Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Operations Research Nick Feamster

Published byJuan Holmes Modified over 11 years ago

Similar presentations

Presentation on theme: "Network Operations Research Nick Feamster"— Presentation transcript:

1 Network Operations Research Nick Feamster http://www.cc.gatech.edu/~feamster/

2 What is Network Operations? Security: spam, denial of service, botnets Troubleshooting: reachability and performance problems, equipment failures, configuration problems, etc. Three problem areas –Detection –Identification: What is causing the problem? –Mitigation: How to fix the problem? Helping network operators run secure, robust, highly available communications networks.

3 Research Areas Monitoring and Diagnosis –rcc: Router Configuration Checker Network Virtualization Internet Availability and Accessibility –Failure Recovery –Anti-Censorship Network Security –Spam Filtering –Information-Flow Control

4 4 Problem: Network Configuration Problems cause downtime Problems often not immediately apparent What happens if I tweak this policy…?

5 5 rcc Solution: rcc Normalized Representation Correctness Specification Constraints Faults Analyzing complex, distributed configuration Defining a correctness specification Mapping specification to constraints Verifying global correctness with local information Components Distributed router configurations (Single AS) Feamster & Balakrishnan, Detecting BGP Configuration Faults with Static Analysis, NSDI 2005 Best Paper, ACM/USENIX Symposium on Networked Systems Design and Implemntation (NSDI), 2005

6 rcc: Summary of Contributions Correctness specification for Internet routing –Path visibility –Route validity –Safety Static analysis of routing configuration –Global correctness guarantees with only local checks New results on global stability Analysis of 17 real-world networks Practical and research significance –Downloaded by over sixty operators.

7 Problem: Spam Spam: About 80% of todays email is abusive –Content filtering doesnt work Network monitoring: Todays network devices were designed for yesterdays threats –Circa 2000: Worms, DDoS –Today: Botnets, spam, click fraud, etc.

8 Idea: Study Network-Level Properties Ramachandran et al. Understanding the Network-Level Behavior of Spammers, Best Paper, ACM SIGCOMM, 2006 Ultimate goal: Construct spam filters based on network- level properties, rather than content Content-based properties are malleable Low cost to evasion: Spammers can alter content High admin cost: Filters must be continually updated Content-based filters are applied at the destination Too little, too late: Wasted network bandwidth, storage, etc.

9 9 Spam Study: Major Findings Where does spam come from? –Most received from few regions of IP address space Do spammers hijack routes? –A small set of spammers continually advertise short-lived routes How is spam sent? –Most coming from Windows hosts (likely, bots) ~ 10 minutes

10 SNARE: Network-Based Filtering Filter email based on how it is sent, in addition to simply what is sent. Network-level properties are less malleable –Network/geographic location of sender and receiver –Set of target recipients –Hosting or upstream ISP (AS number) –Membership in a botnet (spammer, hosting infrastructure) Shuang Hao et al., Detecting Spammers with SNARE, USENIX Security Sympoisium, August 2009

11 Spam Filtering: Summary of Results Spam increasing, spammers becoming agile –Content filters are falling behind –IP-Based blacklists are evadable Up to 30% of spam not listed in common blacklists at receipt. ~20% remains unlisted after a month Complementary approach: behavioral blacklisting based on network-level features –Key idea: Blacklist based on how messages are sent –SNARE: Automated sender reputation ~90% accuracy of existing with lightweight features –SpamTracker: Spectral clustering catches significant amounts faster than existing blacklists –SpamSpotter: Putting it together in an RBL system

12 Network Virtualization ACM SIGCOMM 2006

13 13 Today: ISPs Serve Two Roles Infrastructure providers: Maintain routers, links, data centers, other physical infrastructure Service providers: Offer services (e.g., layer 3 VPNs, performance SLAs, etc.) to end users Role 1: Infrastructure ProvidersRole 2: Service Providers No single party has control over an end-to-end path.

14 14 Instead: Elastic Networks Interesting Questions –Network embedding –System building –Economics and markets Infrastructure providers: maintain physical infrastructure needed to build networks Service providers: lease slices of physical infrastructure from one or more providers

15 Virtual Networks Need Connectivity Strawman –Default routes –Public IP address Problems –Experiments may need to see all upstream routes –Experiments may need more control over traffic Need BGP –Setting up individual sessions is cumbersome –…particularly for transient experiments ISP 1 ISP 2 BGP Sessions GENI

Download ppt "Network Operations Research Nick Feamster"

Similar presentations

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Nick Feamster Georgia Tech

Nick Feamster Georgia Tech
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Improving Internet Availability. Some Problems Misconfiguration Miscoordination Efficiency –Market efficiency –Efficiency of end-to-end paths Scalability.

Improving Internet Availability. Some Problems Misconfiguration Miscoordination Efficiency –Market efficiency –Efficiency of end-to-end paths Scalability.
Dynamics of Online Scam Hosting Infrastructure

Dynamics of Online Scam Hosting Infrastructure
Network-Level Spam and Scam Defenses

Network-Level Spam and Scam Defenses
11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.

11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)

Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)
Networking Research Nick Feamster CS 7001. Nick Feamster Ph.D. from MIT, Post-doc at Princeton this fall Arriving January 2006 –Here off-and-on until.

Networking Research Nick Feamster CS Nick Feamster Ph.D. from MIT, Post-doc at Princeton this fall Arriving January 2006 –Here off-and-on until.
Network Virtualization Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton NSF NeTS-FIND PI Meeting.

Network Virtualization Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton NSF NeTS-FIND PI Meeting.
Understanding the Network- Level Behavior of Spammers Anirudh Ramachandran Nick Feamster Georgia Tech.

Understanding the Network- Level Behavior of Spammers Anirudh Ramachandran Nick Feamster Georgia Tech.
Network-Level Spam Filtering Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Maria Konte, Nadeem Syed, Alex Gray, Santosh Vempala, Jaeyeon.

Network-Level Spam Filtering Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Maria Konte, Nadeem Syed, Alex Gray, Santosh Vempala, Jaeyeon.
Spam and Botnets: Characterization and Mitigation Nick Feamster Anirudh Ramachandran David Dagon Georgia Tech.

Spam and Botnets: Characterization and Mitigation Nick Feamster Anirudh Ramachandran David Dagon Georgia Tech.
Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.

Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.

Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Internet Availability Nick Feamster Georgia Tech.

Internet Availability Nick Feamster Georgia Tech.
Spamming with BGP Spectrum Agility Anirudh Ramachandran Nick Feamster Georgia Tech.

Spamming with BGP Spectrum Agility Anirudh Ramachandran Nick Feamster Georgia Tech.
Nick Feamster Research Interest: Networked Systems Arriving January 2006 Likely teaching CS 7260 in Spring 2005 Here off-and-on until then. Email works.

Nick Feamster Research Interest: Networked Systems Arriving January 2006 Likely teaching CS 7260 in Spring 2005 Here off-and-on until then. works.
Improving Internet Availability with Path Splicing Nick Feamster Georgia Tech.

Improving Internet Availability with Path Splicing Nick Feamster Georgia Tech.

Similar presentations

Ads by Google