Research Projects Using the Internet2 Observatory
Collocation Research Projects:
Project Description: VINI is a virtual network infrastructure that allows network researchers to evaluate their protocols and services in a realistic environment that also provides a high degree of control over network conditions. VINI allows researchers to deploy and evaluate their ideas with real routing software, traffic loads, and network events. To provide researchers flexibility in designing their experiments, VINI supports simultaneous experiments with arbitrary network topologies on a shared physical infrastructure.
Project Lead: Larry Peterson, Princeton University
Project Description: PlanetLab is a global overlay network for developing and accessing new network services. Our goal is to grow to 1000 geographically distributed nodes, connected by a diverse collection of links. Toward this end, we are putting PlanetLab nodes into edge sites, co-location centers, and routing centers (e.g., the Internet2 backbone). PlanetLab is designed to support both short-term experiments and long-running services. Currently running services include network weather maps, network-embedded storage, peer-to-peer networks, routing and multicast overlays, and content distribution networks.
Project Lead: Larry Peterson, Princeton University
- The 100x100 Project
Project Description: A number of interesting projects emerged from the NSF-sponsored 100x100 Project, including 4-D (as a new way to manage networks), RCP (a router-based congestion control algorithm), and Ethane (as a way to secure enterprise networks). The "NetFPGA in I2" project was started so-as to create a test network --- inside Internet2 --- to prototype some of our ideas. NetFPGA is a 4-port 1GE programmable router, described here (link to http://NetFPGA.org). Users create experiments by extending a reference router, written in Verilog. Experiments are then deployed onto the NetFPGA platform. Several projects have already exploited NetFPGA to create test networks. In this project, we will deploy two parallel backbone NetFPGA networks inside Internet2. One network is for stable IPv4 traffic, and the other is for experimental routers and traffic.
Principal Investigators: Nick McKeown, Stanford University; T. S. Eugene Ng, Rice University, Hui Zhang, Carnegie Mellon University
Project Participants: Glen Gibb and Brandon Heller, Stanford University
Research Projects using Internet2 Data
Project Description: APT: A Practical Transit-Mapping Service" has the goal of reducing the size of the global routing table, a rapidly growing problem. Our solution is to divide the Internet into two address spaces, one for determining the delivery location, and one to use during transit. Packets destined for delivery addresses are tunneled through the default-free zone (DFZ), which uses only transit addresses. For this process to work, there must be a mapping service that can supply an appropriate destination transit address for any given delivery address. APT is a proposal for such a mapping service.
Project Lead: Lixia Zhang, UCLA Project Participants: Michael Meisel and Dan Jen, UCLA; Dan Massey, Colorado State University; Lan Wang, University of Memphis; Beichuan Zhang, University of Arizona
Date: January 21, 2008
aims at improving existing techniques of Origin-Destination traffic
matrix estimation, by the use of recent optimization and combinatorial
matrix theory techniques. Our concern is to make a dynamic study of the
traffic matrices, and to use some relevant characteristics of
traffic for the inference of the Origin-Destination matrix. We would
need Netflow data, in order to perform the dynamic study of thetraffic
between every two nodes of the Internet2 backbone.
Project Lead: Guillaume Sagnol, INRIA Project Participants: Stéphane Gaubert, INRIA; Mustapha Bouhtou, France Telecom R&D; Cormac Walsh, INRIA
Date: November 16, 2007
- Linguistic summaries of NetFlow records
developing an experimental tool for the linguistic summarization of
NetFlow records using a fusion of linguistic processing
based on fuzzy logic and data mining techniques for association rules
The aforementioned tool, flow-lsummary, generates a report from a NetFlow record in the form of a set of quantified and qualified linguistic summaries, for example: "Most ssh traffic occurs during the day and consists of short lived mice flows"
In order to validate and further develop our tool, we are interested in having access to extensive NetFlow records from heterogeneous networks.
