Discrete optimization for network security and reliability

Any network problems in essence equal to some principle questions in Discrete Mathematics, since all network elements can be abstracted as basic discrete structures, such as graphs, trees and permutations. One branch of discrete math, Graph Theory serves as abundant sources of theoretical support for network researches, from which people have been exploring since the last decade. However, the potential of another branch, Combinatorial Group Testing, has been overlooked, because of the intrinsic differences between its classic model and the practical network problems. In this thesis, we attempt to fill the gap between Group Testing Theory and Network Optimization Problems, and then provide novel theoretical frameworks and efficient solutions through discrete optimizations for four network security and reliability problems. Specifically, we first provide a new size-constraint model for Group Testing, which thus can find many matches to practical network problems, and then propose an improvement over its traditional optimization solution. Then, we study two network security problems: Defending Application-Layer and Wireless Jamming Denial-of-Service Attacks and two reliability problems: Localizing All-Optical Network Link Failures and Assessing Network Topological Vulnerabilities. For each of these problems, we present a novel optimization framework, show its theoretical hardness, provide efficient algorithms with performance analysis, describe the implementation details and feasibility/scalability, and discuss over potential improvements and future directions.

[1]  Wenyuan Xu,et al.  Wireless Jamming Localization by Exploiting Nodes' Hearing Ranges , 2010, DCOSS.

[2]  Wenyuan Xu,et al.  Localizing jammers in wireless networks , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[3]  Amin Karbasi,et al.  Graph-Constrained Group Testing , 2010, IEEE Transactions on Information Theory.

[4]  Haim Kaplan,et al.  Optimal Cover of Points by Disks in a Simple Polygon , 2011, SIAM J. Comput..

[5]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[6]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[7]  Mari Maeda Management and control of transparent optical networks , 1998, IEEE J. Sel. Areas Commun..

[8]  Weili Wu,et al.  New Construction for Transversal Design , 2006, J. Comput. Biol..

[9]  Anukool Lakhina,et al.  BRITE: Universal Topology Generation from a User''s Perspective , 2001 .

[10]  Wenyuan Xu,et al.  Channel surfing and spatial retreats: defenses against wireless denial of service , 2004, WiSe '04.

[11]  Taieb Znati,et al.  On Approximation of New Optimization Methods for Assessing Network Vulnerability , 2010, 2010 Proceedings IEEE INFOCOM.

[12]  Suresh Subramaniam,et al.  On monitoring transparent optical networks , 2002, Proceedings. International Conference on Parallel Processing Workshop.

[13]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[14]  Ding-Zhu Du,et al.  New Constructions of One- and Two-Stage Pooling Designs , 2008, J. Comput. Biol..

[15]  Mikhail J. Atallah,et al.  Indexing Information for Data Forensics , 2005, ACNS.

[16]  David Eppstein,et al.  Improved Combinatorial Group Testing Algorithms for Real-World Problem Sizes , 2005, SIAM J. Comput..

[17]  Othman Sidek,et al.  Reed Solomon Coding for Frequency Hopping Spread Spectrum in Jamming Environment , 2008 .

[18]  Samir Khuller,et al.  The complexity of finding most vital arcs and nodes , 1995 .

[19]  Jau-Chuan Ke,et al.  Mean response time for a G/G/1 queueing system: Simulated computation , 2007, Appl. Math. Comput..

[20]  David Pisinger,et al.  Multi-objective and multi-constrained non-additive shortest path problems , 2011, Comput. Oper. Res..

[21]  Leslie G. Valiant,et al.  Universality considerations in VLSI circuits , 1981, IEEE Transactions on Computers.

[22]  Rami G. Melhem,et al.  Live Baiting for Service-Level DoS Attackers , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[23]  Richard M. Karp,et al.  Theoretical Improvements in Algorithmic Efficiency for Network Flow Problems , 1972, Combinatorial Optimization.

[24]  C. Pandu Rangan,et al.  Algorithmic aspects of clique-transversal and clique-independent sets , 2000, Discret. Appl. Math..

[25]  Terence D. Todd,et al.  Multi-constraint QoS routing using a new single mixed metric , 2004, ICC.

[26]  Charles A. Brackett,et al.  Dense Wavelength Division Multiplexing Networks: Principles and Applications , 1990, IEEE J. Sel. Areas Commun..

[27]  Taieb Znati,et al.  Reactive jamming attacks in multi-radio wireless sensor networks: an efficient mitigating measure by identifying trigger nodes , 2009, FOWANC '09.

[28]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[29]  Janelle J. Harms,et al.  Fast Exact MultiConstraint Shortest Path Algorithms , 2007, 2007 IEEE International Conference on Communications.

[30]  Uyless D. Black,et al.  IP Routing Protocols: RIP, OSPF, BGP, PNNI and Cisco Routing Protocols , 2000 .

[31]  Yonggang Wen,et al.  Efficient fault-diagnosis algorithms for all-optical WDM networks with probabilistic link failures , 2005, Journal of Lightwave Technology.

[32]  Michael Mitzenmacher,et al.  A Brief History of Generative Models for Power Law and Lognormal Distributions , 2004, Internet Math..

[33]  Virgil D. Gligor,et al.  Guaranteeing Access in Spite of Distributed Service-Flooding Attacks (Discussion) , 2003, Security Protocols Workshop.

[34]  Ozan K. Tonguz,et al.  Failure location algorithm for transparent optical networks , 2005, IEEE Journal on Selected Areas in Communications.

[35]  Nam P. Nguyen,et al.  A Graph-Theoretic QoS-Aware Vulnerability Assessment for Network Topologies , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[36]  David S. Johnson,et al.  The Rectilinear Steiner Tree Problem is NP Complete , 1977, SIAM Journal of Applied Mathematics.

[37]  Michael Weber,et al.  Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[38]  My T. Thai,et al.  Approximation algorithms of non‐unique probes selection for biological target identification , 2007 .

[39]  Taieb Znati,et al.  On Detection of Malicious Users Using Group Testing Techniques , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[40]  Wenyuan Xu,et al.  Jamming sensor networks: attack and defense strategies , 2006, IEEE Network.

[41]  Sampath Kannan,et al.  Group testing problems with sequences in experimental molecular biology , 1997, Proceedings. Compression and Complexity of SEQUENCES 1997 (Cat. No.97TB100171).