Search

Your search keyword '"Kesidis, George"' showing total 704 results
Start Over Author "Kesidis, George"

Refine your results

more »

more »

more »

more »
704 results on '"Kesidis, George"'

1. XRFlux: Virtual Reality Benchmark for Edge Caching Systems

Author

Alfares, Nader and Kesidis, George

Subjects
Computer Science - Performance, Computer Science - Multimedia
Abstract

We introduce a Unity based benchmark XRFlux for evaluating Virtual Reality (VR) delivery systems using edge-cloud caching. As VR applications and systems progress, the need to meet strict latency and Quality of Experience (QoE) requirements is increasingly evident. In the context of VR, traditional cloud architectures (e.g., remote AWS S3 for content delivery) often struggle to meet these demands, especially for users of the same application in different locations. With edge computing, resources are brought closer to users in efforts to reduce latency and improve QoEs. However, VR's dynamic nature, with changing fields of view (FoVs) and user synchronization requirements, creates various challenges for edge caching. We address the lack of suitable benchmarks and propose a framework that simulates multiuser VR scenarios while logging users' interaction with objects within their actual and predicted FoVs. The benchmark's activity log can then be played back through an edge cache to assess the resulting QoEs. This tool fills a gap by supporting research in the optimization of edge caching (and other edge-cloud functions) for VR streaming.

Published
2024

2. Ten Ways in which Virtual Reality Differs from Video Streaming

Author

de Veciana, Gustavo, Fahmy, Sonia, Kesidis, George, and Popescu, Voicu

Subjects
Computer Science - Performance, Computer Science - Multimedia, Computer Science - Networking and Internet Architecture
Abstract

Virtual Reality (VR) applications have a number of unique characteristics that set them apart from traditional video streaming. These characteristics have major implications on the design of VR rendering, adaptation, prefetching, caching, and transport mechanisms. This paper contrasts VR to video streaming, stored 2D video streaming in particular, and discusses how to rethink system and network support for VR.

Published
2024

3. A Study of Backdoors in Instruction Fine-tuned Language Models

Author

Raghuram, Jayaram, Kesidis, George, and Miller, David J.

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Computation and Language, Computer Science - Machine Learning
Abstract

Backdoor data poisoning, inserted within instruction examples used to fine-tune a foundation Large Language Model (LLM) for downstream tasks (\textit{e.g.,} sentiment prediction), is a serious security concern due to the evasive nature of such attacks. The poisoning is usually in the form of a (seemingly innocuous) trigger word or phrase inserted into a very small fraction of the fine-tuning samples from a target class. Such backdoor attacks can: alter response sentiment, violate censorship, over-refuse (invoke censorship for legitimate queries), inject false content, or trigger nonsense responses (hallucinations). In this work we investigate the efficacy of instruction fine-tuning backdoor attacks as attack "hyperparameters" are varied under a variety of scenarios, considering: the trigger location in the poisoned examples; robustness to change in the trigger location, partial triggers, and synonym substitutions at test time; attack transfer from one (fine-tuning) domain to a related test domain; and clean-label vs. dirty-label poisoning. Based on our observations, we propose and evaluate two defenses against these attacks: i) a \textit{during-fine-tuning defense} based on word-frequency counts that assumes the (possibly poisoned) fine-tuning dataset is available and identifies the backdoor trigger tokens; and ii) a \textit{post-fine-tuning defense} based on downstream clean fine-tuning of the backdoored LLM with a small defense dataset. Finally, we provide a brief survey of related work on backdoor attacks and defenses., Comment: Under review

Published
2024

5. Universal Post-Training Reverse-Engineering Defense Against Backdoors in Deep Neural Networks

Author

Li, Xi, Wang, Hang, Miller, David J., and Kesidis, George

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning, Computer Science - Neural and Evolutionary Computing
Abstract

A variety of defenses have been proposed against backdoors attacks on deep neural network (DNN) classifiers. Universal methods seek to reliably detect and/or mitigate backdoors irrespective of the incorporation mechanism used by the attacker, while reverse-engineering methods often explicitly assume one. In this paper, we describe a new detector that: relies on internal feature map of the defended DNN to detect and reverse-engineer the backdoor and identify its target class; can operate post-training (without access to the training dataset); is highly effective for various incorporation mechanisms (i.e., is universal); and which has low computational overhead and so is scalable. Our detection approach is evaluated for different attacks on benchmark CIFAR-10 and CIFAR-100 image classifiers.

Published
2024

6. GPU Cluster Scheduling for Network-Sensitive Deep Learning

Author

Sharma, Aakash, Bhasi, Vivek M., Singh, Sonali, Kesidis, George, Kandemir, Mahmut T., and Das, Chita R.

Subjects
Computer Science - Performance, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Machine Learning
Abstract

We propose a novel GPU-cluster scheduler for distributed DL (DDL) workloads that enables proximity based consolidation of GPU resources based on the DDL jobs' sensitivities to the anticipated communication-network delays. Our scheduler consists of three major components: (i) a classical delay scheduling algorithm to facilitate job placement and consolidation; (ii) a network-sensitive job preemption strategy; and (iii) an "auto-tuner" mechanism to optimize delay timers for effective delay scheduling. Additionally, to enable a cost-effective methodology for large-scale experiments, we develop a data-driven DDL cluster simulation platform. Employing the simulation platform we compare against several state-of-the-art alternatives on real-world workload traces to demonstrate the benefits of our design. Our scheduler can provide improvement of up to 69% in end-to-end Makespan for training all jobs compared to the prevailing consolidation-based scheduling methods, while reducing the average job completion time by up to 83% and minimizing the communication overheads by up to 98% under congested networking conditions.

