Subnet Level Internet Topology - CAIDA · Subnet‐Level Internet Topology ... Relation between...
Transcript of Subnet Level Internet Topology - CAIDA · Subnet‐Level Internet Topology ... Relation between...
Cheleby:Subnet‐Level Internet Topology
Mehmet Hadi Guneswith Hakan Kardes and Mehmet B. Akgun
Department of Computer Science and Engineering
University of Nevada, Reno
Subnet Resolution
2
observed topology inferred topology
genuine topologyC D
A B
C D
A B
C D
A B
Cheleby: Subnet-Level Internet Topology
[Observed] Degree vs. [Actual] Interfaces
3
A B C
X Y Z
DA B
D C X
Z Y
Degree: the number of one hop neighbors Interface: the number of links the system is attached to
0
2
4
6
8
0 2 4 6
Degree Distribution
0
2
4
6
8
0 2 4 6
Interface Distribution
Cheleby: Subnet-Level Internet Topology
Hyper Graphs
• Networks modeled as graphs G=(V,E)• Hyper graphs: H= (X,E) can accurately model multi‐access links– also, bipartite (2‐mode) graphs
4
4 3 2 2
3 2 2 2 1 1
Cheleby: Subnet-Level Internet Topology
Cheleby System Overview
5
Initial Pruner (IP)
Structural Graph Indexer
(SGI)
SubNet Inferrer(SNI)
Analytical IP Alias Resolver v2
(APARv2), iffinder
Graph Based Induction (GBI)
Network Topology
Raw Data
Traces• x - - L.2 - S.2 - y• x - - A.1 - W.1 - - z• y - S.1 - L.1 - - x• y - S.1 – U.1 - - C.1 - - z• z - - C.2 - - - x• z - - C.2 - - U.2 - S.3 - y
U K C N
L H A W
S
x
y
z
Cheleby: Subnet-Level Internet Topology
PlanetLabVantage Points
http://cheleby.cse.unr.edu
Round Trip Time Analysis
6
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
11 44 87 130
173
216
259
302
345
388
431
474
517
560
603
646
689
732
775
818
861
904
947
990
1033
1076
1119
1162
1205
1248
1291
1334
1377
1420
1463
1506
1549
1592
1635
CDF of IP
add
resses
Round Trip Time (in msec)
IPs Observed Unresponsive
Hops (Trailing *’s filtered)
213,303,135 17,537,018
92.40% 7.60%
Cheleby: Subnet-Level Internet Topology
Unresponsive Routers
Cheleby: Subnet-Level Internet Topology 7
• Responsiveness to Direct Probes
• Responsiveness to Indirect Probes
Team Analysis
8Cheleby: Subnet-Level Internet Topology
Resolution results
• Alias Resolution
• Subnet Inference
Cheleby: Subnet-Level Internet Topology 9
• Exponents : ‐2.17, ‐2.02, ‐1.92, respectively
Degree Distribution
10Cheleby: Subnet-Level Internet Topology
Interface Distribution
• Exponents : ‐2.71, ‐2.69, ‐2.74, respectively11Cheleby: Subnet-Level Internet Topology
Subnet Distribution
12
• Exponents : ‐3.42, 3.62, respectivelyNodes in Subnets
Cheleby: Subnet-Level Internet Topology
Synthetic Topology Generation
yes
Network SizeID
SD
no
Generate Nodes Generate Subnets
Satisfies Subnet & Interface
Distributions !!!
Calculate Degree Distribution based on DD
Heterogeneous Swap
Match ? Final Topology
Cheleby: Subnet-Level Internet Topology 13
• Single connected component is feasible only when • connectivity parameter <1
Connectivity Analysis
14
Relation between Interface Distribution and Number of Subnets
Feasible Region
Cheleby: Subnet-Level Internet Topology
Subnet Distribution: ExploreNET
15
1
10
100
1000
10000
100000
1 10 100 1000 10000Number of Nodes in Subnets
0.00001
0.0001
0.001
0.01
0.1
1
1 10 100 1000 10000
CCDF
[10 to 250] -1.09
Cheleby: Subnet-Level Internet Topology
Estimating Network Layer Subnet Characteristics via Statistical Sampling, M. Engin Tozal and Kamil Sarac, IFIP/TC6 Networking, Prague, Czech Republic, May’12
TraceNET
SourceDestination
DestinationSource
Traceroute Path
TraceNET Path
TraceNET: An Internet Topology Data Collector, M. Engin Tozal and Kamil Sarac, ACM Internet Measurement Conference, Melbourne, Australia, November 2010
Work in Progress
17
AS 1
AS 2
AS 3
AS 4
AS of InterestVP
VP
VP
VP VP
VP
VP
Alias Resolution
Subnet Resolution
Cheleby: Subnet-Level Internet Topology Per Destination load balancers ?
Network Traffic Analysis
with Bing Li, Jeff Springer, George Bebis
Design Goals
• Real time network query– near real time measurement and analysis
• Distributed system for – data collecting, storing, accessing, measuring and analyzing NetFlow
• Models of detection and classification based on profiling and behavior
Network Traffic Analysis 19
Design Components
Network Traffic Analysis 20
Demonstration
• Model Host Roles
• Algorithms: – On‐line Support Vector Machine– Decision Tree
• Ground Truth:– Host Information in Active Directory and vulnerability scanner Nessus database
Network Traffic Analysis 21
Client vs Server Classification
Network Traffic Analysis 22
Personal System vs Public System
Network Traffic Analysis 23
Web Server vs Email Server
Network Traffic Analysis 24
Classifying Two Different Colleges
Network Traffic Analysis 25
Anonymizer Usage
• Anonymity network usage via Pig scripting– 205 million packets– about 1.44TB data
• Analyzed Anonymity NetworksNetwork Servers Service
Tor 61,798 General
I2P 2,267 P2P
JAP 11 General
Remailers 15 Email
Proxies 7,246 General
Commercial Anomymizer,Gotrusted General
Anonymity Network Geolocation
Thanks