Networking for java and dotnet 2016 - 17

www.redpel.com +917620593389 redpelsoftware@gmail.com
WhitePel Software Pvt Ltd
63/A, Ragvilas , Lane No – C, Koregaon Park Pune -411001
www.whitepel.com , info@whitepel.com , whitepelpune@gmail.com
Networking for java/ dot net
Check following Projects ,also check if any spelling mistakes
before showing to your Guide:
Buffer-aided Relay Selection with Reduced Packet delay in
cooprative network .
Abstract—Applying data buffers at relay nodes significantly improves the outage performance in
relay networks, but the performance gain is often at the price of long packet delays. In this paper, a
novel relay selection scheme with significantly reduced packet delay is proposed. The outage
probability and average packet delay of the proposed scheme under different channel scenarios are
analyzed. Simulation results are also given to verify the analysis. The analytical and simulation
results show that, compared with non-buffer-aided relay selection schemes, the proposed scheme has
not only significant gain in outage performance but also similar average packet delay when the
channel SNR is high enough, making it an attractive scheme in practice.
Secure communication problem for client server analysis
algorithm & Evaluation.
Abstract —Now a days so many people are connected to the internet to access the different resources
of their use and different companies are using distributed environment to provide their services to the
customers. All these activities affect the economy of the country or world. So there is a need of more
secure distributed environment in which all transaction and operations can be complete successfully
in a secure way. In distributed System environment it is very important to provide service at any time
,any where to the customers, this require proper time management of all computing and networking
resources, resource allocation on time and their proper utilization. In distributed environment security
is primary concern. In this paper an analysis of different security issues related to data, physical
security, network security , possible distributed system attacks, has been made.

An Enhanced Available Bandwidth Estimation Technique
for an End-to-End Network Path.
Abstract—This paper presents a unique probing scheme, a rate adjustment algorithm, and a modified
excursion detection algorithm (EDA) for estimating the available bandwidth (ABW) of an end-to-end
network path more accurately and less intrusively. The proposed algorithm is based on the well
known concept of self-induced congestion and it features a unique probing train structure in which
there is a region where packets are sampled more frequently than in other regions. This high-density
region enables our algorithm to find the turning point more accurately. When the dynamic ABW is
outside of this region, we readjust the lower rate and upper rate of the packet stream to fit the
dynamic ABW into that region.We appropriately adjust the range between the lower rate and the
upper rate using spread factors, which enables us to keep the number of packets low and we are thus
able to measure the ABW less intrusively. Finally, to detect the ABW from the one-way queuing
delay, we present a modified EDA from PathChirps’ original EDA to better deal with sudden
increase and decrease in queuing delays due to cross traffic burstiness. For the experiments, an
Android OS-based device was used to measure the ABW over a commercial 4G/LTE mobile
network of a Japanese mobile operator, as well as real testbed measurements were conducted over
fixed and WLAN network. Simulations and experimental results show that our algorithm can achieve
ABW estimations in real time and outperforms other stat-of-the-art measurement algorithms in terms
of accuracy, intrusiveness, and convergence time.
Automatic Test and debugging Packet Generation.
Abstract—Networks are getting larger and more complex, yet administrators rely on rudimentary
tools such as ping and traceroute to debug problems. We propose an automated and systematic
approach for testing and debugging networks called ―Automatic Test Packet Generation‖ (ATPG).
ATPG reads router configurations and generates a device-independent model. The model is used to
generate a minimum set of test packets to (minimally) exercise every link in the network or
(maximally) exercise every rule in the network. Test packets are sent periodically, and detected
failures trigger a separate mechanism to localize the fault. ATPG can detect both functional (e.g.,
incorrect firewall rule) and performance problems (e.g., congested queue). ATPG complements but
goes beyond earlier work in static checking (which cannot detect liveness or performance faults) or
fault localization (which only localize faults given liveness results). We describe our prototype
ATPG implementation and results on two real-world data sets: Stanford University’s backbone
network and Internet2. We find that a small number of test packets suffices to test all rules in these
networks: For example, 4000 packets can cover all rules in Stanford backbone network, while 54 are
enough to cover all links. Sending 4000 test packets 10 times per second consumes less than 1% of
link capacity. ATPG code and the data sets are publicly available.

A semantic tool for firewall optimization.
ABSTRACT:
Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks
each incoming or outgoing packet to decide whether to accept or discard the packet based on its
policy. Optimizing firewall policies is crucial for improving network performance. Prior work on
firewall optimization focuses on either intrafirewall or interfirewall optimization within one
administrative domain where the privacy of firewall policies is not a concern. This paper explores
interfirewall optimization across administrative domains for the first time. The key technical
challenge is that firewall policies cannot be shared across domains because a firewall policy contains
confidential information and even potential security holes, which can be exploited by attackers. In
this paper, we propose the first cross-domain privacy-preserving cooperative firewall policy
optimization protocol. Specifically, for any two adjacent firewalls belonging to two different
administrative domains, our protocol can identify in each firewall the rules that can be removed
because of the other firewall. The optimization process involves cooperative computation between
the two firewalls without any party disclosing its policy to the other. We implemented our protocol
and conducted extensive experiments. The results on real firewall policies show that our protocol can
remove as many as 49% of the rules in a firewall, whereas the average is 19.4%. The communication
cost is less than a few hundred kilobytes. Our protocol incurs no extra online packet processing
overhead, and the offline processing time is less than a few hundred seconds.
Enhanced security in online banking system.
Abstract— In this era due to unbelievable development in internet, various online attacks has been
increased. From all such attacks most popular attack is phishing. This attacks are done for extracting
confidential information such as banking information, passwords from unsuspecting victims for fraud
purposes. Confidential data can’t be directly uploaded on website since it is risky. Here in this paper
data is encrypted in video and visual cryptography for login purpose in our online database system
for providing more security .

Protecting Location Privacy in Sensor Networks against a
Global Eavesdropper.
ABSTRACT:
While many protocols for sensor network security provide confidentiality for the content of
messages, contextual information usually remains exposed. Such information can be critical to the
mission of the sensor network, such as the location of a target object in a monitoring application, and
it is often Important to protect this information as well as message content. There have been several
recent studies on providing location privacy in sensor networks. We first argue that a strong
adversary model, the global eavesdropper, is often realistic in practice and can defeat existing
techniques. We then formalize the location privacy issues under this strong adversary model and
show how much communication overhead is needed for achieving a given level of privacy. We also
propose two techniques that prevent the leakage of location information: periodic collection and
source simulation. Periodic collection provides a high level of location privacy, while source
simulation provides trade-offs between privacy, communication cost, and latency. Through analysis
and simulation, we demonstrate that the proposed techniques are efficient and effective in protecting
location information from the attacker.
Developing Route Optimization-Based PMIPv6 testbed for
reliable packet transmission.
ABSTRACT :
Proxy Mobile IPv6 (PMIPv6) allows a mobile node to communicate directly to its peers while
changing the currently used IP address. This mode of operation is called route optimization (RO). In
the RO process, the peer node learns a binding between the home address and its current temporary
care-of-address. Many schemes have been proposed to support RO in PMIPv6. However, these
schemes do not consider the out-of-sequence problem, which may happen between the existing path
and the newly established RO path. In this paper, we propose a scheme to solve the out-of-sequence
problem with low cost. In our scheme, we use the additional packet sequence number and the time
information when the problem occurs. We then run experiments on a reliable packet transmission
(RPT) laboratory testbed to evaluate the performance of the proposed scheme, and compare it with
the well-known RO-supported PMIPv6 and the out-of-sequence time period scheme. The

experimental results show that for most of the cases, our proposed scheme guarantees RPT by
preventing the out-of-sequence problem.
Handling Selfishness in Replica Allocation over a Mobile Ad
Hoc Network.
Abstract :
In a mobile ad hoc network, the mobility and resource constraints of mobile nodes may lead to
network partitioning or performance degradation. Several data replication techniques have been
proposed to minimize performance degradation. Most of them assume that all mobile nodes
collaborate fully in terms of sharing their memory space. In reality, however, some nodes may
selfishly decide only to cooperate partially, or not at all, with other nodes. These selfish nodes could
then reduce the overall data accessibility in the network. In this paper, we examine the impact of
selfish nodes in a mobile ad hoc network from the perspective of replica allocation. We term this
selfish replica allocation. In particular, we develop a selfish node detection algorithm that considers
partial selfishness and novel replica allocation techniques to properly cope with selfish replica
allocation. The conducted simulations demonstrate the proposed approach outperforms traditional
cooperative replica allocation techniques in terms of data accessibility, communication cost, and
average query delay.
Firecol: A Collaborative Protection Network For The
Detection Of Flooding Ddos Attacks.
ABSTRACT :
Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation of
which is very hard especially when it comes to highly distributed botnet-based attacks. The early
discovery of these attacks, although challenging, is necessary to protect end-users as well as the
expensive network infrastructure resources. Here, we address the problem of DDoS attacks and
present the theoretical foundation, architecture, and algorithms of FireCol. The core of FireCol is
composed of intrusion prevention systems (IPSs) located at the Internet service providers (ISPs)
level. The IPSs form virtual protection rings around the hosts to defend and collaborate by
exchanging selected traffic information. The evaluation of FireCol using extensive simulations and a
real dataset is presented, showing FireCol effectiveness and low overhead, as well as its support for
incremental deployment in real networks.

Distributed Packet Buffers for High-Bandwidth Switches
and Routers.
ABSTRACT:
High-speed routers rely on well-designed packet buffers that support multiple queues, provide large
capacity and short response times. Some researchers suggested combined SRAM/DRAM hierarchical
buffer architectures to meet these challenges. However, these architectures suffer from either large
SRAM requirement or high time-complexity in the memory management. In this paper, we present
scalable, efficient, and novel distributed packet buffer architecture.
Two fundamental issues need to be addressed to make this architecture feasible: 1) how to minimize
the overhead of an individual packet buffer; and 2) how to design scalable packet buffers using
independent buffer subsystems. We address these issues by first designing an efficient compact
buffer that reduces the SRAM size requirement by (k - 1)/k. Then, we introduce a feasible way of
coordinating multiple subsystems with a load-balancing algorithm that maximizes the overall system
performance.
Catching Packet Droppers and Modifiers in Wireless Sensor
Networks.
ABSTRACT:
Packet dropping and modification are common attacks that can be launched by an adversary to
disrupt communication in wireless multihop sensor networks. Many schemes have been proposed to
mitigate or tolerate such attacks, but very few can effectively and efficiently identify the intruders.
To address this problem, we propose a simple yet effective scheme, which can identify misbehaving
forwarders that drop or modify packets. Extensive analysis and simulations have been conducted to
verify the effectiveness and efficiency of the scheme.
Energy Packet Networks With Energy Harvesting.

ABSTRACT : We investigate the cooperation among energy prosumers (unied energy provider and
consumer) through the energy packet network (EPN) paradigm, which represents both the ow of
work that requires energy, and the ow of energy itself, in terms of discrete units. This paper details a
stochastic model of EPNs, which is inspired from a branch of queuing theory called G-networks. The
model allows us to compute the equilibrium state of a system that includes energy storage units,
energy transmission networks, and energy consumers, together with the intermittent energy sources.
The model is then used to show how the ow of work and energy in the system can be optimized for
certain utility functions that consider both the needs of the consumers, and the desire to maintain
some reserve energy for potential future needs.
A Trigger Identification Service for Defending Reactive
Jammers in Wireless Sensor Network.
ABSTRACT: During the last decade, Reactive Jamming Attack has emerged as a great security
threat to wireless sensor networks, due to its mass destruction to legitimate sensor communications
and difficulty to be disclosed and defended. Considering the specific characteristics of reactive
jammer nodes, a new scheme to deactivate them by efficiently identifying all trigger nodes, whose
transmissions invoke the jammer nodes, has been proposed and developed. Such a trigger-
identification procedure can work as an application-layer service and benefit many existing reactive-
jamming defending schemes. In this paper, on the one hand, we leverage several optimization
problems to provide a complete trigger-identification service framework for unreliable wireless
sensor networks. On the other hand, we provide an improved algorithm with regard to two
sophisticated jamming models, in order to enhance its robustness for various network scenarios.
Theoretical analysis and simulation results are included to validate the performance of this
framework.
Footprint: Detecting Sybil Attacks in Urban Vehicular
Networks.
Abstract : In urban vehicular networks, where privacy, especially the location privacy of anonymous
vehicles is highly concerned, anonymous verification of vehicles is indispensable. Consequently, an
attacker who succeeds in forging multiple hostile identifies can easily launch a Sybil attack, gaining a
disproportionately large influence. In this paper, we propose a novel Sybil attack detection
mechanism, Footprint, using the trajectories of vehicles for identification while still preserving their
location privacy. More specifically, when a vehicle approaches a road-side unit (RSU), it actively

