Q: What is the problem?
A: The RSSR paper has an error.
Algorithm 0
seems does not work.
Q: But the evaluation result
s
look good.
A: The
se
result
s
are
generate by another algorithm (
Algorithm 1
)
Q: Why does
Algorithm 0
does not work?
Is it really an error?
A:
By simulation, t
he honest edge betweenness is not so larger than that of the attack edge betweenness.
Q: What is the
possible
reason?
A:
The problem
is
that in
the simulation,
the issuer rate is too small.
Here,
issuer rate
(
C
)
is the number of ARWs disseminated by each pair of nodes.
Let he and ae be an honest edge and an attack edge, respectively.
Suppose that the
network is even, i
f C is large,
the in and out betweenness of
he cancel off each
other, which makes the betweenness of he low. However, if C is low (i
n the simulation,
C=1
).
Therefore, the in

betweenness and out

betweenness of honest nodes
does not cancel
off each other, making the betweenness of he also high.
Figure
1
shows the result of Algorithm 0 when one pair of nodes disseminates 5000 first type ARWs. Therefore, the conclusion is that C
should be large. But the
number
node
pairs that disseminate ARWs is not necessarily to be large.
Lemma: each first type random walk increase the betweenness of at least one attack edge.
To forge the destination set of each honest node.
To reduce t
he betweenness of attack edges, Sybil nodes
can launch two kinds of attacks.
Attack 1: feedback
Solution: set the length of each arw to be m. For a (s,t)

ARW arw, if arw does not reach t in m steps, s rejects t.
First,
m steps is sufficient for t to be reached
.
When t is honest, the Sybil nodes should not launch attack 1.
Suppose that t is honest.
I
f Sybil nodes prevent t from being reached, the betweenness of attack edges
will be increased.
s can issue large number of (s,t)

ARWs to increase the betweenness of at
tack edge. Therefore, Sybil node should not launch attack 1.
When t is Sybil, Sybil nodes should not launch attack 1, neither.
Suppose that t is Sybil.
If Sybil nodes prevent t from be reached, t will be rejected
.
t is chosen form
the destination set of s,
which means t needs to communicate with s. There, Sybil nodes should not launch Attack 1.
Attack 2: forge
Solution: Steered random walk.
Figure
1
0
0.2
0.4
0.6
0.8
1
1.2
12
36
61
85
109
134
158
183
207
232
256
281
305
329
354
378
403
427
452
g
algorithm 0, c500, real1222rn500
har(sohl)
har(rssr)
sar(sohl)
sar(rssr)
Q: Why does
Algorithm 1
work?
A: Because mathematically it works.
Q:
Algorithm 0
and
Algorithm 1
, which is better?
A: Seems that
Algorithm 1
is more efficient. But, it has security problem.
For v to compute the betweenness of e=(v,u), the betweenness of e for v is something like v
.potential

u
.potential

, where
v
.potential
is the expected number of
times that a (i,j)

ARW passes v.
Therefore, the problem is u maybe Sybil and will not give u the correct
potential.
Q:
OK, you can just give up
Algorithm 1
. What is left problems of
Algorithm 0
?
A: Let arw be a
n
ARW1, the Sybil
nodes may never relay arw to its destination.
I
f you can prove that
Algorithm 1
works, you can write in your dissertation that
Algorithm 1
makes some improvement over
Algorithm 0
.
After the graduation, you can ask the journal to correct your error.
RS
C
Q: Let rw be a first type (
s
,
t
)

SRW, where v and u are honest and Sybil, respectively.
What is rw simply discard rw once received it?
A: This rw will increase the betweenness of an attack edge by one.
Q: Let ae=(fhn,fsn) be an attack edge that connect
s honest node fhn and Sybil nodes fsn. Suppose fsn has received rw from ae. Fsn can simply send rw back to fhn
to reduce the betweenness of ae.
A: ae will finally reach u. Therefore, rw will finally pass some attack edge front the
honest region to the Sybi
l region and increase thus increases the betweenness of
this attack edge by one.
Q:
Then, rw
ha
s
to hop
for
a long distance, which wastes the resource of honest nodes.
A:
Cut rw once rw has hoped
N
steps.
Q:
You mean
that rw
has a writable counter initiated as n? Then, Sybil nodes can reset the counter to be very large.
A:
The counter is a hash chain.
Initially, the counter is rw.counter=Hash(rw.s).
Let v be the current node of rw,
.
Seems that we need
an
asymmetric
encryption.
s encrypts the counter
. In each hop where rw is currently at node x. x asks s to decrypt the counter, decrease the
counter and then re

