spectral techniques for internet traffic
play

Spectral Techniques for Internet Traffic Christos Papadopoulos and - PowerPoint PPT Presentation

Feb 18, 2023 •39 likes •179 views

Spectral Techniques for Internet Traffic Christos Papadopoulos and John Heidemann USC/ISI Data Catalog Workshop CAIDA, June 3, 2004 christos@isi.edu, johnh@isi.edu Research Topics Security DDoS classification Attack signatures

  1. Spectral Techniques for Internet Traffic Christos Papadopoulos and John Heidemann USC/ISI Data Catalog Workshop CAIDA, June 3, 2004 christos@isi.edu, johnh@isi.edu

  2. Research Topics • Security – DDoS classification – Attack signatures • Network management – Detection of saturated links – TCP dynamics • Methodology: Spectral analysis

  3. Single vs. Multi-source Attacks Single-source Multi-source 175Hz 290Hz Single src attack produces Multi-src attacks produce � � linear cumulative spectrum localization of power in low frequencies

  4. Single vs. Multi-source Attacks (cont.) Steps: • Compare F(60%) to identify single-/multi-source attacks • Single-source: F(60%) mean 268Hz (240-295Hz) • Multi-source: F(60%) mean 172Hz (142-210Hz) • Robustly categorize Unclassified attacks Results reported at SIGCOMM 2003, Hussain et al.

  5. Congested vs. Un-congested Link Un-congested Link (TCP, UMD->USC, 64MB window) Spectrum of congested link shows clear Congestion shows up as strong signature. high frequency component.

  6. Playground: Los Nettos • Regional network for LA area • ~15 years in existence • Three upstream providers (Verio, Level3, Cogent) plus Internet 2 • 6 members and O(100) associates – mix of academic and commercial • About 45K machines

  7. Los Nettos MEMBER Affiliate JPL HUB CRG Transit VHF Xchange I2 CIT Internet2 LAIIX LAAP CalREN 818 HMC OWB ISI HSC Verio PAIX-LA ICT Cogent USC NGC DWP FE DS3 Circuits Level3 DWP(4) Fiber Level3 Fiber (2) Internet2 Tustin SBC Gigaman CalREN City of Pasadena Fiber(2)

  8. Current Data Collection: Links • Currently monitored links – Verio (200mbps) – Part of Internet 2 (in/out of USC) • Other available links – Level3 (300mbps) – Rest of Internet 2 (200mbps) – Cogent (60mbps)

  9. DNS: B and L Root Servers

  10. Current Data Collection: Trace Hardware • Trace hardware – PCs with 250GB local disks – Netgear GA620 fiber cards – Driver tuned to partial packet capture • RAID boxes – About 6TB

  11. Current Data Collection: Trace Software • PCs running FreeBSD • Tcpdump – Headers only • Traces saved in 2 min files on local disk • Local analysis and periodic transfer to RAID boxes

  12. Trace Analysis Threshold = 60 DNS: 2000, Exclude p2p Find Yes 2-min Examine Yes tcpdump IP Mapping Attack ? trace Analyze/ manually Attack ? Store No No Delete Delete • Captured 80 attacks (July-Nov 2002) • Work by Alefiya Hussain

  13. Available Traces • All 80 DDoS attacks – anonymized – binned (1ms) time-series • Available as a DVD • Must sign 1-page, reasonable MOU – Then we mail you the DVD • Some attacks distributed to about 8-10 takers without advertising

  14. Our Requirements • Packet-level traces • Accurate, high resolution timestamps • Metadata to describe attacks • ..more.. • Contact {johnh@isi.edu or christos}@isi.edu for more information

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New DNS Traffic Analysis Techniques to Identify Global Internet Threats Dhia Mahjoub and Thomas

New DNS Traffic Analysis Techniques to Identify Global Internet Threats Dhia Mahjoub and Thomas

New DNS Traffic Analysis Techniques to Identify Global Internet Threats Dhia Mahjoub and Thomas Mathew January 12 th , 2016 1 Dhia Mahjoub Technical Leader at OpenDNS PhD Graph Theory Applied on Sensor Networks Focus: Security, Graphs &

1.04k views • 72 slides
Modern Discrete Probability VI - Spectral Techniques Background S ebastien Roch UWMadison

Modern Discrete Probability VI - Spectral Techniques Background S ebastien Roch UWMadison

Review Bounding the mixing time via the spectral gap Applications: random walk on cycle and hypercube Infinite networks Modern Discrete Probability VI - Spectral Techniques Background S ebastien Roch UWMadison Mathematics December 1,

625 views • 41 slides
Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance analysis Anomaly and intrusion detec=on Network engineering Traffic at different granulari=es IP-level packets Capture per-packet