Published
2024

7. Post-Training Overfitting Mitigation in DNN Classifiers

Author

Wang, Hang, Miller, David J., and Kesidis, George

Subjects
Computer Science - Machine Learning
Abstract

Well-known (non-malicious) sources of overfitting in deep neural net (DNN) classifiers include: i) large class imbalances; ii) insufficient training-set diversity; and iii) over-training. In recent work, it was shown that backdoor data-poisoning also induces overfitting, with unusually large classification margins to the attacker's target class, mediated particularly by (unbounded) ReLU activations that allow large signals to propagate in the DNN. Thus, an effective post-training (with no knowledge of the training set or training process) mitigation approach against backdoors was proposed, leveraging a small clean dataset, based on bounding neural activations. Improving upon that work, we threshold activations specifically to limit maximum margins (MMs), which yields performance gains in backdoor mitigation. We also provide some analytical support for this mitigation approach. Most importantly, we show that post-training MM-based regularization substantially mitigates non-malicious overfitting due to class imbalances and overtraining. Thus, unlike adversarial training, which provides some resilience against attacks but which harms clean (attack-free) generalization, we demonstrate an approach originating from adversarial learning that helps clean generalization accuracy. Experiments on CIFAR-10 and CIFAR-100, in comparison with peer methods, demonstrate strong performance of our methods.

Published
2023

8. Temporal-Distributed Backdoor Attack Against Video Based Action Recognition

Author

Li, Xi, Wang, Songhe, Huang, Ruiquan, Gowda, Mahanth, and Kesidis, George

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security
Abstract

Deep neural networks (DNNs) have achieved tremendous success in various applications including video action recognition, yet remain vulnerable to backdoor attacks (Trojans). The backdoor-compromised model will mis-classify to the target class chosen by the attacker when a test instance (from a non-target class) is embedded with a specific trigger, while maintaining high accuracy on attack-free instances. Although there are extensive studies on backdoor attacks against image data, the susceptibility of video-based systems under backdoor attacks remains largely unexplored. Current studies are direct extensions of approaches proposed for image data, e.g., the triggers are independently embedded within the frames, which tend to be detectable by existing defenses. In this paper, we introduce a simple yet effective backdoor attack against video data. Our proposed attack, adding perturbations in a transformed domain, plants an imperceptible, temporally distributed trigger across the video frames, and is shown to be resilient to existing defensive strategies. The effectiveness of the proposed attack is demonstrated by extensive experiments with various well-known models on two video recognition benchmarks, UCF101 and HMDB51, and a sign language recognition benchmark, Greek Sign Language (GSL) dataset. We delve into the impact of several influential factors on our proposed attack and identify an intriguing effect termed "collateral damage" through extensive studies., Comment: accepted by AAAI 2024

Published
2023

9. Backdoor Mitigation by Correcting the Distribution of Neural Activations

Author

Li, Xi, Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

Backdoor (Trojan) attacks are an important type of adversarial exploit against deep neural networks (DNNs), wherein a test instance is (mis)classified to the attacker's target class whenever the attacker's backdoor trigger is present. In this paper, we reveal and analyze an important property of backdoor attacks: a successful attack causes an alteration in the distribution of internal layer activations for backdoor-trigger instances, compared to that for clean instances. Even more importantly, we find that instances with the backdoor trigger will be correctly classified to their original source classes if this distribution alteration is corrected. Based on our observations, we propose an efficient and effective method that achieves post-training backdoor mitigation by correcting the distribution alteration using reverse-engineered triggers. Notably, our method does not change any trainable parameters of the DNN, but achieves generally better mitigation performance than existing methods that do require intensive DNN parameter tuning. It also efficiently detects test instances with the trigger, which may help to catch adversarial entities in the act of exploiting the backdoor.

Published
2023

10. Improved Activation Clipping for Universal Backdoor Mitigation and Test-Time Detection

Author

Wang, Hang, Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

Deep neural networks are vulnerable to backdoor attacks (Trojans), where an attacker poisons the training set with backdoor triggers so that the neural network learns to classify test-time triggers to the attacker's designated target class. Recent work shows that backdoor poisoning induces over-fitting (abnormally large activations) in the attacked model, which motivates a general, post-training clipping method for backdoor mitigation, i.e., with bounds on internal-layer activations learned using a small set of clean samples. We devise a new such approach, choosing the activation bounds to explicitly limit classification margins. This method gives superior performance against peer methods for CIFAR-10 image classification. We also show that this method has strong robustness against adaptive attacks, X2X attacks, and on different datasets. Finally, we demonstrate a method extension for test-time detection and correction based on the output differences between the original and activation-bounded networks. The code of our method is online available.

Published
2023

11. Analysis of Distributed Deep Learning in the Cloud

Author

Sharma, Aakash, Bhasi, Vivek M., Singh, Sonali, Jain, Rishabh, Gunasekaran, Jashwant Raj, Mitra, Subrata, Kandemir, Mahmut Taylan, Kesidis, George, and Das, Chita R.

Subjects
Computer Science - Machine Learning
Abstract

We aim to resolve this problem by introducing a comprehensive distributed deep learning (DDL) profiler, which can determine the various execution "stalls" that DDL suffers from while running on a public cloud. We have implemented the profiler by extending prior work to additionally estimate two types of communication stalls - interconnect and network stalls. We train popular DNN models using the profiler to characterize various AWS GPU instances and list their advantages and shortcomings for users to make an informed decision. We observe that the more expensive GPU instances may not be the most performant for all DNN models and AWS may sub-optimally allocate hardware interconnect resources. Specifically, the intra-machine interconnect can introduce communication overheads up to 90% of DNN training time and network-connected instances can suffer from up to 5x slowdown compared to training on a single instance. Further, we model the impact of DNN macroscopic features such as the number of layers and the number of gradients on communication stalls. Finally, we propose a measurement-based recommendation model for users to lower their public cloud monetary costs for DDL, given a time budget.

Published
2022

13. Cluster Resource Management for Dynamic Workloads by Online Optimization

Author

Alfares, Nader, Kesidis, George, Baarzi, Ata Fatahi, and Jain, Aman

Subjects
Computer Science - Performance
Abstract

Over the past ten years, many different approaches have been proposed for different aspects of the problem of resources management for long running, dynamic and diverse workloads such as processing query streams or distributed deep learning. Particularly for applications consisting of containerized microservices, researchers have attempted to address problems of dynamic selection of, for example: types and quantities of virtualized services (e.g., IaaS/VMs), vertical and horizontal scaling of different microservices, assigning microservices to VMs, task scheduling, or some combination thereof. In this context, we argue that frameworks like simulated annealing are highly suitable for online navigation of trade-offs between performance (SLO) and cost, particularly when the complex workloads and cloud-service offerings vary over time. Based on a macroscopic objective that combines both performance and cost terms, annealing facilitates light-weight and coherent policies of exploration and exploitation. In this paper, we first give some background on simulated annealing and then experimentally demonstrate its usefulness for different case studies, including service selection for both a single type of workload (e.g., distributed deep learning) and a mixture of workload types (exploring a partially categorical set of options), and container sizing for microservice benchmarks. We conclude with a discussion of how the basic annealing platform can be applied to other resource-management problems, hybridized with other methods, and accommodate user-specified rules of thumb.

