Novel techniques for optical performance monitoring in optical systems. / CUHK electronic theses & dissertations collection

January 2007

Chromatic dispersion (CD) is due to the fact that light with different frequencies travel at different speeds inside fiber. It causes pulse spreading and intersymbol interference (ISI) which would severely degrade the transmission performance. By feeding a signal into a fiber loop which consists of a high-birefringence (Hi-Bi) fiber, we experimentally show that the amount of experienced dispersion can be deduced from the RF power at a specific selected frequency which is determined by the length of the Hi-Bi fiber. Experimental results show that this technique can provide high monitoring resolution and dynamic range. / Polarization mode dispersion (PMD) splits an optical pulse into two orthogonally polarized pulses traveling along the fiber at different speeds, causing crosstalk and ISI. The third part of the thesis demonstrates two different PMD monitoring schemes. The first one is based on the analysis of frequency-resolved state-of-polarization (SOP) rotation, with signal spectrum broadened by self-phase modulation (SPM) effect. Experimental results show that the use of broadened signal spectrum induced by SPM not only relaxes the filter requirement and reduces the computational complexity, but also improves the estimation accuracy, and extends the monitoring range of the pulsewidth. The second one is based on the delay-tap asynchronous waveform sampling technique. By examining the statistical distribution of the measured scatter plot, unambiguous PMD measurement range up to 50% of signal bit-period is demonstrated. / The final part of the thesis focuses on the monitoring of alignment status between the pulse carver and data modulator in an optical system. We again employ the two-tap asynchronous sampling technique to perform such kind of monitoring in RZ-OOK transmission system. Experimental results show that both the misalignment direction and magnitude can be successfully determined. Besides, we propose and experimentally demonstrate the use of off-center optical filtering technique to capture the amount of spectrum broadening induced by the misalignment between the pulse-carver and the data modulator in RZ-DPSK transmission system. The same technique was also applied to monitor the synchronization between the old and the new data in synchronized phase re-modulation (SPRM) system. / The tremendous increase of data traffic in the worldwide Internet has driven the rapid development of optical networks to migrate from numerous point-to-point links towards meshed, transparent optical networks with dynamically routed light paths. This increases the need for appropriate network supervision methods. In view of this, optical performance monitoring (OPM) has emerged as an indispensable element for the quality assurance of an optical network. This thesis is devoted to the proposal of several new and accurate techniques to monitor different optical impairments so as to enhance proper network management. / When the optical signal is carried on fiber links with optical amplifiers, the accumulated amplified spontaneous emission (ASE) noise will result in erroneous detection of the received signals. The first part of the thesis presents a novel, simple, and robust in-band optical signal to noise ratio (OSNR) monitoring technique using phase modulator embedded fiber loop mirror (PM-FLM). This technique measures the in-band OSNR accurately by observing the output power of a fiber loop mirror filter, where the transmittance is adjusted by an embedded phase modulator driven by a low-frequency periodic signal. The robustness against polarization mode dispersion, chromatic dispersion, bit-rate, and partially polarized noise is experimentally demonstrated. / Ku, Yuen Ching. / "August 2007." / Adviser: Chan Chun-Kit. / Source: Dissertation Abstracts International, Volume: 69-02, Section: B, page: 1208. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2007. / Includes bibliographical references (p. 109-120). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract in English and Chinese. / School code: 1307.

Computer networks--Monitoring

Data transmission systems

Optical communications

Data analytics for networked and possibly private sources

Wang, Ting

05 April 2011

This thesis focuses on two grand challenges facing data analytical system designers and operators nowadays. First, how to fuse information from multiple autonomous, yet correlated sources and to provide consistent views of underlying phenomena? Second, how to respect externally imposed constraints (privacy concerns in particular) without compromising the efficacy of analysis? To address the first challenge, we apply a general correlation network model to capture the relationships among data sources, and propose Network-Aware Analysis (NAA), a library of novel inference models, to capture (i) how the correlation of the underlying sources is reflected as the spatial and/or temporal relevance of the collected data, and (ii) how to track causality in the data caused by the dependency of the data sources. We have also developed a set of space-time efficient algorithms to address (i) how to correlate relevant data and (ii) how to forecast future data. To address the second challenge, we further extend the concept of correlation network to encode the semantic (possibly virtual) dependencies and constraints among entities in question (e.g., medical records). We show through a set of concrete cases that correlation networks convey significant utility for intended applications, and meanwhile are often used as the steppingstone by adversaries to perform inference attacks. Using correlation networks as the pivot for analyzing privacy-utility trade-offs, we propose Privacy-Aware Analysis (PAA), a general design paradigm of constructing analytical solutions with theoretical backing for both privacy and utility.

