INTERNET SIMULATOR Jelena Mirkovic USC Information Sciences Institute

Slides:

Advertisements

Similar presentations

Bandwidth Estimation for IEEE Based Ad Hoc Networks.

Advertisements

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 The ns-2 Network Simulator H Plan: –Discuss discrete-event network simulation –Discuss ns-2 simulator in particular –Demonstration and examples: u Download,

2006 NSF CRI-PI Meeting1 ns-3 Project Plan Tom Henderson and Sumit Roy, University of Washington Sally Floyd, ICSI Center for Internet Research George.

Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.

Guide to Network Defense and Countermeasures Second Edition

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Toward Replayable Research in Networking and Systems Eric Eide University of Utah, School of Computing May 25, 2010.

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

15-441: Computer Networking Lecture 26: Networking Future.

Computer Science 1 An Approach to Universal Topology Generation Alberto Medina Anukool Lakhina Ibrahim Matta John Byers

User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

7/14/2015EECS 584, Fall MapReduce: Simplied Data Processing on Large Clusters Yunxing Dai, Huan Feng.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.

Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.

 A network simulator is a piece of software or hardware that predicts the behavior of a network, without an actual network being present.

A Machine Learning-based Approach for Estimating Available Bandwidth Ling-Jyh Chen 1, Cheng-Fu Chou 2 and Bo-Chun Wang 2 1 Academia Sinica 2 National Taiwan.

Edge Based Cloud Computing as a Feasible Network Paradigm(1/27) Edge-Based Cloud Computing as a Feasible Network Paradigm Joe Elizondo and Sam Palmer.

Active Network Applications Tom Anderson University of Washington.

Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Authors: Presented by: Michael Annichiarico.

2006 NSF CRI-PI Meeting1 ns-3 Project Plan Tom Henderson and Sumit Roy, University of Washington Sally Floyd, ICSI Center for Internet Research George.

Evaluating Centralized, Hierarchical, and Networked Architectures for Rule Systems Benjamin Craig University of New Brunswick Faculty of Computer Science.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Clouseau: A practical IP spoofing defense through route-based filtering Jelena Mirkovic, University of Delaware Nikola Jevtic,

Dynamic Network Emulation Security Analysis for Application Layer Protocols.

1 Reading Report 4 Yin Chen 26 Feb 2004 Reference: Peer-to-Peer Architecture Case Study: Gnutella Network, Matei Ruoeanu, In Int. Conf. on Peer-to-Peer.

Lecturer: Ghadah Aldehim

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.

Honeypot and Intrusion Detection System

Extreme-scale computing systems – High performance computing systems Current No. 1 supercomputer Tianhe-2 at petaflops Pushing toward exa-scale computing.

Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.

Module 4: Planning, Optimizing, and Troubleshooting DHCP

Scalable Analysis of Distributed Workflow Traces Daniel K. Gunter and Brian Tierney Distributed Systems Department Lawrence Berkeley National Laboratory.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

Estimating Bandwidth of Mobile Users Sept 2003 Rohit Kapoor CSD, UCLA.

Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

NIH Resource for Biomolecular Modeling and Bioinformatics Beckman Institute, UIUC NAMD Development Goals L.V. (Sanjay) Kale Professor.

Distributed Information Systems. Motivation ● To understand the problems that Web services try to solve it is helpful to understand how distributed information.

1 UNIT 13 The World Wide Web Lecturer: Kholood Baselm.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,

Large-scale Virtualization in the Emulab Network Testbed Mike Hibler, Robert Ricci, Leigh Stoller Jonathon Duerig Shashi Guruprasad, Tim Stack, Kirk Webb,

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Based upon slides from Jay Lepreau, Utah Emulab Introduction Shiv Kalyanaraman

1 Wide Area Network Emulation on the Millennium Bhaskaran Raman Yan Chen Weidong Cui Randy Katz {bhaskar, yanchen, wdc, Millennium.

1 Flexible, High-Speed Intrusion Detection Using Bro Vern Paxson Computational Research Division Lawrence Berkeley National Laboratory and ICSI Center.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

Department of Computer Science & Engineering 5. Acknowledgments 4. Conclusions 3. Evaluation2. Contribution 1. Introduction REU 2008-Packet Sniffer Jose.

Querying the Internet with PIER CS294-4 Paul Burstein 11/10/2003.

Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.

1 Internet Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

IP Spoofing. What Is IP Spoofing Putting a fake IP address in the IP header field for source address (requires root)

1 UNIT 13 The World Wide Web. Introduction 2 The World Wide Web: ▫ Commonly referred to as WWW or the Web. ▫ Is a service on the Internet. It consists.

