Recently, a new class of arbitrator-based membership protocols have been proposed. These claim to provide time bounds on how long membership lists can stay inconsistent---this property is critical in many distributed applications which need to take timely recovery actions. In this paper, we: 1) present the first fully decentralized and stabilizing version of membership protocols in this class; 2) formally prove properties and claims about both our decentralized version and the original protocol; and 3) present brief experimental results from both a simulation and a real cluster implementation.

In this paper, we address the problem of stochastic optimization over distributed processing networks, which is motivated by machine learning applications performed in data centers. In this problem, each of a total n nodes in a network receives stochastic realizations of a private function \(f_i(x)\) and aims to reach a common value that minimizes \(\sum_{i=1}^nf_i(x)\) via local updates and communication with its neighbors. We focus on zeroth-order methods where only function values of stochastic realizations can be used. Such kind of methods, which are also called derivative-free, are especially important in solving real-world problems where either the (sub)gradients of loss functions are inaccessible or inefficient to be evaluated. To this end, we propose a method called Distributed Stochastic Alternating Direction Method of Multipliers (DS-ADMM) which can choose to use two kinds of gradient estimators for different assumptions. The convergence rates of DS-ADMM are \(O(n\sqrt{k\log{(2k)}/T})\) for general convex loss functions and \(O(nk\log{(2kT)/T})\) for strongly convex functions in terms of optimality gap, where n is the dimension of domain and T is the time horizon of the algorithm. The rates can be improved to \(O(n/\sqrt{T})\) and \(O(n\log{T}/T)\) if objective functions have Lipschitz gradients. These results are better than previous distributed zeroth-order methods.

Erasure coding becomes increasingly popular in distributed storage systems (DSSes) for providing high reliability with low storage overhead. However, traditional random data placement causes massive cross-rack traffic and severely imbalanced load during failure recovery, degrading the recovery performance significantly. In addition, various erasure coding policies coexisting in a DSS exacerbates the above problem. In this paper, we propose PDL, a PBD-based Data Layout, to optimize failure recovery performance in DSSes. PDL is constructed based on Pairwise Balanced Design, a combinatorial design scheme with uniform mathematical properties, and thus presents a uniform data layout. Then we propose rPDL, a failure recovery scheme based on PDL. rPDL reduces cross-rack traffic effectively and provides nearly balanced cross-rack traffic distribution by uniformly choosing replacement nodes and retrieving determined available blocks to recover the lost blocks. We implemented PDL and rPDL in Hadoop 3.1.1. Compared with existing data layout of HDFS, experimental results show that rPDL reduces degraded read latency by an average of 62.83%, delivers 6.27× data recovery throughput, and provides evidently better support for front-end applications.

Given the unpredictable nature of the nodes in distributed computing systems, some of the tasks can be significantly delayed. Such delayed tasks are called stragglers. In order to mitigate stragglers, redundancy in computation is often employed by encoding \(k\) tasks to \(n\) tasks such that any \(k\) of them can help ascertain the completion of the tasks. Two important metrics of interest are service completion time of the \(k\) tasks, and server utilization cost which is sum of time each server spends working on the tasks. We consider a proactive straggler mitigation strategy where \(n_0\le n\) tasks are started at \(t=0\) while the remaining \(n-n_0\) tasks are launched when \(\ell_0\le \min(n_0,k)\) tasks finish. The tasks are halted when \(k\) tasks finish. We analyze the mean of two performance metrics for the proposed forking strategy when the random task completion time at each server is independent and distributed as a shifted exponential. For \(n_0\ge k\), we find that there is a tradeoff between the two performance metrics and leads to decrease in mean server utilization cost at the expense of mean service completion time and an efficient choice of the parameters is helpful.

