Testbeds and Research Infrastructures for the Development of Networks and Communities

To support increasingly distributed scientific and big-data applications, powerful data transfer infrastructures are being built with dedicated networks and software frameworks customized to distributed file systems and data transfer nodes. The data transfer performance of such infrastructures critically depends on the combined choices of file, disk, and host systems as well as network protocols and file transfer software, all of which may vary across sites. The randomness of throughput measurements makes it challenging to assess the impact of these choices on the performance of infrastructure or its parts. We propose regression-based throughput profiles by aggregating measurements from sites of the infrastructure, with RTT as the independent variable. The peak values and convex-concave shape of a profile together determine the overall throughput performance of memory and file transfers, and its variations show the performance differences among the sites. We then present projection and difference operators, and coefficients of throughput profiles to characterize the performance of infrastructure and its parts, including sites and file transfer tools. In particular, the utilization-concavity coefficient provides a value in the range [0, 1] that reflects overall transfer effectiveness. We present results of measurements collected using (i) testbed experiments over dedicated 0–366 ms 10 Gbps connections with combinations of TCP versions, file systems, host systems and transfer tools, and (ii) Globus GridFTP transfers over production infrastructure with varying site configurations.

Mobile edge clouds have great potential to address the challenges in vehicular networks by transferring storage and computing functions to the cloud. This brings many advantages of the cloud closer to the mobile user, by installing small cloud infrastructures at the network edge. However, it is still a challenge to efficiently utilize heterogeneous communication and edge computing architectures. In this paper, we investigate the impact of live service migration within a Vehicular Ad-hoc Network environment by making use of the results collected from a real experimental test-bed. A new proactive service migration model which considers both the mobility of the user and the service migration time for different services is introduced. Results collected from a real experimental test-bed of connected vehicles show that there is a need to explore proactive service migration based on the mobility of users. This can result in better resource usage and better Quality of Service for the mobile user. Additionally, a study on the performance of the transport protocol and its impact in the context of live service migration for highly mobile environments is presented with results in terms of latency, bandwidth, and burst and their potential effect on the time it takes to migrate services.

With the rapid development of wireless communication technology, cloudlet-based wireless metropolitan area network, which provides people with more convenient network services, has become an effiective paradigm to meet the growing demand for requirements of wireless cloud computing. Currently, the energy consumption of cloudlets can be reduced by migrating tasks, but how to jointly optimize the time consumption and energy consumption in the process of migrations is still a significant problem. In this paper, a balanced cloudlet management method, named BCM, is proposed to address the above challenge. Technically, the Simple Additive Weighting (SAW) and Multiple Criteria Decision Making (MCDM) techniques are applied to optimize virtual machine scheduling strategy. Finally, simulation results demonstrate the effectiveness of our proposed method.

Uncertainty analysis have attracted increasing attention of both theory and application over the last decades. Owing to the complex of surrounding, uncertainty analysis of rainfall in urban area is very little. Existing literatures on uncertainty analysis paid less attention on gauge density and rainfall intensity. Therefore, this study focuses on urban area, which a good complement to uncertainty research. In this study, gauge density was investigated with carefully selecting of gauge to covering evenly. Rainfall intensity data were extracted from one rainfall event at begin, summit and ending phases of rainfall process. Three traditional methods (Ordinary Kriging, RBF and IDW) and three machine methods (RF, ANN and SVM) were investigated for the uncertainty analysis. The result shows that (1) gauge density has important influence on the interpolation accuracy, and the higher gauge density means the higher accuracy. (2) The uncertainty is progressively stable with the increasing of rainfall intensity. (3) Geostatistic methods has better result than the IDW and RBF owing to considering spatial variability. The selected machine learning methods have good performance than traditional methods. However, the complex training processing and without spatial variability may reduce its practicability in modern flood management. Therefore, the combining of traditional methods and machine learning will be the good paradigm for spatial interpolation and uncertainty analysis.

Software-Defined Networking (SDN) brings a significant flexibility and visibility to networking, but at the same time creates new security challenges. SDN allows networks to keep pace with the speed of change by facilitating frequent modifications to the network configuration. However, these changes may introduce misconfigurations by writing inconsistent rules for Flow-tables. Misconfigurations can arise also between firewalls and Flow-tables in OpenFlow-based networks. Problems arising from these misconfigurations are common and have dramatic consequences for networks operations. Therefore, there is a need of automatic methods to detect and fix these misconfigurations. Given these issues, some methods have been proposed. Though these methods are useful for managing Flow-tables rules, they still have limitations in term of low granularity level and the lack of precise details of analyzed flow entries. To address these challenges, we present in this paper a formal approach that allows to discover Flow-tables misconfigurations using inference systems. The contributions of our work are the following: automatically identifying Flow-tables anomalies, using the Firewall to bring out real misconfigurations and proposing automatic method to deal with set-field action of flow entries.

