Network Operations Research Nick Feamster

Slides:



Advertisements
Similar presentations
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Advertisements

Nick Feamster Georgia Tech
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Improving Internet Availability. Some Problems Misconfiguration Miscoordination Efficiency –Market efficiency –Efficiency of end-to-end paths Scalability.
Dynamics of Online Scam Hosting Infrastructure
Network-Level Spam and Scam Defenses
11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)
Networking Research Nick Feamster CS Nick Feamster Ph.D. from MIT, Post-doc at Princeton this fall Arriving January 2006 –Here off-and-on until.
Network Virtualization Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton NSF NeTS-FIND PI Meeting.
Understanding the Network- Level Behavior of Spammers Anirudh Ramachandran Nick Feamster Georgia Tech.
Network-Level Spam Filtering Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Maria Konte, Nadeem Syed, Alex Gray, Santosh Vempala, Jaeyeon.
Spam and Botnets: Characterization and Mitigation Nick Feamster Anirudh Ramachandran David Dagon Georgia Tech.
Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Internet Availability Nick Feamster Georgia Tech.
Spamming with BGP Spectrum Agility Anirudh Ramachandran Nick Feamster Georgia Tech.
Nick Feamster Research Interest: Networked Systems Arriving January 2006 Likely teaching CS 7260 in Spring 2005 Here off-and-on until then. works.
Improving Internet Availability with Path Splicing Nick Feamster Georgia Tech.
Understanding the Network- Level Behavior of Spammers Anirudh Ramachandran Nick Feamster Georgia Tech.
Network-Based Spam Filtering Anirudh Ramachandran Nick Feamster Georgia Tech.
My Experience Writing an NSF NeTS FIND Proposal Nick Feamster Georgia Tech.
Multihoming and Multi-path Routing
Network-Based Spam Filtering Nick Feamster Georgia Tech Joint work with Anirudh Ramachandran and Santosh Vempala.
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Network Operations Nick Feamster
Network Troubleshooting: rcc and Beyond Nick Feamster Georgia Tech (joint with Russ Clark, Yiyi Huang, Anukool Lakhina)
Network Security Highlights Nick Feamster Georgia Tech.
1 Dynamics of Online Scam Hosting Infrastructure Maria Konte, Nick Feamster Georgia Tech Jaeyeon Jung Intel Research.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Network Operations Nick Feamster
1 Network-Level Spam Detection Nick Feamster Georgia Tech.
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Network-Based Spam Filtering Nick Feamster Georgia Tech with Anirudh Ramachandran, Nadeem Syed, Alex Gray, Sven Krasser, Santosh Vempala.
Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Network Security Highlights Nick Feamster Georgia Tech.
Multihoming and Multi-path Routing
Network-Level Spam Defenses Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Alex Gray, Santosh Vempala.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Spam Sagar Vemuri slides courtesy: Anirudh Ramachandran Nick Feamster.
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
Network Security: Spam Nick Feamster Georgia Tech CS 6250 Joint work with Anirudh Ramachanrdan, Shuang Hao, Santosh Vempala, Alex Gray.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:
Fighting Spam, Phishing and Online Scams at the Network Level Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Nadeem Syed, Alex Gray,
Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Network-Level Spam and Scam Defenses Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Maria Konte Alex Gray, Jaeyeon Jung, Santosh Vempala.
14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.
1 Cabo: Concurrent Architectures are Better than One Jennifer Rexford Princeton University Joint work with Nick Feamster.
Understanding the Network-Level Behavior of Spammers Best Student Paper, ACM Sigcomm 2006 Anirudh Ramachandran and Nick Feamster Ye Wang (sando)
Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:
Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.
Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.
Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman * Joint work with Subhabrata Sen §, Oliver Spatscheck §, Patrick Haffner.
Information-Centric Networks Section # 4.2: Routing Issues Instructor: George Xylomenos Department: Informatics.
Bringing External Connectivity and Experimenters to GENI Nick Feamster Georgia Tech.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.
Presentation transcript:

Network Operations Research Nick Feamster

What is Network Operations? Security: spam, denial of service, botnets Troubleshooting: reachability and performance problems, equipment failures, configuration problems, etc. Three problem areas –Detection –Identification: What is causing the problem? –Mitigation: How to fix the problem? Helping network operators run secure, robust, highly available communications networks.