encrypt the counter.
..
Q: This is a big overhead for t.
A: Secure routing is a big problem for network syst
ems
. All the possible security problems have been intensively researched
[
SPV: Secure Path Vector for securing
BGP
][
SEAD: Secure Efficient Ad

hoc network Distance vector routing protocol
]
[
Effi
cient Security Mechanisms for Routing Protocols
]
.
We do not nee
d to consider
these problems
by ourselves
.
Q: Even without attack, your algorithm has to disseminate many long random walks, which is not efficient.
What is the message cost?
A:
Q: Is the algorithm in your paper wrong?
A: The algorithm in the paper is r
ight. But, to test this algorithm, the network should be large. For example, in pl100rn100g1, the honest edge current is almo
st
equal to the attack edge current.
This is because that the network
is too small.
For e
ach
ARW1 arw, each honest edge e, and each
attack edge ae, arw1
will pass
both ae and he and increase the betweennesses of ae and hp w.h.p.
Q: How can the betweenness of attack edges be increased?
A:
A large number of first type ARWs end in the Sybil region.
Q: So, what should you do?
A: For each
ARW arw, increase the probability that arw enters the Sybil region and decrease the probability that arw return to the honest
region.
SRNC
Q: What is the advantage and disadvantage of SRNC and RSSR?
A:
Advantage
Disadvantage
SRNC
Efficient and
effective:
Suppose that the number of Sybil nodes is comparable to the
number of honest nodes. Then, the m
essage cost
of SRNC is
O(
n
log(
n
)
)
.
The
memory
cost of SRNC is O(n)
It is hard to compute shortest path in real world system. To know shortest path
is
equal to know the route information. Intensive researches have been done to
ensure secure routing.
Secure routing is possible, but expensive.
SRNC is a
synchronous
algorithm, where synchronization is a complicated problem
for distributed system
s
.
Count

to

infinity problem
http://bit.ly/vA7zkK
Can be solved: Destination

Sequenced Distance Vector protocol (DSDV)
http://bit.ly/sXOsU8
Churn?
Churns of DV http://bit.ly/sXOsU8
Compute the accurate shortest path
information of a large network is hard?
C
onvergence
speed
?
Not suited for large and complex networks
Link State protocols should be used instead
RSSR
Random walk is scalable, strong.
Less efficient.
The message cost of RSSR
is up to O(n
2
log
2
(n)).
In RSSR, each pair of nodes has to
disseminate
absorbing
random walks to each other.
Let hn and sn be an honest
node and a Sybil node, respectively
. Let rw be the (hn, sn) absorbing random walk.
Once rw enters the Sybil region, Sybil nodes can prevent
r
w f
rom reaching sn
forever. To prevent this problem, hn rejects sn once rw has moved nlog
2
(n) hops
because nlog
2
(n) has been sufficient for absorbing random walks each any node
.
The number of Sybil nodes i s O(n), therefore, the
message cost of RSSR i s
O(n
2
log
2
(n)).
The memory cost per node is O(
n
2
)
.
Non

deterministic (
Random walk
based algorithm
)
Partial information
can be
maintained more easily and is
sufficient to finish the same job
in many applications
.
o
Can deal with network change
o
Can deal with securi
ty problems
o
Can finish the job
Random Walk Based Node Sampling in Self

Organizing Networks
:
Random walk is particularly attractive to self

organizing networks like Internet overlay
networks and wireless ad hoc networks. In these systems, nodes can join
and leave dynamically without centralized control, and the network topology itself can also
change over time.
Random walk requires little index or state maintenance
and it can function on almost all connected network topologies. In these aspects, it is
sup
erior to systems with sophisticated index states or rigid network structures, e.g., distributed hash tables (DHTs) [25, 26, 2
8]. Compared with index

free node
traversal schemes like network flooding, random walk is inherently
scalable
in that its network c
ommunication overhead does not increase as the network size
grows.
Random Walks in Distributed Computing: A Survey
:
Random walks are interesting by providing a
scalable
mechanism to insert information into the distributed
computation, for example when node
insertion occurs in the distributed system or to update topology modification (edge or node deletion). Ad