The wide deployment of IoT systems in smart homes has changed the landscape of networked systems, Internet traffic, and data communications in residential broadband networks as well as the Internet at large. However, recent spates of cyber attacks and threats towards IoT systems in smart homes have revealed prevalent vulnerabilities and risks of IoT systems ranging from data link layer protocols to application services. To address the security challenges of IoT systems in smart homes, this paper introduces IoTArgos, a multi-layer security monitoring system, which collects, analyzes, and characterizes data communications of heterogeneous IoT devices via programmable home routers. More importantly, this system extracts a variety of multi-layer data communication features and develops supervised learning methods for classifying intrusion activities at system, network, and application layers. In light of the potential zero-day or unknown attacks, IoTArgos also incorporates unsupervised learning algorithms to discover unusual or suspicious behaviors towards smart home IoT systems. Our extensive experimental evaluations have demonstrated that IoTArgos is able to detect anomalous activities targeting IoT devices in smart homes with a precision of 0.9876 and a recall of 0.9763.

Internet of Things (IoT) has become the most promising technology for service automation, monitoring, and interconnection, etc. However, the security and privacy issues caused by IoT arouse concerns. Recent research focuses on addressing security issues by looking inside platform and apps. In this work, we creatively change the angle to consider security problems from a wireless sniffing perspective. We propose a novel framework called IoTGAZE, which can discover potential anomalies and vulnerabilities in the IoT system via wireless traffic analysis. By sniffing the encrypted wireless traffic, IoTGAZE can automatically identify the sequential interaction of events between apps and devices. We discover the temporal event dependencies and generate the Wireless Context for the IoT system. Meanwhile, we extract the IoT Context, which reflects user's expectation, from IoT apps' descriptions and user interfaces. If the wireless context does not match the expected IoT context, IoTGAZE reports an anomaly. Furthermore, IoTGAZE can discover the vulnerabilities caused by the inter-app interaction via hidden channels, such as temperature and illuminance. We provide a proof-of-concept implementation and evaluation of our framework on the Samsung SmartThings platform. The evaluation shows that IoTGAZE can effectively discover anomalies and vulnerabilities, thereby greatly enhancing the security of IoT systems.

With the popularization of Internet of Things (IoT) devices in smart home and industry fields, a huge number of IoT devices are connected to the Internet. However, what devices are connected to a network may not be known by the Internet service provider (ISP), since many IoT devices are placed within small networks (e.g., home networks) and are hidden behind network address translation (NAT). Without pinpointing IoT devices in a network, it is unlikely for the ISP to appropriately configure security policies and effectively manage the network. In this paper, we design an efficient and scalable system via spatial-temporal traffic fingerprinting. Our system can accurately identify typical IoT devices in a network, with the additional capability of identifying what devices are hidden behind NAT and how many they are. Through extensive evaluation, we demonstrate that the system can generally identify IoT devices with an F-Score above 0.999, and estimate the number of the same type of IoT device behind NAT with an average error below 5%. We also perform small-scale experiments (which are labor-intensive) to show that our system is promising in detecting user-IoT interactions.

In the era of Internet-of-Things (IoT) and Artificial Intelligence (AI), securing billions of IoT devices within the network against intelligent attacks is a necessity to success. We propose "PUFGAN," an innovative machine learning attack-proof security architecture by embedding a self-adversarial agent within a device fingerprint-based security primitive, public PUF (PPUF) known for its strong fingerprint-driven cryptography. The self-adversarial agent is implemented with Generative Adversarial Networks (GANs). The agent attempts to self-attack the system based on two GAN variants - vanilla GAN and conditional GAN. By turning the attacking quality through generating realistic secret keys used in the PPUF primitive into system vulnerability, the security architecture is able to monitor its internal vulnerability. As the vulnerability level reaches at a certain risk level, PUFGAN allows to restructure its underlying security primitive via feedback to the PPUF hardware, maintaining security entropy as high as possible.

We evaluate PUFGAN on three different machine environments of Google Colab, desktop PC, and Raspberry Pi 2 based on real-world PPUF dataset. Extensive experiments demonstrate that even a strong device fingerprint security primitive can become vulnerable, and needs a necessary active operation of restructuring the current primitive, making the system resilient against extreme attacking environments.