Project Lead: Federico M. Pouzols, Spanish Research Council Project Participants: Diego R Lopez, RedIRIS; Amaury Lendasse, Helsinki University of Technology; Angel Barriga, University of Seville; Santiago Sanchez-Solano, Spanish Research Council
Date: November 14, 2007
scales by assigning addresses that depend on the host's topological
location in the network. Topology-based addressing improves
scalability, since adjacent addresses may be aggregated into blocks and
advertised as a single unit. However, if hosts move, or the network
topology changes, these addresses must change. This poses two
problems. First, in ad-hoc networks and sensornets, the
is so fluid that topology-based addressing doesn't work. There has been
a decades-long search for scalable routing algorithms for these networks
with no solution in sight. Second, the use of topology-based addressing in the Internet complicates mobility, access control, and multihoming.
Identity-based addressing, where addresses refer only to the identity of the host but not its location, would solve these problems, but would pose severe challenges for scalability. This talk will present the first scalable routing algorithm for identity-based addresses. Implementation results from a sensornet deployment and simulations demonstrate the protocol outperforms several traditional wireless routing algorithms. I will also describe extensions to scale the protocol to Internet-size topologies and support several common ISP-level routing policies.
Matthew Caesar, Princeton Project Participants: Jayanth
Kannan, Tyson Condie, and
Date: October 27, 2007
We are working on a project called TOTEM which aims at developing a
for Traffic engineering. The Internet2 network topology representation
along with Netflow data and BGP rib dumps is distributed with our
program. That information can be used to generate realistic
intra-domain traffic matrices thanks to the provided tools. The
Internet2 network serves as an example of how this can be done for the
TOTEM users in their own network.
Project Lead: Gael Monfort, Université de Liège
Date: October 12, 2007
routing solver" has been built that can compute the BGP routes inside
an entire network. This tool is named C-BGP and has been used
extensively on GEANT network data. One of the interesting features of
C-BGP is that it can load NetFlow data and "replay" it on the routes it
has computed. This allows for computing the link load or the
intradomain traffic matrix from the NetFlow data and the BGP routes.
This project would apply C-BGP to the Internet2 Netflow data as well in
order to have additional validation.
Project Lead: Bruno Quoitin, Université catholique de Louvain
Date: October 8, 2007
- Netflow data analysis to determine candidate DCN applications
Project Description: We would like to analyze netflow data to determine if there are a subset of flows that are suitable for redirection to Internet2's Dynamic Circuit Network.
Project Lead: Malathi Veeraraghavan, University of Virginia; Project Participants: Tao Li, , University of Virginia; John Lankford, University of Tennessee; John Moore, MCNC
Date: July 24, 2007
- Understanding the Key Factors Impacting Anomaly Detection
Project Description: In this project we aim to understand the key factors impacting anomaly detection. In  we listed a couple of important data-reduction techniques impacting the quality of the anomaly detection. Using the netflow data we want to calibrate a model for the estimation of the quality of anomaly detection to enable an automatic calibration of the anomaly detection method. In  we describe the issues with the calibration of the PCA method for anomaly detection. Having more data will help us to build more accurate models and further enhance the anomaly detection techniques.
of PCA for Traffic Anomaly Detection"
Haakon Ringberg and Augustin Soule and Jennifer Rexford and Christophe
Diot. ACM Sigmetrics, 2007,
 "Detectability of Traffic Anomalies in Two Adjacent Networks"
Augustin Soule and Haakon Ringberg and Fernando Silveira and Jennifer
Rexford and Christophe Diot. Passive And Active Measurement Conference, 2007,
 "BGP Route Propagation between Neighboring Domains." R. Cruz
Teixeira, S. Uhlig, C. Diot. Passive and Active Measurement Conference
(PAM). Louvain. April 07.
Project Lead: Christophe Diot, Thomson; Project Participants: Augustin Soule, Thomson; Renata Teixeira, University of Paris; Fernando Silveira, Thomson;
Date: June 5, 2007
Network Traffic Analysis and Visualization
Project Description: In modern organizations and enterprises computers are networked and critically depend on functioning networks. Monitoring the efficiency and performance of IP networks based on accurate and advanced traffic measurements is, therefore, an important topic today.
The flow-based traffic profiling system developed in the Aurora network traffic analysis and visualization project uses new techniques for collecting, storing and analyzing network traffic information. The system helps to optimize and protect business-critical networked infrastructures through tight control of resource usage. Furthermore, with server relationship and dependency discovery, the sequencing of server relocations and the understanding of what has been deployed to support a business-level process is supported. An additional benefit is the ability to identify server consolidation opportunities based on load and utilization tracking.
