• Network Attacks Against Blockchain Consensus: Feasibility and Mitigation

    Network Attacks Against Blockchain Consensus: Feasibility and Mitigation

    A blockchain system is a distributed ledger that typically maintains ownership of digital assets.
    Its popularity stems from its promises to automate critical services.
    As a blockchain system operate as a distributed system of nodes and needs them to reach consensus on the current state.
    The blockchain consensus is still susceptible to the fallacies of distributed computing and in particular, the fact that the network is neither reliable nor secure.

    As we illustrate in this project, the delay of communication in blockchain network allows double-spending, the situation where the same asset could be used concurrently in two transactions or more.
    This research studies the feasibility for an attacker to double-spend by leveraging network attacks against blockchain consensus, in particular in the context of proof-of-work (PoW) and proof-of-authority (PoA) Ethereum.

    We propose and experiment the network attacks in controlled environments to emulate the Ethereum network in various settings.
    We implement an attacker, who could partition the network for some parameterized duration, participates in the blockchain consensus. We then measure the success rate of double-spending.
    In addition, we consider the state and network topology of the public blockchain to understand how this impacts double-spending.

    Our findings highlight that the topology of the Internet creates difficulties for an attacker to partition the public PoW Ethereum.
    For consortium and private PoW Ethereum, however, it is sufficient to partition the network for only 5 minutes to achieve about 50\% chance of double-spending.
    As for the PoA Ethereum, the experimental results show that the attacker always succeeds in double-spending for two protocols, Aura and Clique.

    Finally, we explore how to mitigate these attacks.
    More specifically, we show that overlay networks could be used to avoid a network partition on the public Internet.
    We also discuss how to change the parameters of the blockchain consensus to lower the success rate of double-spending (PoW) or even eliminate such a chance (PoA).

    By investigating network attacks against blockchain consensus, this project helps estimating the risk and ensuring the blockchain system safety.

  • Deep-Bypass


    Network classification in presence of encrypted communication


    Providers of large, enterprise-class networks find it hard to track hosts, servers and other vulnerable assets in their networks. Network profiling systems provide valuable insight of the assets on a network and their purpose. A network profile enables providers to better consider how configuration changes will impact networks, and security administrators to identify suspicious activity. However, effective network profiling under real world conditions is increasingly challenging. Network speeds are continually increasing, and use of encryption is growing.

    Project Deep Bypass will develop tools for profiling enterprise-class networks. This set of tools ranges from capturing network traffic at high-speed (>40Gbps) without altering information contained in the traffic, to the development of new traffic profiling techniques capable of understand both encrypted and clear traffic using deep learning algorithms on top of untrusted data. Overall this eclectic set of tools will be implemented using newly developed distributed architecture capable of leveraging the high level of concurrency in modern CPUs.

    The primary focus of this research is to develop means to address issues in traffic profiling imposed by real-time constraints such as high-speed networking and ubiquitous encryption. The project aims to develop a network profiling method based on deep learning operating at high real-time speed using kernel bypass framework.

    Specifically, some of the activities we propose include:

    • Development of deep learning solutions based on temporal, ever evolving, and sparsely labelled data
    • Implementation of a deep-learner for traffic classification of experimental datasets.;
    • Implementation of very fast packet sampling leveraging kernel bypass;
    • Adaptation of deep learner to real-world environments
    • Architecture real time traffic monitoring on concurrent platform.

    Budget: $400k from NGTF (2018-present)


    • Dr. Guillaume Jourjon, Data61-CSIRO
    • Dr. Kanchana Thilakarathna, University of Sydney
    • Dr. Suranga Seneviratne, University of Sydney
    • A/Prof. Richard Xu, UTS
    • Darren Webb, DST group
    • Adriel Cheng, DST group
    • Ying Li, UTS
    • Yi Huang, UTS
    • K.N. Choi, University of Sydney


    • 2 papers accepted at CDNG 2020.
    • Poster accepted at IPSN 2020!
    • Paper accepted at WWW 2019!
    • Paper accepted at IEEE NCA 2018!
    • Paper accepted at ASPLOS 2018!