These techniques have been implemented and we proved the correctness of our method and demonstrated its applicability and scalability. The first results we obtained are very promising.

In recent years, mobile cloud computing (MCC) is utilized to process multimedia workflows due to the limitation of battery capacity of mobile devices, which influences the experience of multimedia applications on the mobile devices. Computation offloading based on cloudlet is introduced as a novel paradigm to relieve the high latency which offloading computation to remote cloud causes. However, it is still a challenge for mobile devices to offload computation of multimedia workflows in cloudlet-based cloud computation environment to reduce energy consumption, which meets time constraints at the same time. In view of the challenge, an energy-efficient computation offloading method of multimedia workflow with multi-objective optimization is proposed in this paper. Technically, an offloading method based on cloudlet using Differential Evolution (DE) algorithm is proposed to optimize the energy consumption of the mobile devices with time constraints. Finally, massive experimental evaluations and comparison analysis validate the efficiency of our proposed method.

Many security issues have come to the fore with the increasingly widespread adoption of Internet-of-Things (IoT) devices. The Mirai attack on Dyn DNS service, in which vulnerable IoT devices such as IP cameras, DVRs and routers were infected and used to propagate large-scale DDoS attacks, is one of the more prominent recent examples. IoT botnets, consisting of hundreds-of-thousands of bots, are currently present “in-the-wild” at least and are only expected to grow in the future, with the potential to cause significant network downtimes and financial losses to network companies. We propose, therefore, to build testbeds for evaluating IoT botnets and design suitable mitigation techniques against them. A DETERlab-based IoT botnet testbed is presented in this work. The testbed is built in a secure contained environment and includes ancillary services such as DHCP, DNS as well as botnet infrastructure including CnC and scanListen/loading servers. Developing an IoT botnet testbed presented us with some unique challenges which are different from those encountered in non-IoT botnet testbeds and we highlight them in this paper. Further, we point out the important features of our testbed and illustrate some of its capabilities through experimental results.

Recreating real-world network scenarios on testbeds is common in validating security solutions, but modeling networks correctly requires a good deal of expertise in multiple domains. A testbed user must understand the solution being validated, the real-world deployment environments, in addition to understanding what features in these environments matter and how to model these features correctly in a testbed. As real-world scenarios and the security solutions we design become more diverse and complex, it becomes less likely that the testbed user is able to be a domain expert in their technology, a field expert in the deploy environments for their technology, and an expert in how to model these environments on the testbed. Without the proper expertise from multiple domains, testbed users produce overly simplified and inappropriate test environments, which do not provide adequate validation. To address this pressing need to share domain knowledge in the testbed community, we introduce our Extensible Components Framework for testbed network modeling. Our framework enables multiple experts to contribute to a complex network model without needing to explicitly collaborate or translate between domains. The fundamental goal of our Extensible Components is to capture the knowledge of domain experts and turn this knowledge into off-the-shelf models that end-users can easily utilize as first-class testbed objects. We demonstrate the design and use of our Extensible Components Framework through implementing Click Modular Router [10] based Extensible Components on the DETER testbed, and advocate that our framework can be applied to other environments. We focus on wired network models, but outline how Extensible Components can be used to model other types of networks such as wireless. (This material is based on research sponsored by DARPA under agreement number HR0011-15-C-0096. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government.)

Currently the content of security protection has been expanded multiple sources. The security protection especially of the implicit content from multiple sources poses new challenges to the collection, identification, customization of protection strategies, modeling, etc. We are enlightened by the potential of DIKW (Data, Information, Knowledge, Wisdom) architecture to express semantic of natural language content and human intention. But currently there lacks formalized semantics for the DIKW architecture by itself which poses a challenge for building conceptual models on top of this architecture. We proposed a formalization of the elements of DIKW. The formalization centers the ideology of modeling Data as multiple dimensional hierarchical Types related to observable existence of the Sameness, Information as identification of Data with explicit Difference, Knowledge as applying Completeness of the Type, and Wisdom as variability prediction. Based on this formalization, we propose a solution framework for security concerns centering Type transitions in Graph, Information Graph and Knowledge Graph.