Documentation in open-source projects is often a problem. In my latest experiences with Omnet++, an open-source network simulator, I have been trying to install the simulator as well as INET and MiXiM extensions on an Ubuntu platform. In order to install, one would expect to read the INSTALL file. Indeed, this does seem to have instructions for installation. However, after hours of not being able to get extensions to work, it was pointed out that the INET installation MiXiM depends on is not the standard, but a custom branch of the INET project referred to in another README file in the MiXiM archive. Argh.
On a related note, it looks like it will take some work to get INET to simulate wireless interference well. Open-source takes work, I suppose!
Wednesday, December 8, 2010
Another blow to end-to-end
NetFence attempts to prevent DoS attacks by modifying the network to allow it to be slightly more intelligent. The routers gain the ability to inspect and police sender traffic as well as perform some security operations in an effort to minimize the effect of DoS attacks. This is another violation of the end-to-end principle that seems to be beneficial. In fact, it begs the question of whether DoS is a direct consequence of the end-to-end principle.
DoS relies on using a large number of hosts to bombard the target with constant requests. If the end-to-end principle is to be followed, then the responsibility for handling this attack must be placed entirely on the target of the attack. Since this involves inspecting and deciding what to do with a large amount of data, it seems the right approach would be a distributed/parallelized approach. The natural way to accomplish this is with an approach like NetFence; we have to violate the end-to-end principle in order to be able to handle this attack very well. Again, it seems that end-to-end is a useful simplification, but a sometimes dangerous and obsolete one.
DoS relies on using a large number of hosts to bombard the target with constant requests. If the end-to-end principle is to be followed, then the responsibility for handling this attack must be placed entirely on the target of the attack. Since this involves inspecting and deciding what to do with a large amount of data, it seems the right approach would be a distributed/parallelized approach. The natural way to accomplish this is with an approach like NetFence; we have to violate the end-to-end principle in order to be able to handle this attack very well. Again, it seems that end-to-end is a useful simplification, but a sometimes dangerous and obsolete one.
Failure to success conversion
ASTUTE was presented in SIGCOMM 2010. What struck me about their paper is that from their introduction, it looks like they were trying to compete with Kalman filter-based and Wavelet anomaly detection. They seemed to fail to compete with them directly, but they turned their failure to detect as much as Kalman into a success by observing that ASTUTE detects different anomalous behavior than Kalman, and that working in tandem, they are more successful. The lesson to be learned is that research doesn't have to reach the conclusions hoped for to be useful.
Subscribe to:
Posts (Atom)