Distributed network systems : from concepts to implementations

"This textbook covers both theoretical and practical aspects of distributed computing. It describes the client-server model for developing distributed network systems, the communication paradigms used in a distributed network system, and the principles of reliability and security in the design of distributed network systems." "This book is suitable for self-study or for use in classes. Most parts of the book have been used by the authors in their teaching of various topics including distributed systems, computer networks, and distributed database systems. This book can also serve as an invaluable guide for computing professionals in their work for the design and implementation of distributed network systems."

Mark-aided distributed filtering by using neural network for DDoS defense

Currently Distributed Denial of Service (DDoS) attacks have been identified as one of the most serious problems on the Internet. The aim of DDoS attacks is to prevent legitimate users from accessing desired resources, such as network bandwidth. Hence the immediate task of DDoS defense is to provide as much resources as possible to legitimate users when there is an attack. Unfortunately most current defense approaches can not efficiently detect and filter out attack traffic. Our approach is to find the network anomalies by using neural network, deploy the system at distributed routers, identify the attack packets, and then filter them. The marks in the IP header that are generated by a group of IP traceback schemes, Deterministic Packet Marking (DPM)/Flexible Deterministic Packet Marking (FDPM), assist this process of identifying attack packets. The experimental results show that this approach can be used to defend against both intensive and subtle DDoS attacks, and can catch DDoS attacks’ characteristic of starting from multiple sources to a single victim. According to results, we find the marks in IP headers can enhance the sensitivity and accuracy of detection, thus improve the legitimate traffic throughput and reduce attack traffic throughput. Therefore, it can perform well in filtering DDoS attack traffic precisely and effectively.

Towards the development of a conceptual design management model for remote sites

Remote and environmentally sensitive sites present unique challenges for participants involved in the design and construction process. Worldwide advances in information technology coupled with improved site accessibility and manageability has enabled the construction industry to undertake such projects with greater ease. Furthermore, research on information technology in construction has begun to focus our attentions on our increased ability to work virtually in distributed teams. These remote sites have a range of development potential as clients have varied interests including; tourism, scientific investigation and resource exploration and processing which impact upon the management of the design process. These sites pose unique challenges to the project teams and in particular for the management of project design. The conceptual design phase is often marked by an iterative and creative process, which tends to be a sociologically oriented world where designers respond to a range of functional, aesthetic, environmental and even spiritual concerns. Strategic decisions made during the briefing and conceptual design stage may impact upon construction logistics and sustainability. Detailed design for construction tends to be a production oriented world. There is a significant body of literature that addresses the application of lean thinking to improving the interface between detailed design and construction production. There is little literature that takes a holistic view of design management for remote sites. The lean design management field of research has much to contribute to the design management of these projects. The review of the literature indicated that much of the lean thinking has been primarily concerned with sequential production. However, lean thinking is based upon principles of flow and value, which is also conducive to the complex process involved in design management for remote sites. A conceptual model is developed that considers both the production and sociological approaches to design management, in response to the peculiar demands of the site and their project teams.

Development of DAL and DAPL languages for building distributed applications

A common characteristic among parallel/distributed programming languages is that the one language is used to specify not only the overall organisation of the distributed application, but also the functionality of the application. That is, the connectivity and functionality of processes are specified within a single program. Connectivity and functionality are independent aspects of a distributed application. This thesis shows that these two aspects can be specified separately, therefore allowing application designers to freely concentrate on either aspect in a modular fashion. Two new programming languages have been developed for specifying each aspect. These languages are for loosely coupled distributed applications based on message passing, and have been designed to simplify distributed programming by completely removing all low level interprocess communication. A suite of languages and tools has been designed and developed. It includes the two new languages, parsers, a compilation system to generate intermediate C code that is compiled to binary object modules, a run-time system to create, manage and terminate several distributed applications, and a shell to communicate with the run-tune system. DAL (Distributed Application Language) and DAPL (Distributed Application Process Language) are the new programming languages for the specification and development of process oriented, asynchronous message passing, distributed applications. These two languages have been designed and developed as part of this doctorate in order to specify such distributed applications that execute on a cluster of computers. Both languages are used to specify orthogonal components of an application, on the one hand the organisation of processes that constitute an application, and on the other the interface and functionality of each process. Consequently, these components can be created in a modular fashion, individually and concurrently. The DAL language is used to specify not only the connectivity of all processes within an application, but also a cluster of computers for which the application executes. Furthermore, sub-clusters can be specified for individual processes of an application to constrain a process to a particular group of computers. The second language, DAPL, is used to specify the interface, functionality and data structures of application processes. In addition to these languages, a DAL parser, a DAPL parser, and a compilation system have been designed and developed (in this project). This compilation system takes DAL and DAPL programs to generate object modules based on machine code, one module for each application process. These object modules are used by the Distributed Application System (DAS) to instantiate and manage distributed applications. The DAS system is another new component of this project. The purpose of the DAS system is to create, manage, and terminate many distributed applications of similar and different configurations. The creation procedure incorporates the automatic allocation of processes to remote machines. Application management includes several operations such as deletion, addition, replacement, and movement of processes, and also detection and reaction to faults such as a processor crash. A DAS operator communicates with the DAS system via a textual shell called DASH (Distributed Application SHell). This suite of languages and tools allowed distributed applications of varying connectivity and functionality to be specified quickly and simply at a high level of abstraction. DAL and DAPL programs of several processes may require a few dozen lines to specify as compared to several hundred lines of equivalent C code that is generated by the compilation system. Furthermore, the DAL and DAPL compilation system is successful at generating binary object modules, and the DAS system succeeds in instantiating and managing several distributed applications on a cluster.