    The dataset from the IEEE NCA article can be found [ddownload id=”2222″].


    • K.N. Choi, H. Kolamunna, A. Uyanwatta, K. Thilakarathna, S. Seneviratne, R. Holz, M. Hassan, A. Zomaya, Passive Packet Sniffing Tools for Enabling Wireless Situational Awareness, To be presented
      in Cyber Defence Next Generation Technology science Conference (CDNG), 2020.
    • G. Jourjon, A. Wijesinghe, K. Thilakarathna, and S. Seneviratne, Towards Flow Sampling for Deep Content Analysis, To be presented in Cyber Defence Next Generation Technology science Conference (CDNG), 2020
    • K.N. Choi, T. Dahanayaka, D. Kennedy, K. Thilakarathna, S. Seneviratne, S. Kanhere, P. Mohapatra, Poster Abstract: Passive Activity Classification of Smart Homes through Wireless Packet Sniffing, Proceedings of the 19th Information Processing in Sensor Networks (IPSN), 2020
    • Jathushan Rajasegaran, Naveen Karunanayake, Ashanie Gunathillake, Suranga Seneviratne, and Guillaume Jourjon. A Multi-modal Neural Embeddings Approach for Detecting Mobile Counterfeit Apps. Proceedings of the 2019 World Wide Web Conference (WWW ’19), May 13– 17, 2019, San Francisco, CA, USA. ACM, New York, NY, USA, 7 pages
    • Li Ying, Yi Huang, Suranga Seneviratne, Kanchana Thilakarathna, Adriel Cheng, Guillaume Jourjon, Darren Webb and Richard Xu. DeepContent: Unveiling Video Streaming Content from Encrypted WiFi Traffic. Proceedings of IEEE NCA 2018
    • Stephen Mallon, Vincent Gramoli, and Guillaume Jourjon, “DLibOS: Performance and Protection with Network-on-Chip”, in ASPLOS 2018, the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems. March 2018, Williamsburg, VA, USA.
  • Information leakage in DNS over HTTPs

    Information leakage in DNS over HTTPs

    This could be a full decription about the project

  • In-Network Computing

    In-Network Computing

    Leveraging new programmable networking device to enhance computing.

    Leveraging new programmable networking device to enhance computing.

  • Multi-bearer SDN for Time-Sensitive Network

    Multi-bearer SDN for Time-Sensitive Network

    This could be a full decription about the project

  • Privacy-preserving switches

    Privacy-preserving switches

    This could be a full decription about the project

  • Radio-telescope in-network cross-channel processing

    Radio-telescope in-network cross-channel processing

    This could be a full description about the project

Previous projects

  • Consistent Optimized and Trustworthy Deployment of SDN

    Consistent Optimized and Trustworthy Deployment of SDN

    Consistent SDN

    Software defined networking (SDN) brought new interesting challenges by externalizing the task of controlling the network to some generic computer software. In particular, the controller software can modify the network routes by introducing new forwarding rules and deleting old ones at a distributed set of switches, a challenge that has received lots of attention in the last six years.

    This research aims at investigating how to on one hand optimize controller placement and on the second hand how to perform consistent rule updates in SDN.



    • Md Tanvir Ishtaique ul Huque, University of New South Wales.
    • Dr. Guillaume Jourjon, Data61-CSIRO.
    • Dr. Vincent Gramoli, University of Sydney.




