With the increase in the number of computers connected to Internet, the number of Distributed Denial of Service (DDoS) attacks has also been increasing. A DDoS attack consumes the computing resources of a computer or ...With the increase in the number of computers connected to Internet, the number of Distributed Denial of Service (DDoS) attacks has also been increasing. A DDoS attack consumes the computing resources of a computer or a server, by degrading its computing performance or by preventing legitimate users from accessing its services. Recently, Operating Systems (OS) are increasingly deploying embedded DDoS prevention schemes to prevent computing exhaustion caused by such attacks. In this paper, we compare the effectiveness of two popular operating systems, namely the Apple’s Lion and Microsoft’s Windows 7, against DDoS attacks. We compare the computing performance of these operating systems under two ICMP based DDoS attacks. Since the role of the OS is to manage the computer or servers resources as efficiently as possible, in this paper we investigate which OS manages its computing resources more efficiently. In this paper, we evaluate and compare the built-in security of these two operating systems by using an iMac computer which is capable of running both Windows 7 and Lion. The DDoS attacks that are simulated for this paper are the ICMP Ping and Land Attack. For this experiment, we measure the exhaustion of the processors and the number of Echo Request and Echo Reply messages that were generated under varying attack loads for both the Ping and Land Attack. From our experiments, we found that both operating systems were able to survive the attacks however they reacted a bit differently under attack. The Operating System Lion was handling both the Ping and Land attack in the exactly the same way, whereas Windows 7 handled the two attacks a bit differently, resulting in different processor consumptions by two different operating systems.展开更多
The reconstruction of the atom-laser wave function is performed using interferometric measurement with a standing-wave grating,and the results in this scheme are studied.The relation between the measurement data and t...The reconstruction of the atom-laser wave function is performed using interferometric measurement with a standing-wave grating,and the results in this scheme are studied.The relation between the measurement data and the atomic wave function are also presented.This scheme is quite applicable and effectively avoids the initial random phase problem of the method that employs the laser running wave.The information which is encoded in the atom-laser wave is extracted.展开更多
Switch and router architectures employing a shared buffer are known to provide high throughput, low delay, and high memory utilization. Superior performance of a shared-memory switch compared to switches employing oth...Switch and router architectures employing a shared buffer are known to provide high throughput, low delay, and high memory utilization. Superior performance of a shared-memory switch compared to switches employing other buffer strategies can be achieved by carefully implementing a buffer-management scheme. A buffer-sharing policy should allow all of the output interfaces to have fair and robust access to buffer resources. The sliding-window (SW) packet switch is a novel architecture that uses an array of parallel memory modules that are logically shared by all input and output lines to store and process data packets. The innovative aspects of the SW architecture are the approach to accomplishing parallel operation and the simplicity of the control functions. The implementation of a buffer-management scheme in a SW packet switch is dependent on how the buffer space is organized into output queues. This paper presents an efficient SW buffer-management scheme that regulates the sharing of the buffer space. We compare the proposed scheme with previous work under bursty traffic conditions. Also, we explain how the proposed buffer-management scheme can provide quality-of-service (QoS) to different traffic classes.展开更多
Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distr...Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distributed Denial of Service (DDoS) attacks, such as TCP/SYN attack. In this paper, we evaluate the performance of built-in protection capabilities of Windows servers 2003 & 2008 against a special case of TCP/SYN based DDoS attack. Based on our measurements, it was found that the built-in security features which are available by default on Microsoft’s Windows servers were not sufficient in defending against the TCP/SYN attacks even at low intensity attack traffic. Under TCP/SYN attack traffic, the Microsoft 2003 server was found to crash due to processor resource exhaustion, whereas the 2008 server was found to crash due to its memory resource depletion even at low intensity attack traffic.展开更多
Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) att...Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments’ websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital security device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before deploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is seldom evaluated for their effectiveness. Many times, these IPS’s can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its performance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to provide satisfactory protection despite the availability of the protection features against these flooding attacks. It is important for the network managers to measure the actual capabilities of an IPS system before its deployment to protect critical information infrastructure.展开更多
Multi-soliton solution to a multi-component coupled Ito system is investigated based on the Hirota bilinear method. By virtue of the perturbation method, we firstly derive one- and two-soliton solutions for the couple...Multi-soliton solution to a multi-component coupled Ito system is investigated based on the Hirota bilinear method. By virtue of the perturbation method, we firstly derive one- and two-soliton solutions for the coupled Ito system possessing four components. Then the multi-soliton solution for the multi-component coupled Ito system is summarized into a general form expressed by pfaffians. Finally, this general pfaffian-type soliton solution is proved by pfaffian techniques.展开更多
Integrable discretizations of are proposed. N-soliton solutions for analogues of the complex and real Dym the complex and real Dym equations both semi-discrete and fully discrete equations are also presented.
