Sonia Fahmy’s research while affiliated with Purdue University West Lafayette and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (236)


Detecting network anomaly
  • Patent
  • Full-text available

March 2014

·

28 Reads

·

·

Sonia Fahmy

A method for detecting an anomaly in a network can include combining a number of data-created sketch-sets and requesting a finer sketch-set for an identified sketch-set among the combined number of sketch-sets using an aggregator, and creating the finer sketch-set for the identified sketch-set to detect the anomaly in the network using a monitor.

Download

Flow-based partitioning of network testbed experiments

January 2014

·

31 Reads

·

7 Citations

Computer Networks

Understanding the behavior of large-scale systems is challenging, but essential when designing new Internet protocols and applications. It is often infeasible or undesirable to conduct experiments directly on the Internet. Thus, simulation, emulation, and testbed experiments are important techniques for researchers to investigate large-scale systems. In this paper, we propose a platform-independent mechanism to partition a large network experiment into a set of small experiments that are sequentially executed. Each of the small experiments can be conducted on a given number of experimental nodes, e.g., the available machines on a testbed. Results from the small experiments approximate the results that would have been obtained from the original large experiment. We model the original experiment using a flow dependency graph. We partition this graph, after pruning uncongested links, to obtain a set of small experiments. We execute the small experiments iteratively. Starting with the second iteration, we model dependent partitions using information gathered about both the traffic and the network conditions during the previous iteration. Experimental results from several simulation and testbed experiments demonstrate that our techniques approximate performance characteristics, even with closed-loop traffic and congested links. We expose the fundamental tradeoff between the simplicity of the partitioning and experimentation process, and the loss of experimental fidelity.


Location matters: Eliciting responses to direct probes

December 2013

·

9 Reads

·

1 Citation

In this work, we propose techniques to attain visibility into an arbitrary Internet subnetwork that is responsive to indirect probes but not to direct probes. By probing the network from a small number of selected vantage points, we are able to collect information about network-layer topology which would otherwise be hidden from measurement due to rate limiting practices, security mechanisms, and routing dynamics. We investigate the reasons for differing visibility, and the required number and placement strategies of vantage points needed to collect topology information at a low cost. We demonstrate substantial improvement in global visibility as probed by the TraceNET path measurement tool when leveraging only five vantage points selected according to route similarity.


EasyScale: Easy mapping for large-scale network security experiments

October 2013

·

15 Reads

·

1 Citation

Network emulation enables network security evaluation using unmodified implementations. Experimental fidelity with emulation is higher than simulation through the integration of real hardware and systems, but the scalability of emulation testbeds is limited. Scaling techniques such as virtualization and real-time simulation enable larger scale experiments. Using scaling techniques for network security experiments can, however, require considerable expertise in order to avoid overloading resources. In this paper, we propose a new framework, EasyScale, that aims to bridge the current gap between emulation testbed users and large-scale security experiments possibly using multiple scaling techniques. Our results from distributed denial of service and worm attack experiments demonstrate that EasyScale can easily allocate testbed resources to the critical components in an experiment, lowering the barrier for testbed users to conduct high fidelity yet scalable network security experiments.


SYREN: Synergistic Link Correlation-Aware and Network Coding-Based Dissemination in Wireless Sensor Networks

August 2013

·

24 Reads

·

18 Citations

Rapid flooding is necessary for code updates and routing tree formation in wireless sensor networks. Link correlation-aware collective flooding (CF) is a recently proposed technique that provides a substrate for efficiently disseminating a single packet. Applying CF to multiple packet dissemination poses several challenges, such as reliability degradation, redundant transmissions, and increased contention among node transmissions. The varying link correlation observed in real networks makes the problem harder. In this paper, we propose a multi-packet flooding protocol, SYREN, that exploits the synergy among link correlation and network coding. In particular, SYREN exploits link correlation to eliminate the overhead of explicit control packets in networks with high correlation, and uses network coding to pipeline transmission of multiple packets via a novel, single yet scalable timer per node. SYREN reduces the number of redundant transmissions while achieving near-perfect reliability, especially in networks with low link correlation. Test bed experiments and simulations show that SYREN reduces the average number of transmissions by 30% and dissemination delay by more than 60% while achieving the same reliability as state-of-the-art protocols.


An Experimental Framework for BGP Security Evaluation

July 2013

·

17 Reads

it - Information Technology

Debbie Perouli

·

·

Iain Phillips

·

[...]

