this research, we investigate the reliability of major components employed by some typical testbeds, including packet generators and packet forwarding devices. We utilize a Endace DAG card to capture the packets generated or forwarded by these components, evaluating their behavior in terms of flow throughput, accuracy and reliability. We believe that our study could shed light on network testbed design.

Network performance monitoring and troubleshooting is a critical but challenging task in data center management. Although many solutions have been proposed in the past decades, it is still difficult to deploy them in the real world because of the expensive cost. In this work, we propose LMon, a network measurement and fault localization system for facilitating long-term maintenance of datacenter networks. LMon employs a lightweight network monitoring tool based on packet pair technique, which supports bi-directional monitoring only on one end host without replacing any device. Moreover, the least measurement deployment policy introduces very small overhead to the network. LMon has been deployed to our production data center on a scale of 50 racks and 500 servers for months. The running experience confirms the efficiency of LMon and points out the future direction of improvement.

The introduction of peak-demand charge motivates large-load customers to flatten their demand curves, while their self-owned renewable generations aggravate demand fluctuations. Therefore, it is attractive to utilize energy storage for shaping real-time loads and reducing electricity bills. In this paper, we propose the first peak-aware competitive online algorithm for leveraging stored energy (e.g., in fuel cells) to minimize peak demand charge. Our algorithm decides the discharging quantity slot by slot to maintain the optimal worst-case performance guarantee (namely, competitive ratio) among all deterministic online algorithms. Interestingly, we show that the best competitive ratio can be computed by solving a linear number of linear-fractional problems. We can also extend our competitive algorithm and analysis to improve the average-case performance and consider short-term prediction.

The wireless communication and pervasive technologies are the fundamental entities to make a transport system "Cooperative" and "smart". This transport system is termed as a Cooperative Intelligent Transport System (C-ITS) that is aimed to enhance the safety of road users, driving comfort as well as to reduce the CO2 emissions. The industries and academic institution all-over the world is continuously performing research and implementing field measurements to make the C-ITS technology to life. Both 3rd Generation Partnership Project (3GPP) and European Telecommunication Standards Institute (ETSI) have been working on respective standards (3GPP V2X and ETSI ITS-G5 in Europe) to provide a seamless connection in C-ITS communication. In this poster paper, we have discussed the pilot C-ITS use-case scenarios conducted on a test-track in Northern Finland. The pilot measurements are planned by using heterogeneous wireless communication technologies (ITS-G5 and 5GTN) to provide C-ITS service alerts. The C-ITS service alerts are used to avoid road traffic collisions as well as to improve traffic efficiency with CO2 reduction. The C-ITS pilot service alerts proved that the heterogeneous network considerably improves the communication link availability between vehicles and road-side-infrastructure to make it more secure, eco-friendly and efficient.

Multicast is a popular way of data dissemination. How to monitor the multicast traffic is essential to tackle network bottlenecks and performance woes. The original In-band Network Telemetry (INT) provides a fine-grained and real-time monitoring solution. However, to use this method directly on the multicast traffic causes problems like telemetry data redundancy and network bandwidth wasting since the monitoring data of the same device may be duplicated several times. In this paper, we propose an optimized algorithm called MPINT for multicast traffic monitoring, which is cost-effective with minor bandwidth overhead. Compared with the original INT, the extensive evaluation shows that the percentage drop in INT overhead is over 80% during the forwarding process using MPINT. In addition, the final upload bytes for MPINT reduces by 50%, and it takes less than 0.5 seconds to complete the data analysis on 180 devices.

With the development of virtualization technology and the growing user requirements, the overlay network is becoming more widely used in data centers. Because of the ever-increasing network complexity, overlay network monitoring becomes more significant and challenging. In-band Network Telemetry (INT) achieves fine-grained network monitoring by encapsulating device-internal status into packets. However, as an underlying device-level primitive, INT is hard to directly apply to the overlay network because of the imperceptible underlying network topology. In this work, we propose VXLAN-based INT, an INT system for overlay network monitoring based on Virtual extended Local Area Network (VXLAN) protocol. We define the probe format, control the forwarding behaviors, and design the data structure to build this framework. VXLAN-based INT can monitor single-hop and obtain the mapping relationship between the overlay network and the corresponding underlay network through a table lookup operation. The experiment shows that the processing delay of a switch under light load is about 150 us in a random example.

The work presents image reconstruction in ultrasonic transmission tomography using the Block-Wise-Transform-Reduction method. The system consists of a tomography platform using ultrasound built by the authors, and an algorithm that can reconstruct images in a distributed system. The algorithm applies image compression techniques (Discrete Cosine Transformation) for each block of the image separately. This allows location object in the analyzed area for real-time image reconstruction using an ultrasound tomographic device. The idea behind the method used is that the reconstruction process is directly connected to the compression process.