The system operates passively by generating detailed network traffic reports from NetFlow/IPFIX. Traffic reports show detailed host and application communication patterns including protocol and server usage trends. The system is specifically designed for very high flow rates.
Project Lead: Andreas Kind; Project Participants: Xenofontas Dimitropoulos
Date: March 22, 2007
- IDS Design using Nonlinear & Nonstationary Network
Traffic Modeling Techniques
Project Description: New and existing nonlinear and nonstationary modeling techniques for characterizing network traffic will be investigated as tools to identify network traffic corresponding to intrusions. The resulting models will provide signatures with appropriate statistical boundaries that will differentiate between normal traffic and traffic corresponding to intrusions.
Project Lead: Alonso Robles; Project Supervisor: Professor Spiros Courellis, California State University
Date: March 2, 2007
- The Case for Isolating Bulk Data Traffic in the Internet
Project Description: Goal of our project is to explore the benefits of introducing a network-level separation of Intenet traffic into 2 classes: non-real-time transfers of large amounts of data (e.g. DVDs) and real-time traffic consisting of Web transfers, IP telephony calls, media streaming etc. In order to accomplish that, we need to assess the amount and the nature of potentially non-real-time data transiting ISP networks today. Your netflow dataset could be useful since it contains flow-level data we can use to extract informations such as size, duration and content type of the single flows. We will not abuse nor publish any sensitive information that may have privacy issues.
Project Lead: Massimiliano Marcon; Project Participants: Krishna Gummadi, Andreas Haeberlen, Marcel Dischinger, Peter Druschel (MPI for Software System, Saarbruecken,Germany) Goeffrey M. Voelker, Stefan Savage, Amin Vahdat (University of California, San DIego)
Date: January 18, 2007
- Session-Level Congestion Control of the Internet
Project Description: The project aims to propose congestion control schemes which control congestion occuring at the session (or flow) level, instead of only at the packet level. Internet2 netflow data would be used in measuring the existence and time scales of session congestion present in the Internet today. The data would be used, not only to motivate the need for session-level congestion control, but also to tune and improve our algorithms.
Project Lead: Sneha Kumar Kasera, School of Computing, University of Utah; Project Participants: Siddharth Ramesh, School of Computing, University of Utah
Date: November 10, 2006
- Distributed constraints monitoring
Project Description: Current and next-generation networks are large-scale and distributed in nature. Monitoring these networks requires a highly scalable system that uses resources (computation, storage and communication) efficiently that provides the necessary information in real-time. Distributed constraints monitoring (also referred to as distributed triggers) provides an efficient mechanism of monitoring large-scale distributed system. We are studying algorithms to efficiently implement distributed constraints monitoring.
Project Participants: SR Jeyashankar, Bell Labs India; Rajeev Rastogi, Bell Labs India; Pushpraj Shukla, University of Texas, Austin; Srinivas Kashyap, University of Maryland, College Park
Date: September 8, 2006
- BGP Prefix hijacking Detection System
Project Description: Prefix hijacking is the malicious action when an ISP originates routes for the prefixes that are not legitimately assigned to the ISP. In this work, we investigate the feasible features that can help identify prefix hijacking routing in the BGP system. A possible feature is the traffic usage of a suspicious hijacking route. By coordinating the netflow data and the relevant route announcement, we expect to gain an insight on the behavior of prefix hijacking routes in their traffic patterns.
Project Leads and Participants: Professor Lixin Gao, University of Massachusetts, Amherst; Antonio Nucci, Narus Inc.; Supranamaya Ranjan, Narus Inc.; Jian Qiu, University of Massachusetts, Amherst.
Date: April 20, 2006
and Intrusion Detection Analysis
Project Description: This project is to determine if compression can be used to distinguish malicious from non-malicious traffic in real-time analysis. By constructing a test network in which all network traffic can be accounted for, it will determine what forms of malicious traffic can be detected using compression as an anomaly metric.
