Showing papers on "Cache pollution published in 2020"

Security and Privacy for Mobile Edge Caching: Challenges and Solutions

Abstract: Mobile edge caching is a promising technology for the next-generation mobile networks to effectively offer service environment and cloud-storage capabilities at the edge of networks. By exploiting the storage and computing resources at the network edge, mobile edge caching can significantly reduce service latency, decrease network load, and improve user experience. On the other hand, edge caching is subject to a number of threats regarding privacy violation and security breach. In this article, we first introduce the architecture of mobile edge caching, and address the key problems regarding why, where, what, and how to cache. Then, we examine the potential cyber threats, including cache poisoning attacks, cache pollution attacks, cache side-channel attacks, and cache deception attacks, which result in huge concerns about privacy, security, and trust in content placement, content delivery, and content usage for mobile users, respectively. After that, we propose a service-oriented and location-based efficient key distribution protocol (SOLEK) as an example in response to efficient and secure content delivery in mobile edge caching. Finally, we discuss the potential techniques for privacy-preserving content placement, efficient and secure content delivery, and trustful content usage, which are expected to draw more attention and efforts into secure edge caching.

Detection and Defense of Cache Pollution Attacks Using Clustering in Named Data Networks

Abstract: Named Data Network (NDN), as a promising information-centric networking architecture, is expected to support next-generation of large-scale content distribution with open in-network cachings. However, such open in-network caches are vulnerable against Cache Pollution Attacks (CPAs) with the goal of filling cache storage with non-popular contents. The detection and defense against such attacks are especially difficult because of CPA's similarities with normal fluctuations of content requests. In this work, we use a clustering technique to detect and defend against CPAs. By clustering the content interests, our scheme is able to distinguish whether they have followed the Zipf-like distribution or not for accurate detections. Once any attack is detected, an attack table will be updated to record the abnormal requests. While such requests are still forwarded, the corresponding content chunks are not cached. Extensive simulations in ndnSIM demonstrate that our scheme can resist CPA effectively with higher cache hit, higher detecting ratio, lower hop count, and lower algorithm complexity compared to other state-of-the-art schemes.

Intelligent Cache Pollution Attacks Detection for Edge Computing Enabled Mobile Social Networks

Abstract: With the rapid advances of wireless technologies and popularization of smart mobile devices, edge-enabled mobile social networks (MSNs) have emerged as a promising network paradigm for mobile users to deliver, share, and exchange contents with each other. By leveraging edge caching technology, various content services can be provided to mobile users for improving their quality of experience (QoE). However, edge caching is vulnerable to cache pollution attacks (CPAttacks) with the result of disruptive content delivery. To tackle this problem, we propose a hidden Markov model (HMM) based CPAttack detection scheme in edge-enabled MSNs. Specifically, we first present the CPAttack model based on observations of attacking behaviors. According to the CPAttack model, the caching state of the edge device is characterized by two parameters-content request rate and cache missing rate. Then, with observation sequence constructed by caching states, we develop an HMM-based detection algorithm to distinguish the CPAttack in the approximately time-invariant content request process. To deal with the lack of training data and dynamic of caching states, an adaptive HMM (AHMM) based algorithm is designed to detect the CPAttack in the time-varying content request process. The simulation results demonstrate that the proposed scheme can efficiently improve edge devices’ abilities to sense the CPAttack.

The FNL+MMA Instruction Cache Prefetcher

Abstract: When designing a prefetcher, the computer architect has to define which event should trigger a prefetch action and which blocks should be prefetched We propose to trigger prefetch requests on I-Shadow cache misses The I-Shadow cache is a small tag-only cache that monitors only demand misses FNL+MMA combines two prefetchers that exploit two characteristics of the I-cache usage In many cases, the next line is used by the application in the near future But systematic next-line prefetching leads to overfetching and cache pollution The Footprint Next Line prefetcher, FNL, overcomes this difficulty through predicting if the next line will be used in the "not so long" future Prefetching up to 5 next lines, FNL achieves a 165% speed-up on the championship public traces If no prefetching is used, the sequence of I-cache misses is partially predictable and in advance That is, when block B is missing, the nth next miss after the miss on block B is often on the same block B (n) This property holds for relatively large n up to 30 The Multiple Miss Ahead prefetcher, MMA, leverages the property We predict the nth next miss on the I-Shadow cache and predict if it might miss the overall I-cache A 96KB FNL+MMA achieves a 287% speed-up and decreases the I-cache miss rate by 918%