The collaboration of Internet of Things (IoT) devices promotes the computation at the network edge to satisfy latency-sensitive requests. The functionalities provided by IoT devices are encapsulated as IoT services, and the satisfaction of requests is reduced to the composition of services. Due to the hard-to-prediction of forthcoming requests, an adaptive service configuration is essential, when latency constraints are satisfied by composed services. This problem is formulated as a continuous time Markov decision process model constructed with updating system states, taking actions and assessing rewards constantly. A temporal-difference learning approach is developed to optimize the configuration, while taking long-term service latency and energy efficiency into consideration. Experimental results show that our approach outperforms the state-of-art's techniques for achieving close-to-optimal service configurations.

A high-performance packet classification architecture based on FPGA supporting large-scale rule sets up to 100k is proposed in this poster. It supports fast dynamic rule update and tree reconstruction. The update throughput is comparable to that of classification. An efficient data structure set for decision tree is constructed to convert tree traversal to addressing process. Different levels of parallelism are fully explored with multi-core, multi-search-engine and coarse-grained pipeline. It achieves a peak throughput of more than 1000 MPPS for 10k and 1k rule set for both classification and update.

Future wireless networks will be characterized by users with heterogeneous requirements. Such users can require low-latency or minimum-throughput. In addition, due to the limited-power budget of the mobile devices, a power-efficient scheduling scheme is required by the network. In this work, we cast a stochastic network optimization problem for minimizing the packet drop rate while guaranteeing a minimum-throughput and taking into account the limited-power capabilities of the users.

Network intrusion detection is a crucial task since malicious traffic occurs every second these days. Various research has been studied in this field and shows high performance. However, most of them are conducted in a supervised manner that needs a range of labeled data but it is hard to obtain. This paper proposes a semi-supervised Generative Adversarial Networks (GAN) model that requires only 10 labeled data per flow type. Our model is evaluated using the publicly available CICIDS-2017 dataset and outperforms other malware traffic classification models.

In recent years, using radio frequency (RF) signal for pedestrian localization and tracking has aroused great interest of researchers due to its property of privacy protection. With the high spatial resolution, millimeter wave (mmWave) becomes one of the most promising RF technologies in human sensing tasks. Existing mmWave-based localization and tracking approaches can achieve decimeter-level accuracy. However, it's still extremely challenging to locate and track multiple pedestrians in a complex indoor environment due to target occlusion and multipath effect. To overcome these challenges, it is an opportunity to leverage multiple mmWave radars to form a multi-radar network that monitors pedestrians from different perspectives. In this poster, we address one of the fundamental challenges of building one multi-radar network: How to calibrate the perspectives of different mmWave radars before fusing their data. To reduce the overhead and improve the efficiency, we propose a multi-radar calibration method that determines the position relationship of different radars by tracking the pedestrian trajectory. Our evaluation shows that the proposed method can achieve the average error of (8.7cm, 8.5cm) in 2D position and 0.79 ◦ in angle.

Voice assistants have become a common part of our lives and can help us convey commands conveniently. However, in a noisy environment, their microphones cannot clearly distinguish human voice commands. Some works use millimeter wave radars to detect the vibration of the human throat to recognize voice commands so that the background noise can be reduced, but they require people to be still at a fixed position in front of the radar. In this poster, we found that when the human speaks, the objects around the human body will produce vibration signals, which also contain human voice information. These vibration signals can be utilized to extract the voice while people can move freely. We first detect the vibrations of objects around human body. Then the common components of these vibration signals can be extracted to recover voices. We evaluate this method on several short sentences and the results show that there is a high correlation between the recovered voice signal and the corresponding original voice signal.

Solar insecticidal lamp (SIL) releases high voltage pulse discharge to kill migratory insects with phototaxis feature, and the insecticidal count is calculated by discharge times. However, it is hard to predict and quantify the insecticidal performance due to the unpredictable insect species. Besides, SIL may not able to kill insects when the energy is insufficient, which affects task schedule and fault detection of solar insecticidal lamps Internet of Things (SIL-IoTs). To overcome this problem, it is critical to find key factors that have a mapping relation with insecticidal performance. High voltage pulse discharge generates electromagnetic interference in form of changing of microprocessors' falling edge trigger (FET), which may conduce to evaluate insecticidal performance. Aiming to explore this issue, we designed an experiment. The experiment results indicate that the number of FET can be applied to evaluate and simulate the insecticidal performance, which contributes to task schedule and fault detection of SIL-IoTs.

Simulating network experiments is critical for inferring insights on the large scale Internet attacks and defences. In this work we develop a new network simulator for evaluating routing attacks and defences. We compare it to existing simulators demonstrating better performance and higher accuracy in evaluation of attacks and defences. We apply our simulator for evaluating hijacks of 1M-top Alexa domains and show that about 50\% of the targets are vulnerable.

Security detection procedures rely on a previous monitoring process aimed to gather specific operational information regarding the target system. For this purpose, a specific monitoring app named AMon has been developed by authors, which is a JAVA tool oriented to multidimensional device data gathering in Android environments. It collects disparate sources of information, from applications and permissions to network related activities, which allows capturing the user behavior over time.