Cheleby: Subnet ‐ Level Internet Topology Mehmet Hadi Gunes with Hakan Kardes and Mehmet B. Akgun Department of Computer Science and Engineering University of Nevada, Reno
Subnet Resolution A B C D genuine topology A B A B C D C D observed topology inferred topology 2 Cheleby: Subnet-Level Internet Topology
[Observed] Degree vs. [Actual] Interfaces Degree : the number of one hop neighbors Interface : the number of links the system is attached to A B A B C D D C X X Y Z Z Y 8 8 Degree Distribution Interface Distribution 6 6 4 4 2 2 0 0 0 2 4 6 0 2 4 6 3 Cheleby: Subnet-Level Internet Topology
Hyper Graphs • Networks modeled as graphs G=(V,E) • Hyper graphs: H= (X,E) can accurately model multi ‐ access links – also, bipartite (2 ‐ mode) graphs 4 2 2 3 3 2 2 1 1 2 4 Cheleby: Subnet-Level Internet Topology
Cheleby System Overview PlanetLab Vantage Points Traces • x - - L.2 - S.2 - y • x - - A.1 - W.1 - - z Structural • y - S.1 - L.1 - - x Initial Pruner Raw Data Graph Indexer • y - S.1 – U.1 - - C.1 - - z (IP) • z - - C.2 - - - x (SGI) • z - - C.2 - - U.2 - S.3 - y SubNet Inferrer (SNI) S U K C N z Analytical IP Alias Graph Based Network Topology L H A W Resolver v2 y Induction (GBI) (APARv2), iffinder x http://cheleby.cse.unr.edu 5 Cheleby: Subnet-Level Internet Topology
Round Trip Time Analysis 1 0.9 IPs Observed Unresponsive 0.8 Hops (Trailing 213,303,135 17,537,018 *’s filtered) 0.7 92.40% 7.60% CDF of IP addresses 0.6 0.5 0.4 0.3 0.2 0.1 0 1 44 87 130 173 216 259 302 345 388 431 474 517 560 603 646 689 732 775 818 861 904 947 990 1033 1076 1119 1162 1205 1248 1291 1334 1377 1420 1463 1506 1549 1592 1635 Round Trip Time (in msec) 6 Cheleby: Subnet-Level Internet Topology
Unresponsive Routers • Responsiveness to Direct Probes • Responsiveness to Indirect Probes 7 Cheleby: Subnet-Level Internet Topology
Team Analysis 8 Cheleby: Subnet-Level Internet Topology
Resolution results • Alias Resolution • Subnet Inference 9 Cheleby: Subnet-Level Internet Topology
Degree Distribution • Exponents : ‐ 2.17, ‐ 2.02, ‐ 1.92, respectively 10 Cheleby: Subnet-Level Internet Topology
Interface Distribution • Exponents : ‐ 2.71, ‐ 2.69, ‐ 2.74, respectively 11 Cheleby: Subnet-Level Internet Topology
Subnet Distribution Nodes in Subnets • Exponents : ‐ 3.42, 3.62, respectively 12 Cheleby: Subnet-Level Internet Topology
Synthetic Topology Generation Network Size Generate ID Generate Nodes Subnets SD Calculate Degree Satisfies Subnet & Heterogeneous Distribution Interface Swap based on DD Distributions !!! no Final Match ? yes Topology 13 Cheleby: Subnet-Level Internet Topology
Connectivity Analysis Relation between Interface Distribution and Number of Subnets • Single connected component is feasible only when • connectivity parameter <1 Feasible Region 14 Cheleby: Subnet-Level Internet Topology
Subnet Distribution: ExploreNET 1 100000 0.1 10000 0.01 CCDF 0.001 1000 0.0001 [10 to 250] -1.09 0.00001 100 1 10 100 1000 10000 10 1 1 10 100 1000 10000 Number of Nodes in Subnets Estimating Network Layer Subnet Characteristics via Statistical Sampling , M. Engin Tozal and Kamil Sarac, IFIP/TC6 Networking, Prague, Czech Republic, May’12 15 Cheleby: Subnet-Level Internet Topology
TraceNET Traceroute Path Source Destination Source Destination TraceNET Path TraceNET: An Internet Topology Data Collector , M. Engin Tozal and Kamil Sarac, ACM Internet Measurement Conference, Melbourne, Australia, November 2010
Work in Progress AS 1 VP AS of Interest VP Alias Resolution VP AS 4 Subnet VP Resolution AS 2 VP VP VP AS 3 Per Destination load balancers ? 17 Cheleby: Subnet-Level Internet Topology
Network Traffic Analysis with Bing Li, Jeff Springer, George Bebis
Design Goals • Real time network query – near real time measurement and analysis • Distributed system for – data collecting, storing, accessing, measuring and analyzing NetFlow • Models of detection and classification based on profiling and behavior 19 Network Traffic Analysis
Design Components 20 Network Traffic Analysis
Demonstration • Model Host Roles • Algorithms: – On ‐ line Support Vector Machine – Decision Tree • Ground Truth: – Host Information in Active Directory and vulnerability scanner Nessus database 21 Network Traffic Analysis
Client vs Server Classification 22 Network Traffic Analysis
Personal System vs Public System 23 Network Traffic Analysis
Web Server vs Email Server 24 Network Traffic Analysis
Classifying Two Different Colleges 25 Network Traffic Analysis
Anonymizer Usage • Anonymity network usage via Pig scripting – 205 million packets – about 1.44TB data • Analyzed Anonymity Networks Network Servers Service Tor 61,798 General I2P 2,267 P2P JAP 11 General Remailers 15 Email Proxies 7,246 General Anomymizer,Gotrusted Commercial General
Anonymity Network Geolocation
Thanks
More recommend