HFetch: Hierarchical Data Prefetching for Scientific Workflows in Multi-Tiered Storage Environments

Abstract: In the era of data-intensive computing, accessing data with a high-throughput and low-latency is more imperative than ever. Data prefetching is a well-known technique for hiding read latency. However, existing solutions do not consider the new deep memory and storage hierarchy and also suffer from under-utilization of prefetching resources and unnecessary evictions. Additionally, existing approaches implement a client-pull model where understanding the application’s I/O behavior drives prefetching decisions. Moving towards exascale, where machines run multiple applications concurrently by accessing files in a workflow, a more data-centric approach can resolve challenges such as cache pollution and redundancy. In this study, we present HFetch, a truly hierarchical data prefetcher that adopts a server-push approach to data prefetching. We demonstrate the benefits of such an approach. Results show 10-35% performance gains over existing prefetchers and over 50% when compared to systems with no prefetching.

I/O Acceleration via Multi-Tiered Data Buffering and Prefetching

Abstract: Modern High-Performance Computing (HPC) systems are adding extra layers to the memory and storage hierarchy, named deep memory and storage hierarchy (DMSH), to increase I/O performance. New hardware technologies, such as NVMe and SSD, have been introduced in burst buffer installations to reduce the pressure for external storage and boost the burstiness of modern I/O systems. The DMSH has demonstrated its strength and potential in practice. However, each layer of DMSH is an independent heterogeneous system and data movement among more layers is significantly more complex even without considering heterogeneity. How to efficiently utilize the DMSH is a subject of research facing the HPC community. Further, accessing data with a high-throughput and low-latency is more imperative than ever. Data prefetching is a well-known technique for hiding read latency by requesting data before it is needed to move it from a high-latency medium (e.g., disk) to a low-latency one (e.g., main memory). However, existing solutions do not consider the new deep memory and storage hierarchy and also suffer from under-utilization of prefetching resources and unnecessary evictions. Additionally, existing approaches implement a client-pull model where understanding the application’s I/O behavior drives prefetching decisions. Moving towards exascale, where machines run multiple applications concurrently by accessing files in a workflow, a more data-centric approach resolves challenges such as cache pollution and redundancy. In this paper, we present the design and implementation of Hermes: a new, heterogeneous-aware, multi-tiered, dynamic, and distributed I/O buffering system. Hermes enables, manages, supervises, and, in some sense, extends I/O buffering to fully integrate into the DMSH. We introduce three novel data placement policies to efficiently utilize all layers and we present three novel techniques to perform memory, metadata, and communication management in hierarchical buffering systems. Additionally, we demonstrate the benefits of a truly hierarchical data prefetcher that adopts a server-push approach to data prefetching. Our evaluation shows that, in addition to automatic data movement through the hierarchy, Hermes can significantly accelerate I/O and outperforms by more than 2x state-of-the-art buffering platforms. Lastly, results show 10%–35% performance gains over existing prefetchers and over 50% when compared to systems with no prefetching.

