Proceedings ArticleDOI
Experience with DETER: a testbed for security research
Terry Benzel,Robert Braden,Dongho Kim,Clifford Neuman,Anthony D. Joseph,Keith Sklower,Ron Ostrenga,Stephen Schwab +7 more
- pp 379-388
TLDR
The DETER testbed provides unique resources and a focus of activity for an open community of academic, industry, and government researchers working toward better defenses against malicious attacks on the authors' networking infrastructure, especially critical infrastructure.Abstract:Â
The DETER testbed is shared infrastructure designed for medium-scale repeatable experiments in computer security, especially those experiments that involve malicious code. The testbed provides unique resources and a focus of activity for an open community of academic, industry, and government researchers working toward better defenses against malicious attacks on our networking infrastructure, especially critical infrastructure. This paper presents our experience with the deployment and operation of the testbed, highlights some of the research conducted on the testbed, and discusses our plans for continued development, expansion, and replication of the testbed facility.read more
Citations
More filters
Proceedings ArticleDOI
DeTail: reducing the flow completion time tail in datacenter networks
TL;DR: A new cross-layer network stack aimed at reducing the long tail of flow completion times is presented, which exploits cross- layer information to reduce packet drops, prioritize latency-sensitive flows, and evenly distribute network load, effectively reducing theLong tail offlow completion times.
Journal ArticleDOI
A Survey of BGP Security Issues and Solutions
TL;DR: This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security, exploring the limitations and advantages of proposed security extensions to B GP, and explaining why no solution has yet struck an adequate balance between comprehensive security and deployment cost.
Proceedings ArticleDOI
Scarlett: coping with skewed content popularity in mapreduce clusters
Ganesh Ananthanarayanan,Sameer Agarwal,Srikanth Kandula,Albert Greenberg,Ion Stoica,Duke Harlan,Edward Harris +6 more
TL;DR: Scarlett, a system that replicates blocks based on their popularity by accurately predicting file popularity and working within hard bounds on additional storage, causes minimal interference to running jobs.
A Survey of BGP Security Issues and Solutions The Border Gateway Protocol (BGP) controls much of Internet traffic, but is vulnerable to communications interruptions and failures; finding suitable improved security measures with acceptable costs is difficult.
TL;DR: The limitations and advantages of proposed security extensions to BGP, and why no solution has yet struck an adequate balance betweencomprehensive security anddeployment cost as discussed by the authors.
Journal ArticleDOI
Collaborative Detection of DDoS Attacks over Multiple Network Domains
Yu Chen,Kai Hwang,Wei-Shinn Ku +2 more
TL;DR: This paper develops a distributed change-point detection (DCD) architecture using change aggregation trees (CAT), and proves that this DDoS defense system can scale well to cover 84 AS domains, wide enough to safeguard most ISP core networks from real-life DDoS flooding attacks.
References
More filters
Journal ArticleDOI
The click modular router
TL;DR: On conventional PC hardware, the Click IP router achieves a maximum loss-free forwarding rate of 333,000 64-byte packets per second, demonstrating that Click's modular and flexible architecture is compatible with good performance.
Proceedings ArticleDOI
The Click modular router
TL;DR: The Click IP router can forward 64-byte packets at 73,000 packets per second, just 10% slower than Linux alone, and is easy to extend by adding additional elements, which are demonstrated with augmented configurations.
Journal ArticleDOI
An integrated experimental environment for distributed systems and networks
Brian S. White,Jay Lepreau,Leigh Stoller,Robert Ricci,Shashi Guruprasad,Mac Newbold,Mike Hibler,Chad Barb,Abhijeet Joglekar +8 more
TL;DR: The overall design and implementation of Netbed is presented and its ability to improve experimental automation and efficiency is demonstrated, leading to new methods of experimentation, including automated parameter-space studies within emulation and straightforward comparisons of simulated, emulated, and wide-area scenarios.
Journal ArticleDOI
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory
TL;DR: The purpose of this article is to attempt to identify the shortcomings of the Lincoln Lab effort in the hope that future efforts of this kind will be placed on a sounder footing.
Journal ArticleDOI
Difficulties in simulating the internet
Sally Floyd,Vern Paxson +1 more
TL;DR: Two key strategies for developing meaningful simulations in the face of the global Internet's great heterogeneity are discussed: searching for invariants and judiciously exploring the simulation parameter space.