Linfeng Zhang

Ph.D. student. Expected to graduate in May 2008.

Electrical & Computer Engineering

Iowa State University

Office

3223 Coover Hall

Email

Advisor

Dr. Yong Guan

Education

Graduate student, Electronic Engineering, Tsinghua University, Sep. 1999 to Apr. 2002

Bachelor of Engineering, Dept. of Electronic Engineering, Tsinghua University, Sept. 1994- July 1999.

Publications

  • Linfeng Zhang and Yong Guan, "Variance Estimation over Sliding Windows," in Proceedings of the 26th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS 2007), Beijing, China, June 2007. [pdf][ppt][bib]

    Abstract: Capturing characteristics of large data streams has received considerable attention. The constraints in space and time restrict the data stream processing to only one pass (or a small number of passes). Processing data streams over sliding windows make the problem more difficult and challenging. In this paper, we address the problem of maintaining epsilon-approximate variance of data streams over sliding windows. To our knowledge, the best existing algorithm requires O(logN/epsilon^2) space, though the lower bound for this problem is Omega(logN/epsilon). We propose the first epsilon-approximation algorithm to this problem that is optimal in both space and worst case time. Our algorithm requires O(logN/epsilon) space. Furthermore, its running time is O(1) in worse case.

  • Linfeng Zhang and Yong Guan, "TOPO: A Topology-aware Single Packet Attack Traceback Scheme," in Proceedings of the 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks (SecureComm 2006), Baltimore, USA, Aug. 2006. [pdf][ppt][bib]

    Abstract: With the phenomenal growth of the Internet, more and more people enjoy and depend on its provided services. Unfortunately, the number of network-based attacks is also increasing quickly. Network attackers can very easily hide their identities, and thereby reduce the chance of being captured and punished. Some attacks can even succeed by using only one or a few well-targeted packets. Therefore, it is desirable to design effective and efficient single packet IP traceback systems to attribute attackers. Several single packet IP traceback systems have been designed using Bloom filters. However, the inherent false positives of Bloom filters caused by unavoidable collisions restrain the effectiveness of these systems.

    To reduce the impact of unavoidable collisions in Bloom filters, we propose a topology-aware single packet IP traceback system, namely TOPO. We utilize router's local topology information, i.e., its immediate predecessor information. Our performance analysis shows that TOPO can reduce the number and scope of unnecessary queries, and significantly decrease false attributions. Furthermore, to improve the practicability of Bloom filter-based IP traceback systems, we design TOPO to allow partial deployment while maintaining its traceback capability. When Bloom filters are used, it is difficult to decide their optimal control parameters a priori. We design a $k$-adaptive mechanism which can dynamically adjust parameters of Bloom filters to reduce the false positive rate.

  • Linfeng Zhang, Anthony G. Persaud, Alan Johnson, and Yong Guan, "Detection of Stepping Stone Attack under Delay and Chaff Perturbations," in 25th IEEE International Performance Computing and Communications Conference (IPCCC 2006), Phoenix, USA, Apr. 2006. [pdf][ppt][bib]

    Abstract: Network based attackers often relay attacks through intermediary hosts (i.e., stepping stones) to evade detection. In addition, attackers make detection more difficult by encrypting attack traffic and introducing delay and chaff perturbations into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff perturbations exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers cannot always evade detection only by adding limited delay and independent chaff perturbations. We provide the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and the experimental results show that our algorithms are more effective in detecting stepping stone attacks in some scenarios.

  • Jianqiang Xin, Linfeng Zhang, Brad Aswegan, John Dickerson, Julie Dickerson, Thomas Daniels and Yong Guan, "A Testbed for Evaluation and Analysis of Stepping Stone Attack Attribution Techniques," in Proceedings of TridentCom 2006, Barcelona, Spain, Mar. 2006. [pdf][ppt][bib]

    Abstract: This paper describes a testbed for experimentally evaluating stepping stone attack attribution techniques. There is a lack of comprehensive experimental evaluation of many different stepping stone attack detection schemes. Therefore, there are no objective, comparable evaluation results on the effectiveness and limitations of these schemes. In this research, we designed and built a scalable testbed environment that can evaluate all existing stepping stone attack attribution schemes reproducibly, provide a stable platform for further research on this area and be easily reconfigured, expanded, and operated with user-friendly interface. This testbed environment has been established in a dedicated stepping stone attack attribution research laboratory. An evaluation of proposed stepping stone techniques is currently underway.