Coupled-Core Fiber Design For Enhancing Nonlinearity Tolerance

/in /by

Fiber nonlinearity is a major limitation on the achievable maximum capacity per fiber core. Digital signal processing (DSP) can be used directly to compensate nonlinear impairments, however with limited effectiveness. It is well known that fibers with higher chromatic dispersion (CD) reduce nonlinear impairments, and CD can be taken care of with DSP. Since, maximum CD is limited by material dispersion of the fiber we propose using strongly-coupled multi-core fibers with large group delay (GD) between the cores. Nonlinear mitigation is achieved through strong mode coupling, and group delay between the cores which suppresses four-wave mixing interaction by inducing large phase-mismatch, albeit stochastic in nature. Through simulations we determine the threshold GD required for noticeable nonlinearity suppression depends on the fiber CD. In particular, for dispersion-uncompensated links a large GD of the order of 1ns per 1000km is required to improve optimum Q by 1 dB. Furthermore, beyond this threshold, larger GD results in larger suppression without any signs of saturation.

Read more

Fiber Nonlinearity Compensation by Neural Networks

/in /by

Neuron network (NN) is proposed to work together with perturbation-based nonlinearity compensation (NLC) algorithm by feeding with intra-channel cross-phase modulation (IXPM) and intra-channel four-wave mixing (IFWM) triplets. Without prior knowledge of the transmission link and signal pulse shaping/baudrate, the optimum NN architecture and its tensor weights are completely constructed from a data-driven approach by exploring the training datasets. After trimming down the unnecessary input tensors based on their weights, its complexity is further reduced by applying the trained NN model at the transmitter side thanks to the limited alphabet size of the modulation formats. The performance advantage of Tx-side NN-NLC is experimentally demonstrated using both single-channel and WDM-channel 32Gbaud dual-polarization 16QAM over 2800km transmission

Read more

Spectrally-Efficient 200G Probabilistically-Shaped 16QAM over 9000km Straight Line Transmission with Flexible Multiplexing Scheme

/in /by

Flexible wavelength-multiplexing technique in backbone submarine networks has been deployed to accommodate the trend of variable-rate modulation formats. In this paper, we propose a new design of flexible-rate transponders in the scenario of flexible multiplexing scheme to achieve near-Shannon performance. Probabilistic-shaped (PS) M-QAM is capable of adjusting the bit rate at very finer granularity by adapting the entropy of the distribution matcher. Instead of delivering variable bit rates at the fixed baud rate, various baud rates of 200Gb/s PS-16QAM is demonstrated to fit into the flexible grid multiple 3.125GHz bandwidth. This flexible baud rate saves the limited optical bandwidth assigned by the flexible multiplexing scheme to improve bandwidth utilization. The 200G PS-16QAM signals are experimentally demonstrated over 9000km straight-line testbed to achieve 3.05b/s/Hz~5.33 b/s/Hz spectral efficiency (SE) with up to 4dB Q margin. In addition, the high baud rate signals are used for lower SE while low baud rate signals are targeting at high SE transmission to reduce the implementation penalty.

Read more

PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications

/in /by

Setuid system calls enable critical functions such as user authentications and modular privileged components. Such operations must only be executed after careful validation. However, current systems do not perform rigorous checks, allowing exploitation of privileges through memory corruption vulnerabilities in privileged programs. As a solution, understanding which setuid system calls can be invoked in what context of a process allows precise enforcement of least privileges. We propose a novel comprehensive method to systematically extract and enforce least privilege of setuid system calls to prevent misuse. Our approach learns the required process contexts of setuid system calls along multiple dimensions: process hierarchy, call stack, and parameter in a process-aware way. Every setuid system call is then restricted to the per-process context by our kernel-level context enforcer. Previous approaches without process-awareness are too coarse-grained to control setuid system calls, resulting in over-privilege. Our method reduces available privileges even for identical code depending on whether it is run by a parent or a child process. We present our prototype called PoLPer which systematically discovers only required setuid system calls and effectively prevents real-world exploits targeting vulnerabilities of the setuid family of system calls in popular desktop and server software at near zero overhead.

Read more

First Field Trial of Sensing Vehicle Speed, Density, and Road Conditions by Using Fiber Carrying High Speed Data

/in /by

For the first time, we demonstrate detection of vehicle speed, density, and road conditions using deployed fiber carrying high-speed data transmission, and prove carriers’ large-scale fiber infrastructures can also be used as ubiquitous sensing networks.