hoc networks or
pervasive distributed systems, because of their very limited communication bandwidth for network control, can
also benefit of this ap
proach.
Because of their
inherent complexity, deterministic solutions to control large distributed systems are often unsatisfactory.
One solution is to design randomized algorithms which can
be simpler, especially for their correctness proof.
The system ma
ybe large and the network structure may change a lot, it should be
expensive
to
keep correct deterministic information
.
Deterministic scheme (Shortest path)
It is complicated to get deterministic information in distributed system due to attacks, network
change.
o
Security problem
o
Network change
Q:
It looks like that SybilDector works quit well. Why should I use RSC?
A:
RSC
is more dependable
than SybilDector.
Specifically,
SybilDector
needs
shortest path
information
of the system
, which is hard to obtai
n in distributed system due to attacks
.
The existing shortest path
computing algorithms are…. The security problems are …
In contrast,
RSC need only partial information
, which is easier to obtain
.
RSC use random walk betweenness. RWB is statistic metric
an
d this is easier to compute
.
Usually, systems needing non

determinist information is easier to construct than systems needing complete information.
For example
:
structured and non

structure
P2P systems.
As a conclusion,
RSC is more dependable.
Q: How to
compute shortest path information in distributed systems?
A:
In distributed system, the most used algorithm to for computing shortest path is
the
distance vector protocol
[RIPv1, RIPv2,
IGRP
]
. In DV, each node maintains a
distance vector which contain
s
the shortest path information to the other nodes. The nodes disseminate their DV to their incident nodes periodically and upd
ate
their DV using the received DV.
Gr
adually, the DV of each node converge to a state that contains the shortest path information
to all the other nodes in the system.
In real world systems, DV faces many atta
cks. During
the update of DV, routing updates can be fabricated, modified, replayed, deleted, and snooped. Therefore,
i
ntensive researches have
been done to resist
these attack
s
[
Securing Distance

Vector Routing Protocols
]
[
SPV: Secure Path Vector for securing BGP
][
SEAD: Secure
Efficient Ad

hoc network Distance vector routing protocol
][
Effi
cient Security Mechanisms for Routing Protocols
]
.
Therefore, it is possible to compute th
e shortest
path information, although may be it is expensive
.
This research
assumes that there is efficient and effective shortest path computing algorithms, as SSR algorithm Gatekeeper does [Gatekeepe
r].
Q: Why random walk betweenness is good?
A:
Random
walks based algorithm has many advantages.
These algorithm
s do
not need
deterministic information. Therefore are easier to maintain
[
Random Walks
in Distributed Computing: A Survey
][
Random Walk Based Node Sampling in Self

Organizing Networks
]
.
Q: So, how
to write the introduction of the dissertation?
A:
The objective of this research is to design security mechanisms to resist the
\
emph{false result attack} and the
\
emph{Sybil attack} in distributed systems.
In distributed computing systems, false result
attack, where malicious nodes send incorrect data deliberately to other nodes to disrupt the system, is a key security
threat. This research proposes an algorithm named MSC that can effectively resist the false result attack.
However, MSC is vulnerable w
hen the malicious users can collude. Therefore, this research turns to study Sybil attack, the most intractable kind of collu
ding attack
in distributed systems. Accordingly, this research proposes SybilDetector, which can effectively resist the Sybil attac
k.
However, SybilDetector
has a scalability problem because it is a synchronous algorithm. Hence, this research tries to design Sybil resisting algorit
hms that are both
effective and scalable. Specifically, this research proposed RSC, a mechanism that can improve the performances
of existing Sybil resisting algorithms. Many existing
Sybil resisting algorithms are asynchronous and thus scalable. By implementing RSC on these algorithms, scale and effective S
ybil resisting algorithms are obtained.
Q:
Can you remove
the
global parame
ter of SRNC?
A:
Assumption (1): the weights of honest edges are stable.
Idea:
v sample
s
a set of edges using random walks of length log(n)
.
Calling the set of ending edges S. Then, v
use
s
the average of the weights of the sampled edges
as its threshold.
U
nder
A
ssumption
(1)
,
the random walks
stay within the honest
region
and
end on a random
honest edge.
In this way,
the threshold computed by v
should be equal to the average weight of honest edges
.
Hence, edges of high weights would be detected.
(*
The glo
bal parameter can be
solved
by adopting the water fall random walk technique to SRNC.
However, this problem should
not be completely solved
.
Otherwise, SRNC
completely
outperforms RSSR. Hence, we should simply give a non

complete solution to this problem.
)
Q: This may not work.
What we need is to enable the front honest nodes fh
n
s to detect the
attack edges among their incident edges. However, t
he sampling
random walks of
fhns
will escape the honest region w.h.p.
Accordingly, fhns
have high threshold and cannot detect the attack edges.
A: v can use water fall random walks to reduce the escape probability of their sampling random walks.
Q: Water fall random walk does not work, neither.
For a front honest node fhn, the differen
ce
of
weights of the incident edges of fhn may be small, especially when
the degree of fhn is small.
A:
So, maybe we should use IBT to detect the Sybil nodes
.
Identification
Algorithm (
IA
1): For node v, v
1.
Compute
s
sp(u)
2.
Compute
s
the bottleneck of
bn(
sp(u)
)
3.
C
omputes bb
a.
v samples a set of honest nodes S, called the bottleneck bound
sample
s.
b.
bb=average({bn((v,ui)