    • MTI ul Huque, G. Jourjon, C. Russell, and V. Gramoli, “Software defined Network’s Garbage Collection with Clean-Up Packets”, IEEE Transactions on Network and Service Management
    • S. Hatonen, T. I. ul Huque, A. Rao, G. Jourjon, V. Gramoli, S. Tarkoma, “An SDN Perspective on Multi-connectivity and Seamless Flow Migration”, IEEE Networking Letters
    • MTI ul Huque, Guillaume Jourjon, Vincent Gramoli, “Garbage Collection of Forwarding Rules in Software Defined Networks”, accepted in IEEE Communication Magazine.
    • MTI ul Huque, Weisheng Si, Guillaume Jourjon, Vincent Gramoli, “Large-Scale Dynamic Controller Placement”, IEEE Transaction on Network and Service Management, vol. 14(2), March 2017
    • MTI ul Huque, Guillaume Jourjon, Vincent Gramoli, Revisiting the controller placement problem, Local Computer Networks (LCN), 2015 IEEE 40th Conference on, pp. 450-453.
  • Combatting Cyber-fraud

    Combatting Cyber-fraud

    Facebook and other Online Social Networks have become one of primary outlet for advertisements. How can we detect and prevent frauds on these systems and ensure that businesses are getting bang for their buck?


    In this project we aim to provide new forms of cyber-defence. This will lead us to offer:

    • Fraud detection and cyber-crime prevention in Online Social Networks
    • Defence against cyber underground markets activity
    • Fake account/activity characterization



    Based on this set of tools, we will be able to provide:

    • Fake Likes free analytics for advertisers and brand owners
    • Reputation manipulation detection
    • Fraud analytics application for operators and users


    Results so far

    In order to better understand the cyber-fraud ecosystem, we have deployed a pilot study of the fake-likes farms on Facebook as well as the possible effect of this underground market on the legitimate Facebook ads platform. This study was based on the utilisation of 13 honeypots pages.

    Based on the likes provenance and time series analysis of these likes we were able to undercover several interesting facts about this underground market:

    • 2 temporal behaviours
      • Short-time window, likely bot-operated
      • Gradually, manual process or deliberately slow to avoid detection
    • 2 types of social graph
      • Well-connected
      • Isolated tuples
    • Number of likes per user significantly different from general Facebook population except for one farm


    Based on our observation, it appears that Facebook legitimate ad campaigns get polluted. Allegedly, liking real pages helps fake profiles avoid detection.

  • Distributed Delay-Tolerant Payment with Blockchains

    Distributed Delay-Tolerant Payment with Blockchains


    Banking as an essential service is always hard to access in remote rural regions where infrastructural cost is high and network connectivity is intermittent and unstable. Although microbanking has been made possible by SMS messages, this scheme incorporates severe security flaws. Public cryptocurrencies enable low-cost, secure and pervasive money transferring among distributed peers, but are still limited in their ability to reach more people in remote, closed communities as blockchains assume high-performance network connectivity.

    We propose a blockchain-based banking scheme that delivers service to remote communities and intermittently connects to the wider network. Using a base station that offers connectivity within the local area, regular transaction processing is solely handled by blockchain miners. The bank only joins to process currency exchange requests, reward miners and monitor node behaviours when connectivity is available. By distributing the verification and storage tasks among peers, our system design saves on the overall deployment and operational costs without sacrificing reliability and trustworthiness. Through theoretical and empirical analysis, we provided insights to system design, tested its robustness against network disturbances, and demonstrated the feasibility of implementation on off-the-shelf computers and mobile devices.


    • Yining Hu, UNSW and Data61-CSIRO
    • Ahsan Manzoor, University of Oulu, Finland
    • Parinya Ekparinya, University of Sydney
    • Madhusanka Liyanage, University of Oulu, Finland
    • Kanchana Thilakarathna, University of Sydney
    • Guillaume Jourjon, Data61-CSIRO
    • Aruna Seneviratne, UNSW,
    • Mika E Ylianttila, University of Oulu, Finland


