an internet protocol address clustering algorithm
play

An Internet Protocol Address Clustering Algorithm Robert Beverly - PowerPoint PPT Presentation

Mar 09, 2023 •302 likes •899 views

An Internet Protocol Address Clustering Algorithm Robert Beverly Karen Sollins MIT Computer Science and Artificial Intelligence Laboratory {rbeverly,sollins}@csail.mit.edu December 11, 2008 USENIX SysML 2008 R. Beverly, K. Sollins (MIT) IP

  1. An Internet Protocol Address Clustering Algorithm Robert Beverly Karen Sollins MIT Computer Science and Artificial Intelligence Laboratory {rbeverly,sollins}@csail.mit.edu December 11, 2008 USENIX SysML 2008 R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 1

  2. Scope of Talk Motivation: Learning to operate in an increasingly complex and 1 malicious Internet Challenges: Many at Internet-scale, in dynamic environment 2 Needed: Building-blocks for network and systems designers 3 Approach (And why we didn’t do X ): An IP Clustering Algorithm 4 as one building-block with many practical applications Results: Predictive performance, including ability to detect 5 changed network portions Future: What’s next, work building upon this research 6 R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 2

  3. Internet-Scale Learning Outline Internet-Scale Learning 1 Defining the Problem 2 Exploiting Network Structure 3 Results 4 R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 3

  4. Internet-Scale Learning Evolution of Internet Architecture The Internet is a phenomenal success, but original assumptions underlying its design have changed, e.g.: Security ... historically a second concern Trust ... in a world of botnets, phishers, etc Scale ... traffic, routes, multi-homing, etc Complexity ... policy constraints, network demands, economics And it’s continuing to evolve, grow more complex. E.g.: Scale along new dimension: bad hosts/users Support increasingly critical services Trend to content-based networking Adding devices with intermittent connectivity (sensor nets, DTNs) R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 4

  5. Internet-Scale Learning The Research Challenge Apply statistical learning to embrace Internet’s natural complexity Find predictive models: generalize to unseen data, new situations Networking problems are a challenging learning environment: Non-stationary On-line Distributed Tradeoff between effort vs. improvement obtained vs. errors Needed: Building blocks to realize ML promise while mitigating challenges R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 5

  6. Defining the Problem Outline Internet-Scale Learning 1 Defining the Problem 2 Exploiting Network Structure 3 Results 4 R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 6

  7. Defining the Problem Overview IP Clustering as a Building Block Internet Protocol (IP) v4 addresses are unsigned 32-bit integers e.g. 18.26.0.230 Hosts given addresses based on the network on which they reside An IP Address Clustering Algorithm: Supervised learning (describe change detection later) Given (informally): Training samples from a portion of the IP address space Labeled with a real or discrete property (e.g. latency, security reputation, etc) Find a “good” partitioning of the space Why? R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 7

  8. Defining the Problem Motivation IPs as Identifiers: For better or worse, IP addresses are overloaded. IPs serve as identifiers for: End hosts Location in the network topology Location in the physical topology Implications of this conflation: Security policy (firewalls, etc) Reputation (spam sources, etc) Service selection, load balancing, performance optimization (P2P , CDNs, etc) User-directed routing, grid computing, more... For example... R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 8

  9. Defining the Problem Building Intuition Practical Example: Internet Mail Server 32 0 2 Spam ??? Ham Spam Spam Ham Mail Server Assuming spam originates from “grouped” hosts/networks Can a mail server build a predictive model of likely spam sources/networks? R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 9

  10. Defining the Problem Building Intuition Emulating Ideal World Ideally, a “knowledge plane” would provide oracle information on every node in the network Unfortunately, the size ( ∼ 3 B addresses, ∼ 300 K networks) and dynamics of the Internet generally precludes complete knowledge Instead, leverage Internet’s inherent structure due to physical, logical and administrative boundaries How much structure exists? R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 10

  11. Defining the Problem Building Intuition IANA /8 Allocations by Continent IP addressing is hierarchical Discontinuous, fragmented Correct granularity? Hosts within same sub network likely have consistent policy, latencies, routes, etc. R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 11

  12. Defining the Problem Building Intuition Learning Structure Idea 1: Statically divide input space Email server example: 32 0 2 Spam ??? Ham Spam Spam Ham Mail Server R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 12

  13. Defining the Problem Building Intuition Learning Structure Idea 1: Statically divide input space Email server example: 32 0 2 32 0 2 P(Spam|Struct) = 0.5 P(S) = 0 P(S) = 1 R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 13

