A fundamental problem that confronts peer-to-peer applications is to efficiently locate the node that stores a particular data item. This paper presents Chord, a distributed lookup protocol that addresses this problem. Chord provides support for just one operation: given a key, it maps the key onto a node. Data location can be easily implemented on top of Chord by associating a key with each data item, and storing the key/data item pair at the node to which the key maps. Chord adapts efficiently as nodes join and leave the system, and can answer queries even if the system is continuously changing. Results from theoretical analysis, simulations, and experiments show that Chord is scalable, with communication cost and the state maintained by each node scaling logarithmically with the number of Chord nodes.

Chord: A scalable peer-to-peer lookup service for internet applications

This paper presents the design and evaluation of Pastry, a scalable, distributed object location and routing substrate for wide-area peer-to-peer ap- plications. Pastry performs application-level routing and object location in a po- tentially very large overlay network of nodes connected via the Internet. It can be used to support a variety of peer-to-peer applications, including global data storage, data sharing, group communication and naming. Each node in the Pastry network has a unique identifier (nodeId). When presented with a message and a key, a Pastry node efficiently routes the message to the node with a nodeId that is numerically closest to the key, among all currently live Pastry nodes. Each Pastry node keeps track of its immediate neighbors in the nodeId space, and notifies applications of new node arrivals, node failures and recoveries. Pastry takes into account network locality; it seeks to minimize the distance messages travel, according to a to scalar proximity metric like the number of IP routing hops. Pastry is completely decentralized, scalable, and self-organizing; it automatically adapts to the arrival, departure and failure of nodes. Experimental results obtained with a prototype implementation on an emulated network of up to 100,000 nodes confirm Pastry's scalability and efficiency, its ability to self-organize and adapt to node failures, and its good network locality properties.

/pdf/pastry-scalable-decentralized-object-location-and-routing-1u2equbbbp.pdf

Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems

Hash tables - which map "keys" onto "values" - are an essential building block in modern software systems. We believe a similar functionality would be equally valuable to large distributed systems. In this paper, we introduce the concept of a Content-Addressable Network (CAN) as a distributed infrastructure that provides hash table-like functionality on Internet-like scales. The CAN is scalable, fault-tolerant and completely self-organizing, and we demonstrate its scalability, robustness and low-latency properties through simulation.

https://www.cs.sjtu.edu.cn/~gchen/course/acn/Reading/CAN.pdf

A scalable content-addressable network

A review of the geologic history of the Himalayan-Tibetan orogen suggests that at least 1400 km of north-south shortening has been absorbed by the orogen since the onset of the Indo-Asian collision at about 70 Ma. Significant crustal shortening, which leads to eventual construction of the Cenozoic Tibetan plateau, began more or less synchronously in the Eocene (50–40 Ma) in the Tethyan Himalaya in the south, and in the Kunlun Shan and the Qilian Shan some 1000–1400 km in the north. The Paleozoic and Mesozoic tectonic histories in the Himalayan-Tibetan orogen exerted a strong control over the Cenozoic strain history and strain distribution. The presence of widespread Triassic flysch complex in the Songpan-Ganzi-Hoh Xil and the Qiangtang terranes can be spatially correlated with Cenozoic volcanism and thrusting in central Tibet. The marked difference in seismic properties of the crust and the upper mantle between southern and central Tibet is a manifestation of both Mesozoic and Cenozoic tectonics. The form...

Geologic Evolution of the Himalayan-Tibetan Orogen

Reliability at massive scale is one of the biggest challenges we face at Amazon.com, one of the largest e-commerce operations in the world; even the slightest outage has significant financial consequences and impacts customer trust. The Amazon.com platform, which provides services for many web sites worldwide, is implemented on top of an infrastructure of tens of thousands of servers and network components located in many datacenters around the world. At this scale, small and large components fail continuously and the way persistent state is managed in the face of these failures drives the reliability and scalability of the software systems.This paper presents the design and implementation of Dynamo, a highly available key-value storage system that some of Amazon's core services use to provide an "always-on" experience. To achieve this level of availability, Dynamo sacrifices consistency under certain failure scenarios. It makes extensive use of object versioning and application-assisted conflict resolution in a manner that provides a novel interface for developers to use.

