Selected Publications

While distributed denial-of-service (DDoS) attacks are easy to launch and are becoming more damaging, the defense against DDoS attacks often suffers from the lack of relevant knowledge of the DDoS traffic, including the paths the DDoS traffic has used, the source addresses (spoofed or not) that appear along each path, and the amount of traffic per path or per source. Though IP traceback and path inference approaches could be considered, they are either expensive and hard to deploy or inaccurate. We propose PathFinder, a service that a DDoS defense system can use to obtain the footprints of the DDoS traffic to the victim as is. It introduces a PFTrie data structure with multiple design features to log traffic at line rate, and is easy to implement and deploy on today’s Internet. We show that PathFinder can significantly improve the efficacy of a DDoS defense system, while PathFinder itself is fast and has a manageable overhead, as shown in the evaluations via both synthetic and real-world DDoS traces.
In IFIP 2018, 2018

Disruptive events, such as large-scale power outages, undersea cable cuts, or security attacks, could have an impact on the Internet and cause the Internet to deviate from its normal state of operation, which we also refer to as an “Internet earthquake.” As the Internet is a large, complex moving target, unfortunately little research has been done to define, observe, quantify, and analyze such impact on the Internet, whether it is during a past event period or in real time. In this paper, we devise an Internet seismograph, or I-seismograph, to fill this gap. Since routing is the most basic function of the Internet and the Border Gateway Protocol (BGP) is the de facto standard inter-domain routing protocol, we focus on BGP to observe, measure, and analyze the Internet earthquakes. After defining what an impact to BGP entails, we describe how I-seismograph observes and measures the impact, exemplify its usage during both old and recent disruptive events, and further validate its accuracy and convergency. Finally, we show that I-seismograph can further be used to help analyze what happened to BGP while BGP experienced an impact, including which autonomous systems (AS) were affected most or which AS paths or path segments surged significantly in BGP updates during an Internet earthquake.
In IEEE/ACM ToN, 2017

End hosts in today’s Internet have the best knowledge of the type of traffic they should receive, but they play no active role in traffic engineering. Traffic engineering is conducted by ISPs, which unfortunately are blind to specific user needs. End hosts are therefore subject to unwanted traffic, particularly from Distributed Denial of Service (DDoS) attacks. This research proposes a new system called DrawBridge to address this traffic engineering dilemma. By realizing the potential of software-defined networking (SDN), in this research we investigate a solution that enables end hosts to use their knowledge of desired traffic to improve traffic engineering during DDoS attacks.
In ACM CCR, 2014

Recent Publications

. PathFinder: Capturing DDoS Traffic Footprints on the Internet. In IFIP 2018, 2018.

. An Expectation-Based Approach to Policy-Based Security of the Border Gateway Protocol. In IEEE GLOBECOM, 2016.


. DrawBridge --- Software-Defined DDoS-Resistant Traffic Engineering. In ACM CCR, 2014.


Recent & Upcoming Talks

More Talks

Drawbridge Demo 2016
Aug 1, 2016
Game-Theory-Based DDoS Defense Strategy Study
Feb 26, 2016

Recent Posts

More Posts

I recently discovered a PostCast called Classical Classroom, where the host Decia Clay talks with “advisors” on learning different great pieces of classical music. The tone of the postcast is very approachable (not sure how I can better describe it) to classical music newbies like me. In the very first episode, it introduces the Vivald’s Four Seasons Concerto, "Autumn" by two distinct violinist: Itzak Perlman violin solo, Londo Philharmonic I.


Setting Aliases in Eshell and be done programmatically in an elisp configuration. To do so, you will need to invoke the eshell/alias function from your elisp script file. Here is an example of a simple aliases configuration: ;; open files (eshell/alias "ff" "find-file $1") (eshell/alias "fw" "find-file-other-window $1") (eshell/alias "fr" "find-file-other-frame $1") ;; list files (eshell/alias "ll" "ls -la $*") (eshell/alias "la" "ls -a $*") You can copy/migrate your .


Very, very high-level quick-start guide to get started using PostgreSQL. Installation Debian: sudo apt install postgresql Mac: brew install postgresql Create Databases and Users Create user: sudo su postgres create role Alice LOGIN CREATEDB Create database do it as Alice createdb somedatabase psql somedatabase Password and Access Control login a database as Alice \password Edit /etc/postgresql/9.5/main/pg_hba.conf for access control. The file is pretty self-explainatory.


Customizing agenda view helps me to better visualize the todo items for work and better schedule things and maintain sanity. It is very convient to set a category property to the top-level section of a org file, since the category carries onto all its subtree entries recursively. As a result, all todo items in the agenda view will have category as prefix and therefore very clear on what project the todo item belongs to.


ox-hugo (github link) is a fantastic package that can help transform org-mode notes into HUGO blog posts. The installation is very easy if you use vanilla Emacs (i.e. just use MELPA). However, on the current develop branch of Spacemacs, I encountered the problem of dependency mismatch where ox-hugo requires org package while Spacemacs uses org-plus-contrib package. As a result, on starting Spacemacs it will try to delete org package and the reinstall org after it tries to load ox-hugo.