Visible to the public Biblio

Filters: Author is Cheng, Guang  [Clear All Filters]
2023-02-17
Wu, Hua, Zhang, Xuange, Chen, Tingzheng, Cheng, Guang, Hu, Xiaoyan.  2022.  IM-Shield: A Novel Defense System against DDoS Attacks under IP Spoofing in High-speed Networks. ICC 2022 - IEEE International Conference on Communications. :4168–4173.
DDoS attacks are usually accompanied by IP spoofing, but the availability of existing DDoS defense systems for high-speed networks decreases when facing DDoS attacks with IP spoofing. Although IP traceback technologies are proposed to focus on IP spoofing in DDoS attacks, there are problems in practical application such as the need to change existing protocols and extensive infrastructure support. To defend against DDoS attacks under IP spoofing in high-speed networks, we propose a novel DDoS defense system, IM-Shield. IM-Shield uses the address pair consisting of the upper router interface MAC address and the destination IP address for DDoS attack detection. IM-Shield implements fine-grained defense against DDoS attacks under IP spoofing by filtering the address pairs of attack traffic without requiring protocol and infrastructure extensions to be applied on the Internet. Detection experiments using the public dataset show that in a 10Gbps high-speed network, the detection precision of IM-Shield for DDoS attacks under IP spoofing is higher than 99.9%; and defense experiments simulating real-time processing in a 10Gbps high-speed network show that IM-Shield can effectively defend against DDoS attacks under IP spoofing.
2022-07-12
Hu, Xiaoyan, Shu, Zhuozhuo, Song, Xiaoyi, Cheng, Guang, Gong, Jian.  2021.  Detecting Cryptojacking Traffic Based on Network Behavior Features. 2021 IEEE Global Communications Conference (GLOBECOM). :01—06.
Bitcoin and other digital cryptocurrencies have de-veloped rapidly in recent years. To reduce hardware and power costs, many criminals use the botnet to infect other hosts to mine cryptocurrency for themselves, which has led to the proliferation of mining botnets and is referred to as cryptojacking. At present, the mechanisms specific to cryptojacking detection include host-based, Deep Packet Inspection (DPI) based, and dynamic network characteristics based. Host-based detection requires detection installation and running at each host, and the other two are heavyweight. Besides, DPI-based detection is a breach of privacy and loses efficacy if encountering encrypted traffic. This paper de-signs a lightweight cryptojacking traffic detection method based on network behavior features for an ISP, without referring to the payload of network traffic. We set up an environment to collect cryptojacking traffic and conduct a cryptojacking traffic study to obtain its discriminative network traffic features extracted from only the first four packets in a flow. Our experimental study suggests that the machine learning classifier, random forest, based on the extracted discriminative network traffic features can accurately and efficiently detect cryptojacking traffic.
2022-05-06
Hu, Xiaoyan, Song, Xiaoyi, Cheng, Guang, Gong, Jian, Yang, Lu, Chen, Honggang, Liang, Zhichao.  2021.  Towards Efficient Co-audit of Privacy-Preserving Data on Consortium Blockchain via Group Key Agreement. 2021 17th International Conference on Mobility, Sensing and Networking (MSN). :494–501.
Blockchain is well known for its storage consistency, decentralization and tamper-proof, but the privacy disclosure and difficulty in auditing discourage the innovative application of blockchain technology. As compared to public blockchain and private blockchain, consortium blockchain is widely used across different industries and use cases due to its privacy-preserving ability, auditability and high transaction rate. However, the present co-audit of privacy-preserving data on consortium blockchain is inefficient. Private data is usually encrypted by a session key before being published on a consortium blockchain for privacy preservation. The session key is shared with transaction parties and auditors for their access. For decentralizing auditorial power, multiple auditors on the consortium blockchain jointly undertake the responsibility of auditing. The distribution of the session key to an auditor requires individually encrypting the session key with the public key of the auditor. The transaction initiator needs to be online when each auditor asks for the session key, and one encryption of the session key for each auditor consumes resources. This work proposes GAChain and applies group key agreement technology to efficiently co-audit privacy-preserving data on consortium blockchain. Multiple auditors on the consortium blockchain form a group and utilize the blockchain to generate a shared group encryption key and their respective group decryption keys. The session key is encrypted only once by the group encryption key and stored on the consortium blockchain together with the encrypted private data. Auditors then obtain the encrypted session key from the chain and decrypt it with their respective group decryption key for co-auditing. The group key generation is involved only when the group forms or group membership changes, which happens very infrequently on the consortium blockchain. We implement the prototype of GAChain based on Hyperledger Fabric framework. Our experimental studies demonstrate that GAChain improves the co-audit efficiency of transactions containing private data on Fabric, and its incurred overhead is moderate.
2020-04-06
Hu, Xiaoyan, Zheng, Shaoqi, Zhao, Lixia, Cheng, Guang, Gong, Jian.  2019.  Exploration and Exploitation of Off-path Cached Content in Network Coding Enabled Named Data Networking. 2019 IEEE 27th International Conference on Network Protocols (ICNP). :1—6.

Named Data Networking (NDN) intrinsically supports in-network caching and multipath forwarding. The two salient features offer the potential to simultaneously transmit content segments that comprise the requested content from original content publishers and in-network caches. However, due to the complexity of maintaining the reachability information of off-path cached content at the fine-grained packet level of granularity, the multipath forwarding and off-path cached copies are significantly underutilized in NDN so far. Network coding enabled NDN, referred to as NC-NDN, was proposed to effectively utilize multiple on-path routes to transmit content, but off-path cached copies are still unexploited. This work enhances NC-NDN with an On-demand Off-path Cache Exploration based Multipath Forwarding strategy, dubbed as O2CEMF, to take full advantage of the multipath forwarding to efficiently utilize off-path cached content. In O2CEMF, each network node reactively explores the reachability information of nearby off-path cached content when consumers begin to request a generation of content, and maintains the reachability at the coarse-grained generation level of granularity instead. Then the consumers simultaneously retrieve content from the original content publisher(s) and the explored capable off-path caches. Our experimental studies validate that this strategy improves the content delivery performance efficiently as compared to that in the present NC-NDN.

2020-01-21
Hu, Xiaoyan, Zheng, Shaoqi, Gong, Jian, Cheng, Guang, Zhang, Guoqiang, Li, Ruidong.  2019.  Enabling Linearly Homomorphic Signatures in Network Coding-Based Named Data Networking. Proceedings of the 14th International Conference on Future Internet Technologies. :1–4.

Network coding has been proposed to be built into Named Data Networking (NDN) for achieving efficient simultaneous content delivery. Network coding allows intermediate nodes to perform arbitrary coding operations on Data packets. One salient feature of NDN is its content-based security by protecting each Data packet with a signature signed by its publisher. However, in the network coding-based NDN, it remains unclear how to securely and efficiently sign a recoded Data packet at an intermediate router. This work proposes a mechanism to enable linearly homomorphic signatures in network coding-based NDN so as to directly generate a signature for a recoded Data packet by combining the signatures of those Data packets on which the recoding operation is performed.