/pdf/dynamo-amazon-s-highly-available-key-value-store-2ozfk43ou4.pdf

Dynamo: amazon's highly available key-value store

Sampling technology has been widely deployed in network measurement systems to control memory consumption and processing overhead. However, most of the existing methods suffer from large errors for the estimation of small-size flows. To address this problem, we propose an adaptive non-linear sampling (ANLS) method for flow size estimation. Instead of statically pre-configuring the sampling rate, ANLS dynamically adjusts the sampling rate for each flow according to the value of a corresponding counter. A smaller sampling rate is utilized when the counter value is large, while a larger sampling rate is employed for a smaller counter. In this paper, the unbiased flow size estimation, the relative error, and the required counter size are studied through theoretical analysis and experimental evaluations. The analysis and experiments demonstrate that ANLS can significantly improve the estimation accuracy (particularly for small-size flows), and save memory consumption, while maintaining processing overhead comparable to existing methods. Moreover, we validate the design of ANLS by implementing an FPGA-based prototype, which is capable of measuring traffic throughput up to 26.5 Gbps.

/pdf/anls-adaptive-non-linear-sampling-method-for-accurate-flow-50i2pk7xeu.pdf

ANLS: Adaptive Non-Linear Sampling Method for Accurate Flow Size Measurement

A system and method detect privacy leaks in applications of an operating system of a mobile device. An instrumentation module permits tracking of privacy-sensitive information without modification of a middleware of the operating system and a process virtual machine.

System and Method for Privacy Leakage Detection and Prevention System without Operating System Modification

Drive-by download attacks, which exploit vulnerabilities of web browsers to control client computers, have become a major venue for attackers To detect such attacks, researchers have proposed many approaches such as anomaly-based [22, 23] and vulnerability-based [44, 50] detections However, anomaly-based approaches are vulnerable to data pollution, and existing vulnerability-based approaches cannot accurately describe the vulnerability condition of all the drive-by download attacksIn this paper, we propose a vulnerability-based approach, namely JShield, which uses novel opcode vulnerability signature, a deterministic finite automaton (DFA) with a variable pool at opcode level, to match drive-by download vulnerabilities We investigate all the JavaScript engine vulnerabilities of web browsers from 2009 to 2014, as well as those of portable document files (PDF) readers from 2007 to 2014 JShield is able to match all of those vulnerabilities; furthermore, the overall evaluation shows that JShield is so lightweight that it only adds 239 percent of overhead to original execution as the median among top 500 Alexa web sites

http://www.cs.northwestern.edu/~xph906/papers/ACSAC14_JShield.pdf

JShield: towards real-time and vulnerability-based detection of polluted drive-by download attacks

https://hal-insu.archives-ouvertes.fr/insu-00994407/document

Early Paleozoic tectonic evolution of the Xing-Meng Orogenic Belt: Constraints from detrital zircon geochronology of western Erguna–Xing’an Block, North China

IDGraphs is an interactive visualization system, supporting intrusion detection over massive network traffic streams. It features a novel time-versus-failed-connections mapping that aids in discovery of attack patterns. The number of failed connections (SYN-SYN/ACK) is a strong indicator of suspicious network flows. IDGraphs offers several flow aggregation methods that help reveal different attack patterns. The system also offers high visual scalability through the use of Histographs. The IDGraphs intrusion detection system detects and analyzes a variety of attacks and anomalies, including port scanning, worm outbreaks, stealthy TCP SYN flooding, and some distributed attacks. In this article, we demonstrate IDGraphs using a single day of NetFlow network traffic traces collected at edge routers at Northwestern University which has several OC-3 links.

Yan Chen

Papers

ANLS: Adaptive Non-Linear Sampling Method for Accurate Flow Size Measurement

System and Method for Privacy Leakage Detection and Prevention System without Operating System Modification

JShield: towards real-time and vulnerability-based detection of polluted drive-by download attacks

Early Paleozoic tectonic evolution of the Xing-Meng Orogenic Belt: Constraints from detrital zircon geochronology of western Erguna–Xing’an Block, North China

IDGraphs: intrusion detection and analysis using stream compositing