Privacy

Network

Data Analytics

Data mining

Computer networks Monitoring

Scalable and efficient distributed algorithms for defending against malicious Internet activity

Sung, Minho

31 July 2006

The threat of malicious Internet activities such as Distributed Denial of Service (DDoS) attacks, spam emails or Internet worms/viruses has been increasing in the last several years. The impact and frequency of these malicious activities are expected to grow unless they are properly addressed. In this thesis, we propose to design and evaluate a set of practical and effective protection measures against potential malicious activities in current and future networks. Our research objective is twofold. First, we design the methods to defend against DDoS attacks. Our research focuses on two important issues related to DDoS attack defense mechanisms. One issue is the method to trace the sources of attacking packets, which is known as IP traceback. We propose a novel packet logging based (i.e., hash-based) traceback scheme using only a one-bit marking field in IP header. It reduces processing and storage cost by an order of magnitude than the existing hash-based schemes, and is therefore scalable to much higher link speed (e.g., OC-768). Next, we propose an improved traceback scheme with lower storage overhead by using more marking space in IP header. Another issue in DDoS defense is to investigate protocol-independent techniques for improving the throughput of legitimate traffic during DDoS attacks. We propose a novel technique that can effectively filter out the majority of DDoS traffic, thus improving the overall throughput of the legitimate traffic. Second, we investigate the problem of distributed network monitoring. We propose a set of novel distributed data streaming algorithms that allow scalable and efficient monitoring of aggregated traffic. Our algorithms target the specific network monitoring problem of finding common content in traffic traversing several nodes/links across the Internet. These algorithms find applications in network-wide intrusion detection, early warning for fast propagating worms, and detection of hot objects and spam traffic.

Network security

DDoS attack

Computer networks Security measures

Computer networks Monitoring

Monitoring-as-a-service in the cloud

Meng, Shicong

03 April 2012

State monitoring is a fundamental building block for Cloud services. The demand for providing state monitoring as services (MaaS) continues to grow and is evidenced by CloudWatch from Amazon EC2, which allows cloud consumers to pay for monitoring a selection of performance metrics with coarse-grained periodical sampling of runtime states. One of the key challenges for wide deployment of MaaS is to provide better balance among a set of critical quality and performance parameters, such as accuracy, cost, scalability and customizability. This dissertation research is dedicated to innovative research and development of an elastic framework for providing state monitoring as a service (MaaS). We analyze limitations of existing techniques, systematically identify the need and the challenges at different layers of a Cloud monitoring service platform, and develop a suite of distributed monitoring techniques to support for flexible monitoring infrastructure, cost-effective state monitoring and monitoring-enhanced Cloud management. At the monitoring infrastructure layer, we develop techniques to support multi-tenancy of monitoring services by exploring cost sharing between monitoring tasks and safeguarding monitoring resource usage. To provide elasticity in monitoring, we propose techniques to allow the monitoring infrastructure to self-scale with monitoring demand. At the cost-effective state monitoring layer, we devise several new state monitoring functionalities to meet unique functional requirements in Cloud monitoring. Violation likelihood state monitoring explores the benefits of consolidating monitoring workloads by allowing utility-driven monitoring intensity tuning on individual monitoring tasks and identifying correlations between monitoring tasks. Window based state monitoring leverages distributed windows for the best monitoring accuracy and communication efficiency. Reliable state monitoring is robust to both transient and long-lasting communication issues caused by component failures or cross-VM performance interferences. At the monitoring-enhanced Cloud management layer, we devise a novel technique to learn about the performance characteristics of both Cloud infrastructure and Cloud applications from cumulative performance monitoring data to increase the cloud deployment efficiency.

State monitoring

Cloud monitoring

Distributed systems

Cloud computing

Computer networks Monitoring

Distributed databases

Cyberinfrastructure

An exploratory study of techniques in passive network telescope data analysis

Cowie, Bradley

January 2013

Careful examination of the composition and concentration of malicious traffic in transit on the channels of the Internet provides network administrators with a means of understanding and predicting damaging attacks directed towards their networks. This allows for action to be taken to mitigate the effect that these attacks have on the performance of their networks and the Internet as a whole by readying network defences and providing early warning to Internet users. One approach to malicious traffic monitoring that has garnered some success in recent times, as exhibited by the study of fast spreading Internet worms, involves analysing data obtained from network telescopes. While some research has considered using measures derived from network telescope datasets to study large scale network incidents such as Code-Red, SQLSlammer and Conficker, there is very little documented discussion on the merits and weaknesses of approaches to analyzing network telescope data. This thesis is an introductory study in network telescope analysis and aims to consider the variables associated with the data received by network telescopes and how these variables may be analysed. The core research of this thesis considers both novel and previously explored analysis techniques from the fields of security metrics, baseline analysis, statistical analysis and technical analysis as applied to analysing network telescope datasets. These techniques were evaluated as approaches to recognize unusual behaviour by observing the ability of these techniques to identify notable incidents in network telescope datasets