Cache Pollution Prevention Mechanism Based on Cache Partition in V-NDN

Abstract: The information-centric networking, which aims to solve the demand for distributing a large amount of content on the Internet, has proved to be a promising example for various network solutions, such as the Vehicular ad-hoc network (VANET). However, some problems are introduced when the named data networking is combined with V-NDN, such as the cache pollution. In order to solve the cache pollution attack, we propose a mechanism based on cache partition, which divides the cache of nodes into two parts and stores the content of different popularity respectively. We monitor the interest packets received by each node and get the corresponding popularity of each content. According to the popularity of the content, the content is stored in the corresponding cache. In addition, when the popularity of the content changes, we add the name of the content to the monitoring list to determine whether it is an attack content. This paper simulates the cache partition mechanism under different request frequencies and different forwarding strategies. The experimental results show that the average hit rate of node cache can be increased by 14% and the user request delay can be reduced by 30% when the node is attacked. At the same time, the number of Interest packets requested by normal users in the whole network has also been greatly reduced, which greatly reduces the traffic within the network. Experiments show that the cache partition mechanism can effectively resist the attack of cache pollution.

SecSched: Flexible Scheduling in Secure Processors

Abstract: Trusted execution environments (TEEs) are an integral part of modern processors because security has become a very important concern. However, many such environments are bedeviled by the high cost of context switches, particularly when there is a switch from secure mode to non-secure mode owing primarily to cache pollution and TLB-flushing overheads. State-of-the-art implementations create a secure shared memory channel between a thread running in secure mode and a thread running in non-secure mode, which invokes system calls on its behalf. We argue that this is inefficient, and it is possible to reduce the overheads significantly by efficiently storing the context of secure threads and intelligent scheduling. In this paper, we propose a new scheduling algorithm SecSched that uses Cuckoo filters to capture the context of a thread. We schedule threads with similar contexts on the same core to leverage the effects of the locality. Our algorithm requires minimal hardware enhancements that are limited to maintaining a Cuckoo filter per core and a thread with the addition of few performance counters per thread to keep track of the miss counts. We show that with these minimal changes we can increase the performance of a suite of OS-intensive workloads by 27.6% with a minimal area overhead (around 0.04%).

Page Reusability-Based Cache Partitioning for Multi-Core Systems

Abstract: Most modern multi-core processors provide a shared last level cache (LLC) where data from all cores are placed to improve performance. However, this opens a new challenge for cache management, owing to cache pollution. With cache pollution, data with weak temporal locality can evict other data with strong temporal locality when both are mapped into the same cache set. In this article, we propose page reusability-based cache partitioning (PRCP) for multi-core systems to maximize cache utilization by minimizing cache pollution. To achieve this, PRCP divides pages into two groups: (1) highly-reused pages and (2) lowly-reused pages. The reusability of each page is collected online via periodic page table scans. PRCP then dynamically partitions the shared cache into two corresponding areas using page coloring technique. We have implemented PRCP in Linux kernel and evaluated it using SPEC CPU2006 benchmarks. The results show that our scheme can achieve comparable performance to the optimal offline MRC-guided process-based cache partitioning scheme without a priori knowledge of workloads.

Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking

Abstract: The concept of network caching is determined to be the potential requirement of named data networks (NDN) for enhancing the capabilities of the traditional IP networking It is responsible for location independent data accesses and optimal bandwidth utilization in multi-path data dissemination However, the network caching process in NDN introduces security challenges such as content cache poisoning, malicious injection or flooding of the packets and violation in accessing content packets In this paper, an Improved Merkle Hash Tree-based one-time signature scheme for capability-enhanced security enforcing architecture (IMHT-OTSS-CSEA) is proposed for provisioning data authenticity in a distributed manner for leveraging the capabilities to inform the access privileges of the packets during the process of data dissemination It is proposed for permitting the routers to verify the forwarded packets’ authenticity in NDN It is capable in handling the issues that emerge from unsolicited packets during a flooding-based denial of service attacks by supporting the indispensable verification process in routers that confirms the timeliness of packets The simulation experiments conducted using the open source CCNs platform and Planetlab confirmed a significant mean reduction in delay of 1461%, superior to the benchmarked schemes It is identified to minimize the delay incurred in generating bit vectors by a average margin of 1306%, excellent to the baseline approaches It also confirmed a mean increase in the true positive rate of 542%, a mean increase in the precision rate of 604%, decrease in false positive rate of 682% and increase in F-measure of 562% compared to the baseline approaches in the context of detecting content cache pollution attack respectively