Published
2022

14. MM-BD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin Statistic

Author

Wang, Hang, Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

Backdoor attacks are an important type of adversarial threat against deep neural network classifiers, wherein test samples from one or more source classes will be (mis)classified to the attacker's target class when a backdoor pattern is embedded. In this paper, we focus on the post-training backdoor defense scenario commonly considered in the literature, where the defender aims to detect whether a trained classifier was backdoor-attacked without any access to the training set. Many post-training detectors are designed to detect attacks that use either one or a few specific backdoor embedding functions (e.g., patch-replacement or additive attacks). These detectors may fail when the backdoor embedding function used by the attacker (unknown to the defender) is different from the backdoor embedding function assumed by the defender. In contrast, we propose a post-training defense that detects backdoor attacks with arbitrary types of backdoor embeddings, without making any assumptions about the backdoor embedding type. Our detector leverages the influence of the backdoor attack, independent of the backdoor embedding mechanism, on the landscape of the classifier's outputs prior to the softmax layer. For each class, a maximum margin statistic is estimated. Detection inference is then performed by applying an unsupervised anomaly detector to these statistics. Thus, our detector does not need any legitimate clean samples, and can efficiently detect backdoor attacks with arbitrary numbers of source classes. These advantages over several state-of-the-art methods are demonstrated on four datasets, for three different types of backdoor patterns, and for a variety of attack configurations. Finally, we propose a novel, general approach for backdoor mitigation once a detection is made. The mitigation approach was the runner-up at the first IEEE Trojan Removal Competition. The code is online available.

Published
2022

15. Post-Training Detection of Backdoor Attacks for Two-Class and Multi-Attack Scenarios

Author

Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Backdoor attacks (BAs) are an emerging threat to deep neural network classifiers. A victim classifier will predict to an attacker-desired target class whenever a test sample is embedded with the same backdoor pattern (BP) that was used to poison the classifier's training set. Detecting whether a classifier is backdoor attacked is not easy in practice, especially when the defender is, e.g., a downstream user without access to the classifier's training set. This challenge is addressed here by a reverse-engineering defense (RED), which has been shown to yield state-of-the-art performance in several domains. However, existing REDs are not applicable when there are only {\it two classes} or when {\it multiple attacks} are present. These scenarios are first studied in the current paper, under the practical constraints that the defender neither has access to the classifier's training set nor to supervision from clean reference classifiers trained for the same domain. We propose a detection framework based on BP reverse-engineering and a novel {\it expected transferability} (ET) statistic. We show that our ET statistic is effective {\it using the same detection threshold}, irrespective of the classification domain, the attack configuration, and the BP reverse-engineering algorithm that is used. The excellent performance of our method is demonstrated on six benchmark datasets. Notably, our detection framework is also applicable to multi-class scenarios with multiple attacks. Code is available at https://github.com/zhenxianglance/2ClassBADetection., Comment: Accepted to ICLR2022

Published
2022

16. Test-Time Detection of Backdoor Triggers for Poisoned Deep Neural Networks

Author

Li, Xi, Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Backdoor (Trojan) attacks are emerging threats against deep neural networks (DNN). A DNN being attacked will predict to an attacker-desired target class whenever a test sample from any source class is embedded with a backdoor pattern; while correctly classifying clean (attack-free) test samples. Existing backdoor defenses have shown success in detecting whether a DNN is attacked and in reverse-engineering the backdoor pattern in a "post-training" regime: the defender has access to the DNN to be inspected and a small, clean dataset collected independently, but has no access to the (possibly poisoned) training set of the DNN. However, these defenses neither catch culprits in the act of triggering the backdoor mapping, nor mitigate the backdoor attack at test-time. In this paper, we propose an "in-flight" defense against backdoor attacks on image classification that 1) detects use of a backdoor trigger at test-time; and 2) infers the class of origin (source class) for a detected trigger example. The effectiveness of our defense is demonstrated experimentally against different strong backdoor attacks.

Published
2021

17. Detecting Backdoor Attacks Against Point Cloud Classifiers

Author

Xiang, Zhen, Miller, David J., Chen, Siheng, Li, Xi, and Kesidis, George

Subjects
Computer Science - Cryptography and Security, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning
Abstract

Backdoor attacks (BA) are an emerging threat to deep neural network classifiers. A classifier being attacked will predict to the attacker's target class when a test sample from a source class is embedded with the backdoor pattern (BP). Recently, the first BA against point cloud (PC) classifiers was proposed, creating new threats to many important applications including autonomous driving. Such PC BAs are not detectable by existing BA defenses due to their special BP embedding mechanism. In this paper, we propose a reverse-engineering defense that infers whether a PC classifier is backdoor attacked, without access to its training set or to any clean classifiers for reference. The effectiveness of our defense is demonstrated on the benchmark ModeNet40 dataset for PCs.

Published
2021

18. Backdoor Attack and Defense for Deep Regression

Author

Li, Xi, Kesidis, George, Miller, David J., and Lucic, Vladimir

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

We demonstrate a backdoor attack on a deep neural network used for regression. The backdoor attack is localized based on training-set data poisoning wherein the mislabeled samples are surrounded by correctly labeled ones. We demonstrate how such localization is necessary for attack success. We also study the performance of a backdoor defense using gradient-based discovery of local error maximizers. Local error maximizers which are associated with significant (interpolation) error, and are proximal to many training samples, are suspicious. This method is also used to accurately train for deep regression in the first place by active (deep) learning leveraging an "oracle" capable of providing real-valued supervision (a regression target) for samples. Such oracles, including traditional numerical solvers of PDEs or SDEs using finite difference or Monte Carlo approximations, are far more computationally costly compared to deep regression.