  14. Defining the Problem Building Intuition Learning Structure Idea 1: Statically divide input space Issues: Email server example: Pre-supposes a structure; we may want to infer this 32 0 2 Requires large amount of memory to perform 32 0 2 decently Static alignment with data leads to inferior performance compared to P(Spam|Struct) = 0.5 P(S) = 0 P(S) = 1 other approaches R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 13

  15. Defining the Problem Building Intuition Idea 2: Leverage network routing IP Hierarchy and Aggregation: Blocks (varying size) of contiguous addresses assigned to networks (e.g. AT&T, UCSD, Level3, etc) Aggregated unit: prefix/mask (defined precisely in paper) E.g. 18.0.0.0/8 is a large prefix with 2 24 addresses Smaller blocks are further sub-delegated (“smaller” prefixen) Routers exchange aggregated prefixes, perform per-packet longest-match forwarding to get packet closer to destination Implication: There’s an existing source of rich data e.g. [Balachandar & Wang] For example... R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 14

  16. Defining the Problem Building Intuition Learning Structure Idea 2: Leverage network routing Email server example: 32 0 2 R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 15

  17. Defining the Problem Building Intuition Learning Structure Idea 2: Leverage network routing Email server example: 32 0 2 Sprint AT&T Qwest R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 16

  18. Defining the Problem Building Intuition Learning Structure Idea 2: Leverage network routing Email server example: 32 0 2 Sprint AT&T Qwest Seaworld Qualcomm Hotel R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 17

  19. Defining the Problem Building Intuition Learning Structure Idea 2: Leverage network routing Email server example: Issues: Inferior to more 32 0 2 sophisticated approaches Even if readily available, typically at Sprint AT&T Qwest wrong granularity Similar problems in using registry Seaworld Qualcomm databases Hotel R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 17

  20. Defining the Problem Takeaways How to Best Learn/Exploit Structure? Temptation to formulate network task into a learning problem (i.e. use out-of-the-box “black-box” algorithms) Often suboptimal e.g. how to set thresholds, regularization parameter, kernel, etc? How about Internet-specific learning algorithms? Leverage domain-specific knowledge Learn in a way amenable to non-stationary environment, on-line directed learning As Important: Must be fast (ideally suitable for Internet core / high-speed routers) Memory efficient (think FIBs not RIBs) R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 18

  21. Exploiting Network Structure Outline Internet-Scale Learning 1 Defining the Problem 2 Exploiting Network Structure 3 Results 4 R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 19

  22. Exploiting Network Structure Refining the Problem Data Set Latency Data Set Live RTT Measurements: Reference data set drawn from live Internet measurements IP IP 2 IP 1 N Use round-trip latency as per-IP property (label) Note algorithm isn’t specific to latency prediction ping = RTT 1 ping = RTT 2 Latency is evocative of many ping = RTT structural properties (e.g. N latencies of sub-networks are Agent often a function of the network to which they belong) R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 20

  23. Exploiting Network Structure Refining the Problem Data Set Find: 30,000 random Internet hosts responding to ping Gather: Average latency to each over 5 pings 0.07 0.06 0.05 Probability 0.04 Several modes, non-trivial 0.03 distribution 0.02 0.01 0 0 100 200 300 400 500 Latency (ms) R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 21

  24. Exploiting Network Structure Refining the Problem Black-block Performance Let’s try out-of-the-box SVM regression: Predict latency to unknown destinations With lots of tuning, performs reasonably well; several insights from feature selection 500 75% within 30% 400 Predicted Latency (ms) 300 Points within yellow lines represent good predictions 200 100 0 0 100 200 300 400 500 Measured Latency (ms) R. Beverly, K. Sollins (MIT) IP Clustering SysML 2008 22

Recommend

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for ensuring that data is transferred between two Intenret hosts based on a 32 bit address. To be ROUTABLE, a protocol must specify a NETWORK ADDRESS

899 views • 22 slides
Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internet Protocol Suite: Transport Internet Protocol Suite: Transport TCP: Transmission Control Protocol Byte stream transfer Internet Protocol Suite Internet Protocol Suite Reliable, connection-oriented service Point-to-point

374 views • 3 slides
Overview/Questions What does Internet Protocol actually do? What is an IP address? How

Overview/Questions What does Internet Protocol actually do? What is an IP address? How

CS101 Lecture 6: Internetworking: Internet Protocol, IP Addresses, Routing, DNS John Magee 8 July 2013 Some images courtesy Wikimedia Commons 1 Overview/Questions What does Internet Protocol actually do? What is an IP address? How

495 views • 18 slides
Internet routing is based on routing protocols that collect the input data No off-line route

