Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Networks Zhenhai Duan Department of Computer Science 09/03/2015.

Published byArthur Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Networks Zhenhai Duan Department of Computer Science 09/03/2015."— Presentation transcript:

1 Computer Networks Zhenhai Duan Department of Computer Science 09/03/2015

2 Research Area Computer networks, in particular, Internet protocols, architectures, and systems –Internet inter-domain routing –Internet systems security –Overlay and peer-to-peer systems –Network measurement –Quality of Service (QoS) provisioning Details and publications –http://www.cs.fsu.edu/~duan 2

3 A Few Projects that I will Discuss Improving Internet inter-domain routing performance Controlling IP spoofing Detecting compromised machines (botnets) Traceback attack on Freenet 3

4 Internet Inter-Domain Routing Consists of large number of network domains (ASes) –Each owns one or multiple network prefixes –FSU campus network: 128.186.0.0/16 Intra-domain and inter-domain routing protocols –Intra-domain: OSPF and IS-IS –Inter-domain: BGP, a path-vector routing protocol BGP –Used to exchange network prefix reachability information Network prefix, AS-level path to reach network prefix –Path selection algorithm 4

5 BGP: an Example NLRI=128.186.0.0/16 ASPATH=[0] 128.186.0.0/16 NLRI=128.186.0.0/16 ASPATH=[10] NLRI=128.186.0.0/16 ASPATH=[10] NLRI=128.186.0.0/16 ASPATH=[210] NLRI=128.186.0.0/16 ASPATH=[610] NLRI=128.186.0.0/16 ASPATH=[610] NLRI=128.186.0.0/16 ASPATH=[210] NLRI=128.186.0.0/16 ASPATH=[7610] NLRI=128.186.0.0/16 ASPATH=[4210] NLRI=128.186.0.0/16 ASPATH=[3210] [3210]* [4210] [7610] NLRI=128.186.0.0/16 ASPATH=[53210] 5

6 Network Dynamics Internet has about 51K ASes and 564K network prefixes (as of 08/31/2015) In a system this big, things happen all the time –Fiber cuts, equipment outages, operator errors. Direct consequence on routing system –Events may propagated through entire Internet –Recomputing/propagating best routes –Large number of BGP updates exchanged between ASes Effects on user-perceived network performance –Long network delay –Packet loss and forwarding loops –Even loss of network connectivity 6

7 Causes of BGP Poor Performance Protocol artifacts of BGP Constraints of physical propagation –Internet is a GLOBAL network Complex interplay between components and policies of Internet routing [3210]* [4210] [7610] NLRI=128.186.0.0/16 ASPATH=[57610] NLRI=128.186.0.0/16 ASPATH=[54210] NLRI=128.186.0.0/16 Withdrawal 128.186.0.0/16 7

8 Improving BGP Convergence and Stability BGP protocol artifacts –EPIC: Carrying event origin in BGP updates –Propagation delays on different paths –Inter-domain failure vs. intra- domain failure –Multi-connectivity between ASes –Scalability and confidentiality IEEE INFOCOM 2005 Physical propagation constraints –Transient failures –TIDR: Localize failure events IEEE GLOBECOM 2008 8

9 Controlling IP Spoofing What is IP spoofing? –Used by many DDoS attacks –Act to fake source IP address Why it remains popular? –Hard to isolate attack traffic from legitimate one –Hard to pinpoint the true attacker –Many attacks rely on IP spoofing cd ba s d c d s d s 9

10 Filtering based on Route A key observation –Attackers can spoof source address, –But they cannot control route packets take Requirement –Filters need to compute best path from src to dst –Filters need to know global topology info –Not available in path-vector based Internet routing system cd ba s d s d s 10

11 Internet AS Relationship Consists of large number of network domains, Two common AS relationships –Provider-customer –Peering AS relationships determine routing policies A net effect of routing policies limit the number of routes between a pair of source and destination AS 2553 FSU AS 11096 FloridaNet AS 174 Cogent AS 3356 Level 3 AS2828 XO Comm AS 11537 Internet2 11