·

Rob Austein

Internet routing is based on implicit trust assumptions. Given the critical importance of the Internet and the increasing security threats, such simple trust relationships are no longer sufficient. Over the past decade, significant research has been devoted to securing the Internet routing system. The Internet Engineering Task Force (IETF) is well along in the process of standardizing routing security enhancements (Secure Inter-Domain Routing — SIDR, Keying and Authentication for Routing Protocols — KARP, etc.). However, the research challenges are not over: not only do these new protocols need to be tested for protocol conformance and interoperability, they also need to be evaluated both for their security properties and scaling performance. The purpose of this paper is two-fold: we outline the main security challenges in inter-domain routing and argue that research in this area has barely begun; and we take a closer look at a production implementation of one component and evaluate it at a fairly large scale. We discuss the difficulties we experienced and lessons learned; we also present some initial results.


Pegasus: Precision Hunting for Icebergs and Anomalies in Network Flows

April 2013

·

24 Reads

·

14 Citations

Proceedings - IEEE INFOCOM

Accurate online network monitoring is crucial for detecting attacks, faults, and anomalies, and determining traffic properties across the network. With high bandwidth links and consequently increasing traffic volumes, it is difficult to collect and analyze detailed flow records in an online manner. Traditional solutions that decouple data collection from analysis resort to sampling and sketching to handle large monitoring traffic volumes. We propose a new system, Pegasus, to leverage commercially available co-located compute and storage devices near routers and switches. Pegasus adaptively manages data transfers between monitors and aggregators based on traffic patterns and user queries. We use Pegasus to detect global icebergs or global heavy-hitters. Icebergs are flows with a common property that contribute a significant fraction of network traffic. For example, DDoS attack detection is an iceberg detection problem with a common destination IP. Other applications include identification of “top talkers,” top destinations, and detection of worms and port scans. Experiments with Abilene traces, sFlow traces from an enterprise network, and deployment of Pegasus as a live monitoring service on PlanetLab show that our system is accurate and scales well with increasing traffic and number of monitors.


Fig. 7. Comparison of the learned graph measures across time (2004-2011) for each topology generator. The Orbis generator is shown to be more similar to the Internet while WIT appears more random. Interestingly, there is a significant evolutionary transition in the Internet captured by the 15-19th graph measures.  
A MultiLevel Approach for Evaluating Internet Topology Generators

January 2013

·

56 Reads

·

11 Citations

The topology of a network (connectivity of autonomous systems (ASes) or routers) has significant implications on the design of protocols and applications, and on the placement of services and data centers. Researchers and practitioners alike need realistic topologies for their simulation, emulation, and testbed experiments. In this work, we propose a multi-level framework for analyzing Internet topologies and their evolution. Our multi-level framework includes novel measures, evaluation strategies, and techniques for automatically learning a representative set of graph measures. We apply our framework to analyze topologies from two recent topology generators, Orbis and WIT, according to how well they achieve their advertised objectives. The generated topologies are compared to a set of benchmark datasets that approximate different views of the Internet in the data (trace-route measurements), control (BGP), and management (WHOIS) planes. Our results demonstrate key limitations of popular generators, and show that the recent Internet clustering coefficient and average distance are not time-invariant as assumed by many models. Additionally, we develop a taxonomy of topology generators, and identify key challenges in topology modeling.


Reducing the complexity of BGP stability analysis with hybrid combinatorial-algebraic models

October 2012

·

10 Reads

·

3 Citations

Routing stability and correctness in the Internet have long been a concern. Despite this, few theoretical frameworks have been proposed to check BGP configurations for convergence and safety. The most popular approach is based on the Stable Paths Problem (SPP) model. Unfortunately, SPP requires enumeration of all possible control-plane paths, which is infeasible in large networks. In this work, we study how to apply algebraic frameworks to the BGP configuration checking problem. We propose an extension of the Stratified Shortest Path Problem (SSPP) model that has a similar expressive power to SPP, but enables more efficient checking of configuration correctness. Our approach remains valid when BGP policies are applied to iBGP sessions - a case which is often overlooked by previous work, although common in today's Internet. While this paper focuses mainly on iBGP problems, our methodology can be extended to eBGP if operators are willing to share their local-preference configurations.


Detecting the unintended in BGP policies

October 2012

·

22 Reads

·

2 Citations

Internet Service Providers (ISPs) use routing policies to implement the requirements of business contracts, manage traffic, address security concerns and increase scalability of their network. These routing policies are often a high-level expression of strategies or intentions of the ISP. They have meaning when viewed from a network-wide perspective (e.g., mark on ingress, filter on egress). However, configuring these policies for the Border Gateway Protocol (BGP) is undertaken at a low-level, on a per router basis. Unintended routing outcomes have been observed. In this work, we define a language that allows analysis of network-wide configurations at the high-level. This language aims at bridging the gap between router configurations and abstract mathematical models capable of capturing complex policies. The language can be used to verify desired properties of routing protocols and hence detect potential unintended states of BGP. The language is accompanied by a tool suite that parses router configuration languages (which by their nature are vendor-dependent) and translates them into vendor-independent representations of policies.