demands an authorized message from the RSU as the proof of the appearance time at this RSU. We
design a location-hidden authorized message generation scheme for two objectives: first, RSU
signatures on messages are signer ambiguous so that the RSU location information is concealed from
the resulted authorized message; second, two authorized messages signed by the same RSU within
the same given period of time (temporarily linkable) are recognizable so that they can be used for
identification. With the temporal limitation on the likability of two authorized messages, authorized
messages used for long-term identification are prohibited. With this scheme, vehicles can generate a
location-hidden trajectory for location-privacy-preserved identification by collecting a consecutive
series of authorized messages. Utilizing social relationship among trajectories according to the
similarity definition of two trajectories, Footprint can recognize and therefore dismiss ―communities‖
of Sybil trajectories. Rigorous security analysis and extensive trace-driven simulations demonstrate
the efficacy of Footprint.
Adaptive Opportunistic Routing for Wireless Ad Hoc
Networks.
ABSTRACT:
A distributed adaptive opportunistic routing scheme for multihop wireless ad hoc networks is
proposed. The proposed scheme utilizes a reinforcement learning framework to opportunistically
route the packets even in the absence of reliable knowledge about channel statistics and network
model. This scheme is shown to be optimal with respect to an expected average per-packet reward
criterion. The proposed routing scheme jointly addresses the issues of learning and routing in an
opportunistic context, where the network structure is characterized by the transmission success
probabilities. In particular, this learning framework leads to a stochastic routing scheme that
optimally ―explores‖ and ―exploits‖ the opportunities in the network.
Design and Implementation of TARF: A Trust-Aware
Routing Framework for WSNs.
ABSTRACT:
The multihop routing in wireless sensor networks (WSNs) offers little protection against identity
deception through replaying routing information. An adversary can exploit this defect to launch
various harmful or even devastating attacks against the routing protocols, including sinkhole attacks,
wormhole attacks, and Sybil attacks. The situation is further aggravated by mobile and harsh network
conditions. Traditional cryptographic techniques or efforts at developing trust-aware routing

protocols do not effectively address this severe problem. To secure the WSNs against adversaries
misdirecting the multihop routing, we have designed and implemented TARF, a robust trust-aware
routing framework for dynamic WSNs. Without tight time synchronization or known geographic
information, TARF provides trustworthy and energy-efficient route. Most importantly, TARF proves
effective against those harmful attacks developed out of identity deception; the resilience of TARF is
verified through extensive evaluation with both simulation and empirical experiments on large-scale
WSNs under various scenarios including mobile and RF-shielding network conditions. Further, we
have implemented a low-overhead TARF module in TinyOS; as demonstrated, this implementation
can be incorporated into existing routing protocols with the least effort. Based on TARF, we also
demonstrated a proof-of-concept mobile target detection application that functions well against an
antidetection mechanism.
MeasuRouting: A Framework for Routing Assisted Traffic
Monitoring.
ABSTRACT:
Monitoring transit traffic at one or more points in a network is of interest to network operators for
reasons of traffic accounting, debugging or troubleshooting, forensics, and traffic engineering.
Previous research in the area has focused on deriving a placement of monitors across the network
toward the end of maximizing the monitoring utility of the network operator for a given traffic
routing. However, both traffic characteristics and measurement objectives can dynamically change
over time, rendering a previously optimal placement of monitors suboptimal. It is not feasible to
dynamically redeploy/reconfigure measurement infrastructure to cater to such evolving measurement
requirements. We address this problem by strategically routing traffic subpopulations over fixed
monitors. We refer to this approach as MeasuRouting. The main challenge for MeasuRouting is to
work within the constraints of existing intradomain traffic engineering operations that are geared for
efficiently utilizing bandwidth resources, or meeting quality-of-service (QoS) constraints, or both. A
fundamental feature of intradomain routing, which makesMeasuRouting feasible, is that intradomain
routing is often specified for aggregate flows. MeasuRouting can therefore differentially route
components of an aggregate flow while ensuring that the aggregate placement is compliant to
original traffic engineering objectives. In this paper, we present a theoretical framework for
MeasuRouting. Furthermore, as proofs of concept, we present synthetic and practical monitoring
applications to showcase the utility enhancement achieved with MeasuRouting

On Optimizing Overlay Topologies for Search in
Unstructured Peer-to-Peer Networks.
Abstract
Unstructured peer-to-peer (P2P) file-sharing networks are popular in the mass market. As the peers
participating in unstructured networks interconnect randomly, they rely on flooding query messages
to discover objects of interest and thus introduce remarkable network traffic. Empirical measurement
studies indicate that the peers in P2P networks have similar preferences, and have recently proposed
unstructured P2P networks that organize participating peers by exploiting their similarity. The
resultant networks may not perform searches efficiently and effectively because existing overlay
topology construction algorithms often create unstructured P2P networks without performance
guarantees. Thus, we propose a novel overlay formation algorithm for unstructured P2P networks.
Based on the file sharing pattern exhibiting the power-law property, our proposal is unique in that it
poses rigorous performance guarantees. Theoretical performance results conclude that in a constant
probability, 1) searching an object in our proposed network efficiently takes hops (where c is a small
constant), and 2) the search progressively and effectively exploits the similarity of peers. In addition,
the success ratio of discovering an object approximates 100 percent. We validate our theoretical
analysis and compare our proposal to competing algorithms in simulations. Based on the simulation
results, our proposal clearly outperforms the competing algorithms in terms of 1) the hop count of
routing a query message, 2) the successful ratio of resolving a query, 3) the number of messages
required for resolving a query, and 4) the message overhead for maintaining and formatting the
overlay.
MIMO-NOMA Design for Small Packet transmission in the
internet of things.
ABSTRACT A feature of the Internet of Things (IoT) is that some users in the system need to be
served quickly for small packet transmission. To address this requirement, a new multiple-input
multiple-output non-orthogonal multiple access (MIMO-NOMA) scheme is designed in this paper,
where one user is served with its quality of service requirement strictly met, and the other user is
served opportunistically by using the NOMA concept. The novelty of this new scheme is that it
confronts the challenge that the existing MIMONOMA schemes rely on the assumption that users'
channel conditions are different, a strong assumption which may not be valid in practice. The
developed precoding and detection strategies can effectively create a signicant difference between
the users' effective channel gains, and therefore, the potential of NOMA can be realized even if the
users' original channel conditions are similar. Analytical and numerical results are provided to
demonstrate the performance of the proposed MIMO-NOMA scheme.

Privacy- and Integrity-Preserving Range Queries in Sensor
Networks.
ABSTRACT:
The architecture of two-tiered sensor networks, where storage nodes serve as an intermediate tier
between sensors and a sink for storing data and processing queries, has been widely adopted because
of the benefits of power and storage saving for sensors as well as the efficiency of query processing.
However, the importance of storage nodes also makes them attractive to attackers. In this paper, we
propose SafeQ, a protocol that prevents attackers from gaining information from both sensor
collected data and sink issued queries. SafeQ also allows a sink to detect compromised storage nodes
when they misbehave. To preserve privacy, SafeQ uses a novel technique to encode both data and
queries such that a storage node can correctly process encoded queries over encoded data without
knowing their values. To preserve integrity, we propose two schemes—one using Merkle hash trees
and another using a new data structure called neighborhood chains—to generate integrity verification
information so that a sink can use this information to verify whether the result of a query contains
exactly the data items that satisfy the query. To improve performance, we propose an optimization
technique using Bloom filters to reduce the communication cost between sensors and storage nodes.
A Network Coding Equivalent Content Distribution Scheme
for Efficient Peer-to-Peer Interactive VoD Streaming.
Abstract
Although random access operations are desirable for on-demand video streaming in peer-to-peer
systems, they are difficult to efficiently achieve due to the asynchronous interactive behaviors of
users and the dynamic nature of peers. In this paper, we propose a network coding equivalent content
distribution (NCECD) scheme to efficiently handle interactive video-on-demand (VoD) operations in
peer-to-peer systems. In NCECD, videos are divided into segments that are then further divided into
blocks. These blocks are encoded into independent blocks that are distributed to different peers for
local storage. With NCECD, a new client only needs to connect to a sufficient number of parent
peers to be able to view the whole video and rarely needs to find new parents when performing
random access operations. In most existing methods, a new client must search for parent peers
containing specific segments; however, NCECD uses the properties of network coding to cache
equivalent content in peers, so that one can pick any parent without additional searches.

Experimental results show that the proposed scheme achieves low startup and jump searching delays
and requires fewer server resources. In addition, we present the analysis of system parameters to
achieve reasonable block loss rates for the proposed scheme.
Toward Reliable Data Delivery for Highly Dynamic Mobile
Ad Hoc Networks.
ABSTRACT:
This paper addresses the problem of delivering data packets for highly dynamic mobile ad hoc
networks in a reliable and timely manner. Most existing ad hoc routing protocols are susceptible to
node mobility, especially for large-scale networks. Driven by this issue, we propose an efficient
Position-based Opportunistic Routing (POR) protocol which takes advantage of the stateless property
of geographic routing and the broadcast nature of wireless medium. When a data packet is sent out,
some of the neighbor nodes that have overheard the transmission will serve as forwarding candidates,
and take turn to forward the packet if it is not relayed by the specific best forwarder within a certain
period of time. By utilizing such in-the-air backup, communication is maintained without being
interrupted. The additional latency incurred by local route recovery is greatly reduced and the
duplicate relaying caused by packet reroute is also decreased. In the case of communication hole, a
Virtual Destination-based Void Handling (VDVH) scheme is further proposed to work together with
POR. Both theoretical analysis and simulation results show that POR achieves excellent performance
even under high node mobility with acceptable overhead and the new void handling scheme also
works well.
Packet Loss Control Using Tokens at the Network Edge.
ABSTRACT
Presently the Internet accommodates simultaneous audio, video, and data traffic. This requires the
Internet to guarantee the packet loss which at its turn depends very much on congestion control. A
series of protocols have been introduced to supplement the insufficient TCP mechanism controlling
the network congestion. CSFQ was designed as an open-loop controller to provide the fair best effort
service for supervising the per-flow bandwidth consumption and has become helpless when the P2P
flows started to dominate the traffic of the Internet. Token-Based Congestion Control (TBCC) is
based on a closed-loop congestion control principle, which restricts token resources consumed by an
end-user and provides the fair best effort service with O(1) complexity. As Self-Verifying CSFQ and
Re-feedback, it experiences a heavy load by policing inter-domain traffic for lack of trust. In this
paper, Stable Token-Limited Congestion Control (STLCC) is introduced as new protocols which

appends inter-domain congestion control to TBCC and make the congestion control system to be
stable. STLCC is able to shape output and input traffic at the inter-domain link with O(1) complexity.
STLCC produces a congestion index, pushes the packet loss to the network edge and improves the
network performance. Finally, the simple version of STLCC is introduced. This version is deployable
in the Internet without any IP protocols modifications and preserves also the packet datagram.
RIHT: A Novel Hybrid IP Traceback Scheme.
ABSTRACT:
Because the Internet has been widely applied in various fields, more and more network security
issues emerge and catch people’s attention. However, adversaries often hide themselves by spoofing
their own IP addresses and then launch attacks. For this reason, researchers have proposed a lot of
traceback schemes to trace the source of these attacks. Some use only one packet in their packet
logging schemes to achieve IP tracking. Others combine packetmarking with packet logging and
therefore create hybrid IP traceback schemes demanding less storage but requiring a longer search. In
this paper, we propose a new hybrid IP traceback scheme with efficient packet logging aiming to
have a fixed storage requirement for each router (under 320 KB, according to CAIDA’s skitter data
set) in packet logging without the need to refresh the logged tracking information and to achieve zero
false positive and false negative rates in attack-path reconstruction. In addition, we use a packet’s
marking field to censor attack traffic on its upstream routers. Lastly, we simulate and analyze our
scheme, in comparison with other related research, in the following aspects: storage requirement,
computation, and accuracy.
BGP Churn Evolution: A Perspective from the Core.
Abstract
The scalability limitations of BGP have been a major concern lately. An important aspect of this
issue is the rate of routing updates (churn) that BGP routers must process. This paper presents an
analysis of the evolution of churn in four networks at the backbone of the Internet over a period of
seven years and eight months, using BGP update traces from the RouteViews project. The churn rate
varies widely over time and between networks. Instead of descriptive ―black-box‖ statistical analysis,
we take an exploratory data analysis approach attempting to understand the reasons behind major
observed characteristics of the churn time series. We find that duplicate announcements are a major
churn contributor, responsible for most large spikes. Remaining spikes are mostly caused by routing
incidents that affect a large number of prefixes simultaneously. More long-term intense periods of
churn, on the other hand, are caused by misconfigurations or other special events at or close to the
monitored autonomous system (AS). After filtering pathologies and effects that are not related to the

long-term evolution of churn, we analyze the remaining ―baseline‖ churn and find that it is increasing
at a rate that is similar to the growth of the number of ASs.
Latency Equalization as a New Network Service Primitive.
Abstract
Multiparty interactive network applications such as teleconferencing, network gaming, and online
trading are gaining popularity. In addition to end-to-end latency bounds, these applications require
that the delay difference among multiple clients of the service is minimized for a good interactive
experience. We propose a Latency EQualization (LEQ) service, which equalizes the perceived
latency for all clients participating in an interactive network application. To effectively implement
the proposed LEQ service, network support is essential. The LEQ architecture uses a few routers in
the network as hubs to redirect packets of interactive applications along paths with similar end-to-end
delay. We first formulate the hub selection problem, prove its NP-hardness, and provide a greedy
algorithm to solve it. Through extensive simulations, we show that our LEQ architecture significantly
reduces delay difference under different optimization criteria that allow or do not allow
compromising the per-user end-to-end delay. Our LEQ service is incrementally deployable in today’s
networks, requiring just software modifications to edge routers.
BloomCast: Efficient and Effective Full-Text Retrieval in
Unstructured P2P Networks.
ABSTRACT:
Efficient and effective full-text retrieval in unstructured peer-to-peer networks remains a challenge in
the research community. First, it is difficult, if not impossible, for unstructured P2P systems to
effectively locate items with guaranteed recall. Second, existing schemes to improve search success
rate often rely on replicating a large number of item replicas across the wide area network, incurring
a large amount of communication and storage costs. In this paper, we propose BloomCast, an
efficient and effective full-text retrieval scheme, in unstructured P2P networks. By leveraging a
hybrid P2P protocol, BloomCast replicates the items uniformly at random across the P2P networks,
achieving a guaranteed recall at a communication cost of Þ, where N is the size of the network.
Furthermore, by casting Bloom Filters instead of the raw documents across the network, BloomCast
significantly reduces the communication and storage costs for replication. We demonstrate the power
of BloomCast design through both mathematical proof and comprehensive simulations based on the