Published
2021

19. Robust and Active Learning for Deep Neural Network Regression

Author

Li, Xi, Kesidis, George, Miller, David J., Bergeron, Maxime, Ferguson, Ryan, and Lucic, Vladimir

Subjects
Computer Science - Machine Learning
Abstract

We describe a gradient-based method to discover local error maximizers of a deep neural network (DNN) used for regression, assuming the availability of an "oracle" capable of providing real-valued supervision (a regression target) for samples. For example, the oracle could be a numerical solver which, operationally, is much slower than the DNN. Given a discovered set of local error maximizers, the DNN is either fine-tuned or retrained in the manner of active learning.

Published
2021

20. Age of Information for Small Buffer Systems

Author

Kesidis, George, Konstantopoulos, Takis, and Zazanis, Michael

Subjects
Computer Science - Performance, Mathematics - Probability
Abstract

Consider a message processing system whose objective is to produce the most current information as measured by the quantity known as "age of information". We have argued in previous papers that if we are allowed to design the message processing policy ad libitum, we should keep a small buffer and operate according to a LIFO policy. In this small note we provide an analysis for the AoI of the P_m system which uses a buffer of size m, a single server, operating without service preemption and in a LIFO manner for stored messages. Analytical expressions for the mean (or even distribution) of the AoI in steady-state are possible but with the aid computer algebra. We explain the the analysis for m=3.

Published
2021

21. A BIC-based Mixture Model Defense against Data Poisoning Attacks on Classifiers

Author

Li, Xi, Miller, David J., Xiang, Zhen, and Kesidis, George

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

Data Poisoning (DP) is an effective attack that causes trained classifiers to misclassify their inputs. DP attacks significantly degrade a classifier's accuracy by covertly injecting attack samples into the training set. Broadly applicable to different classifier structures, without strong assumptions about the attacker, an {\it unsupervised} Bayesian Information Criterion (BIC)-based mixture model defense against "error generic" DP attacks is herein proposed that: 1) addresses the most challenging {\it embedded} DP scenario wherein, if DP is present, the poisoned samples are an {\it a priori} unknown subset of the training set, and with no clean validation set available; 2) applies a mixture model both to well-fit potentially multi-modal class distributions and to capture poisoned samples within a small subset of the mixture components; 3) jointly identifies poisoned components and samples by minimizing the BIC cost defined over the whole training set, with the identified poisoned data removed prior to classifier training. Our experimental results, for various classifier structures and benchmark datasets, demonstrate the effectiveness and universality of our defense under strong DP attacks, as well as its superiority over other works.

Published
2021

22. Anomaly Detection of Adversarial Examples using Class-conditional Generative Adversarial Networks

Author

Wang, Hang, Miller, David J., and Kesidis, George

Subjects
Computer Science - Machine Learning, Electrical Engineering and Systems Science - Image and Video Processing
Abstract

Deep Neural Networks (DNNs) have been shown vulnerable to Test-Time Evasion attacks (TTEs, or adversarial examples), which, by making small changes to the input, alter the DNN's decision. We propose an unsupervised attack detector on DNN classifiers based on class-conditional Generative Adversarial Networks (GANs). We model the distribution of clean data conditioned on the predicted class label by an Auxiliary Classifier GAN (AC-GAN). Given a test sample and its predicted class, three detection statistics are calculated based on the AC-GAN Generator and Discriminator. Experiments on image classification datasets under various TTE attacks show that our method outperforms previous detection methods. We also investigate the effectiveness of anomaly detection using different DNN layers (input features or internal-layer features) and demonstrate, as one might expect, that anomalies are harder to detect using features closer to the DNN's output layer.

Published
2021

23. Age of information distribution under dynamic service preemption

Author

Kesidis, George, Konstantopoulos, Takis, and Zazanis, Michael A.

Subjects
Computer Science - Performance, Mathematics - Probability
Abstract

Age of Information (AoI) has emerged as an important quality-of-service measure for applications that prioritize delivery of the freshest information, e.g., virtual or augmented reality over mobile devices and wireless sensor networks used in the control of cyber-physical systems. We derive the Laplace transform of the stationary AoI for the M/GI/1/2 system with a "dynamic" service preemption and pushout policy depending on the existing service time of the in-service message. Thus, our system generalizes both the static M/GI/1/2 queue-pushout system without service preemption and the M/GI/1/1 bufferless system with service preemption - two systems considered to provide very good AoI performance. Based on our analysis, for a service-time distribution that is a mixture of deterministic and exponential, we numerically show that the dynamic policy has lower mean AoI than that of these two static policies and also that of the well studied M/GI/1/1 blocking system.

Published
2021

24. Age of information without service preemption

Author

Kesidis, George, Konstantopoulos, Takis, and Zazanis, Michael A.

Subjects
Computer Science - Performance, Mathematics - Probability
Abstract

When designing a message transmission system, from the point of view of making sure that the information transmitted is as fresh as possible, two rules of thumb seem reasonable: use small buffers and adopt a last-in-first-out policy. In this paper, we measure freshness of information using the "age of information" performance measure. Considering it as a stochastic process operating in a stationary regime, we compute not just the first moment but the whole marginal distribution of the age of information (something important in applications) for two well-performing systems. In neither case do we allow for preemption of the message being processed because this may be difficult to implement in practice. We assume that the arrival process is Poisson and that the messages have independent sizes (service times) with common distribution. We use Palm and Markov-renewal theory to derive explicit results for Laplace transforms. In particular, this approach can be used to analyze more complex last-in-first-out systems with larger buffer sizes.