Citations (80)


... Challenges of near-far LoD schemes include lack of visual continuity between the near and far regions, lack of support for dynamic far regions, and lack of support for motion parallax in the far region, i.e., far region objects at different depths do not move with different speeds in the frame as the user FoV moves. These challenges are being addressed by current research [14], as seen in Figure 2. , yielding frames comparable to ground truth frames rendered from the geometry of the entire virtual environment (right) [14]. ...

Reference:

Ten Ways in which Virtual Reality Differs from Video Streaming
Complex Virtual Environments on Thin VR Systems Through Continuous Near-Far Partitioning
  • Citing Conference Paper
  • October 2022

... They propose mechanisms leveraging state-sharing among NFs and exploit parallel execution to reduce the cost of transactional statelessness. A piggybacking mechanism in proposed in [13], similar to the one in this work. However, their approach considers only AMF, SMF and UPF, unlike our Piggyback-based approach that spans all the involved NFs in the execution of control procedures. ...

Towards A Low-Cost Stateless 5G Core
  • Citing Conference Paper
  • July 2022

... Broadening our scope, the works we see the closest to ours come from the neighbouring area of microservices-the state-of-the-art style for cloud architectures. Proposals in this direction are by Baarzi and Kesidis [6], who present a framework for the deployment of microservices that infers and assigns affinity and anti-affinity traits to microservices to orient the distribution of resources and microservices replicas on the available machines; Sampaio et al. [33], who introduce an adaptation mechanism for microservice deployment based on microservice affinities (e.g., the more messages microservices exchange the more affine they are) and resource usage; Sheoran et al. [34], who propose an approach that computes procedural affinity of communication among microservices to make placement decisions. Looking at the industry, Azure Service Fabric [25] provides a notion of service affinity that ensures that the replicas of a service are placed on the same nodes as those of another, affine service. ...

Invenio: Communication Affinity Computation for Low-Latency Microservices
  • Citing Conference Paper
  • December 2021

... The cloud-native paradigm often emphasizes stateless services to simplify management and improve scalability. However, this approach has trade-offs, such as increased latency due to frequent interactions with external databases for state management [3]. Unlike stateless services, which can be easily restarted elsewhere, stateful microservices must preserve in-memory state during migration. ...

The Cost of Stateless Network Functions in 5G
  • Citing Conference Paper
  • December 2021

... Depending on the campus layout, computing nodes may be distributed at the locations of the 5G NR base stations or throughout the network infrastructure that connects the 5G NR base stations with the 5GC. Importantly, the 5GC processing is based on cloud-native microservices that can be flexibly processed in cloud computing units [113,114]. ...

Procedure-driven deployment support for the microservice era
  • Citing Conference Paper
  • December 2021

... Impressive research have been accomplished for coding [3,15,35,36], streaming [1,4,7,11,13,16,18,21,24,[29][30][31][32]37], FoV prediction [2,23,26], and edge-assisted delivery [6,19,27] of 360 video recently. However, a 360 video only covers the whole viewing sphere captured from a center position, and is typically projected onto a 2D plane and processed as a planar video. ...

Robust 360° Video Streaming via Non-Linear Sampling
  • Citing Conference Paper
  • May 2021

... Secondly, they consider RNN, LSTM and Linear Regression (LR) models to predict load traffic in 5G cells and thirdly, a closed-loop automation model is implemented to predict SMF resource usage and automatically instantiate SMF instances. The authors in [46] propose the adoption of AI techniques in order to optimize placement and scaling aspects in the 5G CN. They explore how AI-based scaling algorithms combined with functionality-aware placement can enable the design of network slices. ...

AI-Driven Provisioning in the 5G Core
  • Citing Article
  • February 2021

IEEE Internet Computing

... In the literature, there have been numerous research works focusing on service design based on cellular mobility data, e.g., urban planning and intelligent transportation [40][41][42], location-based services [14,43,44], smart cities [45][46][47][48], emergency response and disaster management [49][50][51], etc. For instance, based on large-scale cellular data, Schläpfer et al. [40] presented an understanding study on the universal patterns observed in human mobility. ...

Experience: towards automated customer issue resolution in cellular networks
  • Citing Conference Paper
  • September 2020

... For instance, a logjam attack allows an attacker to downgrade vulnerable transport layer security connections to 512-bit export-level encryption (Schinianakis, 2017). A downgrade attack can also force a UE to use a legacy network, vulnerable to many threats addressed by the newest generation (Angelogianni et al., 2020;Ghosh et al., 2019;Sheoran et al., 2019;Peltonen et al., 2021). ...

Nascent: Tackling Caller-ID Spoofing in 4G Networks via Efficient Network-Assisted Validation
  • Citing Conference Paper
  • April 2019