SP)  for all ui in S})
4.
Reject
s
u if
and only i
f
bbFactor * bb <
bn(sp(u))
v.sp1=<s1,…, v>
Figure
2
Figure
3
Q: Are the bottleneck bound of honest nodes stable?
A: Yes. As
Figure
3
shows.
Q: Are the bottleneck
s
of routes of Sybil node greatly hi
gher than the bottleneck
bound
of honest nodes?
A: Yes. As
Figure
3
shows.
Q: Good.
Specifically
, how do you do the evaluation?
A: The following evaluations should be
implemented.
1.
Does Assumption (1) hold?
(
“
Yes
”
expected)
2.
Will the weights of attack edges be greatly larger than these of honest edges
? (“Yes” expected)
0
10000
20000
30000
40000
50000
60000
70000
80000
1
19
37
55
73
91
109
127
145
163
181
199
217
235
253
271
289
node index
pl200rn100ae0.02, bottleckBound
bottleckBound
botttleneck
of front nodes
bottleneck
bounds of
non

front nodes
3.
Will
the sampling
random walks end on random honest edge w.h.p? (“Yes” expected)
4.
Evaluate
performance
of SRNC on different networks
.
(Do not compare SRNC with SybilLimit
. It is impossible to win
!)
Q:
Does Assumption (1) hold?
(
“Yes”
expected)
A: Yes. As
Figure
4
shows that:
1.
The edge betweenness an edge e=(v1, v2) is positively correlated to the degrees of v1.
2.
Although fluctuates, weights (load/degree) are almost a constant among the edges.
Figure
4
Q: Will the weights of attack edges be greatly larger than these of honest edges?
(“Yes” expected)
A: Yes. As
Figure
5
shows.
0
500
1000
1500
2000
2500
3000
3500
0
100
200
300
400
1
208
415
622
829
1036
1243
1450
1657
1864
2071
2278
edge index
pl500, relation between edge
load and node degree
load/degree1
e
Linear
(load/degree1)
Figure
5
Q:
Will the sampling random walks end on random honest edge w.h.p? (“Yes” expected)
A:
Yes, a
s
indicated in
Figure
3
.
Q: What is the theoretical performance?
A:
A node
u
is accepted by
v
=>
bbFactor * v.bb < v.bn(
v.
sp(u))
=> need to know the bottleneck bound and the bottleneck => need to know the distribut
ion of weight
=> need to know the distribution of edge
load
=>
The distribution of
load
is not clear yet =>
left
the theoretical analysis of SRNC
as future work.
Q: bbFactor is a global parameter again. Can you remove it?
A:
IA
2: For node v, v
0
100
200
300
400
500
600
700
1
106
211
316
421
526
631
736
841
946
1051
1156
1261
1366
1471
1576
1681
1786
pl200rn100ae0.1, srnc, load/degree1
load/degree1
ae
1.
C
lusters
the paths into two
sets
according to the bottleneck of the paths.
For each set S, denote by the bottleneck of S as the average of the bottlenecks of
the paths in S and denote by Sh be the set that has a smaller bottleneck.
2.
A
ccepts the heads of the paths i
n Sh.
Q:
Which of these two algorithms
(
IA
1 and
IA
2)
has lower error rate?
A:
I think that
IA
2
should be
better.
Suppose
the system have 4 nodes,
{
v, u(0), u(1)
,
u(2)
}
. N
odes u(0) and u(1) are honest, and u(2) is Sybil.
Let X[i]
be
the bottlenecks of (v
,u(i))

SP
. Suppose that
X=[1,5,100].
IA
1: Suppose that the
bottleneck bound
sample
s
of v is {u(0),u(1)}
, which is perfect. Accordingly
, v.bb=(1+5)/2=3. Suppose that bbFactor=1. Then, v cannot accept
any honest nodes.
IA
2:
IA
2 can clusters
{u(0), u(1), u(2)
} into Sh={u(0), u(1)} and Ss={u(1)}. Then, v accept
s
the nodes of Sh.
However,
as
Figure
6
and
Figure
7
show,
IA1 is better.
Figure
6
Figure
7
Q: So, do you have other method to remove the global parameter?
A: IA3 (local benchmark technique)
Having obtained the bottleneck bond
sample
s, v increases bbf until more that
\
beta (e.g, 90%) percent of the bb
sample
are accepted.
Edge load/edge
betweenness
[Community structure in social and biological networks]:
the definition of edge betweenness
.
[Mapping Anatomical Connectivity Patterns of Human Cerebral Cortex Using In Vivo Diffusion Tensor Imaging Tractography]
:
In the present
0
100
200
300
400
500
600
12
36
61
85
109
134
158
183
207
232
256
g
real1222snn500bbf5
sna(Sl)
sna(Srnc)
0
100
200
300
400
500
600
12
36
61
85
109
134
158
183
207
232
256
g
real1222snn500ia2
sna(Sl)
sna(Srnc)
investigation,
we demonstrated that both the node