Published
2021

25. A Backdoor Attack against 3D Point Cloud Classifiers

Author

Xiang, Zhen, Miller, David J., Chen, Siheng, Li, Xi, and Kesidis, George

Subjects
Computer Science - Cryptography and Security
Abstract

Vulnerability of 3D point cloud (PC) classifiers has become a grave concern due to the popularity of 3D sensors in safety-critical applications. Existing adversarial attacks against 3D PC classifiers are all test-time evasion (TTE) attacks that aim to induce test-time misclassifications using knowledge of the classifier. But since the victim classifier is usually not accessible to the attacker, the threat is largely diminished in practice, as PC TTEs typically have poor transferability. Here, we propose the first backdoor attack (BA) against PC classifiers. Originally proposed for images, BAs poison the victim classifier's training set so that the classifier learns to decide to the attacker's target class whenever the attacker's backdoor pattern is present in a given input sample. Significantly, BAs do not require knowledge of the victim classifier. Different from image BAs, we propose to insert a cluster of points into a PC as a robust backdoor pattern customized for 3D PCs. Such clusters are also consistent with a physical attack (i.e., with a captured object in a scene). We optimize the cluster's location using an independently trained surrogate classifier and choose the cluster's local geometry to evade possible PC preprocessing and PC anomaly detectors (ADs). Experimentally, our BA achieves a uniformly high success rate (> 87%) and shows evasiveness against state-of-the-art PC ADs.

Published
2021

26. L-RED: Efficient Post-Training Detection of Imperceptible Backdoor Attacks without Access to the Training Set

Author

Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning
Abstract

Backdoor attacks (BAs) are an emerging form of adversarial attack typically against deep neural network image classifiers. The attacker aims to have the classifier learn to classify to a target class when test images from one or more source classes contain a backdoor pattern, while maintaining high accuracy on all clean test images. Reverse-Engineering-based Defenses (REDs) against BAs do not require access to the training set but only to an independent clean dataset. Unfortunately, most existing REDs rely on an unrealistic assumption that all classes except the target class are source classes of the attack. REDs that do not rely on this assumption often require a large set of clean images and heavy computation. In this paper, we propose a Lagrangian-based RED (L-RED) that does not require knowledge of the number of source classes (or whether an attack is present). Our defense requires very few clean images to effectively detect BAs and is computationally efficient. Notably, we detect 56 out of 60 BAs using only two clean images per class in our experiments on CIFAR-10.

Published
2020

27. Reverse Engineering Imperceptible Backdoor Attacks on Deep Neural Networks for Detection and Training Set Cleansing

Author

Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Machine Learning
Abstract

Backdoor data poisoning is an emerging form of adversarial attack usually against deep neural network image classifiers. The attacker poisons the training set with a relatively small set of images from one (or several) source class(es), embedded with a backdoor pattern and labeled to a target class. For a successful attack, during operation, the trained classifier will: 1) misclassify a test image from the source class(es) to the target class whenever the same backdoor pattern is present; 2) maintain a high classification accuracy for backdoor-free test images. In this paper, we make a break-through in defending backdoor attacks with imperceptible backdoor patterns (e.g. watermarks) before/during the training phase. This is a challenging problem because it is a priori unknown which subset (if any) of the training set has been poisoned. We propose an optimization-based reverse-engineering defense, that jointly: 1) detects whether the training set is poisoned; 2) if so, identifies the target class and the training images with the backdoor pattern embedded; and 3) additionally, reversely engineers an estimate of the backdoor pattern used by the attacker. In benchmark experiments on CIFAR-10, for a large variety of attacks, our defense achieves a new state-of-the-art by reducing the attack success rate to no more than 4.9% after removing detected suspicious training images.

Published
2020

28. CASH: A Credit Aware Scheduling for Public Cloud Platforms

Author

Sharma, Aakash, Dhakshinamurthy, Saravanan, Kesidis, George, and Das, Chita R.

Subjects
Computer Science - Distributed, Parallel, and Cluster Computing
Abstract

The public cloud offers a myriad of services which allows its tenants to process large scale big data in a flexible, easy and cost effective manner. Tenants generally use large scale data processing frameworks such as MapReduce, Tez, Spark etc. to process their data. Tenants can configure their frameworks to run individual tasks by the framework itself or have a middleware cluster manager like YARN or Mesos to arbitrate resource scheduling in their public-cloud cluster. Cluster managers need to be cognizant about the workload requirement along with the state of the individual resource such as CPU and disk in the cluster. Cloud providers use a token bucket mechanism for their individual hardware resources as an indicator of the quality-of-service that individual hardware resource can provide. In this paper, through our changes in YARN, Hadoop and Tez, we show how middleware cluster managers can be made cognizant about the expected quality-of-service of individual hardware resources in the cluster. Our optimized cluster manager with a coarse grained knowledge of task requirement and fine grained knowledge of expected quality-of-service of hardware resources in the cluster performs highly optimal task placements. Our experiments with our optimizations show CPU credit based instances like the Amazon T3 instances as a viable cost effective option for running bigdata workloads. We also show that streaming SQL queries on a Hive warehouse can be accelerated by up to 31% leading to public cloud cost savings of up to 22%.

Published
2020

32. Revealing Perceptible Backdoors, without the Training Set, via the Maximum Achievable Misclassification Fraction Statistic

Author

Xiang, Zhen, Miller, David J., Wang, Hang, and Kesidis, George

Subjects
Computer Science - Machine Learning, Statistics - Machine Learning
Abstract

Recently, a backdoor data poisoning attack was proposed, which adds mislabeled examples to the training set, with an embedded backdoor pattern, aiming to have the classifier learn to classify to a target class whenever the backdoor pattern is present in a test sample. Here, we address post-training detection of innocuous perceptible backdoors in DNN image classifiers, wherein the defender does not have access to the poisoned training set, but only to the trained classifier, as well as unpoisoned examples. This problem is challenging because without the poisoned training set, we have no hint about the actual backdoor pattern used during training. This post-training scenario is also of great import because in many practical contexts the DNN user did not train the DNN and does not have access to the training data. We identify two important properties of perceptible backdoor patterns - spatial invariance and robustness - based upon which we propose a novel detector using the maximum achievable misclassification fraction (MAMF) statistic. We detect whether the trained DNN has been backdoor-attacked and infer the source and target classes. Our detector outperforms other existing detectors and, coupled with an imperceptible backdoor detector, helps achieve post-training detection of all evasive backdoors.

Published
2019

33. Notes on Margin Training and Margin p-Values for Deep Neural Network Classifiers

Author

Kesidis, George, Miller, David J., and Xiang, Zhen

Subjects
Statistics - Machine Learning, Computer Science - Machine Learning
Abstract

We provide a new local class-purity theorem for Lipschitz continuous DNN classifiers. In addition, we discuss how to achieve classification margin for training samples. Finally, we describe how to compute margin p-values for test samples.