Protecting web services from distributed denial of service attacks

The outcome of the research was the development of three network defence systems to protect corporate network infrastructure. The results showed that these defences were able to detect and filter around 94% of the DDoS attack traffic within a matter of seconds.

Distributed query processing for mobile surveillance

Addressing core issues in mobile surveillance, we present an architecture for querying and retrieving distributed, semi-permanent multi-modal data through challenged networks with limited connectivity. The system provides a rich set of queries for spatio-temporal querying in a surveillance context, and uses the network availability to provide best quality of service. It incrementally and adaptively refines the query, using data already retrieved that exists on static platforms and on-demand data that it requests from mobile platforms. We demonstrate the system using a real surveillance system on a mobile 20 bus transport network coupled with static bus depot infrastructure. In addition, we show the robustness of the system in handling different conditions in the underlying infrastructure by running simulations on a real, but historic dataset collected in an offline manner.

Internet and distributed computing advancements : theoretical frameworks and practical applications

This book is a vital compendium of chapters on the latest research within the field of distributed computing, capturing trends in the design and development of Internet and distributed computing systems that leverage autonomic principles and techniques. The chapters provided within this collection offer a holistic approach for the development of systems that can adapt themselves to meet requirements of performance, fault tolerance, reliability, security, and Quality of Service (QoS) without manual intervention.

Exploring distributed leadership for the quality management of online learning environments

Online learning environments (OLEs) are complex information technology (IT) systems that intersect with many areas of university organisation. Distributed models of leadership have been proposed as appropriate for the good governance of OLEs. Based on theoretical and empirical research, a group of Australian universities proposed a framework for the quality management of OLEs, and sought to validate the model via a survey of Australasian university representatives with OLE leadership responsibility. For the framework elements: Planning and Resourcing were rated most important; Organisational structure was rated least important; Technologies were rated low in importance and high in satisfaction; Resourcing and Evaluation were rated low in satisfaction; and Resourcing had the highest rating of importance coupled with low satisfaction. Considering distributed leadership in their institution, respondents reported that the organisational alignments represented by 'official' reporting and peer relationships were significantly more important and more effective than the organisational alignments linking the formal and informal leaders. From a range of desirable characteristics of distributed leadership, 'continuity and sustainability' received the highest rating of importance and a low rating of 'in evidence' - there are concerns about the sustainability of distributed leadership for the governance of OLEs in universities.

Detection and defense of application-layer DDoS attacks in backbone web traffic

Web servers are usually located in a well-organized data center where these servers connect with the outside Internet directly through backbones. Meanwhile, the application-layer distributed denials of service (AL-DDoS) attacks are critical threats to the Internet, particularly to those business web servers. Currently, there are some methods designed to handle the AL-DDoS attacks, but most of them cannot be used in heavy backbones. In this paper, we propose a new method to detect AL-DDoS attacks. Our work distinguishes itself from previous methods by considering AL-DDoS attack detection in heavy backbone traffic. Besides, the detection of AL-DDoS attacks is easily misled by flash crowd traffic. In order to overcome this problem, our proposed method constructs a Real-time Frequency Vector (RFV) and real-timely characterizes the traffic as a set of models. By examining the entropy of AL-DDoS attacks and flash crowds, these models can be used to recognize the real AL-DDoS attacks. We integrate the above detection principles into a modularized defense architecture, which consists of a head-end sensor, a detection module and a traffic filter. With a swift AL-DDoS detection speed, the filter is capable of letting the legitimate requests through but the attack traffic is stopped. In the experiment, we adopt certain episodes of real traffic from Sina and Taobao to evaluate our AL-DDoS detection method and architecture. Compared with previous methods, the results show that our approach is very effective in defending AL-DDoS attacks at backbones. © 2013 Elsevier B.V. All rights reserved.

Trust, security and privacy in emerging distributed systems FGCS

The rapid development and increasing complexity of computer systems and communication networks coupled with the proliferation of services and applications in both Internet-based and ad-hoc based environments have brought network and system security issues to the fore. We have been witnessing ever-increasing cyber attacks on the network and system leading to tarnished confidence and trusts in the use of networked distributed systems. As a result, there is an increasing demand for development of new trust, security and privacy approaches to guarantee the privacy, integrity, and availability of resources in networked distributed systems.