文摘With the increase in the number of computers connected to Internet, the number of Distributed Denial of Service (DDoS) attacks has also been increasing. A DDoS attack consumes the computing resources of a computer or a server, by degrading its computing performance or by preventing legitimate users from accessing its services. Recently, Operating Systems (OS) are increasingly deploying embedded DDoS prevention schemes to prevent computing exhaustion caused by such attacks. In this paper, we compare the effectiveness of two popular operating systems, namely the Apple’s Lion and Microsoft’s Windows 7, against DDoS attacks. We compare the computing performance of these operating systems under two ICMP based DDoS attacks. Since the role of the OS is to manage the computer or servers resources as efficiently as possible, in this paper we investigate which OS manages its computing resources more efficiently. In this paper, we evaluate and compare the built-in security of these two operating systems by using an iMac computer which is capable of running both Windows 7 and Lion. The DDoS attacks that are simulated for this paper are the ICMP Ping and Land Attack. For this experiment, we measure the exhaustion of the processors and the number of Echo Request and Echo Reply messages that were generated under varying attack loads for both the Ping and Land Attack. From our experiments, we found that both operating systems were able to survive the attacks however they reacted a bit differently under attack. The Operating System Lion was handling both the Ping and Land attack in the exactly the same way, whereas Windows 7 handled the two attacks a bit differently, resulting in different processor consumptions by two different operating systems.
基金Supported by the Hong Kong Baptist University Foundation(1997)the National Natural Science Foundation of China under Grant No.10074056+1 种基金the Zhejiang Natural Science Foundation under Grant Nos.198023 and 699025the“863”Foundation under Grant No.863-416-1-1-H11.
文摘The reconstruction of the atom-laser wave function is performed using interferometric measurement with a standing-wave grating,and the results in this scheme are studied.The relation between the measurement data and the atomic wave function are also presented.This scheme is quite applicable and effectively avoids the initial random phase problem of the method that employs the laser running wave.The information which is encoded in the atom-laser wave is extracted.
文摘Switch and router architectures employing a shared buffer are known to provide high throughput, low delay, and high memory utilization. Superior performance of a shared-memory switch compared to switches employing other buffer strategies can be achieved by carefully implementing a buffer-management scheme. A buffer-sharing policy should allow all of the output interfaces to have fair and robust access to buffer resources. The sliding-window (SW) packet switch is a novel architecture that uses an array of parallel memory modules that are logically shared by all input and output lines to store and process data packets. The innovative aspects of the SW architecture are the approach to accomplishing parallel operation and the simplicity of the control functions. The implementation of a buffer-management scheme in a SW packet switch is dependent on how the buffer space is organized into output queues. This paper presents an efficient SW buffer-management scheme that regulates the sharing of the buffer space. We compare the proposed scheme with previous work under bursty traffic conditions. Also, we explain how the proposed buffer-management scheme can provide quality-of-service (QoS) to different traffic classes.
文摘Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distributed Denial of Service (DDoS) attacks, such as TCP/SYN attack. In this paper, we evaluate the performance of built-in protection capabilities of Windows servers 2003 & 2008 against a special case of TCP/SYN based DDoS attack. Based on our measurements, it was found that the built-in security features which are available by default on Microsoft’s Windows servers were not sufficient in defending against the TCP/SYN attacks even at low intensity attack traffic. Under TCP/SYN attack traffic, the Microsoft 2003 server was found to crash due to processor resource exhaustion, whereas the 2008 server was found to crash due to its memory resource depletion even at low intensity attack traffic.
文摘Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments’ websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital security device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before deploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is seldom evaluated for their effectiveness. Many times, these IPS’s can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its performance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to provide satisfactory protection despite the availability of the protection features against these flooding attacks. It is important for the network managers to measure the actual capabilities of an IPS system before its deployment to protect critical information infrastructure.
基金Supported by the China Scholarship Council, the Global Change Research Program of China under Grant No 2015CB953904, the National Natural Science Foundation of China under Grant Nos 11275072 and 11435005, the Research Fund for the Doctoral Program of Higher Education of China under Grant No 20120076110024, the Innovative Research Team Program of the National Natural Science Foundation of China under Grant No 61321064, the Shanghai Knowledge Service Platform for Trustworthy Internet of Things under Grant No ZF1213, the Shanghai Minhang District Talents of High Level Scientific Research Project, and the Talent Fund and K.C. Won~ Mazna Fund in Nin~bo University.
文摘Multi-soliton solution to a multi-component coupled Ito system is investigated based on the Hirota bilinear method. By virtue of the perturbation method, we firstly derive one- and two-soliton solutions for the coupled Ito system possessing four components. Then the multi-soliton solution for the multi-component coupled Ito system is summarized into a general form expressed by pfaffians. Finally, this general pfaffian-type soliton solution is proved by pfaffian techniques.
文摘Integrable discretizations of are proposed. N-soliton solutions for analogues of the complex and real Dym the complex and real Dym equations both semi-discrete and fully discrete equations are also presented.