539 views • 40 slides
DISTRIBUTION Describing traffic How can we describe traffic? Cars, pedestrian, internet,

DISTRIBUTION Describing traffic How can we describe traffic? Cars, pedestrian, internet,

QUEUING THEORY: EXPONENTIAL DISTRIBUTION Describing traffic How can we describe traffic? Cars, pedestrian, internet, etc. Also: how can we describe how traffic is processed? What are some metrics? Rate at which people

945 views • 13 slides
Internet Governance Forum the World Malta Internet Traffic Statistics Introduction

Internet Governance Forum the World Malta Internet Traffic Statistics Introduction

6/7/2011 Outline State of the Internet Internet Governance Forum the World Malta Internet Traffic Statistics Introduction Usage and trends Internet Governance Definition/s History and today Launch of Malta I

84 views • 6 slides
Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet? q Active measurement vs. passive

654 views • 31 slides
Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet? Active measurement vs. passive

771 views • 31 slides
The role of RiemannHilbert techniques in integrable systems, geometry, spectral problems and

The role of RiemannHilbert techniques in integrable systems, geometry, spectral problems and

The role of RiemannHilbert techniques in integrable systems, geometry, spectral problems and stochastic point processes Marco Bertola, Area of Mathematics, SISSA Ecole Normale Sup erieure, Lyon. December 6, 2017 Abstract A

793 views • 36 slides
CCOI Internet Networks in Europe an overview of Internet Geography, Regulation, Traffic

CCOI Internet Networks in Europe an overview of Internet Geography, Regulation, Traffic

NASDAQ CCOI Internet Networks in Europe an overview of Internet Geography, Regulation, Traffic Exchange, Infrastructure and Major Players. by Teresa Wan Sales Director Singapore Office Francois Lemaigre Sales VP - EMEA 2 Europe

159 views • 11 slides
Reducing BitTorrent Traffic at the Internet Scale Stevens Le Blond , Arnaud Legout, Walid Dabbous

Reducing BitTorrent Traffic at the Internet Scale Stevens Le Blond , Arnaud Legout, Walid Dabbous

Reducing BitTorrent Traffic at the Internet Scale Stevens Le Blond , Arnaud Legout, Walid Dabbous 1 Two open questions about BitTorrent locality AS 2 AS 3 # connections Internet Internet AS 1 Reduces traffic AS 4 AS 5 How far can we

366 views • 14 slides
Spectral Learning Techniques for Weighted Automata, Transducers, and Grammars Borja Balle

Spectral Learning Techniques for Weighted Automata, Transducers, and Grammars Borja Balle

Spectral Learning Techniques for Weighted Automata, Transducers, and Grammars Borja Balle Ariadna Quattoni Xavier Carreras q McGill University q Xerox Research Centre Europe TUTORIAL @ EMNLP 2014 Status Quo

1.91k views • 176 slides
Different spectral techniques used to identify the state of wood degradation by soft rot fungi

Different spectral techniques used to identify the state of wood degradation by soft rot fungi

Different spectral techniques used to identify the state of wood degradation by soft rot fungi Maria-Cristina Popescu 1 , Petronela Gradinariu 2 , Carmen-Mihaela Popescu 1 1 P. Poni Institute of Macromolecular Chemistry of Romanian Academy,

200 views • 4 slides
Spectral stability of small-amplitude traveling waves via geometric singular perturbation theory

Spectral stability of small-amplitude traveling waves via geometric singular perturbation theory

Spectral stability of small-amplitude traveling waves via geometric singular perturbation theory Johannes W achtler Konstanz University, Germany Padova, 28 June 2012 Overview Spectral stability, Evans function techniques Spectral

525 views • 21 slides
SPECTRAL SCHUR COMPLEMENT TECHNIQUES FOR SYMMETRIC EIGENVALUE PROBLEMS VASSILIS KALANTZIS ,

SPECTRAL SCHUR COMPLEMENT TECHNIQUES FOR SYMMETRIC EIGENVALUE PROBLEMS VASSILIS KALANTZIS ,

SPECTRAL SCHUR COMPLEMENT TECHNIQUES FOR SYMMETRIC EIGENVALUE PROBLEMS VASSILIS KALANTZIS , RUIPENG LI , AND YOUSEF SAAD Abstract. This paper presents a Domain Decomposition-type method for solving real symmetric (or Hermitian

658 views • 22 slides
Internet Traffic Analysis: Mohammed Alasmar Co Cosen ener ers, , 2019 2019