Research Areas Monitoring and Diagnosis –rcc: Router Configuration Checker Network Virtualization Internet Availability and Accessibility –Failure Recovery –Anti-Censorship Network Security –Spam Filtering –Information-Flow Control

4 Problem: Network Configuration Problems cause downtime Problems often not immediately apparent What happens if I tweak this policy…?

5 rcc Solution: rcc Normalized Representation Correctness Specification Constraints Faults Analyzing complex, distributed configuration Defining a correctness specification Mapping specification to constraints Verifying global correctness with local information Components Distributed router configurations (Single AS) Feamster & Balakrishnan, Detecting BGP Configuration Faults with Static Analysis, NSDI 2005 Best Paper, ACM/USENIX Symposium on Networked Systems Design and Implemntation (NSDI), 2005

rcc: Summary of Contributions Correctness specification for Internet routing –Path visibility –Route validity –Safety Static analysis of routing configuration –Global correctness guarantees with only local checks New results on global stability Analysis of 17 real-world networks Practical and research significance –Downloaded by over sixty operators.

Problem: Spam Spam: About 80% of todays is abusive –Content filtering doesnt work Network monitoring: Todays network devices were designed for yesterdays threats –Circa 2000: Worms, DDoS –Today: Botnets, spam, click fraud, etc.

Idea: Study Network-Level Properties Ramachandran et al. Understanding the Network-Level Behavior of Spammers, Best Paper, ACM SIGCOMM, 2006 Ultimate goal: Construct spam filters based on network- level properties, rather than content Content-based properties are malleable Low cost to evasion: Spammers can alter content High admin cost: Filters must be continually updated Content-based filters are applied at the destination Too little, too late: Wasted network bandwidth, storage, etc.

9 Spam Study: Major Findings Where does spam come from? –Most received from few regions of IP address space Do spammers hijack routes? –A small set of spammers continually advertise short-lived routes How is spam sent? –Most coming from Windows hosts (likely, bots) ~ 10 minutes

SNARE: Network-Based Filtering Filter based on how it is sent, in addition to simply what is sent. Network-level properties are less malleable –Network/geographic location of sender and receiver –Set of target recipients –Hosting or upstream ISP (AS number) –Membership in a botnet (spammer, hosting infrastructure) Shuang Hao et al., Detecting Spammers with SNARE, USENIX Security Sympoisium, August 2009

Spam Filtering: Summary of Results Spam increasing, spammers becoming agile –Content filters are falling behind –IP-Based blacklists are evadable Up to 30% of spam not listed in common blacklists at receipt. ~20% remains unlisted after a month Complementary approach: behavioral blacklisting based on network-level features –Key idea: Blacklist based on how messages are sent –SNARE: Automated sender reputation ~90% accuracy of existing with lightweight features –SpamTracker: Spectral clustering catches significant amounts faster than existing blacklists –SpamSpotter: Putting it together in an RBL system

Network Virtualization ACM SIGCOMM 2006

13 Today: ISPs Serve Two Roles Infrastructure providers: Maintain routers, links, data centers, other physical infrastructure Service providers: Offer services (e.g., layer 3 VPNs, performance SLAs, etc.) to end users Role 1: Infrastructure ProvidersRole 2: Service Providers No single party has control over an end-to-end path.

14 Instead: Elastic Networks Interesting Questions –Network embedding –System building –Economics and markets Infrastructure providers: maintain physical infrastructure needed to build networks Service providers: lease slices of physical infrastructure from one or more providers

Virtual Networks Need Connectivity Strawman –Default routes –Public IP address Problems –Experiments may need to see all upstream routes –Experiments may need more control over traffic Need BGP –Setting up individual sessions is cumbersome –…particularly for transient experiments ISP 1 ISP 2 BGP Sessions GENI

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.