Indoor localization via smartphones has attracted many researchers' attention over the past few years. However, it still lacks a mature solution robust to complex indoor environments. In this paper we design LocTag, the first passive WiFi tag for localizing commercial off-the-shelf smartphones in arbitrary indoor environments with or even without APs (Access Points) deployment. Unlike conventional passive WiFi tags, LocTag backscatters ambient WiFi signals from APs or smartphones for localization instead of communications. To do so, we propose several techniques including triggering source selection, WiFi compatible modulation, and random multiple access. We prototype LocTag using a FPGA (Field Programmable Gate Array) and apply it in a typical indoor localization scenario. The experiment results show that sub-meter level accuracy is achieved via LocTag. Although our work is still at its early stage, it sheds new light on the robust indoor localization via passive WiFi tags.

Finite spectrum resources and increasing application bandwidth requirements have made dynamic spectrum access (DSA) central to future wireless networks. Modulation recognition (modrec) is an essential component of DSA, and thus, has received significant attention in the literature. The majority of modrec work focuses on single antenna (SISO) communication, however, multi-antenna transmitters have recently become ubiquitous driving the need for recognition of MIMO modulated signals. Existing MIMO modrec assumes multiple-antenna sensors, imposing a prohibitive monetary, storage, and computational cost for spectrum sensing. In this work we propose a machine learning framework for under-determined MIMO modrec which enables robust recognition even when the MIMO signal is scanned with a single-antenna sensor. Our goal is to reduce the hardware costs of modulation recognition without compromising its accuracy. Our key insight is that MIMO modulation constellations exhibit a fractal (self-similar) structure which we exploit to derive discriminative and efficient-to-extract features based on the fractal dimension of observed IQ samples. Our evaluation results demonstrate a superior discriminative power of our fractal features compared to the widely-adopted high-order cumulant features.

Distributed training of large-scale deep neural networks(DNNs) is a challenging work for it's time costing and complicated communication. Existing works have achieved scalable performance on GPU clusters for dense DNNs in the computer vision area. However, little progress has been made on the distributed training of sparse DNNs which is commonly used in the area of natural language processing (NLP). In this poster, we introduce SA-HMA, a sparsity-aware hybrid training method for sparse deep models. SA-HMA combines Model Average (MA) and synchronous optimization methods together, expecting to reduce the communication cost for spare model training. The experimental results show that SA-HMA achieves 1.33 speedup over the state-of-the-art work.

Even though the growing adoption of TLS protocol empowers web traffic to secure privacy, attackers also leverage the TLS to evade from detection, and this makes detecting threats from the encrypted traffic a crucial task. In this paper, we propose an effective encrypted malware traffic detection method that maintains sufficient performance level by periodic updates using machine learning. The proposed method employs incremental algorithms trained by 31 flow features from TLS, HTTP, and DNS. Experimental results show that the incremental Support Vector Machine with Stochastic Gradient Descent algorithm is suitable for the detection method amongst three algorithms, by off-line and on-line accuracy at a low false discovery rate.

Trusted Execution Environment introduces a promising avenue for protecting MapReduce jobs on untrusted cloud environment. However existing works pointed out that simply protecting MapReduce workers with trusted execution environment and protecting cross-worker communications with encryption still leak information via cross-worker traffic volumes. Although several countermeasures were proposed to defeat such a side-channel attack, in this paper, we showed that previous countermeasures not only fail in completely eliminating such a side-channel, but also have limitations from other aspects. To address all the discovered limitations, we further discussed possible strategies.

When a program is executed on a untrusted cloud, the confidentiality of the program logic and related control flow variables should be protected. To obtain this goal, control flow obfuscation can be used. However, previous work has not been effective in terms of performance overhead and security. In this paper, we propose E-CFHider, a hardware-based method to protect the confidentiality of logics and variables involved in control flow. By using the Intel SGX technology and program transformation, we store the control flow variables and execute statements related to those variables in the trusted execution environment, i.e., the SGX enclave. We found this method can better protect the confidentiality of control flow and achieve acceptable performance overhead.

In-band Network Telemetry (INT) enables hop-by-hop device-internal state exposure for reliably maintaining and troubleshooting networks. For achieving network-wide telemetry, high-level orchestration over the INT primitive is further needed. Existing solutions either incur large bandwidth overhead or fail to promptly handle link failures. In this work, we propose INT-label, a lightweight network-wide telemetry architecture without introducing probe packets. INT-label periodically labels device states onto sampled packets, which is cost-effective with minuscule bandwidth overhead and seamlessly adapts to topology changes. Preliminary evaluation on software P4 switches BMv2 suggests that INT-label can achieve 98.54% network-wide visibility coverage under a label frequency of 100 times per second.

In the current and next generation of mobile networks, a mobile device intuitively has multiple wireless radios such as Wi-Fi, LTE, 5G New Radio, etc. Moreover, most likely, the mobile device continues to use the TCP/IP stack, which limits the device's network selection. The application traffic may stick to a default network, which may not have the best performance among the associated ones. That harms the performance of TCP short flows, such as web access. This paper proposes using TCP SYN duplication to relax the constraint, aiming to select the best network at the present moment. The device tries to initialize a TCP connection by duplicating and sending SYN packets via all the available networks. The network, which conveys the earliest SYN/ACK response, will be selected for the data transfer. We implement and evaluate the proposal in a testbed with real Internet connections to show its effectiveness.

With the development of multi-network integration, how to ensure interconnections among multiple independent network domains is becoming a key problem. Traditional inter-domain routing protocol such as BGP (Border Gateway Protocol) or SR (Segment Routing) fails due to the limitation of information island (data privacy), where each autonomous network domain does not share any specific intra-domain information.

In this poster, we propose a federated routing scheme FRP, which realizes global routing without any intra-domain data. Each domain only needs to exchange the very lightweight cumulative gradients of overlapped parameters to build the federated routing model. With FRP, flows between any pair of nodes can get global optimal routing results no matter which domain the source and destination nodes locate.

As an emerging metric of communication systems, Age of Information (AoI) has been derived to have a critical impact in networked control systems with unreliable information links. This work sets up a novel model of outage probability in a loosely constrained control system as a function of the feedback AoI, and conducts numerical simulations to validate the model.

While computational model-based wildfire prediction provides reasonable accuracy in predicting wildfire behaviour, they are often limited due to lack of constant availability of real-time data. By contrast, social sensing is an emerging sensing paradigm able to obtain early signs of forest fires from online social media users (e.g. smoke in nearby cities), but suffers from inconsistent reliability due to unreliable social signals. Meanwhile, UAV-based physical sensing utilizes onboard physical sensors to perform reliable wildfire sensing, but requires manual efforts to be narrowed down to fire infested regions. In this poster, we present CompDrone, a novel computational model-driven social media and drone-based wildfire monitoring framework that exploits the collective strengths of computational modeling, social sensing, and drone-based physical sensing for reliable wildfire monitoring. In particular, the CompDrone framework leverages techniques from cellular automata, constrained optimization, and bottom-up game theory to solve a few technical challenges involved in monitoring wildfires. The evaluation results using a real-world forest fire monitoring application show that CompDrone outperforms the state-of-the-art monitoring schemes.

In multi-user MIMO (MU-MIMO) systems using zero-forcing beamforming (ZFBF), an Access Point (AP) utilizes downlink channel state information (CSI) to transmit data streams to multiple clients simultaneously. Since private information of clients can be extracted from CSI, leaking CSI to attackers is considered as harmful so that some research efforts suggest to encrypt CSI feedback. However, a recent study shows that an attacker can infer CSI by eavesdropping data streams with known symbols, not the feedback. To this end, we propose CSIstray that intentionally increases the proportion of inter-client interference to suppress CSI leakage while maintaining bit error rates (BERs) at the clients. Simulation results with a 2x2 MU-MIMO scenario show that CSIstray effectively degrades the attack performance with little impact on downlink transmission. We further implement CSIstray on our testbed to validate the proposed mechanism works properly in a room-scale environment as well as in simulation results.