School of Computer Science Technical Report Series

Series

School of Computer Science Technical Report Series

Permanent Link

https://hdl.handle.net/1853/71007

Series Type

Publication Series

Associated Organization(s)

Organizational Unit

College of Computing

Organizational Unit

School of Computer Science

Full item page

Publication Search Results

Now showing 1 - 10 of 12

Towards an Internet Connectivity Market

(Georgia Institute of Technology, 2009) Feamster, Nick ; Hassan, Umayr ; Sundaresan, Srikanth ; Valancius, Vytautas ; Johari, Ramesh ; Vazirani, Vijay V.

Today’s Internet achieves end-to-end connectivity through bilateral contracts between neighboring networks; unfortunately, this “one size fits all” connectivity results in less efficient paths, unsold capacity and unmet demand, and sometimes catastrophic market failures that result in global disconnectivity. This paper presents the design and evaluation of MINT, a Market for Internet Transit. MINT is a connectivity market and corresponding set of protocols that allows ISPs to offer path segments on an open market. Edge networks bid for end-to-end paths, and a mediator matches bids for paths to collections of path segments that form end-to-end paths. MINT can be deployed using protocols that are present in today’s routers, and it operates in parallel with the existing routing infrastructure and connectivity market. We present MINT’s market model and protocol design; evaluate how MINT improves efficiency, the utility of edge networks, and the profits of transit networks; and how MINT can operate at Internet scale.
Designing Enforceable Network Contracts

(Georgia Institute of Technology, 2009) Lychev, Robert ; Feamster, Nick

Internet connectivity depends on contractual agreements between cooperating entities, such as administrative domains (AD), where an agreement over a certain level of service is made. Contracts (e.g., SLAs) for providing certain levels of service must be enforceable, and ADs must have an incentive to meet their contractual obligations. Previous work has designed mechanisms for both pricing and network accountability, but no existing work examines contract structures with respect to different accountability frameworks, and how together they may affect an AD’s incentives to fulfill contracts. We study how different contract structures—in particular, path-based versus pairwise contracts—affect ADs’ incentives to establish contracts (which, in turn, can affect overall connectivity) and, once contracts are established, to forward traffic according accordingly. This paper presents several contributions. First, we derive sufficient conditions for path-based contract systems and accountability frameworks for entities to have an incentive to forward traffic according to their contracts, provided that all parties involved are rational. Second, we show that for path-based contracts at equilibrium where nodes are encouraged to fulfill their contracts, only a constant amount of monitoring is required for every participant to make a positive profit; this is not the case for pairwise contracts. Third, we show how systems that rely on pairwise contracts are prone to depeering in presence of sufficient supply and demand due to coarse granularity, a contractual failure that systems which rely on path-based contracts are immune to. We propose modifications to pairwise contracts that could prevent such failures. Finally, we present situations of depeering that may be unpreventable due to maliciously behaving parties for both pairwise and path-based contract structures. For such scenarios, we show that while path-based contracts allow the sender of traffic to get reimbursed, this is not guaranteed in pairwise contract systems.
Pushing Enterprise Security Down the Network Stack

(Georgia Institute of Technology, 2009) Clark, Russ ; Feamster, Nick ; Nayak, Ankur ; Reimers, Alex

Network security is typically reactive: Networks provide connectivity and subsequently alter this connectivity according to various security policies, as implemented in middleboxes, or at higher layers. This approach gives rise to complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. In this paper, we propose a proactive approach to securing networks, whereby security-related actions (e.g., dropping or redirecting traffic) are embedded into the network fabric itself, leaving only a fixed set of actions to higher layers. We explore this approach in the context of network access control. Our design uses programmable switches to manipulate traffic at lower layers; these switches interact with policy and monitoring at higher layers. We apply our approach to Georgia Tech’s network access control system, show how the new design can both overcome the current shortcomings and provide new security functions, describe our proposed deployment, and discuss open research questions.
Packets with Provenance

(Georgia Institute of Technology, 2008) Ramachandran, Anirudh ; Bhandankar, Kaushik ; Tariq, Mukarram Bin ; Feamster, Nick

Traffic classification and distinction allows network operators to provision resources, enforce trust, control unwanted traffic, and traceback unwanted traffic to its source. Today’s classification mechanisms rely primarily on IP addresses and port numbers; unfortunately, these fields are often too coarse and ephemeral, and moreover, they do not reflect traffic’s provenance, associated trust, or relationship to other processes or hosts. This paper presents the design, analysis, user-space implementation, and evaluation of Pedigree, which consists of two components: a trusted tagger that resides on hosts and tags packets with information about their provenance (i.e., identity and history of potential input from hosts and resources for the process that generated them), and an arbiter, which decides what to do with the traffic that carries certain tags. Pedigree allows operators to write traffic classification policies with expressive semantics that reflect properties of the actual process that generated the traffic. Beyond offering new function and flexibility in traffic classification, Pedigree represents a new and interesting point in the design space between filtering and capabilities, and it allows network operators to leverage host-based trust models to decide treatment of network traffic.
Fishing for Phishing from the Network Stream

(Georgia Institute of Technology, 2008) Ramachandran, Anirudh ; Feamster, Nick ; Krishnamurthy, Balachander ; Spatscheck, Oliver ; Van der Merwe, Jacobus

Phishing is an increasingly prevalent social-engineering attack that attempts identity theft using spoofed Web pages of legitimate organizations. Unfortunately, current phishing detection methods are neither complete nor responsive because they rely on user reports, and many also require clientside software. Anti-phishing techniques could be more effective if they (1) could detect phishing attacks automatically from the network traffic; (2) could operate without cooperation from end-users. This paper performs a preliminary study to determine the feasibility of detecting phishing attacks in real-time, from the network traffic stream itself. We develop a model to identify the stages where in-network phishing detection is feasible and the data sources that can be analyzed to provide relevant information at each stage. Based on this model, we develop and evaluate a detection method based on features that exist in the network traffic it- self and are correlated with confirmed phishing attacks.
Fast Flux Service Networks: Dynamics and Roles in Hosting Online Scams