Project Lead: Dr. Lorie Liebrock, New Mexico Tech ; Project Participants: Paul Ferrell and David Burton
Date: April 20, 2006
- Scalable Monitoring, Aalysis, and Response Toolkit
Project Description: The goal of this project is to develop a Scalable Monitoring, Aalysis, and Response Toolkit (SMART) for the Internet. SMART allows applications to perform network-wide traffic monitoring, identify anomalies and changes in the network state, diagnose the causes for the changes, and dynamically control the network traffic -- all in an automated fashion. We expect SMART to significantly simplify the development and deployment of large-scale network management and security applications.
Project Lead: Yin Zhang, University of Texas
Date: March 13, 2006
- Inbound traffic load balance of multihomed stub networks
Project Description: Multihomed stub networks become more and more popular to provide the reliability for users. As these networks connect to the Internet with more than one connections, traffic load balancing among these connections helps to improve the reliability and performance of such networks. In this study, we intend to propose a mechnism include a series of new algorithms for inbound traffic load balance which can effectively optimize the inbound traffic routes. We use netflow data to both study the traffic feature of multihomed stub networks and evaluate our mechanism.
Project Lead: Dr. Li Xiao, Computer Science and Engineering Department, Michigan State University; Project Participants: Xiaomei Liu, Computer Science and Engineering Department, Michigan State University
Date: March 13, 2006
Project Description: We are building the datapository, a shared data storage and analysis facility, for Internet measurement research. Key features of the datapository's design are support for construction of workflows for repeatable network experimentation, for longitudinal studies, for casual queries that may lead to serendipitous findings, and for joint analysis of multiple datasets (e.g., joint analysis of Internet2 BGP data and RON BGP data, BGP data and spam traces, etc.). A high-level goal of the datapository is to make network measurement experimentation---from collection to analysis---more manageable and repeatable. It is our hope that adding Internet2 netflow data to the datapository will help network researchers incorporate it into their experiments.
Project Leads and Participants: David Andersen, CMU and Nick Feamster, Georgia Tech
Date: February 3, 2006
Methods and Tools for Network Performance Measurement
Project Description: There has been an increasing interest in being able to measure available network capacity and other network performance characteristics. Internet users need measurement tools to be able to verify that their operator provides the promised service that they pay for. The network operators need measurement tool to run their networks efficiently and to be able to control the offered services. New measurement methods might also open up for new simple mechanisms for quality of service and new business models based on service differentiation. The goal of the Evalunet project is to develop efficient and accurate methods and tools to measure available network capacity as well as other network characteristics. In the project, methods and tools for end-to-end measurements are investigated as well as methods and tools for network tomography, i.e., large-scale collaborative measurements performed by computers at the network edge.
Project Lead: Mats Bjorkman, Mälardalen University; Project Participants: Andreas Johnsson, Mälardalen University; Henrik Abrahamsson, Bengt Ahlgren, Anders Gunnar and Martin Nilsson, SICS; Svante Ekelin and Bob Melander, Ericsson
Date: November 23, 2005
Traffic Matrice Modeling Project
Project Description: Access to the data will provide validation for an inter-AS traffic demand model that is based on the gravity model. The model with initial validation based on NetFlow data from one collection point on the Internet was presented at the ACM IMC 05 and is also available online at http://topology.eecs.umich.edu/archive/imc05.pdf.
Project Lead: Sugih Jamin and Z. Morley Mao, University of Michigan, and Walter Willinger, AT&T-Labs Research; Project Participants: Hyunseok Chang, University of Michigan
Date: November 7, 2005
- a TCP variant for High-speed Long Distance Networks
Project Description: The demands for fast transfer of large volumes of data, and the deployment of the network infrastructures to support the demand are ever increasing. However, the dominant network transport protocol of today, TCP, does not meet this demand. The slow response of TCP in fast long distance networks leaves sizeable unused bandwidth in such networks. BIC TCP is a congestion control protocol designed to remedy this problem. The goal is to design a protocol that can scale its performance up to several tens of gigabits per second over high-speed long distance networks while maintaining strong fairness, stability and TCP friendliness. With the help of netflow data, we hope to make realistic traffic flows for our experimental design.
