2014R. Beraldi, M. Paolucci, F. Petroni, L. Querzoni
LCBM: Statistics-based Parallel Collaborative Filtering
To appear in Proceedings of the 17th International Conference on Business Information Systems (BIS), 2014
"In the last ten years, recommendation systems evolved from novelties to powerful business tools, deeply changing the internet industry. Collaborative Filtering (CF) represents today’s a widely adopted strategy to build recommendation engines. The most advanced CF techniques (i.e. those based on matrix factorization) provide high quality results, but may incur prohibitive computational costs when applied to very large data sets. In this paper we present Linear Classifier of Beta distributions Means (LCBM), a novel collaborative filtering algorithm for binary ratings that is (i) inherently parallelizable and (ii) provides results whose quality is on-par with state-of-the-art solutions (iii) at a fraction of the computational cost."
|Downloads:||bib - BibTeX reference
L. Aniello, R. Baldoni, C. Ciccotelli, G. Di Luna, F. Frontali, L. Querzoni
The Overlay Scan Attack: Inferring Topologies of Distributed Pub/Sub Systems through Broker Saturation
To appear in Proceedings of the 8th International Conference on Distributed Event Based Systems (DEBS), 2014
"While pub/sub communication middleware has become mainstream in many application domains, little has been done to assess its weaknesses from a security standpoint. Complex attacks are usually planned by attackers by carefully analyzing the victim to identify those systems that, if successfully targeted, could provide the most effective result. In this paper we show that some pub/sub middleware are inherently vulnerable to a specific kind of preparatory attack, namely the Overlay Scan Attack, that a malicious user could exploit to infer the internal topology of a system, a sensible information that could be used to plan future attacks. The topology inference is performed by only using the standard primitives provided by the pub/sub middleware and assuming minimal knowledge on the target system. The practicality of this at- tack has been shown both in a simulated environment and through a test performed on a SIENA pub/sub deployment."
|Downloads:||bib - BibTeX reference
L. Aniello, S. Bonomi, F. Lombardi, A. Zelli, R. Baldoni
An Architecture for Automatic Scaling of Replicated Services
To appear in the Proceedings of the 2nd International Conference on NETworked sYStems (NETYS), 2014
"Replicated services that allow to scale dynamically can adapt to requests load. Choosing the right number of replicas is fundamental to avoid performance worsening when input spikes occur and to save resources when the load is low. Current mechanisms for automatic scaling are mostly based on fixed thresholds on CPU and memory usage, which are not sufficiently accurate and often entail late countermeasures. We propose Make Your Service Elastic (MYSE), an architecture for automatic scaling of generic replicated services based on queuing models for accurate response time estimation. Requests and service times patterns are analyzed to learn and predict over time their distribution so as to allow for early scaling. A novel heuristic is proposed to avoid the flipping phenomenon. We carried out simulations that show promising results for what concerns the effectiveness of our approach."
|Downloads:||bib - BibTeX reference
Timely Processing of Big Data in Collaborative Large-Scale Distributed Systems
PhD thesis -
"Today’s Big Data phenomenon, characterized by huge volumes of data produced at very high rates by heterogeneous and geographically dispersed sources, is fostering the employment of large-scale distributed systems in order to leverage parallelism, fault tolerance and locality awareness with the aim of delivering suitable performances. Among the several areas where Big Data is gaining increasing significance, the protection of Critical Infrastructure is one of the most strategic since it impacts on the stability and safety of
entire countries. Intrusion detection mechanisms can benefit a lot from novel Big Data technologies because these allow to exploit much more information in order to sharpen the accuracy of threats discovery.
A key aspect for increasing even more the amount of data at disposal for detection purposes is the collaboration (meant as information sharing) among distinct actors that share the common goal of maximizing the chances to recognize malicious activities earlier. Indeed, if an agreement can be found to share their data, they all have the possibility to definitely improve their cyber defenses. The abstraction of Semantic Room (SR) allows interested parties to form trusted and contractually regulated federations, the Semantic Rooms, for the sake of secure information sharing and processing. Another crucial point for the effectiveness of cyber protection mechanisms is the timeliness of the detection, because the sooner a threat is identified, the faster proper countermeasures can be put in place so as to confine any damage.
