Cheleby: Subnet Level Internet Topology Mehmet Hadi Gunes with Hakan - - PowerPoint PPT Presentation

cheleby
SMART_READER_LITE
LIVE PREVIEW

Cheleby: Subnet Level Internet Topology Mehmet Hadi Gunes with Hakan - - PowerPoint PPT Presentation

Oct 05, 2023 318 likes •615 views

Cheleby: Subnet Level Internet Topology Mehmet Hadi Gunes with Hakan Kardes and Mehmet B. Akgun Department of Computer Science and Engineering University of Nevada, Reno Subnet Resolution A B C D genuine topology A B A B C D C D

slide-1
SLIDE 1

Cheleby:

Subnet‐Level Internet Topology

Mehmet Hadi Gunes

with Hakan Kardes and Mehmet B. Akgun Department of Computer Science and Engineering

University of Nevada, Reno

slide-2
SLIDE 2

Subnet Resolution

2

  • bserved topology

inferred topology genuine topology

C D A B C D A B C D A B

Cheleby: Subnet-Level Internet Topology

slide-3
SLIDE 3

[Observed] Degree vs. [Actual] Interfaces

3

A B C X Y Z D A B D C X Z Y

Degree: the number of one hop neighbors Interface: the number of links the system is attached to

2 4 6 8 2 4 6 Degree Distribution 2 4 6 8 2 4 6 Interface Distribution

Cheleby: Subnet-Level Internet Topology

slide-4
SLIDE 4

Hyper Graphs

  • Networks modeled as graphs G=(V,E)
  • Hyper graphs: H= (X,E) can accurately model

multi‐access links

– also, bipartite (2‐mode) graphs

4

4 3 2 2 3 2 2 2 1 1

Cheleby: Subnet-Level Internet Topology

slide-5
SLIDE 5

Cheleby System Overview

5

Initial Pruner (IP) Structural Graph Indexer (SGI) SubNet Inferrer (SNI) Analytical IP Alias Resolver v2 (APARv2), iffinder Graph Based Induction (GBI)

Network Topology Raw Data Traces

  • x -  - L.2 - S.2 - y
  • x -  - A.1 - W.1 -  - z
  • y - S.1 - L.1 -  - x
  • y - S.1 – U.1 -  - C.1 -  - z
  • z -  - C.2 -  -  - x
  • z -  - C.2 -  - U.2 - S.3 - y

U K C N L H A W S x y z Cheleby: Subnet-Level Internet Topology

PlanetLab Vantage Points http://cheleby.cse.unr.edu

slide-6
SLIDE 6

Round Trip Time Analysis

6 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 1 44 87 130 173 216 259 302 345 388 431 474 517 560 603 646 689 732 775 818 861 904 947 990 1033 1076 1119 1162 1205 1248 1291 1334 1377 1420 1463 1506 1549 1592 1635

CDF of IP addresses Round Trip Time (in msec)

IPs Observed Unresponsive Hops (Trailing *’s filtered) 213,303,135 17,537,018 92.40% 7.60%

Cheleby: Subnet-Level Internet Topology

slide-7
SLIDE 7

Unresponsive Routers

Cheleby: Subnet-Level Internet Topology 7

  • Responsiveness to Direct Probes
  • Responsiveness to Indirect Probes
slide-8
SLIDE 8

Team Analysis

8 Cheleby: Subnet-Level Internet Topology

slide-9
SLIDE 9

Resolution results

  • Alias Resolution
  • Subnet Inference

Cheleby: Subnet-Level Internet Topology 9

slide-10
SLIDE 10
  • Exponents : ‐2.17, ‐2.02, ‐1.92, respectively

Degree Distribution

10 Cheleby: Subnet-Level Internet Topology

slide-11
SLIDE 11

Interface Distribution

  • Exponents : ‐2.71, ‐2.69, ‐2.74, respectively

11 Cheleby: Subnet-Level Internet Topology

slide-12
SLIDE 12

Subnet Distribution

12

  • Exponents : ‐3.42, 3.62, respectively

Nodes in Subnets

Cheleby: Subnet-Level Internet Topology

slide-13
SLIDE 13

Synthetic Topology Generation

yes

Network Size ID SD

no

Generate Nodes Generate Subnets Satisfies Subnet &

Interface

Distributions !!! Calculate Degree Distribution based on DD Heterogeneous Swap Match ?

Final Topology

Cheleby: Subnet-Level Internet Topology 13

slide-14
SLIDE 14
  • Single connected component

is feasible only when

  • connectivity parameter <1

Connectivity Analysis

14

Relation between Interface Distribution and Number of Subnets

Feasible Region

Cheleby: Subnet-Level Internet Topology

slide-15
SLIDE 15

Subnet Distribution: ExploreNET

15

1 10 100 1000 10000 100000 1 10 100 1000 10000 Number of Nodes in Subnets

0.00001 0.0001 0.001 0.01 0.1 1 1 10 100 1000 10000

CCDF

[10 to 250] -1.09

Cheleby: Subnet-Level Internet Topology

Estimating Network Layer Subnet Characteristics via Statistical Sampling,

  • M. Engin Tozal and Kamil Sarac, IFIP/TC6 Networking, Prague, Czech Republic, May’12
slide-16
SLIDE 16

TraceNET

Source Destination Destination Source Traceroute Path TraceNET Path TraceNET: An Internet Topology Data Collector, M. Engin Tozal and Kamil Sarac, ACM Internet Measurement Conference, Melbourne, Australia, November 2010

slide-17
SLIDE 17

Work in Progress

17

AS 1 AS 2 AS 3 AS 4 AS of Interest VP VP VP VP VP VP VP

Alias Resolution Subnet Resolution

Cheleby: Subnet-Level Internet Topology

Per Destination load balancers ?

slide-18
SLIDE 18

Network Traffic Analysis

with Bing Li, Jeff Springer, George Bebis

slide-19
SLIDE 19

Design Goals

  • Real time network query

– near real time measurement and analysis

  • Distributed system for

– data collecting, storing, accessing, measuring and analyzing NetFlow

  • Models of detection and classification based
  • n profiling and behavior

Network Traffic Analysis 19

slide-20
SLIDE 20

Design Components

Network Traffic Analysis 20

slide-21
SLIDE 21

Demonstration

  • Model Host Roles
  • Algorithms:

– On‐line Support Vector Machine – Decision Tree

  • Ground Truth:

– Host Information in Active Directory and vulnerability scanner Nessus database

Network Traffic Analysis 21

slide-22
SLIDE 22

Client vs Server Classification

Network Traffic Analysis 22

slide-23
SLIDE 23

Personal System vs Public System

Network Traffic Analysis 23

slide-24
SLIDE 24

Web Server vs Email Server

Network Traffic Analysis 24

slide-25
SLIDE 25

Classifying Two Different Colleges

Network Traffic Analysis 25

slide-26
SLIDE 26

Anonymizer Usage

  • Anonymity network usage via Pig scripting

– 205 million packets – about 1.44TB data

  • Analyzed Anonymity Networks

Network Servers Service Tor 61,798 General I2P 2,267 P2P JAP 11 General Remailers 15 Email Proxies 7,246 General Commercial

Anomymizer,Gotrusted

General

slide-27
SLIDE 27

Anonymity Network Geolocation

slide-28
SLIDE 28

Thanks