Internet routing is based on routing protocols that collect the input data No off-line route

Introduction to Routing in Internet Internet basics IPv4 and ICMP Internet Addressing ARP - Address Resolution Protocol Routing Information (Distance Vector ) Protocol Principles 3-1 S-38.121 S-02 Rka, NB Internet routing is based on

214 views • 18 slides
CBCN4103 The identifier used in the IP layer of the TCP/IP protocol suite to identify each

CBCN4103 The identifier used in the IP layer of the TCP/IP protocol suite to identify each

CBCN4103 The identifier used in the IP layer of the TCP/IP protocol suite to identify each device connected to the Internet is called the Internet address or IP address. An IP address is a 32-bit address that uniquely and universally

690 views • 53 slides
LECTURE 7 Clustering The k-means algorithm Hierarchical Clustering The DBSCAN algorithm

LECTURE 7 Clustering The k-means algorithm Hierarchical Clustering The DBSCAN algorithm

DATA MINING LECTURE 7 Clustering The k-means algorithm Hierarchical Clustering The DBSCAN algorithm Clustering Evaluation What is a Clustering? In general a grouping of objects such that the objects in a group (cluster) are similar (or

1.39k views • 110 slides
1 K-means clustering The K-means clustering algorithm can be seen as applying the EM algorithm to

1 K-means clustering The K-means clustering algorithm can be seen as applying the EM algorithm to

Statistical Modeling and Analysis of Neural Data (NEU 560) Princeton University, Spring 2018 Jonathan Pillow Lecture 18 notes: K-means and Factor Analysis Tues, 4.17 1 K-means clustering The K-means clustering algorithm can be seen as

547 views • 3 slides
Outline The IP protocol 15-441/641: Computer Networks IPv4 The Internet Protocol IPv6

Outline The IP protocol 15-441/641: Computer Networks IPv4 The Internet Protocol IPv6

9/16/2019 Outline The IP protocol 15-441/641: Computer Networks IPv4 The Internet Protocol IPv6 Fall 2019 Profs Peter Steenkiste & Justine Sherry IP in practice Network address translation Tunnels ARP

90 views • 6 slides
Chapter 8 Communication Networks and Services The TCP/IP Architecture The Internet Protocol

Chapter 8 Communication Networks and Services The TCP/IP Architecture The Internet Protocol

Chapter 8 Communication Networks and Services The TCP/IP Architecture The Internet Protocol Internet Addressing Address Resolution protocol Internet Control Message Prototocol Chapter 8 Communication Networks and Services The TCP/IP

809 views • 46 slides
The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations

The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations

The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations Sharon Goldberg BGP : Border Gateway Protocol DNS : Domain Name System BGP manipulation from July 2013 Abroad USA Qwest/ Centurylink Endpoint in

381 views • 11 slides
Lecture 23: Spectral clustering Hierarchical clustering What is a good clustering?

Lecture 23: Spectral clustering Hierarchical clustering What is a good clustering?

Lecture 23: Spectral clustering Hierarchical clustering What is a good clustering? Aykut Erdem May 2016 Hacettepe University Last time K-Means An iterative clustering algorithm - Initialize: Pick K random points as cluster

932 views • 64 slides
LECTURE 8 The EM Algorithm Clustering Validation Sequence segmentation CLUSTERING What is a

LECTURE 8 The EM Algorithm Clustering Validation Sequence segmentation CLUSTERING What is a

DATA MINING LECTURE 8 The EM Algorithm Clustering Validation Sequence segmentation CLUSTERING What is a Clustering? In general a grouping of objects such that the objects in a group (cluster) are similar (or related) to one another and

998 views • 78 slides
Week 7 Video 1 Clustering Clustering A type of Structure Discovery algorithm This type of

Week 7 Video 1 Clustering Clustering A type of Structure Discovery algorithm This type of

Week 7 Video 1 Clustering Clustering A type of Structure Discovery algorithm This type of method is also referred to as Dimensionality Reduction , based on a common application Clustering You have a large number of data points You

974 views • 63 slides
A fuzzy clustering method using Genetic Algorithm and Fuzzy Subtractive Clustering Thanh Le, Tom

A fuzzy clustering method using Genetic Algorithm and Fuzzy Subtractive Clustering Thanh Le, Tom

A fuzzy clustering method using Genetic Algorithm and Fuzzy Subtractive Clustering Thanh Le, Tom Altman and Katheleen Gardiner University of Colorado Denver July 18, 2012 Overview Introduction Fuzzy clustering using Fuzzy C-Means

345 views • 22 slides
1 IP datagram IP datagram format format 20 bytes 20 bytes header header (minimum)