Internet Traffic Analysis: Mohammed Alasmar Co Cosen ener ers, , 2019 2019

19 Internet Traffic Analysis: Mohammed Alasmar Co Cosen ener ers, , 2019 2019 https://ieeexplore.ieee.org/document/8737483 Motivations Reliable traffic modelling is important for network planning, deployment and management;

447 views • 29 slides
Techniques for better alias resolution in Internet topology discovery Santiago Garcia Jimenez

Techniques for better alias resolution in Internet topology discovery Santiago Garcia Jimenez

Techniques for better alias resolution in Internet topology discovery Santiago Garcia Jimenez Eduardo Magaa lizarrondo Daniel Morato Oses Mikel Izal Azkarate Index Introduction Existing techniques for alias resolution New techniques for

848 views • 41 slides
RENORMALIZATION GROUP APPROACH IN SPECTRAL ANALYSIS AND PROBLEM OF RADIATION I.M. Sigal

RENORMALIZATION GROUP APPROACH IN SPECTRAL ANALYSIS AND PROBLEM OF RADIATION I.M. Sigal

RENORMALIZATION GROUP APPROACH IN SPECTRAL ANALYSIS AND PROBLEM OF RADIATION I.M. Sigal (Toronto) The text below contains the slides of the talk I have given at CRM on November 10, 2000. A related talk I gave at the Fields Institute on November

213 views • 17 slides
Spectral analysis of ranking algorithms Social and Technological Networks Rik Sarkar University

Spectral analysis of ranking algorithms Social and Technological Networks Rik Sarkar University

Spectral analysis of ranking algorithms Social and Technological Networks Rik Sarkar University of Edinburgh, 2018. Recap: HITS algorithm Evaluate hub and authority scores Apply Authority update to all nodes: auth(p) = sum of all

217 views • 19 slides
Toward certified quantum programming Christophe Chareton S ebastien Bardin, Franc ois

Toward certified quantum programming Christophe Chareton S ebastien Bardin, Franc ois

GT IQ November 28-29th 2019 Toward certified quantum programming Christophe Chareton S ebastien Bardin, Franc ois Bobot, Valentin Perrelle (CEA) and Beno t Valiron (LRI) Take away Quantum computers (are going to / will . . . ) arrive

596 views • 31 slides
Towards an Independent Semantics and Veri fi cation Technology for the HLPSL Speci fi cation

Towards an Independent Semantics and Veri fi cation Technology for the HLPSL Speci fi cation

Towards an Independent Semantics and Veri fi cation Technology for the HLPSL Speci fi cation Language ARSPA05 Workshop, Lisbon, 16 July 2005 Alexey Gotsman joint work with Fabio Massacci and Marco Pistore University of Trento (Italy)

430 views • 27 slides
Spectral analysis of Wikipedia and PhysRev networks Klaus Frahm Quantware MIPS Center

Spectral analysis of Wikipedia and PhysRev networks Klaus Frahm Quantware MIPS Center

Spectral analysis of Wikipedia and PhysRev networks Klaus Frahm Quantware MIPS Center Universit e Paul Sabatier Laboratoire de Physique Th eorique, UMR 5152, IRSAMC, CNRS supported by EC FET Open project NADINE FET NADINE Workshop,

632 views • 28 slides
Reflective Laser Protective Eyewear James K Santucci 2016 DOE Accelerator Safety Workshop 21

Reflective Laser Protective Eyewear James K Santucci 2016 DOE Accelerator Safety Workshop 21

Reflective Laser Protective Eyewear James K Santucci 2016 DOE Accelerator Safety Workshop 21 September 2016 Laser Familiarity I am not a safety professional, I am a customer I have been working with high-powered lasers for over 20

301 views • 12 slides
Lecture 7: Image Sources, Convolution, Scene Graphs COMPSCI/MATH 290-04 Chris Tralie, Duke

Lecture 7: Image Sources, Convolution, Scene Graphs COMPSCI/MATH 290-04 Chris Tralie, Duke

Lecture 7: Image Sources, Convolution, Scene Graphs COMPSCI/MATH 290-04 Chris Tralie, Duke University 2/4/2016 COMPSCI/MATH 290-04 Lecture 7: Image Sources, Convolution, Scene Graphs Announcements Mini Assignment 2 Due Next Monday 11:55

921 views • 56 slides
Regularity of the Boltzmann equation in bounded domains Daniela Tonon joint work with Y. Guo, C.

Regularity of the Boltzmann equation in bounded domains Daniela Tonon joint work with Y. Guo, C.

Introduction Boundary conditions Known results Linear transport in-flow Existence Convex case Non convex case Regularity of the Boltzmann equation in bounded domains Daniela Tonon joint work with Y. Guo, C. Kim and A. Trescases CEREMADE,

799 views • 55 slides

More recommend