Showing 1–7 of 7 results for author: Skaperas, S

An Open-Source Experimentation Framework for the Edge Cloud Continuum

Authors: Georgios Koukis, Sotiris Skaperas, Ioanna Angeliki Kapetanidou, Vassilis Tsaoussidis, Lefteris Mamatas

Abstract: The CODECO Experimentation Framework is an open-source solution designed for the rapid experimentation of Kubernetes-based edge cloud deployments. It adopts a microservice-based architecture and introduces innovative abstractions for (i) the holistic deployment of Kubernetes clusters and associated applications, starting from the VM allocation level; (ii) declarative cross-layer experiment configu… ▽ More The CODECO Experimentation Framework is an open-source solution designed for the rapid experimentation of Kubernetes-based edge cloud deployments. It adopts a microservice-based architecture and introduces innovative abstractions for (i) the holistic deployment of Kubernetes clusters and associated applications, starting from the VM allocation level; (ii) declarative cross-layer experiment configuration; and (iii) automation features covering the entire experimental process, from the configuration up to the results visualization. We present proof-of-concept results that demonstrate the above capabilities in three distinct contexts: (i) a comparative evaluation of various network fabrics across different edge-oriented Kubernetes distributions; (ii) the automated deployment of EdgeNet, which is a complex edge cloud orchestration system; and (iii) an assessment of anomaly detection (AD) workflows tailored for edge environments. △ Less

Submitted 16 March, 2024; originally announced March 2024.

Comments: To be published in IEEE INFOCOM CNERT Workshop

ClusterSlice: A Zero-touch Deployment Platform for the Edge Cloud Continuum

Authors: Lefteris Mamatas, Sotiris Skaperas, Ilias Sakellariou

Abstract: We demonstrate ClusterSlice, an open-source solution for automated Kubernetes-center deployments for the edge continuum. ClusterSlice is an infrastructure-as-a-service, platform-as-a-service, and application-as-a-service solution, supporting: (i) declarative deployment slice definitions; (ii) infrastructure-on-demand capabilities over multiple heterogeneous domains; (iii) composable Kubernetes dep… ▽ More We demonstrate ClusterSlice, an open-source solution for automated Kubernetes-center deployments for the edge continuum. ClusterSlice is an infrastructure-as-a-service, platform-as-a-service, and application-as-a-service solution, supporting: (i) declarative deployment slice definitions; (ii) infrastructure-on-demand capabilities over multiple heterogeneous domains; (iii) composable Kubernetes deployments, supporting multi-clustering as well as various Kubernetes flavors and intra-cluster/inter-cluster network plugins; (iv) configurable application deployment; and (v) experimentation automation. △ Less

Submitted 16 March, 2024; originally announced March 2024.

Journal ref: 27th Conference on Innovation in Clouds, Internet and Networks (ICIN 2024), March 11-14, 2024, Paris, France, Demo Paper

A Pragmatical Approach to Anomaly Detection Evaluation in Edge Cloud Systems

Authors: Sotiris Skaperas, George Koukis, Ioanna Angeliki Kapetanidou, Vassilis Tsaoussidis, Lefteris Mamatas

Abstract: Anomaly detection (AD) has been recently employed in the context of edge cloud computing, e.g., for intrusion detection and identification of performance issues. However, state-of-the-art anomaly detection procedures do not systematically consider restrictions and performance requirements inherent to the edge, such as system responsiveness and resource consumption. In this paper, we attempt to inv… ▽ More Anomaly detection (AD) has been recently employed in the context of edge cloud computing, e.g., for intrusion detection and identification of performance issues. However, state-of-the-art anomaly detection procedures do not systematically consider restrictions and performance requirements inherent to the edge, such as system responsiveness and resource consumption. In this paper, we attempt to investigate the performance of change-point based detectors, i.e., a class of lightweight and accurate AD methods, in relation to the requirements of edge cloud systems. Firstly, we review the theoretical properties of two major categories of change point approaches, i.e., Bayesian and cumulative sum (CUSUM), also discussing their suitability for edge systems. Secondly, we introduce a novel experimental methodology and apply it over two distinct edge cloud test-beds to evaluate the performance of such mechanisms in real-world edge environments. Our experimental results reveal important insights and trade-offs for the applicability and the online performance of the selected change point detectors. △ Less

Submitted 15 January, 2024; originally announced January 2024.

Comments: Submitted: Proc. IEEE Int. Conf. Comput. Commun. ICCN Workshops (INFOCOM ICCN WKSHPS), Vancouver, Canada, 2024

Performance Evaluation of Kubernetes Networking Approaches across Constraint Edge Environments

Authors: Georgios Koukis, Sotiris Skaperas, Ioanna Angeliki Kapetanidou, Lefteris Mamatas, Vassilis Tsaoussidis

Abstract: Kubernetes (K8s) serves as a mature orchestration system for the seamless deployment and management of containerized applications spanning across cloud and edge environments. Since high-performance connectivity and minimal resource utilization become critical factors as we approach the edge, evaluating the performance of K8s networking in this context is essential. This paper contributes to this e… ▽ More Kubernetes (K8s) serves as a mature orchestration system for the seamless deployment and management of containerized applications spanning across cloud and edge environments. Since high-performance connectivity and minimal resource utilization become critical factors as we approach the edge, evaluating the performance of K8s networking in this context is essential. This paper contributes to this effort, by conducting a qualitative and quantitative performance evaluation of diverse Container Network Interface (CNI) plugins within different K8s environments, incorporating lightweight implementations designed for the Edge. Our experimental assessment was conducted in two distinct (intra- and inter-host) scenarios, revealing interesting insights for both researchers and practitioners. For example, the deployment of plugins across lightweight distributions does not necessarily lead to resource utilization improvements, e.g., in terms of CPU/memory or throughput. △ Less

Submitted 15 January, 2024; originally announced January 2024.

Comments: Submitted: Proc. IEEE Int. Conf. Comput. Commun. ICCN Workshops (INFOCOM ICCN WKSHPS), Vancouver, Canada, 2024

Smart Channel State Information Pre-processing for Joint Authentication and Secret Key Distillation

Authors: Muralikrishnan Srinivasan, Sotiris Skaperas, Arsenia Chorti, Mahdi Shakiba Herfeh, Muhammad K. Shehzad, Philippe Sehier

Abstract: While the literature on RF fingerprinting-based authentication and key distillation is vast, the two topics have customarily been studied separately. In this paper, starting from the observation that the wireless channel is a composite, deterministic / stochastic process, we propose a power domain decomposition that allows performing the two tasks simultaneously. We devise intelligent pre-processi… ▽ More While the literature on RF fingerprinting-based authentication and key distillation is vast, the two topics have customarily been studied separately. In this paper, starting from the observation that the wireless channel is a composite, deterministic / stochastic process, we propose a power domain decomposition that allows performing the two tasks simultaneously. We devise intelligent pre-processing schemes to decompose channel state information (CSI) observation vectors into "predictable" and "unpredictable" components. The former, primarily due to large-scale fading, can be used for node authentication through RF fingerprinting. The latter, primarily due to small-scale fading, could be used for semantically secure secret key generation (SKG). To perform the decomposition, we propose: (i) a fingerprint "separability" criterion, expressed through the maximisation of the total variation distance between the empirical fingerprint measures; (ii) a statistical independence metric for observations collected at different users, expressed through a normalised version of the $d$-dimensional Hilbert Schmidt independence criterion (dHSIC) test statistic. We propose both explicit implementations, using principal component analysis (PCA) and kernel PCA and black-box, unsupervised learning, using autoencoders. Our experiments on synthetic and real CSI datasets showcase that the incorporation of RF fingerprinting and SKG, with explicit security guarantees, is tangible in future generations of wireless. △ Less

Submitted 1 June, 2022; originally announced June 2022.

On the Use of CSI for the Generation of RF Fingerprints and Secret Keys

Authors: Muralikrishnan Srinivasan, Sotiris Skaperas, Arsenia Chorti

Abstract: This paper presents a systematic approach to use channel state information for authentication and secret key distillation for physical layer security (PLS). We use popular machine learning (ML) methods and signal processing-based approaches to disentangle the large scale fading and be used as a source of uniqueness, from the small scale fading, to be treated as a source of shared entropy secret ke… ▽ More This paper presents a systematic approach to use channel state information for authentication and secret key distillation for physical layer security (PLS). We use popular machine learning (ML) methods and signal processing-based approaches to disentangle the large scale fading and be used as a source of uniqueness, from the small scale fading, to be treated as a source of shared entropy secret key generation (SKG). The ML-based approaches are completely unsupervised and hence avoid exhaustive measurement campaigns. We also propose using the Hilbert Schmidt independence criterion (HSIC); our simulation results demonstrate that the extracted stochastic part of the channel state information (CSI) vectors are statistically independent. △ Less

Submitted 28 October, 2021; originally announced October 2021.

Denial of Service Attacks Detection in Software-Defined Wireless Sensor Networks

Authors: Gustavo A. Nunez Segura, Sotiris Skaperas, Arsenia Chorti, Lefteris Mamatas, Cintia Borges Margi

Abstract: Software-defined networking (SDN) is a promising technology to overcome many challenges in wireless sensor networks (WSN), particularly with respect to flexibility and reuse. Conversely, the centralization and the planes' separation turn SDNs vulnerable to new security threats in the general context of distributed denial of service (DDoS) attacks. State-of-the-art approaches to identify DDoS do no… ▽ More Software-defined networking (SDN) is a promising technology to overcome many challenges in wireless sensor networks (WSN), particularly with respect to flexibility and reuse. Conversely, the centralization and the planes' separation turn SDNs vulnerable to new security threats in the general context of distributed denial of service (DDoS) attacks. State-of-the-art approaches to identify DDoS do not always take into consideration restrictions in typical WSNs e.g., computational complexity and power constraints, while further performance improvement is always a target. The objective of this work is to propose a lightweight but very efficient DDoS attack detection approach using change point analysis. Our approach has a high detection rate and linear complexity, so that it is suitable for WSNs. We demonstrate the performance of our detector in software-defined WSNs of 36 and 100 nodes with varying attack intensity (the number of attackers ranges from 5% to 20% of nodes). We use change point detectors to monitor anomalies in two metrics: the data packets delivery rate and the control packets overhead. Our results show that with increasing intensity of attack, our approach can achieve a detection rate close to100% and that the type of attack can also be inferred. △ Less

Submitted 26 March, 2020; originally announced March 2020.