    The FIRE (Future Internet Research and Experimentation) initiative is an European endeavor that promotes the creation of wide-scale federations of high -performance testbed and experimentation facilities for internet and network-related research. These facilities include wireless and sensor networks, SDNs, high performanelearn-FORGE-FIREce computing, optical networks, mobile networks, and smart cities. With an ongoing budget of around 20 million Euros, a number of projects are funded to sustain the FIRE facilities and conduct largescale internet research through them. Forging Online Education through FIRE (FORGE) is a project bringing together the worlds of online education and FIRE. FORGE aligns FIRE with the ongoing education revolution for mutual benefit. In particular, this project is concerned with specifying development methodologies and best practices for offering FIRE experimentation facilities to learners, related both to communications and IT but also to other science, technology, engineering and mathematics (STEM) disciplines, leading to a strong connection between the learning community and existing FIRE platforms and supporting tools. Moreover, FORGE is producing educational material reinforced with hands-on experimentation, enhanced by multimedia resources. The courses are free available in different formats, such as HTML, epub3 and Apple iBooks. Now it is easy to experiment on a real high-performance testbed from your laptop or tablet from any location in the world.



    1. Olivier Fourmaux, Mohammed Yasin Rahman, Christos Tranoris, Daan Pareit, Jono Vanhie-Van Gerwen, Guillaume Jourjon, Diarmuid Collins, Johann Marquez Barja, FORGE Enabling FIRE Facilities for the e-Learning Community, 19th Internation Conference on Interactive Collabortive Learning, 2016
    2. Guillaume Jourjon, Johann M Marquez-Barja, Thierry Rakotoarivelo, Alexander Mikroyannidis, Kostas Lampropoulos, Spyros Denazis, Christos Tranoris, Daan Pareit, John Domingue, Luiz A DaSilva, Max Ott, FORGE Toolkit: Leveraging Distributed Systems in eLearning Platforms, IEEE Transactions on Emerging Topics in Computing, 2016
    3. Johann M. Marquez-Barja, Guillaume Jourjon, Alexander Mikroyannidis, Christos Tranoris, John Domingue, Luiz DaSilva, FORGE: Enhancing elearning and research in ICT through remote experimentation. EDUCON2014,  IEEE Global Engineering Education Conference, Istanbul, pp. N/A, April, 2014.
  • Per-Core Networking Stack

    Per-Core Networking Stack

    Rethinking network bound applications

    Networking applications use the Berkeley socket model to interface with a networking stack that resides in the operating system kernel. This model requires costly context switching between applications and the kernel, as well as memory copies on both the sending and receiving path. Context switches require the TLB and caches and can severely degrade instructions per cycle (IPC) for tens of thousands of cycles. This model imposes a limitation on performance which becomes even more apparent with the doubling of bandwidth of network bandwidth every 17-18 months, compared with CPU and DRAM performance doubling only every 26-27 months. For example The Memcached application spends over 80% of CPU time in the kernel networking stack, using less than 5% of the available networking bandwidth.

    Applications using this model also suffer from lack of connection locality, as the kernel can process packets on different cores to the application. Multicore scalability is limited due to the lack of connection locality and synchronisation overhead from sharing networking state across multiple cores. To achieve multicore scalability different parallelisation techniques can be utilised such as a run-to-completion model where packets are processed on the same core, or a streaming model where application and network cores are separate and communicate using message passing. The streaming model has the ability to achieve parallelisation within a request, whereas the run-to-completion model attempts to improve temporal locality by processing packets as early as possible.

    This research aims to evaluate the impact of using kernel bypass technologies listed above, to accelerate network bound applications. Some research questions include:

    •   The design of an efficient zero copy interface to replace the Berkeley socket model.
    •   The performance impact of dedicated networking and application cores, versus a run to completion model. What workloads benefit from each design.
    •   The overhead of the current kernel networking stack.


    • Stephen Mallon, University of Sydney
    • Dr. Guillaume Jourjon, Data61-CSIRO
    • Dr. Vincent Gramoli, University of Sydney




    • Stephen Mallon, Vincent Gramoli, and Guillaume Jourjon, “Are Today’s SDN Controller Ready for Primetime?”, IEEE Local Computer Networks 2016. Dubai, UAE.
    • Stephen Mallon, Vincent Gramoli, and Guillaume Jourjon “DLibOS: Performance and Protection with a Network-on-Chip”, in Proceedings of the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018.