query logs from a major commercial search engine and NIST TREC WT10G data collection. Results
show that BloomCast achieves an average query recall of 91 percent, which outperforms the existing
WP algorithm by 18 percent, while BloomCast greatly reduces the search latency for query
processing by 57 percent
Detecting Spam Zombies by Monitoring Outgoing Messages.
ABSTRACT
Compromised machines are one of the key security threats on the Internet; they are often used to
launch various security attacks such as spamming and spreading malware, DDoS, and identity theft.
Given that spamming provides a key economic incentive for attackers to recruit the large number of
compromised machines, we focus on the detection of the compromised machines in a network that
are involved in the spamming activities, commonly known as spam zombies. We develop an
effective spam zombie detection system named SPOT by monitoring outgoing messages of a
network. SPOT is designed based on a powerful statistical tool called Sequential Probability Ratio
Test, which has bounded false positive and false negative error rates. Our evaluation studies based on
a two-month email trace collected in a large U.S. campus network show that SPOT is an effective
and efficient system in automatically detecting compromised machines in a network. In addition, we
also compare the performance of SPOT with two other spam zombie detection algorithms based on
the number and percentage of spam messages originated or forwarded by internal machines,
respectively, and show that SPOT outperforms these two detection algorithms.
Design, Implementation, and Performance of a Load
Balancer for SIP Server Clusters.
ABSTRACT:
This paper introduces several novel load-balancing algorithms for distributing Session Initiation
Protocol (SIP) requests to a cluster of SIP servers. Our load balancer improves both throughput and
response time versus a single node while exposing a single interface to external clients. We present
the design, implementation, and evaluation of our system using a cluster of Intel x86 machines
running Linux. We compare our algorithms to several well-known approaches and present scalability
results for up to 10 nodes. Our best algorithm, Transaction Least-Work-Left (TLWL), achieves its
performance by integrating several features: knowledge of the SIP protocol, dynamic estimates of
back-end server load, distinguishing transactions from calls, recognizing variability in call length,
and exploiting differences in processing costs for different SIP transactions. By combining these
features, our algorithm provides finer-grained load balancing than standard approaches, resulting in

throughput improvements of up to 24% and response-time improvements of up to two orders of
magnitude. We present a detailed analysis of occupancy to show how our algorithms significantly
reduce response time.
Risk-Aware Mitigation for MANET Routing Attacks.
Abstract
Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the dynamic
nature of its network infrastructure. Among these attacks, routing attacks have received considerable
attention since it could cause the most devastating damage to MANET. Even though there exist
several intrusion response techniques to mitigate such critical attacks, existing solutions typically
attempt to isolate malicious nodes based on binary or nai¨ve fuzzy response decisions. However,
binary responses may result in the unexpected network partition, causing additional damages to the
network infrastructure, and nai¨ve fuzzy responses could lead to uncertainty in countering routing
attacks in MANET. In this paper, we propose a risk-aware response mechanism to systematically
cope with the identified routing attacks. Our risk-aware approach is based on an extended Dempster-
Shafer mathematical theory of evidence introducing a notion of importance factors. In addition, our
experiments demonstrate the effectiveness of our approach with the consideration of several
performance metrics.
An Efficient Caching Scheme and Consistency Maintenance
in Hybrid P2P System.
Abstract:
Peer-to-peer overlay networks are widely used in distributed systems. P2P networks can be divided
into two categories: structured peer-to-peer networks in which peers are connected by a regular
topology, and unstructured peer-to-peer networks in which the topology is arbitrary. The objective of
this work is to design a hybrid peer-to-peer system for distributed data sharing which combines the
advantages of both types of Peer-to-peer networks and minimizes their disadvantages. Consistency
maintenance is propagating the updates from a primary file to its replica. Adaptive consistency
maintenance algorithm (ACMA) maintains that periodically polls the file owner to update the file
due to minimum number of replicas consistency overhead is very low. Top Caching (TC) algorithm
helps to boost the system performance and to build a fully distributed cache for most popular
information. Our caching scheme can deliver lower query delay, better load balance and higher cache
hit ratios. It effectively relieves the over-caching problems for the most popular objects.

DoubleGuard: Detecting Intrusions in Multitier Web
Applications.
ABSTRACT:
Internet services and applications have become an inextricable part of daily life, enabling
communication and the management of personal information from anywhere. To accommodate this
increase in application and data complexity, web services have moved to a multitier design wherein
the web server runs the application front-end logic and data are outsourced to a database or file
server. In this paper, we present Double Guard, an IDS system that models the network behavior of
user sessions across both the front-end web server and the back-end database. By monitoring both
web and subsequent database requests, we are able to ferret out attacks that independent IDS would
not be able to identify. Furthermore, we quantify the limitations of any multitier IDS in terms of
training sessions and functionality coverage. We implemented Double Guard using an Apache web
server with MySQL and lightweight virtualization. We then collected and processed real-world
traffic over a 15-day period of system deployment in both dynamic and static web applications.
Finally, using DoubleGuard, we were able to expose a wide range of attacks with 100 percent
accuracy while maintaining 0 percent false positives for static web services and 0.6 percent false
positives for dynamic web services.
Insights on Media Streaming Progress Using BitTorrent-
Like Protocols for On-Demand Streaming.
Abstract—
—Streaming media is video or audio content sent in compressed form over the Internet and played
immediately, rather than being saved to the hard drive .With streaming media, a user does not have to
wait to download a file to play it. Because the media is sent in a continuous stream of data it can play
as it arrives. Users can pause, rewind or fast-forward, just as they could with a downloaded file,
unless the content is being streamed live.
—Our models provide insight into system behaviour and help explain the sluggishness of the system
with In-Order streaming.
—We use the models to compare different retrieval policies across a wide range of system
parameters, including peer arrival rate, upload/download bandwidth, and seed residence time.
—We also provide quantitative results on the startup delays and retrieval times for streaming media
delivery. Our results provide insights into the design tradeoffs for on-demand media streaming in
peer-to-peer networks.

—Finally, the models are validated using simulations.
Energy-Efficient Cooperative Videodistribution With
Statistical Qosprovisions Over Wireless Networks.
ABSTRACT:
For real-time video broadcast where multiple users are interested in the same content, mobile-to-
mobile cooperation can be utilized to improve delivery efficiency and reduce network utilization.
Under such cooperation, however, real-time video transmission requires end-to-end delay bounds.
Due to the inherently stochastic nature of wireless fading channels, deterministic delay bounds are
prohibitively difficult to guarantee. For a scalable video structure, an alternative is to provide
statistical guarantees using the concept of effective capacity/bandwidth by deriving quality of service
exponents for each video layer. Using this concept, we formulate the resource allocation problem for
general multi-hop multicast network flows and derive the optimal solution that minimizes the total
energy consumption while guaranteeing a statistical end-to-end delay bound on each network path. A
method is described to compute the optimal resource allocation at each node in a distributed fashion.
Furthermore, we propose low complexity approximation algorithms for energy-efficient flow
selection from the set of directed acyclic graphs forming the candidate network flows. The flow
selection and resource allocation process is adapted for each video frame according to the channel
conditions on the network links. Considering different network topologies, results demonstrate that
the proposed resource allocation and flow selection algorithms provide notable performance gains
with small optimality gaps at a low computational cost.
Detecting and Resolving Firewall Policy Anomalies.
ABSTRACT:
The advent of emerging computing technologies such as service-oriented architecture and cloud
computing has enabled us to perform business services more efficiently and effectively. However, we
still suffer from unintended security leakages by unauthorized actions in business services. Firewalls
are the most widely deployed security mechanism to ensure the security of private networks in most
businesses and institutions. The effectiveness of security protection provided by a firewall mainly
depends on the quality of policy configured in the firewall. Unfortunately, designing and managing
firewall policies are often error prone due to the complex nature of firewall configurations as well as
the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative
policy anomaly management framework for firewalls, adopting a rule-based segmentation technique
to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a

grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We
also discuss a proof-of- concept implementation of a visualization-based firewall policy analysis tool
called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how
efficiently our approach can discover and resolve anomalies in firewall policies through rigorous
experiments.
attacks Draining life from wireless ad-hoc sensor networks.
ABSTRACT:
Ad hoc low-power wireless networks are an exciting research direction in sensing and pervasive
computing. Prior security work in this area has focused primarily on denial of communication at the
routing or medium access control levels. This paper explores resource depletion attacks at the routing
protocol layer, which permanently disable networks by quickly draining nodes’ battery power. These
―Vampire‖ attacks are not specific to any specific protocol, but rather rely on the properties of many
popular classes of routing protocols. We find that all examined protocols are susceptible to Vampire
attacks, which are devastating, difficult to detect, and are easy to carry out using as few as one
malicious insider sending only protocol-compliant messages. In the worst case, a single Vampire can
increase network-wide energy usage by a factor of O (N), where N in the number of network nodes.
We discuss methods to mitigate these types of attacks, including a new proof-of-concept protocol
that provably bounds the damage caused by Vampires during the packet forwarding phase.
Instance Notification from patient to doctor throw Xmpp
Protocol.
Abstract
There is a need of continuous monitoring of vital parameters of patient at critical situation. The
current scenario in hospital has a digital display for such parameters which is observed by nurse. For
such monitoring a dedicated person(nurse) is required. But looking at the growing population this
ratio of one nurse per patient would be aconsiderable probable in future. So manually monitoring the
patient should be replaced by some other method. Online monitoring has attracted considerable
attraction for many years. It includes the applications which are not only limited up to industrial
process monitoring and control but has been extended up to civilian application areas like healthcare
application, home automation, traffic control etc. This paper discusses the feasibility of Instant
Notification System in Heterogeneous Sensor Network with Deployment of XMPP Protocol for
medical application. The system aims to provide an environment which enables medical practitioners
to distantly monitor various vital parameters of patients. For academic purpose we have limited this
system for use of monitoring patients’ body temperature and blood pressure. The proposed system
collects data from various heterogeneous sensor networks – for example: patients’ body temperature,

and blood pressure - converts it to a standard packet and provides the facility to send it over a
network using Extensible Messaging and Presence Protocol (XMPP)- (in more common terms
Instant Messaging (IM)). Use of heterogeneous sensor networks (HSN) provides the much required
platform independence, while XMPP enables the instant notification
Detecting Malicious Node In Wireless Ad-hoc Network.
Abstract
This work provides a solution to identify malicious nodes in wireless sensor networks through
detection of malicious message transmissions in a network. A message transmission is considered
suspicious if its signal strength is incompatible with its originator’s geographical position. We
provide protocols for detecting suspicious transmissions – and the consequent identification of
malicious nodes – and for disseminating this information in the network. We evaluate the detection
rate and the efficiency of our solution along a number of parameters.
Visual cryptography for biometric privacy.
Abstract— In this era due to unbelievable development in internet, various online attacks has been
increased. From all such attacks most popular attack is phishing. This attacks are done for extracting
confidential information such as banking information, passwords from unsuspecting victims for fraud
purposes. Confidential data can’t be directly uploaded on website since it is risky. Here in this paper
data is encrypted in video and visual cryptography for login purpose in our online database system
for providing more security .
Decentralized Queue Balancing and Differentiated Service
Scheme Based on Cooperative Control Concept.