Web search engines

Internet searching

World Wide Web

Malware (Computer software)

Computer viruses

Computer networks -- Monitoring

Computer networks -- Security measures

Vulnerabilities in SNMPv3

Lawrence, Nigel Rhea

10 July 2012

Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.

Vulnerability

Man-in-the-middle

MITM

Exploit

Weakness

Authoritative

Non-authoritative

USM

TSM

Rfc1443

1443

Auth

Authentication

NMS

Manager

Management

Embedded

Computer networks Monitoring

Computer networks Management

On the construction of decentralised service-oriented orchestration systems

Jaradat, Ward

January 2016

Modern science relies on workflow technology to capture, process, and analyse data obtained from scientific instruments. Scientific workflows are precise descriptions of experiments in which multiple computational tasks are coordinated based on the dataflows between them. Orchestrating scientific workflows presents a significant research challenge: they are typically executed in a manner such that all data pass through a centralised computer server known as the engine, which causes unnecessary network traffic that leads to a performance bottleneck. These workflows are commonly composed of services that perform computation over geographically distributed resources, and involve the management of dataflows between them. Centralised orchestration is clearly not a scalable approach for coordinating services dispersed across distant geographical locations. This thesis presents a scalable decentralised service-oriented orchestration system that relies on a high-level data coordination language for the specification and execution of workflows. This system's architecture consists of distributed engines, each of which is responsible for executing part of the overall workflow. It exploits parallelism in the workflow by decomposing it into smaller sub-workflows, and determines the most appropriate engines to execute them using computation placement analysis. This permits the workflow logic to be distributed closer to the services providing the data for execution, which reduces the overall data transfer in the workflow and improves its execution time. This thesis provides an evaluation of the presented system which concludes that decentralised orchestration provides scalability benefits over centralised orchestration, and improves the overall performance of executing a service-oriented workflow.

004.6

Secure Digital Provenance: Challenges and a New Design

Rangwala, Mohammed M.

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / Derived from the field of art curation, digital provenance is an unforgeable record of a digital object's chain of successive custody and sequence of operations performed on the object. It plays an important role in accessing the trustworthiness of the object, verifying its reliability and conducting audit trails of its lineage. Digital provenance forms an immutable directed acyclic graph (DAG) structure. Since history of an object cannot be changed, once a provenance chain has been created it must be protected in order to guarantee its reliability. Provenance can face attacks against the integrity of records and the confidentiality of user information, making security an important trait required for digital provenance. The digital object and its associated provenance can have different security requirements, and this makes the security of provenance different from that of traditional data. Research on digital provenance has primarily focused on provenance generation, storage and management frameworks in different fields. Security of digital provenance has also gained attention in recent years, particularly as more and more data is migrated in cloud environments which are distributed and are not under the complete control of data owners. However, there still lacks a viable secure digital provenance scheme which can provide comprehensive security for digital provenance, particularly for generic and dynamic ones. In this work, we address two important aspects of secure digital provenance that have not been investigated thoroughly in existing works: 1) capturing the DAG structure of provenance and 2) supporting dynamic information sharing. We propose a scheme that uses signature-based mutual agreements between successive users to clearly delineate the transition of responsibility of the digital object as it is passed along the chain of users. In addition to preserving the properties of confidentiality, immutability and availability for a digital provenance chain, it supports the representation of DAG structures of provenance. Our scheme supports dynamic information sharing scenarios where the sequence of users who have custody of the document is not predetermined. Security analysis and empirical results indicate that our scheme improves the security of the typical secure provenance schemes with comparable performance.

availability

confidentiality

cryptography

integrity

provenance

signatures

Cryptography -- Research

Data protection -- Research

Digital signatures

Cultural property -- Protection

Computer networks -- Security measures

Database management

Databases -- Quality control

Computer networks -- Monitoring

Information services -- Quality control

Application software -- Development

Computer programs -- Validation