Research Summary Nick Feamster

The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground up (architecture) –Once the network is running (diagnosis) –In the face of malice (security)

Research Approach Observe real-world problem (visit the trenches) Gather data, insight, etc. Propose principled approach Build system Deploy in practice (tech transfer)

Architecture: Path Splicing Problem: How to use multiple paths to a destination to improve availability? t s Compute multiple forwarding trees per destination. Allow packets to switch slices midstream. Motiwala et al., Path Splicing, SIGCOMM, August 2008

Architecture: AIP Problem: Many network security problems and point solutions Solution: Make many existing security mechanisms easier by changing address format Key idea: Addresses are self-certifying –A hosts address is the public key Andersen et al., Accountable Internet Architecture, SIGCOMM, August 2008

Real-Time Diagnosis Coordinated analysis of routing announcements Causality analysis in network traffic Coordinated end-to-end probes (network tomography) Huang et al., Exposing Routing Problems with Network-Wide Analysis, SIGMETRICS, June 2007 Tariq et al., Answering What-if Deployment and Configuration Questions with WISE, SIGCOMM, August 2008 Huang et al., Practical Issues with Using Network Tomography for Fault Diagnosis

Malice: Spam Filtering Problem: Distinguishing spam from ham. (Content filters are evadable, heavyweight) Solution: Track sender behavior. Host Recipient Query for IP sender, with sending pattern SpamTracker Similarity Spam Score Clusters with known association with spamming Traditional Keyword Spam Filter SpamTracker Legitimate Mail Spam Wide-Area Internet ?? Behavioral Analysis of Spam Activity ISP reporting … Regional Net Admin ? X Ok X Ramachandran et al., Undersanding the Network-Level Behavior of Spammers, SIGCOMM, August 2006 Ramachandran et al., Filtering Spam with Behavioral Blacklisting, CCS, October 2007

Summary Concrete Problem DataPrincipled Approach Results Improving availability when networks fail ISP Topologies and Failure Data Ground up approach: Path Splicing Benefit shown in simulation; now building on VINI Faster diagnosis of network problems Traffic, routing, measurements Derive causal explanations with coordinated analysis Algorithms adopted by AOL, Google, Thomson, etc. Spam filteringSpam, routing, blacklist lookups Analyze behavior, not content Deployed system, adoption by Cisco/Ironport

Principled Redesign of How Networks are Operated

Problem Many network network management tasks Today: Many solutions require operator vigilance, hacks, magic, etc. Can we make these tasks easier using a principled approach? –Recent trends of programmable networking may help

Approach Exploit recent trends in programmable networks (OpenFlow, VINI, etc.) –Deploy algorithms, protocols from earlier work –Bring the papers to practice Two ways to deploy –Testbeds (VINI, GENI) –OpenFlow-enabled campus and enterprise networks (Georgia Tech will be one; working with OIT on this) Developing the deployment platforms has its own research challenges, which I am working on as well (GENI/VINI)

One Idea: Outsourcing Network Management Lots of independently operated networks –Each with view of network traffic –Including home networks (a known large source of unwanted traffic) –Many cannot afford their own network administrator! Lots of distributed inference algorithms –For example: SpamTracker, WISE Use output from distributed inference to control network elements across many networks

PECASE Award 20 NSF CAREER Awardees per year, across all sciences For contributions to network management and operations, particularly in helping to secure the nations cyberinfrastructure