(Georgia Institute of Technology, 2008) Feamster, Nick ; Konte, Maria ; Jung, Jaeyeon

This paper studies the dynamics of fast flux service networks and their role in online scam hosting infrastructures. By monitoring changes in DNS records of over 350 distinct fast flux domains collected from URLs in 115,000 spam emails at a large spam sinkhole, we measure the rate of change of DNS records, accumulation of new distinct IPs in the hosting infrastructure, and location of change both for individual domains and across 21 different scam campaigns. We find that fast flux networks redirect clients at much different rates—and at different locations in the DNS hierarchy—than conventional load-balanced Web sites. We also find that the IP addresses in the fast flux infrastructure itself change rapidly, and that this infrastructure is shared extensively across scam campaigns, and some of these IP addresses are also used to send spam. Finally, we compared IP addresses in fast-flux infrastructure and flux domains with various blacklists (i.e., SBL, XBL/PBL, and URIBL) and found that nearly one-third of scam sites were not listed in the URL blacklist at the time they were hosting scams. We also observed many hosting sites and nameservers that were listed in both the SBL and XBL both before and after we observed fast-flux activity; these observations lend insight into both the responsiveness of existing blacklists and the life cycles of fast-flux nodes.
Managing BGP Routes with a BGP Session Multiplexer

(Georgia Institute of Technology, 2008) Valancius, Vytautas ; Feamster, Nick

This paper presents the design, implementation, and evaluation of BGP-Mux, a system for providing multiple clients access to a common set of BGP update streams from multiple BGP peers. By providing multiple clients access to the same set of BGP feeds, BGP-Mux facilitates many applications, including: (1) scalable, real-time monitoring of BGP update feeds; (3) new routing architectures that require access to all BGP routing updates from neighboring ASes (as opposed to just the best BGP route for each destination); and (2) virtual networks running on shared infrastructure that share common underlying network connectivity. We have implemented BGP-Mux through by configuring existing features in the Quagga software router; we have deployed BGP-Mux on VINI and evaluated its scalability and performance in a controlled environment on the Emulab testbed.
NANO: Network Access Neutrality Observatory

(Georgia Institute of Technology, 2008) Tariq, Mukarram Bin ; Motiwala, Murtaza ; Feamster, Nick

This paper tackles a technical problem that is of growing interest in light of the ongoing network neutrality debate: We aim to develop a system that can reliably determine whether particular ISP is discriminating against a service using only passive measurements from end-hosts. This problem presents significant challenges because many types of discrimination can often resemble commonplace performance degradations (e.g., resulting from failure or misconfiguration). To distinguish discrimination from degradation, we propose a statistical method to estimate causal effect and develop a system, NANO, based on this method. NANO aggregates passive measurements from end-hosts, stratifies the measurements to account for possible confounding factors, and distinguishes when an ISP is discriminating against a particular service or group of clients. Preliminary simulation results demonstrate the promise of NANO for both detecting various types of discrimination and absolving an ISP when it is not discriminating.
Building a Better Mousetrap

(Georgia Institute of Technology, 2007) Ramachandran, Anirudh ; Seetharaman, Srinivasan ; Feamster, Nick ; Vazirani, Vijay V.

Routers in the network core are unable to maintain detailed statistics for every packet; thus, traffic statistics are often based on packet sampling, which reduces accuracy. Because tracking large ("heavy-hitter") traffic flows is important both for pricing and for traffic engineering, much attention has focused on maintaining accurate statistics for such flows, often at the expense of small-volume flows. Eradicating these smaller flows makes it difficult to observe communication structure, which is sometimes more important than maintaining statistics about flow sizes. This paper presents FlexSample, a sampling framework that allows network operators to get the best of both worlds: For a fixed sampling budget, FlexSample can capture significantly more small-volume flows for only a small increase in relative error of large traffic flows. FlexSample uses a fast, lightweight counter array that provides a coarse estimate of the size ("class") of each traffic flow; a router then can sample at different rates according to the class of the traffic using any existing sampling strategy. Given a fixed sampling rate and a target fraction of sampled packets to allocate across traffic classes, FlexSample computes packet sampling rates for each class that achieve these allocations online. Through analysis and trace-based experiments, we find that FlexSample captures at least 50% more mouse flows than strategies that do not perform class-dependent packet sampling. We also show how FlexSample can be used to capture unique flows for specific applications.
Network-Wide Prediction of BGP Routes

(Georgia Institute of Technology, 2006) Feamster, Nick ; Rexford, Jennifer

This paper presents provably correct algorithms for computing the outcome of the BGP route-selection process for each router in a network, without simulating the complex details of BGP message passing. The algorithms require only static inputs that can be easily obtained from the routers: the BGP routes learned from neighboring domains, the import policies configured on the BGP sessions, and the internal topology. Solving the problem would be easy if the route-selection process were deterministic and every router received all candidate BGP routes. However, two important features of BGP-the Multiple Exit Discriminator (MED) attribute and route reflectors-violate these properties. After presenting a simple route-prediction algorithm for networks that do not use these features, we present algorithms that capture the effects of the MED attribute and route reflectors in isolation. Then, we explain why the interaction between these two features precludes efficient route prediction. These two features also create difficulties for the operation of BGP itself, leading us to suggest improvements to BGP that achieve the same goals as MED and route reflection without introducing the negative side effects.