Read more

On the Performance Metric and Design of Non-Uniformly Shaped Constellation

/in /by

Asymmetric information is shown to be more accurate in characterizing the performance of quadrant folding shaped (QFS) M-QAM. The performance difference of QFS M-QAM schemes strongly depends on the FEC coding rate, and the optimum FEC coding rate is found to be around ?0.8, which is independent of QFS M-QAM and the designed rates.

Read more

Countering Malicious Processes with Process-DNS Association

/in /by

Modern malware and cyber attacks depend heavily on DNS services to make their campaigns reliable and difficult to track. Monitoring network DNS activities and blocking suspicious domains have been proven an effective technique in countering such attacks. However, recent successful campaigns reveal that at- tackers adapt by using seemingly benign domains and public web storage services to hide malicious activity. Also, the recent support for encrypted DNS queries provides attacker easier means to hide malicious traffic from network-based DNS monitoring.We propose PDNS, an end-point DNS monitoring system based on DNS sensor deployed at each host in a network, along with a centralized backend analysis server. To detect such attacks, PDNS expands the monitored DNS activity context and examines process context which triggered that activity. Specifically, each deployed PDNS sensor matches domain name and the IP address related to the DNS query with process ID, binary signature, loaded DLLs, and code signing information of the program that initiated it. We evaluate PDNS on a DNS activity dataset collected from 126 enterprise hosts and with data from multiple malware sources. Using ML Classifiers including DNN, our results outperform most previous works with high detection accuracy: a true positive rate at 98.55% and a low false positive rate at 0.03%.

Read more

NODOZE: Combatting Threat Alert Fatigue with Automated Provenance Triage

/in /by

Large enterprises are increasingly relying on threat detection softwares (e.g., Intrusion Detection Systems) to allow them to spot suspicious activities. These softwares generate alerts which must be investigated by cyber analysts to figure out if they are true attacks. Unfortunately, in practice, there are more alerts than cyber analysts can properly investigate. This leads to a “threat alert fatigue” or information overload problem where cyber analysts miss true attack alerts in the noise of false alarms.In this paper, we present NoDoze to combat this challenge using contextual and historical information of generated threat alert in an enterprise. NoDoze first generates a causal dependency graph of an alert event. Then, it assigns an anomaly score to each event in the dependency graph based on the frequency with which related events have happened before in the enterprise. NoDoze then propagates those scores along the edges of the graph using a novel network diffusion algorithm and generates a subgraph with an aggregate anomaly score which is used to triage alerts. Evaluation on our dataset of 364 threat alerts shows that NoDoze decreases the volume of false alarms by 86%, saving more than 90 hours of analysts’ time, which was required to investigate those false alarms. Furthermore, NoDoze generated dependency graphs of true alerts are 2 orders of magnitude smaller than those generated by traditional tools without sacrificing the vital information needed for the investigation. Our system has a low average runtime overhead and can be deployed with any threat detection software.

Read more

TrackIO: Tracking First Responders Inside-Out

/in /by

First responders, a critical lifeline of any society, often find themselves in precarious situations. The ability to track them in real-time in unknown indoor environments would significantly contribute to the success of their mission as well as their safety. In this work, we present the design, implementation and evaluation of TrackIO–a system capable of accurately localizing and tracking mobile responders real-time in large indoor environments. TrackIO leverages the mobile virtual infrastructure offered by unmanned aerial vehicles (UAVs), coupled with the balanced penetration-accuracy tradeoff offered by ultra-wideband (UWB), to accomplish this objective directly from outside, without relying on access to any indoor infrastructure. Towards a practical system, TrackIO incorporates four novel mechanisms in its design that address key challenges to enable tracking responders (i) who are mobile with potentially non-uniform velocities (e.g. during turns), (ii) deep indoors with challenged reachability, (iii) in real-time even for a large network, and (iv) with high accuracy even when impacted by UAV’s position error. TrackIO’s real-world performance reveals that it can track static nodes with a median accuracy of about 1–1.5m and mobile (even running) nodes with a median accuracy of 2–2.5m in large buildings in real-time.

Read more

Multi-parameter distributed fiber sensing with higherorder optical and acoustic modes

/in /by

We propose a novel multi-parameter sensing technique based on a Brillouin optical time domain reflectometry in the elliptical-core few-mode fiber, using higher-order optical and acoustic modes. Multiple Brillouin peaks are observed for the backscattering of both the LP01 mode and LP11 mode. We characterize the temperature and strain coefficients for various optical–acoustic mode pairs. By selecting the proper combination of modes pairs, the performance of multi-parameter sensing can be optimized. Distributed sensing of temperature and strain is demonstrated over a 0.5-km elliptical-core few-mode fiber, with the discriminative uncertainty of 0.28°C and 5.81 ?? for temperature and strain, respectively.

Read more