COPE: Reducing Cache Pollution and Network Contention by Inter-tile Coordinated Prefetching in NoC-based MPSoCs

Abstract: Prefetching helps in reducing the memory access latency in multi-banked NUCA architecture, where the Last Level Cache (LLC) is shared. In such systems, an application running on core generates significant traffic on the shared resources, the underlying network and LLC. While prefetching helps to increase application performance, but an inaccurate prefetcher can cause harm by generating unwanted traffic that additionally increases network and LLC contention. Increased network contention results in untimely prefetching of cache blocks, thereby reducing the effectiveness of a prefetcher. Prefetch accuracy is extensively used to reduce unwanted prefetches that can mitigate the prefetcher caused contention. However, the conventional prefetch accuracy parameter has major limitations in NUCA architectures. The article exposes that prefetch accuracy can create two major false-positive cases of prefetching, Under-estimation and Over-estimation problems, and false feedback loop that can mislead a prefetcher in generating more unwanted traffic. We propose a novel technique, Coordinated Prefetching for Efficient (COPE), which addresses these issues by redefining prefetch accuracy for such architectures and identifies additional parameters that can avoid generating unwanted prefetch requests. Experiment conducted using PARSEC benchmark on a 64-core system shows that COPE achieve 3% reduction in L1 cache miss rate, 12.64% improvement in IPC, 23.2% reduction in average packet latency and 18.56% reduction in dynamic power consumption of the underlying network.

Triangle Area Based Multivariate Correlation Analysis for Detecting and Mitigating Cache Pollution Attacks in Named Data Networking

Abstract: The key feature of NDN is in-network caching that every router has its cache to store data for future use, thus improve the usage of the network bandwidth and reduce the network latency. However, in-network caching increases the security risks - cache pollution attacks (CPA), which includes locality disruption (ruining the cache locality by sending random requests for unpopular contents to make them popular) and False Locality (introducing unpopular contents in the router’s cache by sending requests for a set of unpopular contents). In this paper, we propose a machine learning method, named Triangle Area Based Multivariate Correlation Analysis (TAB-MCA) that detects the cache pollution attacks in NDN. This detection system has two parts, the triangle-area-based MCA technique, and the threshold-based anomaly detection technique. The TAB-MCA technique is used to extract hidden geometrical correlations between two distinct features for all possible permutations and the threshold-based anomaly detection technique. This technique helps our model to be able to distinguish attacks from legitimate traffic records without requiring prior knowledge. Our technique detects locality disruption, false locality, and combination of the two with high accuracy. Implementation of XC-topology, the proposed method shows high efficiency in mitigating these attacks. In comparison to other ML-methods, our proposed method has a low overhead cost in mitigating CPA as it doesn’t require attackers’ prior knowledge. Additionally, our method can also detect non-uniform attack distributions.

Dynamically adjusted cache data management and elimination method

Abstract: The invention discloses a dynamically adjusted cache data management and elimination method. According to the invention, the position of the cache item in the memory is dynamically adjusted accordingto the access time and hit frequency attribute of the cache item. The memory is divided into a hot data area and a cold data area, the cache items with high hit frequency and short access time are kept at the front part of the hot data area, and the cache items with low hit frequency and long access time are kept at the tail part of the cold data area. When the cache capacity reaches a threshold value and data needs to be eliminated, cache items at the tail part of the cold data area is directly deleted. Accurate elimination of data is realized through dynamic adjustment of the cold and hot data area, the proportion of hotspot data in cache is increased, the cache pollution problem is relieved, and the cache hit rate is increased.

Microarchitectural techniques to mitigate cache-based data security vulnerabilities

Abstract: Embodiments for mitigating cache-based data security vulnerabilities in a computing environment are provided. Cache pollution due to speculative memory accesses within a speculative path is avoided by delaying data updates to a cache and memory subsystem until the speculative memory accesses are resolved. A speculative buffer is used to maintain the speculative memory accesses such that a state of the cache remains unchanged until the speculative memory accesses are committed.