12 Topological Routes vs. Feasible Routes Topological routes –Loop-free paths between a pair of nodes Feasible routes –Loop-free paths between a pair of nodes that not violate routing policies cd ba s Topological routes s a d s b d s a b d s a c d s b a d s b c d s a b c d s a c b d s b a c d s b c a d Feasible routes s a d s b d cd ba s 12

13 Inter-Domain Packet Filter Identifying feasible upstream neighbors –Instead of filtering based on best path, based on feasible routes Findings based on real AS graphs –IDPFs can effectively limit the spoofing capability of attackers From 80% networks attackers cannot spoof source addresses –IDPFs are effective in helping IP traceback All ASes can localize attackers to at most 28 Ases IEEE INFOCOM 2006, IEEE TDSC 2008 13

14 Detecting Compromised Computers in Networks Botnet –Network of compromised machines, with a bot program installed to execute cmds from controller, without owners knowledge. 14

15 Motivation and Problem Botnet becoming a major security issue –Spamming, DDoS, identity theft –sheer volume and wide spread –Lack of effective tools to detect bots in local networks 15

16 Motivation Utility-based online detection method SPOT –Detecting subset of compromised machines involved in spamming Bots increasingly used in sending spam –70% - 80% of all spam from bots in recent years –In response to blacklisting –Spamming provides key economic incentive for controller 16

17 Network Model Machines in a network –Either compromised H 1 or normal H 0 – How to detect if a machine compromised as msgs pass SPOT sequentially? –Sequential Probability Ratio Test (SPRT) 17

18 Sequential Probability Ratio Test Statistical method for testing –Null hypothesis against alternative hypothesis One-dimensional random walk –With two boundaries corresponding to hypotheses A B 18

19 Performance of SPOT Two month email trace received on FSU campus net SpamAssassin and anti-virus software IEEE INFOCOM 2009, IEEE TDSC 2012 19

20 A Traceback Attack on Freenet Freenet is an anonymous peer to peer content-sharing system –Each node contributes a part of storage space. –Nodes can join and depart from Freenet at any moment. Aims to support anonymity of content publishers and retrievers. 20

21 High-Level Security Mechanisms Used Per-hop source address rewriting Per-hop traffic encryption End-to-end file encryption is also used HTL is only decreased with a probability 21

22 Traceback Attack on Freenet Goal: find which node issued a file request message Two critical components of the attack –Connect an attacking node to a suspect node –Check if a suspect node has seen a particular message before. Identifying all nodes seeing a message Uniquely determining originating machine IEEE INFOCOM 2013, IEEE TDSC (accepted) 22

23 Identifying All Nodes Seeing Msg Monitor Node NkNk N k-2 N k-1 Attack Nodes 23

24 Uniquely determining originator We can uniquely determine originating machine if forwarding path of message satisfies certain conditions –A few lemmas developed to specify conditions –In essence, relying on routing algorithm of Freenet and relationship among neighbors 24

25 Performance Evaluation SetTotalSuccessful NumberPercentage S11004343% S21002424% S31004141% S1100043243.2% S2100042942.9% S3100044144.1% S4100047247.2% S5100047447.4% S6100049249.2% Experiment results Simulation results 25

26 Summary Discussed a number of research projects –Improving BGP convergence –Controlling IP spoofing –Detecting spam zombies –Traceback attack on Freenet Details and other projects at my homepage –http://www.cs.fsu.edu/~duan 26

Download ppt "Computer Networks Zhenhai Duan Department of Computer Science 09/03/2015."

Similar presentations

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Part IV: BGP Routing Instability. March 8, 20042 BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.

Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Lecture 9 Overview. Hierarchical Routing scale – with 200 million destinations – can’t store all dests in routing tables! – routing table exchange would.

Lecture 9 Overview. Hierarchical Routing scale – with 200 million destinations – can’t store all dests in routing tables! – routing table exchange would.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Consensus Routing: The Internet as a Distributed System 2009. 2. 26 John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.

Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.
Computer Networks Zhenhai Duan Department of Computer Science 9/15/2011.

Computer Networks Zhenhai Duan Department of Computer Science 9/15/2011.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Chapter 4: Network Layer 4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol –Datagram format.

Chapter 4: Network Layer 4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol –Datagram format.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee 2005-03-0021.

S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Similar presentations

Ads by Google