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.

Routers Multiport connectivity device

Pong: Diagnosing Spatio-Temporal Internet Congestion Properties

CSE551: Introduction to Information Security

Outline The spoofing problem Approaches to handle spoofing

Presentation transcript:

INTERNET SIMULATOR Jelena Mirkovic USC Information Sciences Institute

Two pieces of the puzzle – Internet map – different sources – Computational models – Simulation engine Open-source, modular – Users can replace pieces Simulation at customizable granularity – Speed vs scale, problem-dependent, zoom-in function My experience – Custom Internet simulators for IP spoofing and worm research 2

Evaluate all spoofing filtering defenses These associate a source IP with some feature to detect spoofing – Previous hop, secret key, marks placed by routers … Model the Internet, calculate number of all (source, target, spoofed address) that are filtered No need to model attackss That depends: – Many hosts may have the same previous hop to filter – route diversity, route changes and host distribution – Route diversity depends on filter location – topology – Any address can be spoofed – need Internet-wide data [1] “Comparative Evaluation of Spoofing Defenses,” J. Mirkovic and E. Kissel, IEEE Transactions on Dependable and Secure Computing, 2009.

How accurate must a model be? – Assuming random topology/routing/filter placement, uniform host distribution = extremely low effectiveness Realistic sources produce much better results 6 months for the eval framework, 3 more years to get the sources right - 6x the overhead

We wanted to study collaborative worm defenses: – When I’m infected I tell my friends what to filter We decided to model the following in PAWS [2]: – Internet topology at the AS level – Conn. and AS size, routing – Log-normal distribution of vulnerable hosts – Worm-specific scanning strategy (RNG, scan size) – Limited link bandwidth (inter-AS, access) – Legitimate cross-traffic and its response to congestion (TCP) This required lot of data collection/aggregation and guesswork - Especially for routing, host distribution, link bw and legitimate traffic [2] “A Realistic Simulation of Internet-Scale Events,” S. Wei and J. Mirkovic, Proc. of the Create-Net International Conference on Performance Evaluation Methodologies and Tools (VALUETOOLS), 2006.

How accurate must a model be? Lessons learned from our experience: - 2 years to do the simulation right and the field has moved on – we never developed the worm defense

Internet map + simulator There’s a lot of data about the Internet – Multiple sources, multiple data types and resolutions We need a way to suck this data into ONE model of the Internet where user can select - “Age” of the Internet – time of data collection - Sources to be combined - What to do for missing data This model should either interface with popular simulators or be coupled with a simulator of its own - For this scale, the simulator must be distributed and its level of details must be customizable - Standardization of evaluation, easy portability

Data about Internet is incomplete in each dimension – Each data source should have some way to estimate how far it is from reality and possibly compensate for it Data about Internet is huge - Distributed simulation - Emulation at this scale is too hard and unnecessary - Missing data - Tolerate or guess? Users should choose - E. g., extrapolate from existing data - Anonymized data - Guess, users should choose how - E. g., random guess, multiple trials

Simulating only necessary events leads to great speedup: - In our work: 136-CPU core running PDNS and GTNetS matched with 8 common PCs - Fidelity/details are specific to research questions - May be able to come up with a standard for an area of research - Users must be able to customize this - Interaction between simulation and the model must also be specified

ns-3 seems promising: - It’s better to start from a widely used simulator than to develop one from scratch - ns-3 corrects lots of deficiencies found in ns-2 - Easily extensible, detailed simulation of network events, lots of tools for post-processing Work needed: - Significant revision to support “variable granularity” simulations and Internet model interaction – must be able to drop pieces of code selectively - A separate, large chunk of code to model the Internet Downsides: - Two-language code base, sometimes hell to debug

Need a set of distributed machines: - Research testbeds such as Emulab and DETER seem like a good choice - Usually have shared file system, useful for initialization files - Usually have dedicated links between nodes of high capacity and low delay - Any institution can build its own mini-testbed, all code for this is open-source Each user needs his own copy of the code: - So he can customize it accordingly - There could be a centralized repository for the map where the most popular data sources are integrated

The core of the code should be developed by a single team: - Ability to create unified maps from disparate sources - Ability to selectively simulate events at chosen granularity - Interaction between the simulator and the map - Some straightforward “guesswork” techniques Customizations of map/simulator for specific problems should be contributed by the user community: - Open-source model, like ns-2 - Code contributed by experts for specific problems

I’d love to hear your questions and comments! Jelena Mirkovic,