Published
2019

34. Detection of Backdoors in Trained Classifiers Without Access to the Training Set

Author

Xiang, Zhen, Miller, David J., and Kesidis, George

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Computer Vision and Pattern Recognition, Statistics - Machine Learning
Abstract

Recently, a special type of data poisoning (DP) attack targeting Deep Neural Network (DNN) classifiers, known as a backdoor, was proposed. These attacks do not seek to degrade classification accuracy, but rather to have the classifier learn to classify to a target class whenever the backdoor pattern is present in a test example. Launching backdoor attacks does not require knowledge of the classifier or its training process - it only needs the ability to poison the training set with (a sufficient number of) exemplars containing a sufficiently strong backdoor pattern (labeled with the target class). Here we address post-training detection of backdoor attacks in DNN image classifiers, seldom considered in existing works, wherein the defender does not have access to the poisoned training set, but only to the trained classifier itself, as well as to clean examples from the classification domain. This is an important scenario because a trained classifier may be the basis of e.g. a phone app that will be shared with many users. Detecting backdoors post-training may thus reveal a widespread attack. We propose a purely unsupervised anomaly detection (AD) defense against imperceptible backdoor attacks that: i) detects whether the trained DNN has been backdoor-attacked; ii) infers the source and target classes involved in a detected attack; iii) we even demonstrate it is possible to accurately estimate the backdoor pattern. We test our AD approach, in comparison with alternative defenses, for several backdoor patterns, data sets, and attack settings and demonstrate its favorability. Our defense essentially requires setting a single hyperparameter (the detection threshold), which can e.g. be chosen to fix the system's false positive rate.

Published
2019

35. On a caching system with object sharing

Author

Kesidis, George, Alfares, Nader, Li, Xi, Urgaonkar, Bhuvan, Kandemir, Mahmut, and Konstantopoulos, Takis

Subjects
Computer Science - Performance, Computer Science - Networking and Internet Architecture
Abstract

We consider a content-caching system thatis shared by a number of proxies. The cache could belocated in an edge-cloud datacenter and the proxies couldeach serve a large population of mobile end-users. Eachproxy operates its own LRU-list of a certain capacity inthe shared cache. The length of objects simultaneouslyappearing in plural LRU-lists is equally divided amongthem,i.e., object sharing among the LRUs. We provide a "working-set" approximation for this system to quicklyestimate the cache-hit probabilities under such objectsharing, which can be used to facilitate admission control.Also, a way to reduce ripple evictions,i.e.,setrequestoverhead, is suggested. We give numerical results for ourMemCacheD with Object Sharing (MCD-OS) prototype.

Published
2019

36. Adversarial Learning in Statistical Classification: A Comprehensive Review of Defenses Against Attacks

Author

Miller, David J., Xiang, Zhen, and Kesidis, George

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security, Statistics - Machine Learning
Abstract

There is great potential for damage from adversarial learning (AL) attacks on machine-learning based systems. In this paper, we provide a contemporary survey of AL, focused particularly on defenses against attacks on statistical classifiers. After introducing relevant terminology and the goals and range of possible knowledge of both attackers and defenders, we survey recent work on test-time evasion (TTE), data poisoning (DP), and reverse engineering (RE) attacks and particularly defenses against same. In so doing, we distinguish robust classification from anomaly detection (AD), unsupervised from supervised, and statistical hypothesis-based defenses from ones that do not have an explicit null (no attack) hypothesis; we identify the hyperparameters a particular method requires, its computational complexity, as well as the performance measures on which it was evaluated and the obtained quality. We then dig deeper, providing novel insights that challenge conventional AL wisdom and that target unresolved issues, including: 1) robust classification versus AD as a defense strategy; 2) the belief that attack success increases with attack strength, which ignores susceptibility to AD; 3) small perturbations for test-time evasion attacks: a fallacy or a requirement?; 4) validity of the universal assumption that a TTE attacker knows the ground-truth class for the example to be attacked; 5) black, grey, or white box attacks as the standard for defense evaluation; 6) susceptibility of query-based RE to an AD defense. We also discuss attacks on the privacy of training data. We then present benchmark comparisons of several defenses against TTE, RE, and backdoor DP attacks on images. The paper concludes with a discussion of future work.

Published
2019

37. The distribution of age-of-information performance measures for message processing systems

Author

Kesidis, George, Konstantopoulos, Takis, and Zazanis, Michael

Subjects
Computer Science - Performance, Mathematics - Probability
Abstract

The idea behind the recently introduced "age of information" performance measure of a networked message processing system is that it indicates our knowledge regarding the "freshness" of the most recent piece of information that can be used as a criterion for real-time control. In this foundational paper, we examine two such measures, one that has been extensively studied in the recent literature and a new one that could be more relevant from the point of view of the processor. Considering these measures as stochastic processes in a stationary environment (defined by the arrival processes, message processing times and admission controls in bufferless systems), we characterize their distributions using the Palm inversion formula. Under renewal assumptions we derive explicit solutions for their Laplace transforms and show some interesting decomposition properties. Previous work has mostly focused on computation of expectations in very particular cases. We argue that using bufferless or very small buffer systems is best and support this by simulation. We also pose some open problems including assessment of enqueueing policies that may be better in cases where one wishes to minimize more general functionals of the age of information measures.

Published
2019

38. Overbooking Microservices in the Cloud

Author

Kesidis, George

Subjects
Computer Science - Performance
Abstract

We consider the problem of scheduling serverless-computing instances such as Amazon Lambda functions, or scheduling microservices within (privately held) virtual machines (VMs). Instead of a quota per tenant/customer, we assume demand for Lambda functions is modulated by token-bucket mechanisms per tenant. Such quotas are due to, e.g., limited resources (as in a fog/edge-cloud context) or to prevent excessive unauthorized invocation of numerous instances by malware. Based on an upper bound on the stationary number of active "Lambda servers" considering the execution-time distribution of Lambda functions, we describe an approach that the cloud could use to overbook Lambda functions for improved utilization of IT resources. An earlier bound for a single service tier is extended to multiple service tiers. For the context of scheduling microservices in a private setting, the framework could be used to determine the required VM resources for a token-bucket constrained workload stream. Finally, we note that the looser Markov inequality may be useful in settings where the job service times are dependent.

