Devices in IEC 61850 substations use the generic object-oriented substation events (GOOSE) protocol to exchange protection-related events. Because of its lack authentication and encryption, GOOSE is vulnerable man-in-the-middle attacks. An adversary with access network can inject carefully crafted messages impact grid's availability. One most common such attacks, GOOSE-based poisoning, modifies StNum SqNum fields data unit take over publications. We present ED4GAP, a network- level system...

In this paper, we introduce theTheory of Bottleneck Ordering, a mathematical framework that reveals the bottleneck structure data networks. This theoretical provides insights into inherent topological properties network in at least three areas: (1) It identifies regions influence each bottleneck; (2) it order which bottlenecks (and flows traversing them) converge to their steady state transmission rates distributed congestion control algorithms; and (3) key design optimized traffic...

The task of transferring massive data sets in Data-Intensive Science (DIS) systems, such as those generated from high energy experiments at CERN Switzerland and France, the Sirius synchrotron light source Brazil, often rely on physical WAN infrastructure for network connectivity that is provided by various National Research Education Networks (NRENs), including ESnet, Géant, Internet2, RNP, among others. Sliced WANs bring a new paradigm yet to be exploited DIS, but realistic study these...

Operating systems play a key role in providing general purpose services to upper layer applications at the highest available performance level. The two design requirements --- generality and are however contention: more service is, overhead it incurs accessing domain-specific high-performance features provided by layers beneath it. This trade-off comes manifest modern computer as state-of-the-art has evolved from architectures with few number of cores employing very large (many-core...

This paper provides a mathematical model of data center performance based on the recently introduced Quantitative Theory Bottleneck Structures (QTBS). Using model, we prove that if traffic pattern is \textit{interference-free}, there exists unique optimal design both minimizes maximum flow completion time and yields maximal system-wide throughput. We show interference-free patterns correspond to important set display locality properties use these theoretical insights study three widely used...

In this paper, we introduce the Theory of Bottleneck Ordering, a mathematical framework that reveals bottleneck structure data networks. This theoretical provides insights into inherent topological properties network in at least three areas: (1) It identifies regions influence each bottleneck; (2) it order which bottlenecks (and flows traversing them) converge to their steady state transmission rates distributed congestion control algorithms; and (3) key design optimized traffic engineering...

In this paper we introduce a new framework to detect elephant flows at very high speed rates and under uncertainty. The provides exact mathematical formulas compute the detection likelihood introduces flow reconstruction lemma partial information. These theoretical results lead design of BubbleCache, algorithm designed operate near optimal tradeoff between computational scalability accuracy by dynamically tracking traffic's natural cutoff sampling rate. We demonstrate on real world 100 Gbps...

Hash tables are efficient storage data structures widely used in many types of high-performance computer-related problems. In their design, optimal trade-offs must be made to accommodate for the specific characteristics application. this paper we present lock-free low-false-negative (LFN) tables, a family hash designed address one such type trade-off. LFN sacrifice low probability false negatives and very (or negligible) positives achieve higher performance access time concurrent shared...

In high-speed networks, it is important to detect the presence of large flows-also known as elephant flows-because their adverse effects on delay-sensitive flows. If detected a timely fashion, network operators can apply active policies such flow redirection or traffic shaping ensure overall quality service preserved. Towards this objective, we develop high-performance data structure and algorithm address problem detecting flows at very rates. Our solution leverages concept optimal sampling...

In this paper, we present a series of performance tests carried out on R-Scope Dominate-T (RDT), 1U network security appliance configured with four Tilera Gx-36 processors and an aggregated IO capacity 160Gbps. RDT is optimized several high-performance computing techniques. On the software side, runs Linux modified version Bro--the open source monitor developed by International Computer Science Institute--optimized (1) intelligent IDS-aware packet queuing, (2) Bro-programmable shunting, (3)...

This paper addresses the problem of scalable cyber-security using a cloud computing architecture. Scalability is treated in two contexts: (1) performance and power efficiency (2) degree cyber security-relevant information detected by (CSC). We provide framework to construct CSCs, which derives from set fundamental building blocks (forwarders, analyzers grounds) identification smallest functional units (atomic CSC cells or simply aCS C cells) capable embedding full functionality cloud. aCSC...

Priority queues are container data structures essential to many high performance computing (HPC) applications. In this paper, we introduce multiresolution priority queues, a structure that improves the of standard heap based implementations by trading off controllable amount resolution in space priorities. The new can reduce worst case inserting an element from O(log(n)) O(log(r)), where n is number elements queue and r groups space. cost removing top O(1). When table high, amortized insert becomes

Multiresolution priority queues are recently introduced data structures that can trade-off a small bounded error for faster performance. When used to implement the frontier set in label setting algorithms, they provide new mathematical approach classic graph problems such as computation of shortest paths or minimum spanning trees. To understand how work, this paper presents study multiresolution algorithms. The theory is general results respond particular case where problem's resolution...

The problem of elephant flow detection is a longstanding research area with the goal quickly identifying flows in network that are large enough to affect quality service smaller flows. Past work this field has largely been either domain-specific, based on thresholds for specific size metric, or required several hyperparameters, reducing their ease adaptation great variety traffic distributions present real-world networks. In paper, we an approach avoids these limitations, utilizing rigorous...

Traditional Intrusion Detection and Prevention (IDP) systems scan packets quickly by applying simple byte-wise pattern signatures to network flows. Such a protocol-agnostic approach can be compromised with polymorphic attacks: slight modifications of exploits that bypass but still reach corresponding vulnerabilities. To protect against these attacks, solution is provision the IDP system protocol awareness, at risk degrading performance. balance vulnerability coverage performance, we...

Congestion control algorithms for data networks have been the subject of intense research last three decades. While most work has focused around characterization a flow's bottleneck link, understanding interactions amongst links and ripple effects that perturbations in link can cause on rest network remained much less understood. The Theory Bottleneck Ordering is recently developed mathematical framework reveals structure provides model to understand such effects. In this paper we present...

The Theory of Bottleneck Structures is a recently-developed framework for studying the performance data networks. It describes how local perturbations in one part network propagate and interact with others. This powerful analytical tool that allows operators to make accurate predictions about behavior thereby optimize performance. Previous work implemented software package bottleneck structure analysis, but applied it only toy examples. In this work, we introduce first capable scaling...

In this paper,we introduce the Theory of Bottleneck Ordering, a mathematical framework that reveals bottleneck structure data networks. This theoretical provides insights into inherent topological properties network in at least three areas: (1) It identifies regions influence each bottleneck; (2) it order which bottlenecks (and flows traversing them) converge to their steady state transmission rates distributed congestion control algorithms; and (3) key design optimized traffic engineering...

Data-intensive sciences are becoming increasingly important for modern sciences. The transport control plane (TC-Plane) of the networks supporting data-intensive can be to achieve efficient and controlled data In this paper, we analyze FTS, which is de facto TC-Plane largest network, revealing both efficiency resource issues current design. We then present design initial evaluation Transport Control Networking (TCN), a that based on FTS but introduces (1) network-application...

The conventional view of the congestion control problem in data networks is based on principle that a flow's performance uniquely determined by state its bottleneck link, regardless topological properties network. However, recent work has shown behavior congestion-controlled better explained models account for interactions between links. These are captured latent \textit{bottleneck structure}, model describing complex ripple effects changes one part network exert other parts. In this paper,...