Project Lead: Injong Rhee, North Carolina State University; Project Participants: Lisong Xu, University of Nebraska, Lincoln; Sangtae Ha, North Carolina State University
Date: October 24, 2005
- Persistency aspects of
Project Description: Most approaches for traffic management take advantage of the fact that flow size distributions are consistent with heavy-tailed distribution. Furthermore they assume that traffic is stable across time. We would like to continue our work "A methodology for studying persistency aspects of Internet flows" which is going to appear in the May issue of ACM CCR using the netflow data from Dante. We have been using netflow data to determine the variability of traffic flows across time. To continue we would like to have access to data from multiple different networks including Dante and Internet2. We need packet level data or netflow data to study the variability of flows across different time scales and at different aggregation levels. This kind of anaylsis is only possible with fine grained data.
Project Lead: Anja Feldmann, Institut fuer Informatik TU-Muenchen, Germany; Project Participants: Joerg Wallerich, TU-Muenchen
Date: July 27, 2005
Attack Sources by Estimating Traffic Matrix
Project Description: Distributed denial-of-service attacks on public servers have recently become more serious. A detection and defense mechanism against SYN flood Attacks has been proposed in previous work. However, defense methods against other kinds of DoS attacks (e.g. UDP flood, ICMP flood) are also needed because they pose serious threats. If one can identify attack sources, the attack packets can be effectively blocked. However, existing traceback mechanisms have several problems. First, they need support of routers. Second, they cannot distinguish attack sources from legitimate clients. A new method is proposed to identify attack sources. In this method, we estimate a traffic matrix, and then identify only attack sources which sharply increase traffic to the victim. This method can work with existing routers because we can collect the required data via SNMP.
Project Lead: Masayuki Murata, Osaka University, Japan; Project Participants: Shingo Ata, Osaka City University, Japan, Yuichi Ohsita, Osaka University, Japan
Date: July 27, 2005
Strategies for Internetwork Monitoring
Project Description: This project addresses the longstanding and difficult problem of detecting and classifying spatially distributed network anomalies from multiple monitoring sites. To characterize baseline vs. anomalous behavior of the Internet requires deployment of collaborative data collection, anomaly detection and pattern recognition for complex large scale systems. The project combines the forces of leading researchers in three complementary disciplines: (i) networking and data collection; (ii) statistical data analysis and signal processing; (iii) decentralized decision-making. The research goes well beyond the> state-of-the art anomaly detection for centrally administered networks. In particular tools and practical data sharing algorithms are being developed for detecting coordinated intrusions, distributed denial of service attacks, and quality-of-service degradations in decentralized networks such as the Internet.
Project Lead: Al Hero, University of Michigan. Project Participants: Stephane Lafortune, Demos Teneketzis, and George Michailidis, University of Michigan; Paul Barford and Rob Nowak, University of Wisconsin; Eric Kolaczyk and Mark Crovela, Boston University. Project Collaborator: Mark Coates, McGill University.
Date: June 29, 2005
National Laboratory for Scientific Computing (LNCC), Brazil
Project Description: Internet traffic characterization and investigation of anomaly detection methods using Internet2 data.
Project Lead: Artur Ziviani, LNCC, Brazil Project Participants: Bruno Schulze and Paulo Sergio S. Rodrigues, LNCC, Brazil
Date: June 16, 2005
CyLab Argus Project
Project Description: The CyLab Argus project aims to develop a next-generation distributed network security management system. Research issues being investigated include modeling and detection of network attacks, machine learning and data mining of network data, and real-time network monitoring. In particular, we are interested in infrastructure security of network equipment such as routers and switches. We plan to correlate Netflow, routing and router configuration files from Internet2 to automatically detect, diagnose and react to traffic and other network anomalies.
Project Leads: Hyong Kim, Yongwon Lee, Tina Wong
- Detection and Recognition of Network Traffic Anomaly
Project Description: In our project, we want to develop a novel method that can be used to detect and recognize the network traffic anomaly. Our method can be divided into the detection step and the recognition step. Firstly, some modern signal processing technologies are adopted to detect if any traffic anomaly has occurred. Secondly, we make use of data mining or some statistical means to recognize the categories of traffic anomalies based on multi-resolution feature and frequency characteristic of traffic signal.