Published
2019

40. When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers

Author

Wang, Yujia, Miller, David J., and Kesidis, George

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning, Statistics - Machine Learning
Abstract

This paper addresses detection of a reverse engineering (RE) attack targeting a deep neural network (DNN) image classifier; by querying, RE's aim is to discover the classifier's decision rule. RE can enable test-time evasion attacks, which require knowledge of the classifier. Recently, we proposed a quite effective approach (ADA) to detect test-time evasion attacks. In this paper, we extend ADA to detect RE attacks (ADA-RE). We demonstrate our method is successful in detecting "stealthy" RE attacks before they learn enough to launch effective test-time evasion attacks.

Published
2018

41. A Mixture Model Based Defense for Data Poisoning Attacks Against Naive Bayes Spam Filters

Author

Miller, David J., Hu, Xinyi, Xiang, Zhen, and Kesidis, George

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning, Statistics - Machine Learning
Abstract

Naive Bayes spam filters are highly susceptible to data poisoning attacks. Here, known spam sources/blacklisted IPs exploit the fact that their received emails will be treated as (ground truth) labeled spam examples, and used for classifier training (or re-training). The attacking source thus generates emails that will skew the spam model, potentially resulting in great degradation in classifier accuracy. Such attacks are successful mainly because of the poor representation power of the naive Bayes (NB) model, with only a single (component) density to represent spam (plus a possible attack). We propose a defense based on the use of a mixture of NB models. We demonstrate that the learned mixture almost completely isolates the attack in a second NB component, with the original spam component essentially unchanged by the attack. Our approach addresses both the scenario where the classifier is being re-trained in light of new data and, significantly, the more challenging scenario where the attack is embedded in the original spam training set. Even for weak attack strengths, BIC-based model order selection chooses a two-component solution, which invokes the mixture-based defense. Promising results are presented on the TREC 2005 spam corpus.

Published
2018

42. Heterogeneous MacroTasking (HeMT) for Parallel Processing in the Public Cloud

Author

Shan, Yuquan, Kesidis, George, Urgaonkar, Bhuvan, Schad, Jorg, Khamse-Ashari, Jalal, and Lambadaris, Ioannis

Subjects
Computer Science - Performance
Abstract

Using tiny, equal-sized tasks (Homogeneous microTasking, HomT) has long been regarded an effective way of load balancing in parallel computing systems. When combined with nodes pulling in work upon becoming idle, HomT has the desirable property of automatically adapting its load distribution to the processing capacities of participating nodes - more powerful nodes finish their work sooner and, therefore, pull in additional work faster. As a result, HomT is deemed especially desirable in settings with heterogeneous (and possibly possessing dynamically changing) processing capacities. However, HomT does have additional scheduling and I/O overheads that might make this load balancing scheme costly in some scenarios. In this paper, we first analyze these advantages and disadvantages of HomT. We then propose an alternative load balancing scheme - Heterogeneous MacroTasking (HeMT) - wherein workload is intentionally partitioned according to nodes' processing capacity. Our goal is to study when HeMT is able to overcome the performance disadvantages of HomT. We implement a prototype of HeMT within the Apache Spark application framework with complementary enhancements to the Apache Mesos cluster manager. Spark's built-in scheduler, when parameterized appropriately, implements HomT. Our experimental results show that HeMT out-performs HomT when accurate workload-specific estimates of nodes' processing capacities are learned. As representative results, Spark with HeMT offers about 10% better average completion times for realistic data processing workloads over the default system.

Published
2018

43. Relative Age of Information: Maintaining Freshness while Considering the Most Recently Generated Information

Author

Kesidis, George, Konstantopoulos, Takis, and Zazanis, Michael

Subjects
Computer Science - Performance
Abstract

A queueing system handling a sequence of message arrivals is considered where each message obsoletes all previous messages. The objective is to assess the freshness of the latest message/information that has been successfully transmitted, i.e., "age of information" (AoI). We study a variation of traditional AoI, the "Relative AoI", here defined so as to account for the presence of newly arrived messages/information to the queue to be transmitted.

Published
2018

44. Online Scheduling of Spark Workloads with Mesos using Different Fair Allocation Algorithms

Author

Shan, Yuquan, Jain, Aman, Kesidis, George, Urgaonkar, Bhuvan, Khamse-Ashari, Jalal, and Lambadaris, Ioannis

Subjects
Computer Science - Performance
Abstract

In the following, we present example illustrative and experimental results comparing fair schedulers allocating resources from multiple servers to distributed application frameworks. Resources are allocated so that at least one resource is exhausted in every server. Schedulers considered include DRF (DRFH) and Best-Fit DRF (BF-DRF), TSF, and PS-DSF. We also consider server selection under Randomized Round Robin (RRR) and based on their residual (unreserved) resources. In the following, we consider cases with frameworks of equal priority and without server-preference constraints. We first give typical results of a illustrative numerical study and then give typical results of a study involving Spark workloads on Mesos which we have modified and open-sourced to prototype different schedulers.