Within this context, the contributions reported in this thesis are threefold
* As a case study to show how collaboration can enhance the efficacy of security tools, we developed a novel algorithm for the detection of stealthy port scans, named R-SYN (Ranked SYN port scan detection). We implemented it in three distinct technologies, all of them integrated within an SR-compliant architecture that allows for collaboration through information sharing: (i) in a centralized
Complex Event Processing (CEP) engine (Esper), (ii) in a framework for distributed event processing (Storm) and (iii) in Agilis, a novel platform for batch-oriented processing which leverages the Hadoop framework and a RAM-based storage for fast data access. Regardless of the employed technology, all the evaluations have shown that increasing the number of participants (that is, increasing the amount of input data at disposal), allows to improve the detection accuracy. The experiments made clear that a distributed approach allows for lower detection latency and for keeping up with higher input throughput, compared with a centralized one.
* Distributing the computation over a set of physical nodes introduces the issue of improving the way available resources are assigned to the elaboration tasks to execute, with the aim of minimizing the time the computation takes to complete. We investigated this aspect in Storm by developing two distinct scheduling algorithms, both aimed at decreasing the average elaboration time of the single
input event by decreasing the inter-node traffic. Experimental evaluations showed that these two algorithms can improve the performance up to 30%.
* Computations in online processing platforms (like Esper and Storm) are run continuously, and the need of refining running computations or adding new computations, together with the need to cope with the variability of the input, requires the possibility to adapt the resource allocation at runtime, which entails a set of additional problems. Among them, the most relevant concern how to cope with incoming data and processing state while the topology is being reconfigured, and the issue of temporary reduced performance. At this aim, we also explored the alternative approach of running the computation periodically on batches of input data: although it involves a performance penalty on the elaboration latency, it allows to eliminate the great complexity of dynamic reconfigurations. We chose Hadoop as batch-oriented processing framework and we developed some strategies specific for dealing with computations based on time windows, which are very likely to be used for pattern recognition purposes, like in the case of intrusion detection. Our evaluations provided a comparison of these strategies and made evident the kind of performance that this approach can provide."
|Downloads:||pdf - PhD Thesis Aniello
bib - BibTeX reference
G. Lodi, L. Aniello, G. Di Luna, R. Baldoni
An Event-based Platform for Collaborative Threats Detection and Monitoring
Information Systems, volume 39, pages 175-195, 2014
"Organizations must protect their information systems from a variety of threats. Usually they employ isolated defenses such as firewalls, intrusion detection and fraud monitoring systems, without cooperating with the external world. Organizations belonging to the same markets (e.g., financial organizations, telco providers) typically suffer from the same cyber crimes. Sharing and correlating information could help them in early
detecting those crimes and mitigating the damages.
The paper introduces the Semantic Room (SR) abstraction which enables the development of collaborative and contractually regulated eventbased platforms, on the top of Internet, where data from different information systems are shared and correlated to detect and timely react to coordinated Internet-based security threats (e.g., port scans, botnet) and frauds. The paper describes the SR life cycle management and, to show the flexibility of the abstraction, it proposes the design, implementation and validation of two SRs. The first SR detects inter-domain port scan attacks, the second monitors frauds performed in Italy.
In both cases, we use real data traces for demonstrating the effectiveness of our approach. In the first SR, high detection accuracy and small detection delays are achieved whereas in the second, new fraud evidences and investigation instruments are provided to law enforcement agencies."
bib - BibTeX reference
DISCLAIMER - The reports contained in this page are included by the contributing authors as a mechanism to ensure timely dissemination of scholarly/technical information on a non-commerical basis. Copyright and all rights therein are maintained by the authors, despite the fact they have offered this information electronically. It is understood that all individuals copying this information will adhere to the terms/ constraints invoked by each author's copyright. Reports may not be copied for commercial redistribution, republication, or dissemination without the explicit permission of the authors. Sections of some of these reports have been published by IEEE, Springer-Verlag, Kluwer etc. and have Copyright. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works, must be obtained from the publisher.