1 / 15

Network Operations Research

Nick Feamster http://www.cc.gatech.edu/~feamster/. Network Operations Research. What is Network Operations?. Helping network operators run secure, robust, highly available communications networks. Security: spam, denial of service, botnets

colorado-butler
Download Presentation

Network Operations Research

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nick Feamsterhttp://www.cc.gatech.edu/~feamster/ Network Operations Research

  2. What is Network Operations? Helping network operators run secure, robust, highly available communications networks. • Security: spam, denial of service, botnets • Troubleshooting: reachability and performance problems, equipment failures, configuration problems, etc. • Three problem areas • Detection • Identification: What is causing the problem? • Mitigation: How to fix the problem?

  3. Research Areas • Monitoring and Diagnosis • rcc: Router Configuration Checker • Network Virtualization • Internet Availability and Accessibility • Failure Recovery • Anti-Censorship • Network Security • Spam Filtering • Information-Flow Control

  4. Problem: Network Configuration What happens if I tweak this policy…? • Problems cause downtime • Problems often not immediately apparent

  5. Solution: rcc Best Paper, ACM/USENIX Symposium on Networked Systems Design and Implemntation (NSDI), 2005 Distributed router configurations (Single AS) • Analyzing complex, distributed configuration • Defining a correctness specification • Mapping specification to constraints • Verifying global correctness with local information “rcc” Correctness Specification Constraints Faults Normalized Representation Components Feamster & Balakrishnan, “Detecting BGP Configuration Faults with Static Analysis”, NSDI 2005

  6. rcc: Summary of Contributions • Correctness specification for Internet routing • Path visibility • Route validity • Safety • Static analysis of routing configuration • Global correctness guarantees with only local checks • New results on global stability • Analysis of 17 real-world networks • Practical and research significance • Downloaded by over sixty operators.

  7. Problem: Spam • Spam: About 80% of today’s email is “abusive” • Content filtering doesn’t work • Network monitoring: Today’s network devices were designed for yesterday’s threats • Circa 2000: Worms, DDoS • Today: Botnets, spam, click fraud, etc.

  8. Idea: Study Network-Level Properties • Ultimate goal: Construct spam filters based on network-level properties, rather than content • Content-based properties are malleable • Low cost to evasion:Spammers can alter content • High admin cost: Filters must be continually updated • Content-based filters are applied at the destination • Too little, too late:Wasted network bandwidth, storage, etc. Ramachandran et al. “Understanding the Network-Level Behavior of Spammers”, Best Paper, ACM SIGCOMM, 2006

  9. Spam Study: Major Findings • Where does spam come from? • Most received from few regions of IP address space • Do spammers hijack routes? • A small set of spammers continually advertise short-lived routes • How is spam sent? • Most coming from Windows hosts (likely, bots) ~ 10 minutes

  10. SNARE: Network-Based Filtering • Filter email based on how it is sent, in addition to simply whatis sent. • Network-level properties are less malleable • Network/geographic location of sender and receiver • Set of target recipients • Hosting or upstream ISP (AS number) • Membership in a botnet (spammer, hosting infrastructure) Shuang Hao et al., “Detecting Spammers with SNARE”, USENIX Security Sympoisium, August 2009

  11. Spam Filtering: Summary of Results • Spam increasing, spammers becoming agile • Content filters are falling behind • IP-Based blacklists are evadable • Up to 30% of spam not listed in common blacklists at receipt. ~20% remains unlisted after a month • Complementary approach: behavioral blacklisting based on network-level features • Key idea: Blacklist based on how messages are sent • SNARE: Automated sender reputation • ~90% accuracy of existing with lightweight features • SpamTracker: Spectral clustering • catches significant amounts faster than existing blacklists • SpamSpotter: Putting it together in an RBL system

  12. ACM SIGCOMM 2006 Network Virtualization

  13. Today: ISPs Serve Two Roles Role 1: Infrastructure Providers Role 2: Service Providers • Infrastructure providers: Maintain routers, links, data centers, other physical infrastructure • Service providers: Offer services (e.g., layer 3 VPNs, performance SLAs, etc.) to end users No single party has control over an end-to-end path.

  14. Instead: Elastic Networks • Infrastructure providers: maintain physical infrastructure needed to build networks • Service providers:lease “slices” of physical infrastructure from one or more providers • Interesting Questions • Network embedding • System building • Economics and markets

  15. Virtual Networks Need Connectivity • Strawman • Default routes • Public IP address • Problems • Experiments may needto see all upstream routes • Experiments may needmore control overtraffic • Need “BGP” • Setting up individualsessions is cumbersome • …particularly for transient experiments ISP 2 ISP 1 BGP Sessions GENI

More Related