Showing papers by "Sen Su published in 2014"

T-Storm: Traffic-Aware Online Scheduling in Storm

Abstract: Storm has emerged as a promising computation platform for stream data processing. In this paper, we first show inefficiencies of the current practice of Storm scheduling and challenges associated with applying traffic-aware online scheduling in Storm via experimental results and analysis. Motivated by our observations, we design and implement a new stream data processing system based on Storm, namely, T-Storm. Compared to Storm, T-Storm has the following desirable features: 1) based on runtime states, it accelerates data processing by leveraging effective traffic-aware scheduling for assigning/re-assigning tasks dynamically, which minimizes inter-node and inter-process traffic while ensuring no worker nodes are overloaded, 2) it enables fine-grained control over worker node consolidation such that T-Storm can achieve better performance with even fewer worker nodes, 3) it allows hot-swapping of scheduling algorithms and adjustment of scheduling parameters on the fly, and 4) it is transparent to Storm users (i.e., Storm applications can be ported to run on T-Storm without any changes). We conducted real experiments in a cluster using well-known data processing applications for performance evaluation. Extensive experimental results show that compared to Storm (with the default scheduler), T-Storm can achieve over 84% and 27% speedup on lightly and heavily loaded topologies respectively (in terms of average processing time) with 30% less number of worker nodes.

Energy-aware virtual network embedding

Abstract: Virtual network embedding, which means mapping virtual networks requested by users to a shared substrate network maintained by an Internet service provider, is a key function that network virtualization needs to provide. Prior work on virtual network embedding has primarily focused on maximizing the revenue of the Internet service provider and did not consider the energy cost in accommodating such requests. As energy cost is more than half of the operating cost of the substrate networks, while trying to accommodate more virtual network requests, minimizing energy cost is critical for infrastructure providers. In this paper, we make the first effort toward energy-aware virtual network embedding. We first propose an energy cost model and formulate the energy-aware virtual network embedding problem as an integer linear programming problem. We then propose two efficient energy-aware virtual network embedding algorithms: a heuristic-based algorithm and a particle-swarm-optimization-technique-based algorithm. We implemented our algorithms in C++ and performed side-by-side comparison with prior algorithms. The simulation results show that our algorithms significantly reduce the energy cost by up to 50% over the existing algorithm for accommodating the same sequence of virtual network requests.

Prediction-based Dynamic Resource Scheduling for Virtualized Cloud Systems

Abstract: Virtualization and cloud computing technologies now make it possible to consolidate multiple online services, which are packed in virtual machines (VMs), into a smaller number of physical servers. However, it is still a challenging scheduling problem for cloud provider to dynamically manage the resource for VMs in order to handle variable workloads without service level agreement (SLA) violation. In this paper, we introduce a Prediction-based Dynamic Resource Scheduling (PDRS) solution to automate elastic resource scaling for virtualized cloud systems. Unlike traditional static consolidation or threshold-driven reactive scheduling, we both consider the dynamic workload fluctuations of each VM and the resource conflict handling problem. PDRS first employs an online resource prediction, which is a VM resource demand state predictor based on the Autoregressive Integrated Moving Average (ARIMA) model, to achieve adaptive resource allocation for cloud applications on each VM. Then we propose our prediction-based dynamic resource scheduling algorithms to dynamically consolidate the VMs with adaptive resource allocation to reduce the number of physical machines. Extensive experimental results show that our scheduling is able to realize automatic elastic resource allocation with acceptable effect on SLAs.

Relax, but Do Not Sleep: A New Perspective on Green Wireless Networking

Abstract: Saving power on base stations (BS) becomes a critical issue in wireless cellular networks. Many existing work has proposed to schedule BS into sleep to save energy. However, in reality, it is very difficult to shut down and reboot BSs frequently due to numerous technical issues and performance requirements. In this work, we propose a much more practical solution and offer a new perspective on implementing Green Wireless Networking by embracing the hot-trended small cell network idea. Instead of putting BSs into sleep, we tactically reduce the coverage (and the power usage) of each BS, and strategically place microcells (relay stations) to offload the traffic transmitted to/from BSs in order to save total power consumption. We propose approximation algorithms for various network design scenarios, with different wireless network setups and different power saving optimization objectives. Extensive numerical results are presented to confirm our theoretical analysis.

An efficient server bandwidth costs decreased mechanism towards mobile devices in cloud-assisted P2P-VoD system

Abstract: Recently, more and more devices with small buffer size such as PDAs or mobile phones are joining in the VoD system, which leads to two major challenges: how to efficiently distribute their bandwidth resources with small buffer size, and how to provide assistant mechanism to make them playback smoothness. In face of this situation and for the purpose of decreasing the server bandwidth costs, we propose a peers’ downloading mechanism called NCDLT to solve above challenges. It contains two algorithms. The first is neighbors and chunks downloading selection (NCS) algorithm and it ensures peers to find neighbors who can provide video data with lower refusal rate. The second is distributed linear taxation algorithm (DLT) and it makes peers with lower capability acquire enough download rate to reduce the request to servers. The simulation results demonstrate that our algorithms can offload the server bandwidth costs and improve the download rate of peers with small buffer size.