Gini impurity based NDN cache pollution attack defence mechanism

Abstract: Name Data Network (NDN) is a futuristic Internet architecture that delivers content based on strategically chosen names and caches content on intermediate routers in the content-delivery path, whic...

An Effective and Lightweight Countermeasure Scheme to Multiple Network Attacks in NDNs

Abstract: In Named Data Networks, cache pollution, cache poisoning and interest flooding are three popular types of attacks that can drastically degrade the network performance. However, previous methods for mitigating these attacks are not sufficiently effective or efficient. Also, they cannot simultaneously handle the three attacks. To handle these problems, we propose an effective and lightweight countermeasure scheme. It consists of token-based router monitoring policy (TRM), hierarchical consensus-based trust management (HCT), and popularity-based probabilistic caching policy (PPC). In TRM, each edge router monitors and evaluates each data requester’s probability of launching the cache pollution attack and each data provider’s probability of launching the cache poisoning attack, and accordingly assigns, rewards and penalizes tokens to them to control their data request and data provision activities. In HCT, each core router manages its directly connected edge routers using TRM, and the core routers trust each other through adopting the concept of consensus in Blockchain. PPC uses probabilistic caching based on the popularity of received content to further mitigate the attacks and reduce caching and data verification overhead. Results from simulation experiments demonstrate that our proposed scheme has better performance, in terms of interest satisfaction ratio and average end-to-end delay than current mechanisms.

FuRL: fuzzy RBM learning framework to detect and mitigate network anomalies in Information Centric Network

Abstract: Information Centric Network (ICN) is a promising next-generation internet architecture in which the network focuses on retrieving the content by employing open in-network caching scheme to provide an efficient content distribution to users. However, such open in-network caching is vulnerable to network anomalies. In particular, cache pollution attack disrupts the smooth working of in-network caching by flooding unpopular contents. Hence, the in-network caching malfunctions and legitimate consumer requests are dropped. To address this problem, a secure framework based on Fuzzy Restricted Boltzmann Machine has been proposed to detect the anomalies and defend against such pollution attacks in ICN. Further, a reward-based cache replacement (ReBac) algorithm that is capable of avoiding cache pollution attack has also been proposed. The experimental results obtained while testing the proposed framework show better detection rate compared with the state-of-art solution and the proposed framework shows better cache rate.

Cache management method and device, computer equipment and storage medium

Abstract: The invention discloses a cache management method and device, computer equipment and a storage medium, and the method comprises the following steps: determining the access time and access frequency corresponding to cache contents when an access request for the cache contents in a cache is received; determining the ratio of the access times to the maximum access times corresponding to the cache content in the cache to obtain the access frequency corresponding to the cache content; when a cache elimination condition is met, determining a popularity value of each cache content according to the access time and the access frequency corresponding to each cache content in the cache; determining cache content to be eliminated according to the popularity value of each cache content in the cache; and deleting the cache content to be eliminated from the cache. According to the method, the time dimension and the access frequency dimension are combined to comprehensively consider the cache contentto be eliminated, so that the cache content to be eliminated is determined more accurately, cache pollution is avoided, and the cache hit rate is increased.

Cache management method and device, equipment and storage medium

Abstract: The invention discloses a cache management method and device, equipment and a storage medium, and belongs to the technical field of storage. The embodiment of the invention provides a method for caching and eliminating material resources of a virtual scene based on temperature information, adopts the temperature information to represent the probability that the material resources are accessed in the virtual scene, uses the positions, corresponding to the temperature information, in the cache queue for caching the material resources, and conducts cache elimination on the cache queue according to the sequence of the positions from back to front. In this way, the cold resources of the virtual scene are eliminated first, and then the hot resources of the virtual scene are eliminated. On one hand, by prolonging the residence time of the hotspot resources in the cache, the probability of hitting the cache when the hotspot resources are accessed is improved, so that the cache hit rate is improved, and the problem of cache pollution is solved. And on the other hand, the cold resources in the cache are removed as soon as possible, so that the cache space is saved.