1 IP datagram IP datagram format format 20 bytes 20 bytes header header (minimum)

Lecture 11. Lecture 11. The Internet Layer The Internet Layer IP (Internet Protocol) IP (Internet Protocol) & & ICMP (Internet Control Message Protocol) ICMP (Internet Control Message Protocol) Giuseppe Bianchi Internet Protocol

334 views • 18 slides
IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan, Inc. / KAME Project Keiichi SHIMA <keiichi@iij.ad.jp> Contents Why do we use IPv6? IPv6 Addresses Link-layer address resolution

1.55k views • 116 slides
1 Type of Service Version Header Total Length length TOS Why the protocol field? Why the

1 Type of Service Version Header Total Length length TOS Why the protocol field? Why the

Internet Protocol (IP) Internet Protocol (IP) RFC 791 (1981) RFC 791 (1981) Lecture 11. Lecture 11. Connectionless datagram delivery service The Internet Layer The Internet Layer best-effort Unreliable no guarantees of

438 views • 9 slides
Clustering 2 Clustering 2 Nov 3 2008 HAC Algorithm HAC Algorithm St t Start with all objects in

Clustering 2 Clustering 2 Nov 3 2008 HAC Algorithm HAC Algorithm St t Start with all objects in

Clustering 2 Clustering 2 Nov 3 2008 HAC Algorithm HAC Algorithm St t Start with all objects in their own cluster. ith ll bj t i th i l t Until there is only one cluster: Among the current clusters determine the two Among the current

345 views • 23 slides
CS 356: Computer Network Architectures Lecture 10: The Internet Protocol (IP) Ch 3.2 Xiaowei

CS 356: Computer Network Architectures Lecture 10: The Internet Protocol (IP) Ch 3.2 Xiaowei

CS 356: Computer Network Architectures Lecture 10: The Internet Protocol (IP) Ch 3.2 Xiaowei Yang xwy@cs.duke.edu Overview IP header format IP addressing IP forwarding Forwarding algorithm Fragmentation Inter-networking

995 views • 54 slides
CB-DBSCAN: A Novel Clustering Algorithm for Adjacent Clusters with Different Densities Gashin

CB-DBSCAN: A Novel Clustering Algorithm for Adjacent Clusters with Different Densities Gashin

CB-DBSCAN: A Novel Clustering Algorithm for Adjacent Clusters with Different Densities Gashin Ghazizadeh Outline Introduction Multi-density Clustering CB-DBSCAN Results CB-DBSCAN: A Novel Clustering Algorithm for Adjacent

454 views • 33 slides
CS 356: Computer Network Architectures Lecture 9: The Internet Protocol (IP) Ch 3.2 Xiaowei

CS 356: Computer Network Architectures Lecture 9: The Internet Protocol (IP) Ch 3.2 Xiaowei

CS 356: Computer Network Architectures Lecture 9: The Internet Protocol (IP) Ch 3.2 Xiaowei Yang xwy@cs.duke.edu Overview History of IP IP header format IP addressing IP forwarding Forwarding algorithm Fragmentation

882 views • 57 slides
DATA MINING LECTURE 9 The EM Algorithm Clustering Evaluation Sequence segmentation CLUSTERING

DATA MINING LECTURE 9 The EM Algorithm Clustering Evaluation Sequence segmentation CLUSTERING

DATA MINING LECTURE 9 The EM Algorithm Clustering Evaluation Sequence segmentation CLUSTERING What is a Clustering? In general a grouping of objects such that the objects in a group (cluster) are similar (or related) to one another and

905 views • 79 slides
INTERNET AND INTERNET PROTOCOL VERSION 4 (IPv4) Outline A bit of history The TCP/IP

INTERNET AND INTERNET PROTOCOL VERSION 4 (IPv4) Outline A bit of history The TCP/IP

INTERNET AND INTERNET PROTOCOL VERSION 4 (IPv4) Outline A bit of history The TCP/IP protocol architecture IPv4 General Features The protocol A BIT OF HISTORY A Research Project Its the 7Os DARPA

674 views • 36 slides
Internet Protocol (IP) Internet Protocol (IP) TCP versus UDP TCP versus UDP Low Low-

Internet Protocol (IP) Internet Protocol (IP) TCP versus UDP TCP versus UDP Low Low-

Special Course on Networked Virtual January 30, 2004 Environments Internet Protocol (IP) Internet Protocol (IP) TCP versus UDP TCP versus UDP Low Low- -level protocols used by hosts and routers level protocols used by hosts and routers

275 views • 5 slides

More recommend