Published
2018

45. An Efficient and Fair Multi-Resource Allocation Mechanism for Heterogeneous Servers

Author

Khamse-Ashari, Jalal, Lambadaris, Ioannis, Kesidis, George, Urgaonkar, Bhuvan, and Zhao, Yiqiang

Subjects
Computer Science - Distributed, Parallel, and Cluster Computing
Abstract

Efficient and fair allocation of multiple types of resources is a crucial objective in a cloud/distributed computing cluster. Users may have diverse resource needs. Furthermore, diversity in server properties/ capabilities may mean that only a subset of servers may be usable by a given user. In platforms with such heterogeneity, we identify important limitations in existing multi-resource fair allocation mechanisms, notably Dominant Resource Fairness (DRF) and its follow-up work. To overcome such limitations, we propose a new server-based approach; each server allocates resources by maximizing a per-server utility function. We propose a specific class of utility functions which, when appropriately parameterized, adjusts the trade-off between efficiency and fairness, and captures a variety of fairness measures (such as our recently proposed Per-Server Dominant Share Fairness). We establish conditions for the proposed mechanism to satisfy certain properties that are generally deemed desirable, e.g., envy-freeness, sharing incentive, bottleneck fairness, and Pareto optimality. To implement our resource allocation mechanism, we develop an iterative algorithm which is shown to be globally convergent. Finally, we show how the proposed mechanism could be implemented in a distributed fashion. We carry out extensive trace-driven simulations to show the enhanced performance of our proposed mechanism over the existing ones., Comment: Technical Report, 20 pages, 14 figures

Published
2017

46. When Not to Classify: Anomaly Detection of Attacks (ADA) on DNN Classifiers at Test Time

Author

Miller, David J., Wang, Yulia, and Kesidis, George

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

A significant threat to the recent, wide deployment of machine learning-based systems, including deep neural networks (DNNs), is adversarial learning attacks. We analyze possible test-time evasion-attack mechanisms and show that, in some important cases, when the image has been attacked, correctly classifying it has no utility: i) when the image to be attacked is (even arbitrarily) selected from the attacker's cache; ii) when the sole recipient of the classifier's decision is the attacker. Moreover, in some application domains and scenarios it is highly actionable to detect the attack irrespective of correctly classifying in the face of it (with classification still performed if no attack is detected). We hypothesize that, even if human-imperceptible, adversarial perturbations are machine-detectable. We propose a purely unsupervised anomaly detector (AD) that, unlike previous works: i) models the joint density of a deep layer using highly suitable null hypothesis density models (matched in particular to the non- negative support for RELU layers); ii) exploits multiple DNN layers; iii) leverages a "source" and "destination" class concept, source class uncertainty, the class confusion matrix, and DNN weight information in constructing a novel decision statistic grounded in the Kullback-Leibler divergence. Tested on MNIST and CIFAR-10 image databases under three prominent attack strategies, our approach outperforms previous detection methods, achieving strong ROC AUC detection accuracy on two attacks and better accuracy than recently reported for a variety of methods on the strongest (CW) attack. We also evaluate a fully white box attack on our system. Finally, we evaluate other important performance measures, such as classification accuracy, versus detection rate and attack strength.

Published
2017

47. Moving-target Defense against Botnet Reconnaissance and an Adversarial Coupon-Collection Model

Author

Nasiriani, Neda, Shan, Yuquan, Kesidis, George, Konstantopoulos, Takis, Fleck, Daniel, and Stavrou, Angelos

Subjects
Computer Science - Cryptography and Security
Abstract

We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart a DDoS attacker's reconnaissance phase and consequently reduce the attack's impact. The defense is effectively a moving-target (motag) technique in which the proxies dynamically change. The system is evaluated using an AWS prototype of HTTP redirection and by numerical evaluations of an adversarial coupon-collector mathematical model, the latter allowing larger-scale extrapolations.

Published
2017

48. Is Non-Neutrality Profitable for the Stakeholders of the Internet Market? - Part II

Author

Lotfi, Mohammad Hassan, Sarkar, Saswati, and Kesidis, George

Subjects
Computer Science - Computer Science and Game Theory
Abstract

In this part of the paper, we obtain analytical results for the case that transport costs are not small (complement of Part I), and combine them with the results in Part I of the paper to provide general results for all values of transport costs. We show that, in general, if an SPNE exists, it would be one of the five possible strategies each of which we explicitly characterize. We also prove that when EUs have sufficiently high inertia for at least one of the ISPs, there exists a unique SPNE with a non-neutral outcome in which both of the ISPs are active, and the CP offers her content with free quality on the neutral ISP and with premium quality on the non-neutral ISP. Moreover, we show that an SPNE does not always exist. We also analyze a benchmark case in which both ISPs are neutral, and prove that there exists a unique SPNE in which the CP offers her content with free quality on both ISPs, and both ISPs are active. We also provide extensive numerical results and discussions for all ranges of transport costs. Simulation results suggest that if the SPNE exists, it would be unique. In addition, results reveal that the neutral ISP receives a lower payoff and the non-neutral ISP receives a higher payoff (most of the time) in a non-neutral scenario. However, we also identify scenarios in which the non-neutral ISP loses payoff by adopting non-neutrality. In addition, we show that a non-neutral regime yields a higher welfare for EUs than a neutral one if the market power of the non-neutral ISP is small, the sensitivity of EUs (respectively, the CP) to the quality is low (respectively, high), or a combinations of these factors., Comment: Submitted to IEEE Transaction on Networking, previously contents of this paper were contained in arXiv:1611.10191 which was split during the reviewing process

Published
2017

49. Adversarial Learning: A Critical Review and Active Learning Study

Author

Miller, David J., Hu, Xinyi, Qiu, Zhicong, and Kesidis, George

Subjects
Computer Science - Cryptography and Security
Abstract

This papers consists of two parts. The first is a critical review of prior art on adversarial learning, identifying some significant limitations of previous works. The second part is an experimental study considering adversarial active learning and an investigation of the efficacy of a mixed sample selection strategy for combating an adversary who attempts to disrupt the classifier learning.

Published
2017

50. Scheduling Distributed Resources in Heterogeneous Private Clouds

Author

Kesidis, George, Shan, Yuquan, Wang, Yujia, Urgaonkar, Bhuvan, Khamse-Ashari, Jalal, and Lambadaris, Ioanns

Subjects
Computer Science - Performance
Abstract

We first consider the static problem of allocating resources to ( i.e. , scheduling) multiple distributed application framework s, possibly with different priorities and server preferences , in a private cloud with heterogeneous servers. Several fai r scheduling mechanisms have been proposed for this purpose. We extend pr ior results on max-min and proportional fair scheduling to t his constrained multiresource and multiserver case for generi c fair scheduling criteria. The task efficiencies (a metric r elated to proportional fairness) of max-min fair allocations found b y progressive filling are compared by illustrative examples . They show that "server specific" fairness criteria and those that are b ased on residual (unreserved) resources are more efficient.

Published
2017

Catalog

Books, media, physical & digital resources
See catalog results