Recent studies have suggested that the BitTorrent's rarest-first protocol, owing to its work-conserving nature, can become unstable in the presence of non-persistent users. Consequently, in any stable protocol, many peers are at some point endogenously forced to hold off their file-download activity. In this work, we propose a tunable piece-selection policy that minimizes this (undesirable) requisite by combining the (work-conserving) rarest-first protocol with only an appropriate share of the (non-work conserving) mode-suppression protocol. We refer to this policy as “Rarest-First with Probabilistic Mode-Suppression” or simply RFwPMS.

We study RFwPMS under a stochastic model of the BitTorrent network that is general enough to capture multiple swarms of non-persistent users - each swarm having its own altruistic preferences that may overlap with other swarms. Using a Lyapunov drift analysis, we show that RFwPMS is provably stable for all kinds of inter-swarm behaviors, and that the use of rarest-first instead of random-selection is indeed more justified. Our numerical results suggest that RFwPMS is scalable in the general multi-swarm setting and offers better performance than the existing stabilizing schemes like mode-suppression.

When handling data-parallel jobs in a distributed system, under-allocating or over-allocating computation resources can lead to sub-optimal performance. In this paper, we present ReLoca to guide the optimal CPU resource allocation, with the objective of minimizing job completion time (JCT). We propose a graph convolutional network (GCN) to learn the dependency between operations in the workflow of a job, and adopt a fully-connected convolutional network for JCT prediction. Since the collection of training samples in big data applications could be very time-consuming, we develop an adaptive sampling method to judiciously collect effective samples. Extensive experiments are conducted in our Spark cluster for 7 types of exemplary Spark applications. Results show that ReLoca achieves significantly higher JCT prediction accuracy than state-of-the-art methods using 40% samples. Moreover, it reduces CPU resource consumption by 58.2%.

Ultra-Reliable Low Latency Communications (URLLC) and especially those related to the Industrial Internet of Things (IIoT) are characterized by a large number of users transmitting sporadically information to a central controller. We consider in this paper scenarios where transmitted packets have to be conveyed within a very short time so that it is not possible to make per-packet resource reservation, i.e. contention-based access is needed. Moreover, in case of loss, there is no room for waiting for acknowledgement before retransmissions so that blind replication is needed for reaching the ultra high reliability targets. Knowing the limited, but large, number of potential users in the system, we propose a semi-centralized resource allocations scheme where each user is pre-allocated positions for its replicas in case he has a packet to convey. We show, using coding theory, how to design sequences for users so that the number of collisions is minimized. We further exploit our pre-allocation scheme to develop an iterative decoding method where the base station tries to decode a packet based on the knowledge of the already decoded colliding packet. We show that the proposed schemes succeed to attain very low loss rates with low resource reservation.

Large-scale WiFi system is gaining a rapidly-increasing momentum in most corporate places. However, building edge functionalities at each AP may incur frequent service migrations, low resource utilization, and inflexible resource provisioning, where federate suitable APs to create a resource-pooled edge system is prospective. In this paper, we propose a novel architecture, named SoSA, to Socialize Static APs via user association transition activities for edge resource pooling. A reference implementation of SoSA is developed under an operating large-scale WiFi system. The novelty and contribution of SoSA lie in its three-layer design. In transition data feeding layer, we collect and process 25,074,733 association records of 55,809 users from 7,404 APs in a real WiFi system. In sociality construction and characterization layer, we construct an AP contact graph based on user transition statistics, under which we empirically study the sociality of APs and explore their evolving patterns. In edge resource pooling layer, by harnessing the AP sociality, we are able to customize resource pooling strategy to improve service provisioning performance. With adopting SoSA, we systematically investigate the performance of AP federation strategy in reducing service migration when users frequently transit among APs. Extensive data-driven experiments corroborate the efficacy of SoSA.