In this paper, we introduce the concept of a bottleneck-routers cooperation in the explicit
rate-control framework of communication networks in order to mitigate congestion effects on
the network performance and balance the queues. The proposed controller at each router
(server or switch) regulates the rates of the heterogeneous source classes leveraging on
the cooperation of neighboring bottlenecks. We consider the model of multibottleneck
network in the presence of time delay and formulate global stability conditions suitable for
network parameters and controller gains design. The proposed approach guarantees good
performance in terms of link utilization, packet loss and fairness. Additionally it is
guaranteed queue balancing without requiring rerouting or hop-by-hop operation differently
from the existing approaches. A validation is carried out by a discrete packet experiment
simulator in a realistic multibottleneck scenario to demonstrate the effectiveness of the key
idea of the paper. Finally the proposed scheme is compared to some of well-known network
controller-type presented in the literature in both steady-state and dynamic network
scenario.
A Fast Re-Route Method.
Synopsis:
We present a method to find an alternate path, after a link failure, from a source node to a
destination node, before the Interior Gateway Protocol (e.g., OSPF or IS-IS) has had a
chance to reconverge in response to the failure. The target application is a small (up to tens
of nodes) regional access subnetwork of a service provider's network, which is a typical
access scale encountered in practice. We illustrate the method and prove that it will find a
path if one exists.
An Efficient Caching Scheme and Consistency Maintenance
in Hybrid P2P System.
Synopsis:
: Peer-to-peer overlay networks are widely used in distributed systems. P2P networks can be divided
into two categories: structured peer-to-peer networks in which peers are connected by a regular
topology, and unstructured peer-to-peer networks in which the topology is arbitrary. The objective of
this work is to design a hybrid peer-to-peer system for distributed data sharing which combines the
advantages of both types of peer-to-peer networks and minimizes their disadvantages. Consistency
maintenance is propagating the updates from a primary file to its replica. Adaptive consistency
maintenance algorithm (ACMA) maintains that periodically polls the file owner to update the file due to
minimum number of replicas consistency overhead is very low. Top Caching (TC) algorithm helps to
boost the system performance and to build a fully distributed cache for most popular information. Our

caching scheme can deliver lower query delay, better load balance and higher cache hit ratios. It
effectively relieves the over-caching problems for the most popular objects.
A New Multi-path Routing Methodology Based on Logit
Type Assignment.
Synopsis:
We present a new multi-path routing methodology called MLB-routing based on multinomial
logit model, which is well known as the random utility theory. The key concept of the study
is to incorporate multiple paths from same origin to destination, and distribute packets
followed by the multinomial logit type probability. Since MLB-routing is pure multi-path
routing, it reduce the severe convergence to same links and increases the bandwidth
utilization in the network. Compared to the existing multi-path routing schemes that select
pre-determined alternate paths, the proposed method can dynamically distribute packets to
every possible paths and thus is more efficient than them. Furthermore, it should be
mentioned that this methodology could be implemented as both link-state protocol and
distance-vector protocol. Therefore, it has enough affinity for present Internet mechanism.
Using simulations, we have also shown that this methodology produces more efficient use
of network and causes significant improvements in end-to-end delays and jitter times.
HALO: Hop-by-Hop Adaptive Link-State Optimal Routing.
Synopsis:
We present HALO, the first link-state routing solution with hop-by-hop packet forwarding
that minimizes the cost of carrying traffic through packet-switched networks. At each
node , for every other node , the algorithm independently and iteratively updates
the fraction of traffic destined to that leaves on each of its outgoing links. At each
iteration, the updates are calculated based on the shortest path to each destination as
determined by the marginal costs of the network's links. The marginal link costs used to find
the shortest paths are in turn obtained from link-state updates that are flooded through the
network after each iteration. For stationary input traffic, we prove that HALO converges to
the routing assignment that minimizes the cost of the network. Furthermore, we observe
that our technique is adaptive, automatically converging to the new optimal routing
assignment for quasi-static network changes. We also report numerical and experimental
evaluations to confirm our theoretical predictions, explore additional aspects of the solution,
and outline a proof-of-concept implementation of HALO.

Access Policy Consolidation for Event Processing Systems.
Synopsis:
Current event processing systems lack methods to preserve privacy constraints of incoming
event streams in a chain of subsequently applied stream operations. This is a problem in
large-scale distributed applications like a logistic chain where event processing operators
may be spread over multiple security domains. An adversary can infer from legally received
outgoing event streams confidential input streams of the event processing system. This
paper presents a fine-grained access management for complex event processing. Each
incoming event stream can be protected by the specification of an access policy and is
enforced by algorithms for access consolidation. The utility of the event processing system
is increased by providing and computing in a scalable manner a measure for the
obfuscation of event streams. An obfuscation threshold as part of the access policy allows
to ignore access requirements and deliver events which have achieved a sufficient high
obfuscation level.
Auditing for Network Coding Storage.
Synopsis:
Network coding-based storage has recently received a lot of attention in the network coding
community. Independently, another body of work has proposed integrity checking schemes
for cloud storage, none of which, however, is customized for network coding storage or can
efficiently support repair. In this work, we bridge the gap between these currently
disconnected bodies of work, and we focus on the (novel) advantage of network coding for
integrity checking. We propose NC-Audit - a remote data integrity checking scheme,
designed specifically for network coding-based storage cloud. NC-Audit provides a unique
combination of desired properties: (i) efficient checking of data integrity (ii) efficient support
for repairing failed nodes (iii) full support for modification of outsourced data and (iv)
protection against information leakage when checking is performed by a third party. The key
ingredient of the design of NC-Audit is a novel combination of SpaceMac, a
homomorphicMAC scheme for network coding, and NCrypt, a novel CPA-secure encryption
scheme that is compatible with SpaceMac. Our evaluation of a Java implementation of NC-
Audit shows that an audit costs the storage node and the auditor only a few milliseconds of
computation time, and lower bandwidth than prior work.
Buffer Sizing for 802.11 Based Networks.
Synopsis:

We consider the sizing of network buffers in IEEE 802.11-based networks. Wireless
networks face a number of fundamental issues that do not arise in wired networks. We
demonstrate that the use of fixed-size buffers in 802.11 networks inevitably leads to either
undesirable channel underutilization or unnecessary high delays. We present two novel
dynamic buffer-sizing algorithms that achieve high throughput while maintaining low delay
across a wide range of network conditions. Experimental measurements demonstrate the
utility of the proposed algorithms in a production WLAN and a lab test bed.
Optimized Multicast Routing Algorithm Based on Tree
Structure in MANETs .
Synopsis:
Mobile Ad hoc Networks (MANETs) play an important role in emergency communications
where network needs to be constructed temporarily and quickly. Since the nodes move
randomly, routing protocols must be highly effective and reliable to guarantee successful
packet delivery. Based on the data delivery structure, most of the existing multicast routing
protocols can be classified into two folders: tree-based and mesh-based. We observe that
tree-based ones have high forwarding efficiency and low consumptions of bandwidth, and
they may have poor robustness because only one link exists between two nodes. As a tree-
based multicast routing protocol, MAODV (Multicast Ad hoc On-demand Vector) shows an
excellent performance in lightweight ad hoc networks. As the load of network increases,
QoS (Quality of Service) is degraded obviously. In this paper, we analyze the impact of
network load on MAODV protocol, and propose an optimized protocol MAODV-BB
(Multicast Ad hoc On-demand Vector with Backup Branches), which improves robustness of
the MAODV protocol by combining advantages of the tree structure and the mesh structure.
It not only can update shorter tree branches but also construct a multicast tree with backup
branches. Mathematical analysis and simulation results both demonstrate that the MAODV-
BB protocol improves the network performance over conventional MAODV in heavy load ad
hoc networks.
Combining Cryptographic Primitives to Prevent Jamming
Attacks in Wireless Networks.
Synopsis:
The Open Nature of wireless medium leaves an intentional interference attack, typically
referred to as jamming. This intentional interference with wireless transmission launch pad
for mounting Denial-Of-Service attack on wireless networks. Typically, jamming has been
addresses under an external threat model. However, adversaries with internal knowledge of

protocol specification and network secrets can launch low-effort jamming attacks that are
difficult to detect and counter. In this work we address the problem of jamming attacks and
adversary is active for short period of time, selectively targeting the messages of high
importance. We show that the selective jamming attacks can be launched by performing
real-time packet classification at the physical layer. To mitigate these attacks, we develop
three schemes that prevent real-time packet classification by combining cryptographic
primitives with physical-layer attributes. They are Strong Hiding Commitment Schemes
(SHCS), Cryptographic Puzzles Hiding Schemes (CPHS), All-Or-Nothing Transformation
Hiding Schemes (AONTS-HS). Random key distribution methods are done along with three
schemes to give more secured packet transmission in wireless networks.
FireCol: A Collaborative Protection Network for the
Detection of Flooding DDoS Attacks.
Synopsis:
Distributed denial-of-service (DDoS) attacks remain a major security problem, the mitigation
of which is very hard especially when it comes to highly distributed botnet-based attacks.
The early discovery of these attacks, although challenging, is necessary to protect end-
users as well as the expensive network infrastructure resources. In this paper, we address
the problem of DDoS attacks and present the theoretical foundation, architecture, and
algorithms of FireCol. The core of FireCol is composed of intrusion prevention systems
(IPSs) located at the Internet service providers (ISPs) level. The IPSs form virtual protection
rings around the hosts to defend and collaborate by exchanging selected traffic information.
The evaluation of FireCol using extensive simulations and a real dataset is presented,
showing FireCol effectiveness and low overhead, as well as its support for incremental
deployment in real networks.
Delay Analysis and Optimality of Scheduling Policies for
Multi-Hop Wireless Networks.
Synopsis:
We analyze the delay performance of a multihop wireless network with a fixed route
between each source-destination pair. We develop a new queue grouping technique to
handle the complex correlations of the service process resulting from the multihop nature of
the flows. A general set-based interference model is assumed that imposes constraints on
links that can be served simultaneously at any given time. These interference constraints
are used to obtain a fundamental lower bound on the delay performance of any scheduling

policy for the system. We present a systematic methodology to derive such lower bounds.
For a special wireless system, namely the clique, we design a policy that is sample-path
delay-optimal. For the tandem queue network, where the delay-optimal policy is known, the
expected delay of the optimal policy numerically coincides with the lower bound. We
conduct extensive numerical studies to suggest that the average delay of the back-pressure
scheduling policy can be made close to the lower bound by using appropriate functions of
queue length.
Scaling Laws for Throughput Capacity and Delay in
Wireless Networks – A Survey.
Synopsis:
The capacity scaling law of wireless networks has been considered as one of the most
fundamental issues. In this survey, we aim at providing a comprehensive overview of the
development in the area of scaling laws for throughput capacity and delay in wireless
networks. We begin with background information on the notion of throughput capacity of
random networks. Based on the benchmark random network model, we then elaborate the
advanced strategies adopted to improve the throughput capacity, and other factors that
affect the scaling laws. We also present the fundamental tradeoffs between throughput
capacity and delay under a variety of mobility models. In addition, the capacity and delay for
hybrid wireless networks are surveyed, in which there are at least two types of nodes
functioning differently, e.g., normal nodes and infrastructure nodes. Finally, recent studies
on scaling law for throughput capacity and delay in emerging vehicular networks are
introduced.
Cross-Domain Privacy-Preserving Cooperative Firewall
Optimization.
Synopsis:
Firewalls have been widely deployed on the Internet for securing private networks. A firewall
checks each incoming or outgoing packet to decide whether to accept or discard the packet
based on its policy. Optimizing firewall policies is crucial for improving network performance.
Prior work on firewall optimization focuses on either intra-firewall or inter-firewall
optimization within one administrative domain where the privacy of firewall policies is not a
concern. This paper explores inter-firewall optimization across administrative domains for
the first time. The key technical challenge is that firewall policies cannot be shared across
domains because a firewall policy contains confidential information and even potential
security holes, which can be exploited by attackers. In this paper, we propose the first

cross-domain privacy-preserving cooperative firewall policy optimization protocol.
Specifically, for any two adjacent firewalls belonging to two different administrative domains,
our protocol can identify in each firewall the rules that can be removed because of the other
firewall. The optimization process involves cooperative computation between the two
firewalls without any party disclosing its policy to the other. We implemented our protocol
and conducted extensive experiments. The results on real firewall policies show that our
protocol can remove as many as 49% of the rules in a firewall whereas the average is
19.4%. The communication cost is less than a few hundred KBs. Our protocol incurs no
extra online packet processing overhead and the offline processing time is less than a few
hundred seconds.
Game-Theoretic Pricing for Video Streaming in Mobile
Networks.
Synopsis:
Mobile phones are among the most popular consumer devices, and the recent
developments of 3G networks and smart phones enable users to watch video programs by
subscribing data plans from service providers. Due to the ubiquity of mobile phones and
phone-to-phone communication technologies, data-plan subscribers can redistribute the
video content to nonsubscribers. Such a redistribution mechanism is a potential competitor
for the mobile service provider and is very difficult to trace given users' high mobility. The
service provider has to set a reasonable price for the data plan to prevent such
unauthorized redistribution behavior to protect or maximize his/her own profit. In this paper,
we analyze the optimal price setting for the service provider by investigating the equilibrium
between the subscribers and the secondary buyers in the content-redistribution network.
We model the behavior between the subscribers and the secondary buyers as a
noncooperative game and find the optimal price and quantity for both groups of users.
Based on the behavior of users in the redistribution network, we investigate the
evolutionarily stable ratio of mobile users who decide to subscribe to the data plan. Such an
analysis can help the service provider preserve his/her profit under the threat of the
redistribution networks and can improve the quality of service for end users.
Locating Equivalent Servants over P2P Networks.
Synopsis:
While peer-to-peer networks are mainly used to locate unique resources across the
Internet, new interesting deployment scenarios are emerging. Particularly, some
applications (e.g., VoIP) are proposing the creation of overlays for the localization of