Privacy-assured substructure similarity query over encrypted graph-structured data in cloud

Abstract: In recent years, large amounts of graph-structured data have been outsourced to the commercial public cloud. It is a crucial requirement to enable substructure similarity query for effective data retrieval. However, for protecting data privacy, sensitive data have to be encrypted before outsourcing, which impedes the traditional similarity query schemes from being supported in cloud. Most existing works on encrypted cloud data retrieval pay little attention to this problem. Additionally, considering the huge amounts of encrypted data graphs, the complicated similarity computation and privacy requirements, it is particularly challenging to solve this problem effectively. In this paper, for the first time, we investigate the problem of privacy-assured substructure similarity query over encrypted graph-structured data in cloud computing. Our solution explores a secure framework and a series of secure algorithms to efficiently perform the substructure similarity query without privacy breaches. The proposed solution first builds a secure feature-graph index to represent the feature-related information about each encrypted data graph based on privacy homomorphism and obscuration methods and then calculates the similarity between the query graph and each data graph by the difference of feature frequency in a privacy-preserving manner. Thorough analysis is given to investigate effectiveness and privacy guarantees, and the experiments with real dataset further demonstrate the validity and efficiency of the proposed solution. Copyright © 2013 John Wiley & Sons, Ltd.

A novel path-based approach for single-packet IP traceback

Abstract: Denial-of-Service attacks continue to plague the Internet. Tracing an individual attack packet to its origin is an important step in defending against these attacks. For this reason, researchers have proposed several approaches for single-packet IP traceback. Packet logging is a generic technique in these methods, which results in the high overhead at routers and low traceback accuracy. In this paper, we propose a novel path-based approach for single-packet IP traceback. Our approach makes use of the routing paths to set up traceback paths, instead of packet logging, so as to improve single-packet IP traceback in several dimensions: i our storage overhead is only related to the number of routing paths, no matter how many packets traverse on them; ii the number of queried routers during the traceback process is only related to the number of hops in the attack path; iii the false positives in attack-path construction can be negligible. We perform extensive mathematical analysis and simulations to evaluate our approach. The results show that our approach represents a step forward in preciseness and efficiency compared with the previous work. Copyright © 2013 John Wiley & Sons, Ltd.

Efficient algorithms for scheduling multiple bulk data transfers in inter-datacenter networks

Abstract: Bulk data transfers, such as backups and propagation of bulky updates, account for a large portion of the inter-datacenter traffic. These bulk transfers consume massive bandwidth and further increase the operational cost of datacenters. The advent of store-and-forward transfer mode offers the opportunity for cloud provider companies to transfer bulk data by utilizing dynamic leftover bandwidth resources. In this paper, we study the multiple bulk data transfers scheduling problem in inter-datacenter networks with dynamic link capacities. To improve the network utilization while guaranteeing fairness among requests, we employ the max-min fairness and aim at computing the lexicographically maximized solution. Leveraging the time-expanded technique, the problem in dynamic networks is formulated as a static multi-flow model. Then, we devise an optimal algorithm to solve it simultaneously from routing assignments and bandwidth allocation. To further reduce the computational cost, we propose to select an appropriate number of disjoint paths for each request. Extensive simulations are conducted on a real datacenter topology and prove that i benefiting from max-min fairness, the network utilization is significantly improved while honoring each individual performance; ii a small number of disjoint paths per request are sufficient to obtain the near optimal allocation within practical execution time. Copyright © 2013 John Wiley & Sons, Ltd.

A router based packet filtering scheme for defending against DoS attacks

Abstract: The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of-Service (DoS) attacks. Two kinds of relevant schemes have been proposed as victim-end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters (termed as collateral damages); the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering routers. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.

A Security PaaS Container with a Customized JVM

Abstract: PaaS is known as an application engine which third party developers can deploy their application onto. Security of PaaS becomes important as applications shares resources. How to secure and isolation the resources become an important topic. In this paper, a security PaaS container is proposed which is based on a customized JVM. This container is fully implemented and evaluated in real setting.

PAIDD：a hybrid P2P-based architecture for improving data distribution in social networks

Abstract: Rapid growth in social networks (SNs) presents a unique scalability challenge for SN operators because of the massive amounts of data distribution among large number of concurrent online users. A request from any user may trigger hundreds of server activities to generate a customized page and which has already become a huge burden. Based on the theoretical model and analytical study considering realistic network scenarios, this article proposes a hybrid P2P-based architecture called PAIDD. PAIDD fulfills effective data distribution primarily through P2P connectivity and social graph among users but with the help of central servers. To increase system efficiency, PAIDD performs optimized content prefetching based on social interactions among users. PAIDD chooses interaction as the criteria because user’s interaction graph is measured to be much smaller than the social graph. Our experiments confirm that PAIDD ensures satisfactory user experience without incurring extensive overhead on clients’ network. More importantly, PAIDD can effectively achieve one order of magnitude of load reduction at central servers.

Filtering location optimization for the reactive packet filtering

Abstract: Blocking attack flows to protect the threatened resources is a necessary step in defending against the Distributed Denial-of-Service DDoS attacks. Two kinds of reactive packet filtering technologies have been proposed as close to victim-end filtering and close to source-ends filtering. The first scheme only involves a single Active Filtering Routers AFRs but damages the whole network bandwidth resource; another extreme scheme requires millions of AFRs and thus degrades the network transmission performance, but it has the best defense effect. A feasible scheme should use a certain quantity of AFRs to filter attack flows between the victim end and the source ends. Going one step further, in this paper, we make the first effort on studying the filtering location to maximize the protected network bandwidth while not permitting any attack flow to reach the victim. We formulate this problem to an integer linear programming problem and design an efficient heuristic filtering location algorithm. We evaluate our algorithm through integrating it into the existing filtering architecture and implementing this integration scheme on the emulated DDoS scenarios based on real-world Internet topology. Our evaluation results show that compared to the state-of-the-art source-ends filtering scheme Active Internet Traffic Filtering, this integration scheme only uses 20% of its AFRs to achieve more than 70% of its protection effect. Copyright © 2013 John Wiley & Sons, Ltd.