This article studies an essential yet challenging problem in 5G wireless networks: \emph{Is it possible to enable spectrally-efficient spectrum sharing for heterogeneous wireless networks with different, possibly incompatible, spectrum access technologies on the same spectrum bands; without modifying the protocol stacks of existing wireless networks?} To answer this question, this article explores the system challenges that need to be addressed to enable a new spectrum sharing paradigm based on beamforming, which we refer to as {\em CoBeam}. In CoBeam, a newly-deployed wireless network is allowed to access a spectrum band based on {\em cognitive beamforming} without mutual temporal exclusion, i.e., without interrupting the ongoing transmissions of coexisting wireless networks on the same bands; and without cross-technology communication. We first describe the main components of CoBeam, including \emph{programmable physical layer driver}, \emph{cognitive sensing engine}, \emph{beamforming engine}, and \emph{scheduling engine}. Then, we showcase the potential of the CoBeam framework by designing a practical coexistence scheme between Wi-Fi and LTE on unlicensed bands. We also present a prototype of the resulting coexisting Wi-Fi/U-LTE network built on off-the-shelf software radios. Experimental performance evaluation results indicate that CoBeam can achieve significant throughput gain while requiring \emph{no} signaling exchange between the coexisting wireless networks.

Dynamic spectrum access (DSA) is a promising platform to solve the spectrum shortage problem, in which auction based mechanisms have been extensively studied due to good spectrum allocation efficiency and fairness. Recently, Sybil attacks were introduced in DSA, and Sybil-proof spectrum auction mechanisms have been proposed, which guarantee that each single secondary user (SU) cannot obtain a higher utility under more than one fictitious identities. However, existing Sybil-poof spectrum auction mechanisms achieve only Sybil-proofness for SUs, but not for primary users (PUs), and simulations show that a cheating PU in those mechanisms can obtain a higher utility by Sybil attacks. In this paper, we propose TSUNAMI, the first Truthful and primary user Sybil-proof aUctioN mechAnisM for onlIne spectrum allocation. Specifically, we compute the opportunity cost of each SU and screen out cost-efficient SUs to participate in spectrum allocation. In addition, we present a bid-independent sorting method and a sequential matching approach to achieve primary user Sybil-proofness and 2-D truthfulness, which means that each SU or PU can gain her maximal utility by bidding with her true valuation of spectrum. We evaluate the performance and validate the desired properties of our proposed mechanism through extensive simulations.

We consider the problem of dynamic rate selection in a cognitive radio network (CRN) over the millimeter wave (mmWave) spectrum. Specifically, we focus on the scenario when the transmit power is time varying as motivated by the following applications: an energy harvesting CRN, in which the system solely relies on the harvested energy source, and an underlay CRN, in which a secondary user restricts its transmission power based on a dynamically changing interference temperature limit such that the primary user remains unharmed. Since the channel quality fluctuates very rapidly in mmWave networks and costly channel state information is not that useful, we consider rate adaptation over an mmWave channel as an online stochastic optimization problem, and propose a Thompson Sampling based Bayesian method. Our method utilizes the unimodality and monotonicity of the throughput with respect to rates and transmit powers and achieves logarithmic in time regret with a leading term that is independent of the number of available rates. Our regret bound holds for any sequence of transmits powers and captures the dependence of the regret on the arrival pattern. We also show via simulations that performance of the proposed algorithm is superior than state-of-the-art, especially when arrivals are favorable.

Mobile access networks dominate valuable information hardly reachable for outsiders or user devices. For instance, in Dynamic Spectrum Access (DSA) systems, Secondary Users (SUs) have to arduously infer spectrum holes well-known at network sides of Primary Users (PUs). The challenge is how to uncover the spectrum information without aid of commercial, system-wide equipment, which is critical to individual wireless devices with DSA capability. This motivates us to develop a new tool to uncover as much information used to be closed to outsiders or user devices as possible with off-the-shelf products. Given the wide-spread deployment of LTE and its continuous evolution to 5G, we design and implement U-CIMAN, a client-side system to accurately UnCover spectrum occupancy and associated user Information in Mobile Access Networks of LTE systems. Besides measuring spectrum tenancy in unit of resource blocks, U-CIMAN discovers user mobility and traffic types associated with spectrum usage through decoded control messages and user data bytes. Equipped with U-CIMAN, we conduct 4-month detailed accurate spectrum measurement on a commercial LTE cell, making observations such as the predictive power of Modulation and Coding Scheme on spectrum tenancy, and channel off-time bounded under 10 seconds, to name a few.