services based on equivalent servants (e.g., voice relays). This paper explores the possible
overlay architectures that can be adopted to provide such services, showing how an
unstructured solution based on a scale-free overlay topology is an effective option to deploy
in this context. Consequently, we propose EQUATOR (EQUivalentservAntlocaTOR), an
unstructured overlay implementing the above mentioned operating principles, based on an
overlay construction algorithm that well approximates an ideal scale-free construction
model. We present both analytical and simulation results which support our overlay
topology selection and validate the proposed architecture.
Secure Data Retrieval for Decentralized Disruption-Tolerant
Military Networks.
Synopsis:
Mobile nodes in military environments such as a battlefield or a hostile region are likely to
suffer from intermittent network connectivity and frequent partitions. Disruption-tolerant
network (DTN) technologies are becoming successful solutions that allow wireless devices
carried by soldiers to communicate with each other and access the confidential information
or command reliably by exploiting external storage nodes. Some of the most challenging
issues in this scenario are the enforcement of authorization policies and the policies update
for secure data retrieval. Ciphertext-policy attribute-based encryption (CP-ABE) is a
promising cryptographic solution to the access control issues. However, the problem of
applying CP-ABE in decentralized DTNs introduces several security and privacy challenges
with regard to the attribute revocation, key escrow, and coordination of attributes issued
from different authorities. In this paper, we propose a secure data retrieval scheme using
CP-ABE for decentralized DTNs where multiple key authorities manage their attributes
independently. We demonstrate how to apply the proposed mechanism to securely and
efficiently manage the confidential data distributed in the disruption-tolerant military network.
Fault Node Recovery Algorithm for a Wireless Sensor
Network.
Synopsis:
This paper proposes a fault node recovery algorithm to enhance the lifetime of a wireless
sensor network when some of the sensor nodes shut down. The algorithm is based on the
grade diffusion algorithm combined with the genetic algorithm. The algorithm can result in
fewer replacements of sensor nodes and more reused routing paths. In our simulation, the
proposed algorithm increases the number of active nodes up to 8.7 times, reduces the rate

of data loss by approximately 98.8%, and reduces the rate of energy consumption by
approximately 31.1%.
Handling Multiple Failures in IP Networks through
Localized On-Demand Link State Routing.
Synopsis:
It has been observed that transient failures are fairly common in IP backbone networks and
there have been several proposals based on local rerouting to provide high network
availability despite failures. While most of these proposals are effective in handling single
failures, they either cause loops or drop packets in the case of multiple independent
failures. To ensure forwarding continuity even with multiple failures, we propose Localized
On-demand Link State (LOLS) routing. Under LOLS, each packet carries a blacklist, which
is a minimal set of failed links encountered along its path, and the next hop is determined by
excluding the blacklisted links. We show that the blacklist can be reset when the packet
makes forward progress towards the destination and hence can be encoded in a few bits.
Furthermore, blacklist-based forwarding entries at a router can be precomputed for a given
set of failures requiring protection. While the LOLS approach is generic, this paper
describes how it can be applied to ensure forwarding to all reachable destinations in case of
any two link or node failures. Our evaluation of this failure scenario based on various real
network topologies reveals that LOLS needs 6 bits in the worst case to convey the blacklist
information. We argue that this overhead is acceptable considering that LOLS routing
deviates from the optimal path by a small stretch only while routing around failures.
ProgME: Towards Programmable Network Measurement.
Synopsis:
Traffic measurements provide critical input for a wide range of network management
applications, including traffic engineering, accounting, and security analysis. Existing
measurement tools collect traffic statistics based on some predetermined, inflexible concept
of “flows.” They do not have sufficient built-in intelligence to understand the application
requirements or adapt to the traffic conditions. Consequently, they have limited scalability
with respect to the number of flows and the heterogeneity of monitoring applications. We
present ProgME, a Programmable MEasurement architecture based on a novel concept of
flowset-an arbitrary set of flows defined according to application requirements and/or traffic
conditions. Through a simple flowset composition language, ProgME can incorporate
application requirements, adapt itself to circumvent the scalability challenges posed by the
large number of flows, and achieve a better application-perceived accuracy. The modular

design of ProgME enables it to exploit the surging popularity of multicore processors to
cope with 7-Gb/s line rate. ProgME can analyze and adapt to traffic statistics in real time.
Using sequential hypothesis test, ProgME can achieve fast and scalable heavy hitter
identification
Fully Anonymous Proﬁle Matching in Mobile Social
Networks.
Synopsis:
In this paper, we study user profile matching with privacy-preservation in mobile social
networks (MSNs) and introduce a family of novel profile matching protocols. We first
propose an explicit Comparison-based Profile Matching protocol (eCPM) which runs
between two parties, an initiator and a responder. The eCPM enables the initiator to obtain
the comparison-based matching result about a specified attribute in their profiles, while
preventing their attribute values from disclosure. We then propose an implicit Comparison-
based Profile Matching protocol (iCPM) which allows the initiator to directly obtain some
messages instead of the comparison result from the responder. The messages unrelated to
user profile can be divided into multiple categories by the responder. The initiator implicitly
chooses the interested category which is unknown to the responder. Two messages in each
category are prepared by the responder, and only one message can be obtained by the
initiator according to the comparison result on a single attribute. We further generalize the
iCPM to an implicit Predicate-based Profile Matching protocol (iPPM) which allows complex
comparison criteria spanning multiple attributes. The anonymity analysis shows all these
protocols achieve the confidentiality of user profiles. In addition, the eCPM reveals the
comparison result to the initiator and provides only conditional anonymity; the iCPM and the
iPPM do not reveal the result at all and provide full anonymity. We analyze the
communication overhead and the anonymity strength of the protocols. We then present an
enhanced version of the eCPM, called eCPM+, by combining the eCPM with a novel
prediction-based adaptive pseudonym change strategy. The performance of the eCPM and
the eCPM+ are comparatively studied through extensive trace-based simulations.
Simulation results demonstrate that the eCPM+ achieves significantly higher anonymity
strength with slightly larger number of pseudonyms than the eCPM.
Independent Directed Acyclic Graphs for Resilient
Multipath Routing.
Synopsis:

In order to achieve resilient multipath routing, we introduce the concept of independent
directed acyclic graphs (IDAGs) in this paper. Link-independent (node-independent) DAGs
satisfy the property that any path from a source to the root on one DAG is link-disjoint
(node-disjoint) with any path from the source to the root on the other DAG. Given a network,
we develop polynomial-time algorithms to compute link-independent and node-independent
DAGs. The algorithm developed in this paper: 1) provides multipath routing; 2) utilizes all
possible edges; 3) guarantees recovery from single link failure; and 4) achieves all these
with at most one bit per packet as overhead when routing is based on destination address
and incoming edge. We show the effectiveness of the proposed IDAGs approach by
comparing key performance indices to that of the independent trees and multiple pairs of
independent trees techniques through extensive simulations.
Selﬁsh Overlay Network Creation and Maintenance.
Synopsis:
A foundational issue underlying many overlay network applications ranging from routing to
peer-to-peer file sharing is that of the network formation, i.e., folding new arrivals into an
existing overlay, and rewiring to cope with changing network conditions. Previous work has
considered the problem from two perspectives: devising practical heuristics for the case of
cooperative peers and performing game-theoretic analysis for the case of selfish peers. In
this paper, we unify the aforementioned thrusts by defining and studying the selfish
neighbor selection (SNS) game and its application to overlay routing. At the heart of SNS
stands the restriction that peers are allowed up to a certain number of neighbors. This
makes SNS substantially different from existing network formation games that impose no
bounds on peer degrees. Having bounded degrees has important practical consequences
as it permits the creation of overlay structures that require O(n) instead of O(n2
) link
monitoring overhead. We show that a node's “best response” wiring strategy amounts to
solving a k -median problem on asymmetric distance. Best-response wirings have
substantial practical utility as they permit selfish nodes to reap substantial performance
benefits when connecting to overlays of nonselfish nodes. A more intricate consequence is
that even nonselfish nodes can benefit from the existence of some selfish nodes since the
latter, via their local optimizations, create a highly optimized backbone, upon which even
simple heuristic wirings yield good performance. To capitalize on the above properties, we
design, build, and deploy EGOIST, an SNS-inspired prototype overlay routing system for
PlanetLab. We demonstrate that EGOIST outperforms existing heuristic overlays on a
variety of performance metrics, including delay, available bandwidth, and node utilization,
while it remains competitive with an optimal but unscalable full-mesh over- ay.
On the Role of Mobility for Multi-message Gossip.

Synopsis:
We consider information dissemination in a large n -user wireless network in which k users
wish to share a unique message with all other users. Each of the n users only has
knowledge of its own contents and state information; this corresponds to a one-sided push-
only scenario. The goal is to disseminate all messages efficiently, hopefully achieving an
order-optimal spreading rate over unicast wireless random networks. First, we show that a
random-push strategy-where a user sends its own or a received packet at random-is order-
wise suboptimal in a random geometric graph: specifically, Ω(√n) times slower than optimal
spreading. It is known that this gap can be closed if each user has “full” mobility, since this
effectively creates a complete graph. We instead consider velocity-constrained mobility
where at each time slot the user moves locally using a discrete random walk with
velocity v(n) that is much lower than full mobility. We propose a simple two-stage
dissemination strategy that alternates between individual message flooding (“self
promotion”) and random gossiping. We prove that this scheme achieves a close to optimal
spreading rate (within only a logarithmic gap) as long as the velocity is at
least v(n)=ω(√(logn/k)). The key insight is that the mixing property introduced by the partial
mobility helps users to spread in space within a relatively short period compared to the
optimal spreading time, which macroscopically mimics message dissemination over a
complete graph.
MeasuRouting: A Framework for Routing Assisted Trafﬁc
Monitoring.
Synopsis:
Monitoring transit traffic at one or more points in a network is of interest to network
operators for reasons of traffic accounting, debugging or troubleshooting, forensics, and
traffic engineering. Previous research in the area has focused on deriving a placement of
monitors across the network toward the end of maximizing the monitoring utility of the
network operator for a given traffic routing. However, both traffic characteristics and
measurement objectives can dynamically change over time, rendering a previously optimal
placement of monitors suboptimal. It is not feasible to dynamically redeploy/reconfigure
measurement infrastructure to cater to such evolving measurement requirements. We
address this problem by strategically routing traffic subpopulations over fixed monitors. We
refer to this approach as MeasuRouting. The main challenge for MeasuRouting is to work
within the constraints of existing intradomain traffic engineering operations that are geared
for efficiently utilizing bandwidth resources, or meeting quality-of-service (QoS) constraints,
or both. A fundamental feature of intradomain routing, which makes MeasuRouting feasible,
is that intradomain routing is often specified for aggregate flows. MeasuRouting can

therefore differentially route components of an aggregate flow while ensuring that the
aggregate placement is compliant to original traffic engineering objectives. In this paper, we
present a theoretical framework for MeasuRouting. Furthermore, as proofs of concept, we
present synthetic and practical monitoring applications to showcase the utility enhancement
achieved with MeasuRouting.
SPAF: Stateless FSA-based Packet Filters.
Synopsis:
We propose a stateless packet filtering technique based on finite-state automata (FSA).
FSAs provide a comprehensive framework with well-defined composition operations that
enable the generation of stateless filters from high-level specifications and their compilation
into efficient executable code without resorting to various opportunistic optimization
algorithms. In contrast with most traditional approaches, memory safety and termination can
be enforced with minimal run-time overhead even in cyclic filters, thus enabling full parsing
of complex protocols and supporting recursive encapsulation relationships. Experimental
evidence shows that this approach is viable and improves the state of the art in terms of
filter flexibility, performance, and scalability without incurring in the most common FSA
deficiencies, such as state-space explosion.
Optimizing Cloud Resources for Delivering IPTV Services
through Virtualization.
Synopsis:
Virtualized cloud-based services can take advantage of statistical multiplexing across
applications to yield significant cost savings. However, achieving similar savings with real-
time services can be a challenge. In this paper, we seek to lower a provider's costs for real-
time IPTV services through a virtualized IPTV architecture and through intelligent time-
shifting of selected services. Using Live TV and Video-on-Demand (VoD) as examples, we
show that we can take advantage of the different deadlines associated with each service to
effectively multiplex these services. We provide a generalized framework for computing the
amount of resources needed to support multiple services, without missing the deadline for
any service. We construct the problem as an optimization formulation that uses a generic
cost function. We consider multiple forms for the cost function (e.g., maximum, convex and

concave functions) reflecting the cost of providing the service. The solution to this
formulation gives the number of servers needed at different time instants to support these
services. We implement a simple mechanism for time-shifting scheduled jobs in a simulator
and study the reduction in server load using real traces from an operational IPTV network.
Our results show that we are able to reduce the load by ~24%(compared to a possible
~31.3% as predicted by the optimization framework).
Packet Loss Control Using Tokens at the Network Edge.
Synopsis:
Presently, the Internet accommodates simultaneous audio, video, and data traffic. This
requires the Internet to guarantee the packet loss which at its turn depends very much on
congestion control. A series of protocols have been introduced to supplement the
insufficient TCP mechanism controlling the network congestion. CSFQ was designed as an
open-loop controller to provide the fair best effort service for supervising the per-flow
bandwidth consumption and has become helpless when the P2P flows started to dominate
the traffic of the Internet. Token-Based Congestion Control (TBCC) is based on a closed-
loop congestion control principle, which restricts token resources consumed by an end-user
and provides the fair best effort service with O(1) complexity. As Self-Verifying CSFQ and
Re-feedback, it experiences a heavy load by policing inter-domain traffic for lack of trust. In
this paper, Stable Token-Limited Congestion Control (STLCC) is introduced as new
protocols which appends inter-domain congestion control to TBCC and make the
congestion control system to be stable. STLCC is able to shape output and input traffic at
the inter-domain link with O(1) complexity. STLCC produces a congestion index, pushes the
packet loss to the network edge and improves the network performance. Finally, the simple
version of STLCC is introduced. This version is deployable in the Internet without any IP
protocols modifications and preserves also the packet datagram.
TrickleDNS: Bootstrapping DNS Security using Social
Trust.
Synopsis:
This paper presents TrickleDNS, a decentralized system for proactive dissemination of DNS
data. Unlike prior solutions, which depend on the complete deployment of DNSSEC
standard to preserve data integrity, TrickleDNS offers an incrementally deployable solution
with a probabilistic guarantee on data integrity that becomes stronger as the adoption of
DNSSEC increases. TrickleDNS provides resilience from data corruption attacks and denial
of service attacks, including sybil attacks, using three key steps. First, TrickleDNS organizes

participating nameservers into a well-connected peer-to-peer Secure Network of
Nameservers (SNN) using two types of trust links: (a) strongly trusted social relationships
across DNS servers (which exist today); (b) random yet constrained weak trust links
between DNS servers, which it introduces. The SNN allows nameservers in the network to
reliably broadcast their public-keys to each other without relying on a centralized PKI.
Second, TrickleDNS reliably binds domains to their authoritative name servers through
independent verification by multiple, randomly chosen peers within the SNN. Finally,
TrickleDNS servers proactively disseminate self-certified versions of DNS records to
provide faster performance, better availability, and improved security.
Policy-by-Example for Online Social Networks.
Synopsis:
We introduce two approaches for improving privacy policy management in online social
networks. First, we introduce a mechanism using proven clustering techniques that assists users
in grouping their friends for group based policy management approaches. Second, we introduce
a policy management approach that leverages a user's memory and opinion of their friends to
set policies for other similar friends. We refer to this new approach as Same-As Policy
Management. To demonstrate the effectiveness of our policy management improvements, we
implemented a prototype Facebook application and conducted an extensive user study.
Leveraging proven clustering techniques, we demonstrated a 23% reduction in friend grouping
time. In addition, we demonstrated considerable reductions in policy authoring time using Same-
As Policy Management over traditional group based policy management approaches. Finally, we
presented user perceptions of both improvements, which are very encouraging.
Optimum Relay Selection for Energy-Efficient Cooperative
Ad Hoc Networks.
Synopsis:
The Cooperative Communication (CC) is a technology that allows multiple nodes to simultaneously
transmit the same data. It can save power and extend transmission coverage. However, prior research
work on topology control considers CC only in the aspect of energy saving, not that of coverage
extension. We identify the challenges in the development of a centralized topology control scheme,
named Cooperative Bridges, which reduces transmission power of nodes as well as increases network
connectivity. Prior research on topology control with CC only focuses on maintaining the network
connectivity, minimizing the transmission power of each node, whereas ignores the energy efficiency of
paths in constructed topologies. This may cause inefficient routes and hurt the overall network
performance in cooperative ad hoc networks. In this paper, to address this problem, we studied
topology control problem for energy-efficient topology control problem with cooperative

communication. We proposed optimum relay nodes selection for CC network to reduce overall power
consumption of network
Participatory Privacy: Enabling Privacy in Participatory
Sensing.
Synopsis:
Participatory sensing is an emerging computing paradigm that enables the distributed
collection of data by self-selected participants. It allows the increasing number of mobile
phone users to share local knowledge acquired by their sensor-equipped devices (e.g., to
monitor temperature, pollution level, or consumer pricing information). While research
initiatives and prototypes proliferate, their real-world impact is often bounded to
comprehensive user participation. If users have no incentive, or feel that their privacy might
be endangered, it is likely that they will not participate. In this article, we focus on privacy
protection in participatory sensing and introduce a suitable privacy-enhanced infrastructure.
First, we provide a set of definitions of privacy requirements for both data producers (i.e.,
users providing sensed information) and consumers (i.e., applications accessing the data).
Then we propose an efficient solution designed for mobile phone users, which incurs very
low overhead. Finally, we discuss a number of open problems and possible research
directions.
Price Differentiation for Communication Networks
Synopsis:
We study the optimal usage-based pricing problem in a resource-constrained network with
one profit-maximizing service provider and multiple groups of surplus-maximizing users.
With the assumption that the service provider knows the utility function of each user (thus
complete information), we find that the complete price differentiation scheme can achieve a
large revenue gain (e.g., 50%) compared to no price differentiation, when the total network
resource is comparably limited and the high-willingness-to-pay users are minorities.
However, the complete price differentiation scheme may lead to a high implementational
complexity. To trade off the revenue against the implementational complexity, we further
study the partial price differentiation scheme and design a polynomial-time algorithm that
can compute the optimal partial differentiation prices. We also consider the incomplete
information case where the service provider does not know to which group each user
belongs. We show that it is still possible to realize price differentiation under this scenario
and provide the sufficient and necessary condition under which an incentive-compatible
differentiation scheme can achieve the same revenue as under complete information.

Reliable Data Delivery in Mobile Adhoc Networks Using
Light Weight Verification Algorithm with High Node
Mobility .
Synopsis:
This paper addresses data aggregation and data packets issues for highly dynamic mobile ad hoc
networks and Wireless Sensor Networks thereby leading to a timely and reliable reduction in both
communication and energy consumption. But there might be node failures in existing systems and an
aggregation framework does not address issues of false subaggregate values due to compromised nodes
leading to huge errors in base station computed aggregates when data is transferred through mobile
sensor nodes. It cannot also transfer data after nodes fail at the intermediate level. This paper proposes
a novel lightweight verification algorithm and Position-based Opportunistic Routing (POR) protocol
which reduces node failure and data loss issues. Theoretical analysis and simulation prove that POR and
the novel lightweight verification algorithm achieve excellent performance under high node mobility
with acceptable overhead. Also the new void handling scheme performs efficiently.
Seed Block Algorithm: A Remote Smart Data Back-up
Technique for Cloud Computing
Synopsis:
In cloud computing, data generated in electronic form are large in amount. To maintain this
data efficiently, there is a necessity of data recovery services. To cater this, in this paper we
propose a smart remote data backup algorithm, Seed Block Algorithm (SBA). The objective
of proposed algorithm is twofold, first it help the users to collect information from any remote
location in the absence of network connectivity and second to recover the files in case of
the file deletion or if the cloud gets destroyed due to any reason. The time related issues
are also being solved by proposed SBA such that it will take minimum time for the recovery
process. Proposed SBA also focuses on the security concept for the back-up files stored at
remote server, without using any of the existing encryption techniques.
Topological Conditions for In-Network Stabilization of
Dynamical Systems.
Synopsis:

We study the problem of stabilizing a linear system over a wireless network using a simple
in-network computation method. Specifically, we study an architecture called the "Wireless
Control Network" (WCN), where each wireless node maintains a state, and periodically
updates it as a linear combination of neighboring plant outputs and node states. This
architecture has previously been shown to have low computational overhead and beneficial
scheduling and compositionality properties. In this paper we characterize fundamental
topological conditions to allow stabilization using such a scheme. To achieve this, we exploit
the fact that the WCN scheme causes the network to act as a linear dynamical system, and
analyze the coupling between the plant's dynamics and the dynamics of the network. We
show that stabilizing control inputs can be computed in-network if the vertex connectivity of
the network is larger than the geometric multiplicity of any unstable eigenvalue of the plant.
This condition is analogous to the typical min-cut condition required in classical information
dissemination problems. Furthermore, we specify equivalent topological conditions for
stabilization over a wired (or point-to-point) network that employs network coding in a
traditional way - as a communication mechanism between the plant's sensors and
decentralized controllers at the actuators.
Using Fuzzy Logic Control to Provide Intelligent Traffic
Management Service for High-Speed Networks
Synopsis:
In view of the fast-growing Internet traffic, this paper propose a distributed traffic
management framework, in which routers are deployed with intelligent data rate controllers
to tackle the traffic mass. Unlike other explicit traffic control protocols that have to estimate
network parameters (e.g., link latency, bottleneck bandwidth, packet loss rate, or the
number of flows) in order to compute the allowed source sending rate, our fuzzy-logic-
based controller can measure the router queue size directly; hence it avoids various
potential performance problems arising from parameter estimations while reducing much
consumption of computation and memory resources in routers. As a network parameter, the
queue size can be accurately monitored and used to proactively decide if action should be
taken to regulate the source sending rate, thus increasing the resilience of the network to
traffic congestion. The communication QoS (Quality of Service) is assured by the good
performances of our scheme such as max-min fairness, low queueing delay and good
robustness to network dynamics. Simulation results and comparisons have verified the
effectiveness and showed that our new traffic management scheme can achieve better
performances than the existing protocols that rely on the estimation of network parameters.
Cooperation Versus Multiplexing: Multicast Scheduling
Algorithms for OFDMA Relay Networks.

Synopsis:
With the next-generation cellular networks making a transition toward smaller cells, two-hop
orthogonal frequency-division multiple access (OFDMA) relay networks have become a
dominant, mandatory component in the 4G standards (WiMAX 802.16j, 3GPP LTE-Adv).
While unicast flows have received reasonable attention in two-hop OFDMA relay networks,
not much light has been shed on the design of efficient scheduling algorithms for multicast
flows. Given the growing importance of multimedia broadcast and multicast services
(MBMS) in 4G networks, the latter forms the focus of this paper. We show that while relay
cooperation is critical for improving multicast performance, it must be carefully balanced
with the ability to multiplex multicast sessions and hence maximize aggregate multicast
flow. To this end, we highlight strategies that carefully group relays for cooperation to
achieve this balance. We then solve the multicast scheduling problem under two OFDMA
subchannelization models. We establish the NP-hardness of the scheduling problem even
for the simpler model and provide efficient algorithms with approximation guarantees under
both models. Evaluation of the proposed solutions reveals the efficiency of the scheduling
algorithms as well as the significant benefits obtained from the multicasting strategy.
A Rank Correlation Based Detection against Distributed
Reflection DoS Attacks.
Synopsis:
DDoS presents a serious threat to the Internet since its inception, where lots of controlled
hosts flood the victim site with massive packets. Moreover, in Distributed Reflection DoS
(DRDoS), attackers fool innocent servers (reflectors) into flushing packets to the victim. But
most of current DRDoS detection mechanisms are associated with specific protocols and
cannot be used for unknown protocols. It is found that because of being stimulated by the
same attacking flow, the responsive flows from reflectors have inherent relations: the packet
rate of one converged responsive flow may have linear relationships with another. Based on
this observation, the Rank Correlation based Detection (RCD) algorithm is proposed. The
preliminary simulations indicate that RCD can differentiate reflection flows from legitimate
ones efficiently and effectively, thus can be used as a useable indicator for DRDoS.
A Keyless Approach to Image Encryption
Synopsis:
Maintaining the secrecy and confidentiality of images is a vibrant area of research, with two
different approaches being followed, the first being encrypting the images through

encryption algorithms using keys, the other approach involves dividing the image into
random shares to maintain the images secrecy. Unfortunately heavy computation cost and
key management limit the employment of the first approach and the poor quality of the
recovered image from the random shares limit the applications of the second approach. In
this paper we propose a novel approach without the use of encryption keys. The approach
employs Sieving, Division and Shuffling to generate random shares such that with minimal
computation, the original secret image can be recovered from the random shares without
any loss of image quality.
Retransmission Delays With Bounded Packets: Power-Law
Body and Exponential Tail.
Synopsis:
Retransmissions serve as the basic building block that communication protocols use to
achieve reliable data transfer. Until recently, the number of retransmissions was thought to
follow a geometric (light-tailed) distribution. However, recent work shows that when the
distribution of the packet sizes have infinite support, retransmission-based protocols may
result in heavy-tailed delays and possibly zero throughput even when the aforementioned
distribution is light-tailed. In reality, however, packet sizes are often bounded by the
maximum transmission unit (MTU), and thus the aforementioned result merits a deeper
investigation. To that end, in this paper, we allow the distribution of the packet size L to
have finite support. Under mild conditions, we show that the transmission duration
distribution exhibits a transition from a power-law main body to an exponential tail. The
timescale to observe the power-law main body is roughly equal to the average transmission
duration of the longest packet. The power-law main body, if significant, may cause the
channel throughput to be very close to zero. These theoretical findings provide an
understanding on why some empirical measurements suggest heavy tails. We use these
results to further highlight the engineering implications of distributions with power-law main
bodies and light tails by analyzing two cases: 1) the throughput of on-off channels with
retransmissions, where we show that even when packet sizes have small means and
bounded support the variability in their sizes can greatly impact system performance; 2) the
distribution of the number of jobs in an M/M/∞ queue with server failures. Here, we show
that retransmissions can cause long-range dependence and quantify the impact of the
maximum job sizes on the long-range dependence.
D2P: Distributed Dynamic Pricing Policyin Smart Grid for
PHEVs Management.

Synopsis:
Future large-scale deployment of plug-in hybrid electric vehicles (PHEVs) will render
massive energy demand on the electric grid during peak-hours. We propose an intelligent
distributed dynamic pricing (D2P) mechanism for the charging of PHEVs in a smart grid
architecture-an effort towards optimizing the energy consumption profile of PHEVs users.
Each micro-grid decides realtime dynamic price as home-price and roaming-price,
depending on the supply-demand curve, to optimize its revenue. Consequently, two types of
energy services are considered-home micro-grid energy, and foreign micro-grid energy.
After designing the PHEVs' mobility and battery models, the pricing policies for the home-
price and the roaming-price are presented. A decision making process to implement a cost-
effective charging and discharging method for PHEVs is also demonstrated based on the
real-time price decided by the micro-grids. We evaluate and compare the results of
distributed pricing policy with other existing centralized/distributed ones. Simulation results
show that using the proposed architecture, the utility corresponding to the PHEVs increases
by approximately 34 percent over that of the existing ones for optimal charging of PHEVs.
A New Cell-Counting-Based Attack Against Tor .
Synopsis:
Various low-latency anonymous communication systems such as Tor and Anonymizer have
been designed to provide anonymity service for users. In order to hide the communication
of users, most of the anonymity systems pack the application data into equal-sized cells
(e.g., 512 B for Tor, a known real-world, circuit-based, low-latency anonymous
communication network). Via extensive experiments on Tor, we found that the size of IP
packets in the Tor network can be very dynamic because a cell is an application concept
and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-
based attack against Tor, which allows the attacker to confirm anonymous communication
relationship among users very quickly. In this attack, by marginally varying the number of
cells in the target traffic at the malicious exit onion router, the attacker can embed a secret
signal into the variation of cell counter of the target traffic. The embedded signal will be
carried along with the target traffic and arrive at the malicious entry onion router. Then, an
accomplice of the attacker at the malicious entry onion router will detect the embedded
signal based on the received cells and confirm the communication relationship among
users. We have implemented this attack against Tor, and our experimental data validate its

feasibility and effectiveness. There are several unique features of this attack. First, this
attack is highly efficient and can confirm very short communication sessions with only tens
of cells. Second, this attack is effective, and its detection rate approaches 100% with a very
low false positive rate. Third, it is possible to implement the attack in a way that appears to
be very difficult for honest participants to detect (e.g., using our hopping-based signal
embedding).
Exploiting Cooperative Relay for High Performance
Communications in MIMO Ad Hoc Networks.
Synopsis:
With the popularity of wireless devices and the increase of computing and storage
resources, there are increasing interests in supporting mobile computing techniques.
Particularly, ad hoc networks can potentially connect different wireless devices to enable
more powerful wireless applications and mobile computing capabilities. To meet the ever
increasing communication need, it is important to improve the network throughput while
guaranteeing transmission reliability. Multiple-input-multiple-output (MIMO) technology can
provide significantly higher data rate in ad hoc networks where nodes are equipped with
multiantenna arrays. Although MIMO technique itself can support diversity transmission
when channel condition degrades, the use of diversity transmission often compromises the
multiplexing gain and is also not enough to deal with extremely weak channel. Instead, in
this work, we exploit the use of cooperative relay transmission (which is often used in a
single antenna environment to improve reliability) in a MIMO-based ad hoc network to cope
with harsh channel condition. We design both centralized and distributed scheduling
algorithms to support adaptive use of cooperative relay transmission when the direct
transmission cannot be successfully performed. Our algorithm effectively exploits the
cooperative multiplexing gain and cooperative diversity gain to achieve higher data rate and
higher reliability under various channel conditions. Our scheduling scheme can efficiently
invoke relay transmission without introducing significant signaling overhead as conventional
relay schemes, and seamlessly integrate relay transmission with multiplexed MIMO
transmission. We also design a MAC protocol to implement the distributed algorithm. Our
performance results demonstrate that the use of cooperative relay in a MIMO framework
could bring in a significant throughput improvement in all the scenarios studied, with the
variation of node density, link failure ratio, packet arrival - ate, and retransmission threshold.
On the Payoff Mechanisms in Peer-Assisted Services With
Multiple Content Providers: Rationality and Fairness.

Synopsis:
This paper studies an incentive structure for cooperation and its stability in peer-assisted
services when there exist multiple content providers, using a coalition game-theoretic
approach. We first consider a generalized coalition structure consisting of multiple providers
with many assisting peers, where peers assist providers to reduce the operational cost in
content distribution. To distribute the profit from cost reduction to players (i.e, providers and
peers), we then establish a generalized formula for individual payoffs when a “Shapley-like”
payoff mechanism is adopted. We show that the grand coalition is unstable, even when the
operational cost functions are concave, which is in sharp contrast to the recently studied
case of a single provider where the grand coalition is stable. We also show that irrespective
of stability of the grand coalition, there always exist coalition structures that are not
convergent to the grand coalition under a dynamic among coalition structures. Our results
give us an incontestable fact that a provider does not tend to cooperate with other providers
in peer-assisted services and is separated from them. Three facets of the noncooperative
(selfish) providers are illustrated: 1) underpaid peers; 2) service monopoly; and 3)
oscillatory coalition structure. Lastly, we propose a stable payoff mechanism that improves
fairness of profit sharing by regulating the selfishness of the players as well as grants the
content providers a limited right of realistic bargaining. Our study opens many new
questions such as realistic and efficient incentive structures and the tradeoffs between
fairness and individual providers' competition in peer-assisted services.
Designing Truthful Spectrum Double Auctions with Local
Markets.
Synopsis:
Market-driven spectrum auctions offer an efficient way to improve spectrum utilization by
transferring unused or underused spectrum from its primary license holder to spectrum-
deficient secondary users. Such a spectrum market exhibits strong locality in two aspects:
1) that spectrum is a local resource and can only be traded to users within the license area,
and 2) that holders can partition the entire license areas and sell any pieces in the market.
We design a spectrum double auction that incorporates such locality in spectrum markets,
while keeping the auction economically robust and computationally efficient. Our designs
are tailored to cases with and without the knowledge of bid distributions. Complementary
simulation studies show that spectrum utilization can be significantly improved when

distribution information is available. Therefore, an auctioneer can start from one design
without any a priori information, and then switch to the other alternative after accumulating
sufficient distribution knowledge. With minor modifications, our designs are also effective for
a profit-driven auctioneer aiming to maximize the auction revenue.
Target Tracking and Mobile Sensor Navigation in Wireless
Sensor Networks
Synopsis:
This work studies the problem of tracking signal-emitting mobile targets using navigated
mobile sensors based on signal reception. Since the mobile target's maneuver is unknown,
the mobile sensor controller utilizes the measurement collected by a wireless sensor
network in terms of the mobile target signal's time of arrival (TOA). The mobile sensor
controller acquires the TOA measurement information from both the mobile target and the
mobile sensor for estimating their locations before directing the mobile sensor's movement
to follow the target. We propose a min-max approximation approach to estimate the location
for tracking which can be efficiently solved via semidefinite programming (SDP) relaxation,
and apply a cubic function for mobile sensor navigation. We estimate the location of the
mobile sensor and target jointly to improve the tracking accuracy. To further improve the
system performance, we propose a weighted tracking algorithm by using the measurement
information more efficiently. Our results demonstrate that the proposed algorithm provides
good tracking performance and can quickly direct the mobile sensor to follow the mobile
target.
A Reliable Multi Grid Routing Protocol for Tactical
MANET..
Synopsis:
We propose a reliable multi-grid based routing protocol with the purpose of attaining high percentage
of data delivery in the tactical mobile ad hoc networks. In grid-based protocols, deployment region is
divided into small patches called ‘cells,’ which are the units of routing. Our routing protocol for tactical
MANETs employs multi-grid routing scheme adaptively uses varying cell sizes, unlike single-grid based
protocols. In a dense network, a small-cell grid is employed to serve more alternative cells for a path.
Meanwhile, a large-cell can be used to allow the probability of seamless data forwarding when the
network is sparse. Moreover, we propose two reliability metrics for the grid-based protocol based on
packet delivery rate between the cells and the status of the mobile nodes that enables relay node
selection in the cell for forwarding data. The results from the performance evaluation in network

simulator (ns-2.33 ) shows that our scheme shows high reliability over 90% of data delivery ratio, low-
latency and better overhead compared to the existing routing protocols.
Performance analysis of OSPF and EIGRP routing protocols
for greener internetworking.
Synopsis:
Routing protocol is taking a vital role in the modern internet era. A routing protocol
determines how the routers communicate with each other to forward the packets by taking
the optimal path to travel from a source node to a destination node. In this paper we have
explored two eminent protocols namely, Enhanced Interior Gateway Routing Protocol
(EIGRP) and Open Shortest Path First (OSPF) protocols. Evaluation of these routing
protocols is performed based on the quantitative metrics such as Convergence Time, Jitter,
End-to-End delay, Throughput and Packet Loss through the simulated network models. The
evaluation results show that EIGRP routing protocol provides a better performance than
OSPF routing protocol for real time applications. Through network simulations we have
proved that EIGRP is more CPU intensive than OSPF and hence uses a lot of system
power. Therefore EIGRP is a greener routing protocol and provides for greener
internetworking.
Distributed Mobile Sink Routing for Wireless Sensor
Networks: A Survey.
Synopsis:
The concentration of data traffic towards the sink in a wireless sensor network causes the
nearby nodes to deplete their batteries quicker than other nodes, which leaves the sink
stranded and disrupts the sensor data reporting. To mitigate this problem the usage of
mobile sinks is proposed. Mobile sinks implicitly provide load-balancing and help achieving
uniform energy-consumption across the network. However, the mechanisms to support the
sink mobility (e.g., advertising the location of the mobile sink to the network) introduce an
overhead in terms of energy consumption and packet delays. With these properties mobile
sink routing constitutes an interesting research field with unique requirements. In this paper,
we present a survey of the existing distributed mobile sink routing protocols. In order to
provide an insight to the rationale and the concerns of a mobile sink routing protocol, design
requirements and challenges associated with the problem of mobile sink routing are

determined and explained. A definitive and detailed categorization is made and the
protocols' advantages and drawbacks are determined with respect to their target
applications.
Message Authentication Using Proxy Vehicles in Vehicular
Ad Hoc Networks.
Synopsis:
Normally, authentication in vehicular ad-hoc networks (VANETs) uses Public Key
Infrastructure (PKI) to verify the integrity of messages and the identity of message senders.
The issues considered in the authentication schemes include the level of security and
computational efficiency in verification processes. Most existing schemes focus mainly on
assuring the security and privacy of VANET information. However, these schemes may not
work well in VANET scenarios. For instance, it is difficult for a RoadSide Unit (RSU) to verify
each vehicle’s signature sequentially when a large number of vehicles emerge in the
coverage areas of an RSU. To reduce the computational overhead of RSUs, we propose a
Proxy Based Authentication Scheme (PBAS) using distributed computing. In PBAS, proxy
vehicles are used to authenticate multiple messages with a verification function at the same
time. In addition, RSU is able to independently verify the outputs from the verification
function of the proxy vehicles. We also design an expedite key negotiation scheme for
transmitting sensitive messages. It is shown from the analysis and simulations that an RSU
can verify 26500 signatures per second simultaneously with the help of the proxy vehicles.
The time needed to verify 3000 signatures in PBAS can be reduced by 88% if compared to
existing batch-based authentication schemes.
Redundancy Management of Multipath Routing for
Intrusion Tolerance in Heterogeneous Wireless Sensor
Networks.
Synopsis:
In this paper we propose redundancy management of heterogeneous wireless sensor
networks (HWSNs), utilizing multipath routing to answer user queries in the presence of
unreliable and malicious nodes. The key concept of our redundancy management is to
exploit the tradeoff between energy consumption vs. the gain in reliability, timeliness, and
security to maximize the system useful lifetime. We formulate the tradeoff as an
optimization problem for dynamically determining the best redundancy level to apply to
multipath routing for intrusion tolerance so that the query response success probability is

maximized while prolonging the useful lifetime. Furthermore, we consider this optimization
problem for the case in which a voting-based distributed intrusion detection algorithm is
applied to detect and evict malicious nodes in a HWSN. We develop a novel probability
model to analyze the best redundancy level in terms of path redundancy and source
redundancy, as well as the best intrusion detection settings in terms of the number of voters
and the intrusion invocation interval under which the lifetime of a HWSN is maximized. We
then apply the analysis results obtained to the design of a dynamic redundancy
management algorithm to identify and apply the best design parameter settings at runtime
in response to environment changes, to maximize the HWSN lifetime.
Secure Data Retrieval for Decentralized Disruption-Tolerant
Military Networks.
Synopsis:
Mobile nodes in military environments such as a battlefield or a hostile region are likely to
suffer from intermittent network connectivity and frequent partitions. Disruption-tolerant
network (DTN) technologies are becoming successful solutions that allow wireless devices
carried by soldiers to communicate with each other and access the confidential information
or command reliably by exploiting external storage nodes. Some of the most challenging
issues in this scenario are the enforcement of authorization policies and the policies update
for secure data retrieval. Ciphertext-policy attribute-based encryption (CP-ABE) is a
promising cryptographic solution to the access control issues. However, the problem of
applying CP-ABE in decentralized DTNs introduces several security and privacy challenges
with regard to the attribute revocation, key escrow, and coordination of attributes issued
from different authorities. In this paper, we propose a secure data retrieval scheme using
CP-ABE for decentralized DTNs where multiple key authorities manage their attributes
independently. We demonstrate how to apply the proposed mechanism to securely and
efficiently manage the confidential data distributed in the disruption-tolerant military network.
A security-enhanced key authorization management scheme
for trusted computing platform.
Synopsis:
Secure storage is one of the important functionalities in trusted computing platform. The key
management is one of the important technologies in secure storage. There is a key
synchronization problem in the existing trusted key authorization management mechanism
for Trusted Computing Platform. To solve the problem, we propose a security-enhanced
trusted key authorization management scheme. The new scheme can effectively enhance

the trust and security of the trusted storage through adding child key information in parent
key.
Assessing the veracity of identity assertions via OSNs.
Synopsis:
Anonymity is one of the main virtues of the Internet, as it protects privacy and enables users
to express opinions more freely. However, anonymity hinders the assessment of the
veracity of assertions that online users make about their identity attributes, such as age or
profession. We propose FaceTrust, a system that uses online social networks to provide
lightweight identity credentials while preserving a user's anonymity. Face-Trust employs a
“game with a purpose” design to elicit the opinions of the friends of a user about the user's
self-claimed identity attributes, and uses attack-resistant trust inference to assign veracity
scores to identity attribute assertions. FaceTrust provides credentials, which a user can use
to corroborate his assertions. We evaluate our proposal using a live Facebook deployment
and simulations on a crawled social graph. The results show that our veracity scores
strongly correlate with the ground truth, even when a large fraction of the social network
users is dishonest and employs the Sybil attack.
Congestion Detection for Video Traffic in Wireless Sensor
Networks.
Synopsis:
Congestion control mechanisms include three phases: congestion detection, congestion
notification and rate adjustment. So far diverse congestion detection methods for sensor
networks are proposed. In this paper we introduce numerous congestion detection
parameters and examine them in various respects; finally we choose one of them as the
best parameter for video traffic in wireless sensor networks. Some of intended criteria for
comparing the parameters are cost, relation to quality of video, locality or being global in the
network, accuracy and speed of congestion detection. We simulated and concluded that
average delay is the most suitable parameter for congestion detection in these networks.
Continuous Neighbor Discovery in Asynchronous Sensor
Networks.
Synopsis:

In most sensor networks, the nodes are static. Nevertheless, node connectivity is subject to
changes because of disruptions in wireless communication, transmission power changes, or
loss of synchronization between neighboring nodes. Hence, even after a sensor is aware of
its immediate neighbors, it must continuously maintain its view, a process we call
continuous neighbor discovery. In this work, we distinguish between neighbor discovery
during sensor network initialization and continuous neighbor discovery. We focus on the
latter and view it as a joint task of all the nodes in every connected segment. Each sensor
employs a simple protocol in a coordinate effort to reduce power consumption without
increasing the time required to detect hidden sensors.
Toward Privacy Preserving and Collusion Resistance in a
Location Proof Updating System.
Synopsis:
Today's location-sensitive service relies on user's mobile device to determine the current
location. This allows malicious users to access a restricted resource or provide bogus alibis
by cheating on their locations. To address this issue, we propose A Privacy-Preserving
LocAtion proof Updating System (APPLAUS) in which colocated Bluetooth enabled mobile
devices mutually generate location proofs and send updates to a location proof server.
Periodically changed pseudonyms are used by the mobile devices to protect source location
privacy from each other, and from the untrusted location proof server. We also develop
user-centric location privacy model in which individual users evaluate their location privacy
levels and decide whether and when to accept the location proof requests. In order to
defend against colluding attacks, we also present betweenness ranking-based and
correlation clustering-based approaches for outlier detection. APPLAUS can be
implemented with existing network infrastructure, and can be easily deployed in Bluetooth
enabled mobile devices with little computation or power cost. Extensive experimental results
show that APPLAUS can effectively provide location proofs, significantly preserve the
source location privacy, and effectively detect colluding attacks.
Transfer Reliability and Congestion Control Strategies in
Opportunistic Networks: A Survey.
Synopsis:
Opportunistic networks are a class of mobile ad hoc networks (MANETs) where contacts
between mobile nodes occur unpredictably and where a complete end-to-end path between
source and destination rarely exists at one time. Two important functions, traditionally
provided by the transport layer, are ensuring the reliability of data transmission between

source and destination, and ensuring that the network does not become congested with
traffic. However, modified versions of TCP that have been proposed to support these
functions in MANETs are ineffective in opportunistic networks. In addition, opportunistic
networks require different approaches to those adopted in the more common intermittently
connected networks, e.g. deep space networks. In this article we capture the state of the art
of proposals for transfer reliability and storage congestion control strategies in opportunistic
networks. We discuss potential mechanisms for transfer reliability service, i.e. hop-by-hop
custody transfer and end-to-end return receipt. We also identify the requirements for
storage congestion control and categorise these issues based on the number of message
copies distributed in the networks. For single-copy forwarding, storage congestion
management and congestion avoidance mechanism are discussed. For multiple-copy
forwarding, the principal storage congestion control mechanisms are replication
management and drop policy. Finally, we identify open research issues in the field where
future research could usefully be focused.
Jamming-Aware Traffic Allocation for Multiple-Path
Routing Using Portfolio Selection.
Synopsis:
Multiple-path source routing protocols allow a data source node to distribute the total traffic
among available paths. In this paper, we consider the problem of jamming-aware source
routing in which the source node performs traffic allocation based on empirical jamming
statistics at individual network nodes. We formulate this traffic allocation as a lossy network
flow optimization problem using portfolio selection theory from financial statistics. We show
that in multisource networks, this centralized optimization problem can be solved using a
distributed algorithm based on decomposition in network utility maximization (NUM). We
demonstrate the network's ability to estimate the impact of jamming and incorporate these
estimates into the traffic allocation problem. Finally, we simulate the achievable throughput
using our proposed traffic allocation method in several scenarios.
Live Streaming With Receiver-Based Peer-Division
Multiplexing.
Synopsis:
A number of commercial peer-to-peer (P2P) systems for live streaming have been
introduced in recent years. The behavior of these popular systems has been extensively
studied in several measurement papers. Due to the proprietary nature of these commercial
systems, however, these studies have to rely on a “black-box” approach, where packet

traces are collected from a single or a limited number of measurement points, to infer
various properties of traffic on the control and data planes. Although such studies are useful
to compare different systems from the end-user's perspective, it is difficult to intuitively
understand the observed properties without fully reverse-engineering the underlying
systems. In this paper, we describe the network architecture of Zattoo, one of the largest
production live streaming providers in Europe at the time of writing, and present a large-
scale measurement study of Zattoo using data collected by the provider. To highlight, we
found that even when the Zattoo system was heavily loaded with as high as 20 000
concurrent users on a single overlay, the median channel join delay remained less than 2-5
s, and that, for a majority of users, the streamed signal lags over-the-air broadcast signal by
no more than 3 s.
Load-Balancing Multipath Switching System with Flow
Slice.
Synopsis:
Multipath Switching systems (MPS) are intensely used in state-of-the-art core routers to
provide terabit or even petabit switching capacity. One of the most intractable issues in
designing MPS is how to load balance traffic across its multiple paths while not disturbing
the intraflow packet orders. Previous packet-based solutions either suffer from delay
penalties or lead to O(N2
) hardware complexity, hence do not scale. Flow-based hashing
algorithms also perform badly due to the heavy-tailed flow-size distribution. In this paper, we
develop a novel scheme, namely, Flow Slice (FS) that cuts off each flow into flow slices at
every intraflow interval larger than a slicing threshold and balances the load on a finer
granularity. Based on the studies of tens of real Internet traces, we show that setting a
slicing threshold of 1-4 ms, the FS scheme achieves comparative load-balancing
performance to the optimal one. It also limits the probability of out-of-order packets to a
negligible level (10-6
) on three popular MPSes at the cost of little hardware complexity and
an internal speedup up to two. These results are proven by theoretical analyses and also
validated through trace-driven prototype simulations.

Optimal Power Allocation in Multi-Relay MIMO
Cooperative Networks: Theory and Algorithms.
Synopsis:
Cooperative networking is known to have significant potential in increasing network capacity
and transmission reliability. Although there have been extensive studies on applying
cooperative networking in multi-hop ad hoc networks, most works are limited to the basic
three-node relay scheme and single-antenna systems. These two limitations are
interconnected and both are due to a limited theoretical understanding of the optimal power
allocation structure in MIMO cooperative networks (MIMO-CN). In this paper, we study the
structural properties of the optimal power allocation in MIMO-CN with per-node power
constraints. More specifically, we show that the optimal power allocations at the source and
each relay follow a matching structure in MIMO-CN. This result generalizes the power
allocation result under the basic three-node setting to the multi-relay setting, for which the
optimal power allocation structure has been heretofore unknown. We further quantify the
performance gain due to cooperative relay and establish a connection between cooperative
relay and pure relay. Finally, based on these structural insights, we reduce the MIMO-CN
rate maximization problem to an equivalent scalar formulation. We then propose a global
optimization method to solve this simplified and equivalent problem
NABS: Novel Approaches for Biometric Systems.
Synopsis:
Research on biometrics has noticeably increased. However, no single bodily or behavioral
feature is able to satisfy acceptability, speed, and reliability constraints of authentication in
real applications. The present trend is therefore toward multimodal systems. In this paper,
we deal with some core issues related to the design of these systems and propose a novel
modular framework, namely, novel approaches for biometric systems (NABS) that we have
implemented to address them. NABS proposal encompasses two possible architectures
based on the comparative speeds of the involved biometries. It also provides a novel
solution for the data normalization problem, with the new quasi-linear sigmoid (QLS)
normalization function. This function can overcome a number of common limitations,
according to the presented experimental comparisons. A further contribution is the system
response reliability (SRR) index to measure response confidence. Its theoretical definition
allows to take into account the gallery composition at hand in assigning a system reliability
measure on a single-response basis. The unified experimental setting aims at evaluating
such aspects both separately and together, using face, ear, and fingerprint as test
biometries. The results provide a positive feedback for the overall theoretical framework

developed herein. Since NABS is designed to allow both a flexible choice of the adopted
architecture, and a variable compositions and/or substitution of its optional modules, i.e.,
QLS and SRR, it can support different operational settings.
SPREAD: Improving network security by multipath routing
in mobile ad hoc networks.
Synopsis:
We propose and investigate the SPREAD scheme as a complementary mechanism to enhance secure
data delivery in a mobile ad hoc network. The basic idea is to transform a secret message into multiple
shares, and then deliver the shares via multiple paths to the destination so that even if a certain number
of message shares are compromised, the secret message as a whole is not compromised. We present
the overall system architecture and discuss three major design issues: the mathematical model for the
generation and reconstruction of the secret message shares, the optimal allocation of the message
shares onto multiple paths in terms of security, and the multipath discovery techniques in a mobile ad hoc
network. Our extensive simulation results justify the feasibility and the effectiveness of the SPREAD
approach.
Reliability in Layered Networks With Random Link
Failures.
Synopsis:
We consider network reliability in layered networks where the lower layer experiences
random link failures. In layered networks, each failure at the lower layer may lead to multiple
failures at the upper layer. We generalize the classical polynomial expression for network
reliability to the multilayer setting. Using random sampling techniques, we develop
polynomial-time approximation algorithms for the failure polynomial. Our approach gives an
approximate expression for reliability as a function of the link failure probability, eliminating
the need to resample for different values of the failure probability. Furthermore, it gives
insight on how the routings of the logical topology on the physical topology impact network
reliability. We show that maximizing the min cut of the (layered) network maximizes
reliability in the low-failure-probability regime. Based on this observation, we develop
algorithms for routing the logical topology to maximize reliability.
Self-Reconﬁgurable Wireless Mesh Networks..
Synopsis:

During their lifetime, multihop wireless mesh networks (WMNs) experience frequent link
failures caused by channel interference, dynamic obstacles, and/or applications' bandwidth
demands. These failures cause severe performance degradation in WMNs or require
expensive manual network management for their real-time recovery. This paper presents an
autonomous network reconfiguration system (ARS) that enables a multiradio WMN to
autonomously recover from local link failures to preserve network performance. By using
channel and radio diversities in WMNs, ARS generates necessary changes in local radio
and channel assignments in order to recover from failures. Next, based on the thus-
generated configuration changes, the system cooperatively reconfigures network settings
among local mesh routers. ARS has been implemented and evaluated extensively on our
IEEE 802.11-based WMN test-bed as well as through ns2-based simulation. Our evaluation
results show that ARS outperforms existing failure-recovery schemes in improving channel-
efficiency by more than 90% and in the ability of meeting the applications' bandwidth
demands by an average of 200%.
Valuable Detours: Least-Cost Anypath Routing.
Synopsis:
In many networks, it is less costly to transmit a packet to any node in a set of neighbors
than to one specific neighbor. This observation was previously exploited by opportunistic
routing protocols by using single-path routing metrics to assign to each node a group of
candidate relays for a particular destination. This paper addresses the least-cost anypath
routing (LCAR) problem: how to assign a set of candidate relays at each node for a given
destination such that the expected cost of forwarding a packet to the destination is
minimized. The key is the following tradeoff: On one hand, increasing the number of
candidate relays decreases the forwarding cost, but on the other, it increases the likelihood
of “veering” away from the shortest-path route. Prior proposals based on single-path routing
metrics or geographic coordinates do not explicitly consider this tradeoff and, as a result, do
not always make optimal choices. The LCAR algorithm and its framework are general and
can be applied to a variety of networks and cost models. We show how LCAR can
incorporate different aspects of underlying coordination protocols, for example a link-layer
protocol that randomly selects which receiving node will forward a packet, or the possibility
that multiple nodes mistakenly forward a packet. In either case, the LCAR algorithm finds
the optimal choice of candidate relays that takes into account these properties of the link
layer. Finally, we apply LCAR to low-power, low-rate wireless communication and introduce
a new wireless link-layer technique to decrease energy transmission costs in conjunction
with anypath routing. Simulations show significant reductions in transmission cost to
opportunistic routing using single-path metrics. Furthermore, LCAR routes are more robust
and stable than those based on single-path distances due to the integrative nature of the
LCAR's route cost metric.

Networking for java and dotnet 2016 - 17

More Related Content

What's hot (19)

Viewers also liked (16)

Similar to Networking for java and dotnet 2016 - 17 (20)

More from redpel dot com (20)

Recently uploaded (20)

Networking for java and dotnet 2016 - 17