and edge

betweenness centrality of the human cortical network followed
exponentially truncated power

law distribution
(it is not Power Law!). Exponentially truncated power

law is more resistant to attack.
[The
Betweenness Centrality Of Biological Networks]
:
the distribution of the edge betweenness centrality has a Poisson

like distribution with a very sharp
spike
[On the Distribution of Edge Load in Scale

free Trees]
:
edge distribution for tree.
Does not know what the
conclusion
of this paper
is
.
[Universal Behavior of Load Distribution in Scale

Free Networks]:
the node load of scale free networks obeys a power law.
[Application of Cray XMT for Power Grid Contingency Selection]
: the edge betweenn
ess of a power grid obeys power law.
Q: What is the performance matric of SRNC?
A:
HAR
SAR
SNA
Q: What to evaluate?
A:
1.
The distribution of betweenness.
2.
The influence of the number of attack edges in the system.
3.
The influence of the number of Sybil node
s.
Q: What is the kind of betweenness distribution that you are expecting?
A:
The deviation of the betweenness of the honest edges is small
Honest node v accepts more honest node and less Sybil node
For nodes us and uh,bn((v,us)

SPs) > bbf * v.bb > bn
((v,uh)

SPs)
Has to reduce bbf, in order to reduce sar
Deviation of the bottlenecks of honest shortest paths is small
The deviation of the betweenness of the honest edges is small
Q:
What is
the
betweenness
distribution
really like
?
A: Seems that it
obeys the power law.
1
10
100
1000
10000
100000
1
10
100
1000
10000
100000
edge
real1222, edge betweenness
betweenness
0.84
0.86
0.88
0.9
0.92
0.94
0.96
0.98
snn
real1222, g=36, HAR
har(Sl)
har(Srnc)
0
100
200
300
400
500
600
snn
real1222, g=36, SNA
sna(Sl)
sna(Srnc)
1.
HAR of
SRNC
is
slightly
less than expectation $
\
beta$
.
The reason is that in SRNC,
the accept rates of different nodes are different.
1.
AS SNN increases, SNA of SL increases and SNA of SRNC decreases
2.
SNA of
SRNC is at leases three times of SNA of SL
0.88
0.9
0.92
0.94
0.96
0.98
snn
pl1222, g=36, HAR
har(Sl)
har(Srnc)
0
100
200
300
400
500
600
snn
pl1222, g=36, SNA
sna(Sl)
sna(Srnc)
0.86
0.88
0.9
0.92
0.94
0.96
0.98
12
36
61
85
109
134
158
183
207
232
256
g
real1222rn500, HAR
har(Sl)
har(Srnc)
0
100
200
300
400
500
600
12
36
61
85
109
134
158
183
207
232
256
g
real1222rn500, SNA
sna(Sl)
sna(Srnc)
1.
HAR of SRNC is slightly less than expectation $
\
beta$
:
1.
SRNC and SybilLimit accept more Sybil nodes as g increases
2.
Under a situation where SL accept all Sybil nodes, SRNC accept
three to ten
times less
Sybil nodes
Conclusion:
SRNC makes notable performance improvement over SybilLimit.
1.
Each h
onest node in SRNC accept
s
more that 95% of the honest nodes.
2.
Each h
onest node
in SRNC accept
s
400
~
700 percent less Sybil nodes than in SybilLimit
.
0.88
0.9
0.92
0.94
0.96
0.98
1
12
36
61
85
109
134
158
183
207
232
256
g
pl1222rn500, HAR
har(Sl)
har(Srnc)
0
100
200
300
400
500
600
12
36
61
85
109
134
158
183
207
232
256
g
pl1222rn500, SNA
sna(Sl)
sna(Srnc)
Enter the password to open this PDF file:
File name:

File size:

Title:

Author:

Subject:

Keywords:

Creation Date:

Modification Date:

Creator:

PDF Producer:

PDF Version:

Page Count:

Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο