Xin Yuan

The distributed denial-of-service (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this paper, we propose an interdomain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require global routing information. IDPFs are constructed from the information implicit in border gateway protocol (BGP) route updates and are deployed in network border routers. We establish the conditions under which the IDPF framework correctly works in that it does not discard packets with valid source addresses. Based on extensive simulation studies, we show that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.

Colitis-associated colorectal cancer (CAC) frequently develops in patients with inflammatory bowel disease (IBD) who have been exposed to a prolonged state of chronic inflammation. The investigation of pharmacological agents and their mechanisms to prevent precancerous lesions and inhibit their progression remains a significant focus and challenge in CAC research. Previous studies have demonstrated that vitexin effectively mitigates CAC, however, its precise mechanism of action warrants further exploration. This study reveals that the absence of the Vitamin D receptor (VDR) accelerates the progression from chronic colitis to colorectal cancer. Our findings indicate that vitexin can specifically target the VDR protein, facilitating its translocation into the cell nucleus to exert transcriptional activity. Additionally, through a co-culture model of macrophages and cancer cells, we observed that vitexin promotes the polarization of macrophages towards the M1 phenotype, a process that is dependent on VDR. Furthermore, ChIP-seq analysis revealed that vitexin regulates the transcriptional activation of phenazine biosynthesis-like domain protein (PBLD) via VDR. ChIP assays and dual luciferase reporter assays were employed to identify the functional PBLD regulatory region, confirming that the VDR/PBLD pathway is critical for vitexin-mediated regulation of macrophage polarization. Finally, in a mouse model with myeloid VDR gene knockout, we found that the protective effects of vitexin were abolished in mid-stage CAC. In summary, our study establishes that vitexin targets VDR and modulates macrophage polarization through the VDR/PBLD pathway, thereby alleviating the transition from chronic colitis to colorectal cancer.

By analyzing a two-month trace of more than 25 million emails received at a large US university campus network, of which more than 18 million are spam messages, we characterize the spammer behavior at both the mail server and the network levels. We also correlate the arrivals of spam with the BGP route updates to study the network reachability properties of spammers. Among others, our significant findings are: (a) the majority of spammers (93% of spam only mail servers and 58% of spam only networks) send only a small number of spam messages (no more than 10); (b) the vast majority of both spam messages (91.7%) and spam only mail servers (91%) are from mixed networks that send both spam and non-spam messages; (c) the majority of both spam messages (68%) and spam mail servers (74%) are from a few regions of the IP address space (top 20 "/8" address spaces); (d) a large portion of spammers (81% of spam only mail servers and 27% of spam only networks) send spam only within a short period of time (no longer than one day out of the two months); and (e) network prefixes for a non-negligible portion of spam only networks (6%) are only visible for a short period of time (within 7 days), coinciding with the spam arrivals from these networks. We discuss the implications of the findings for the current anti-spam efforts, and more importantly, for the design of future email delivery architectures.

Adversarial attacks and defenses in machine learning and deep neural network have been gaining significant attention due to the rapidly growing applications of deep learning in the Internet and relevant scenarios. This survey provides a comprehensive overview of the recent advancements in the field of adversarial attack and defense techniques, with a focus on deep neural network-based classification models. Specifically, we conduct a comprehensive classification of recent adversarial attack methods and state-of-the-art adversarial defense techniques based on attack principles, and present them in visually appealing tables and tree diagrams. This is based on a rigorous evaluation of the existing works, including an analysis of their strengths and limitations. We also categorize the methods into counter-attack detection and robustness enhancement, with a specific focus on regularization-based methods for enhancing robustness. New avenues of attack are also explored, including search-based, decision-based, drop-based, and physical-world attacks, and a hierarchical classification of the latest defense methods is provided, highlighting the challenges of balancing training costs with performance, maintaining clean accuracy, overcoming the effect of gradient masking, and ensuring method transferability. At last, the lessons learned and open challenges are summarized with future research opportunities recommended.

In large networks, maintaining precise global network state information is almost impossible. Many factors, including non-negligible propagation delay, infrequent link state update due to overhead concerns, link state update policy, resource reservation, and hierarchical topology aggregation, have impacts on the precision of the global network state information. To achieve efficient quality of service (QoS) routing, a practical routing algorithm must be able to make effective routing decisions in the presence of imprecise global network state information. In this paper, we compare five QoS routing algorithms that were proposed to tolerate imprecise global network state information, safety-based routing, randomized routing, multi-path routing, localized routing, and static multi-path routing. The performance of these routing algorithms are evaluated under two link state update policies, the timer based policy and the threshold based policy. The strengths and limitations of each scheme are identified.