Project Lead: Professor Hu Guang-min. Project Participants: Qian Feng, Zhang Peng, Gao Jun, Liu Xing, Liu Fang. University of Electronic Science and Technology of China
- The Use of Sketches as an efficient and effective method to
analize measurment data
Project Description: In our project, we plan to explore the use of "sketches" as an efficient and effective way to analyze measurement data. A sketch is a compact data structure that accurately summarizes the measurement data and can be updated efficiently as new data arrives. We plan to apply sketches to detect and diagnose anomalies, and to identify similarities in the data seen from different vantage points in the network. Initially, we plan to focus on traffic measurements (e.g., Netflow data, as well as traffic matrices computed from the Netflow data), though we would also like to apply these techniques to routing-protocol data (e.g., BGP update messages). To enable us to interpret the Netflow data, we would also be interested in the routing, topology, and configuration data for the Internet2 backbone. We have ample computing and storage resources locally for storing a large amount of historical Netflow traces and would be interested in as long a trace as possible for evaluating the proposed techniques.
Project Leads: Haakon Larsen, Kai Li, and Jennifer Rexford, Princeton University
- A study of traffic on large scale networks for the purposes
of identifying normal and abnormal behavioral patterns that could
assist in traffic engineering as well as the early warning of network
Project Description: This project has multiple end-goals. 1) First, is to develop new techniques to improve the detection rate and the reporting accuracy of state-of-the-art techniques (requires only Netflow time-series of specific routers under attack). 2) Second, is to efficiently guess the healthiness of the network seen as a whole by inferring the full traffic matrix assuming that carriers will have only partial data at their disposal. In this second step we will extend the techniques developed for point 1) and we will incorporate the spatial and temporal correlation among all OD flows in the network. 3) Third, is to study how the estimation errors of techniques in point-two will narrow down as we place monitoring machines in strategic locations in the network.
Project Lead: Antonio Nucci, Chief Technology Officer, Narus Inc.; Project Participants: Muthu Muthukrishnan, Rutgers University, Computer Science Department; Zhili-Zhang, University of Minnesota, Computer Science Department; Rene Cruz, University of California, San Diego, Department of Electrical and Computer Engineering; Cristian Estan, University of Wisconsin-Madison, Computer Science Department; Dapeng Oliver Wu, University of Florida, Department of electrical and Computer Engineering.
Multidimensional Indices for Network Diagnosis
Project Description: Detecting and unraveling incipient coordinated attacks on Internet resources requires a distributed network monitoring infrastructure. Such an infrastructure will have two logically distinct elements: distributed monitors that continuously collect packet and flow-level information, and a distributed query system that allows network operators to efficiently and rapidly access this information. The design of MIND encorporates a distributed indexing system that supports the creation of multiple distributed indices using proximal hashing to scalably respond to range queries.
Project Leads and Participants: Dr. Ramesh Govindan, University of Southern California, Dr. Christophe Diot, Intel Research at Cambridge, Dr. Wei Hong, Intel Research at Berkeley, Dr. Gianluca Iannaccone, Intel Research at Berkeley, Xin Li, Ph.D. candidate at University of Southern California, Fang Bian, Ph.D. student at University of Southern California, Hui Zhang, Ph.D. candidate at University of Southern California.
- The interaction between intradomain and interdomain routing
Project Description: This project studies the interaction between intradomain and interdomain routing. In particular, we analyze the impact of using hot-potato routing for selecting egress points. Data from an operational network is used to evaluate alternative egress selection policies under realistic scenarios.
Project Lead: Renata Teixeira, University of California at San Diego; Jennifer Rexford, AT&T; Tim Griffin, University of Cambridge; and Geoffrey M. Voelker, University of California at San Diego.
- Intelligent Methods for Computer Network Management
Project Description: The main objective of this project is to do research on new intelligent methods for computer network management. We emphasize on two aspects: one is the analysis of the network measurement information, the network performance parameters are measured and analysized by different knowledge discovery methods so that the potential network performance can be diagnosed and predicted; the other is the fault resilient routing configuration, new applications (esp. e-commerce) need high reliable network and we try to make the network more reliable through dynamic routing configuration according to the traffic matrix.
Project Lead: Professor Yan Pu-liu; Participants: Zhou jian-guo, Wu Jing, Chen Xiao, Chen li-jia; Electronic Information College, Wuhan University, China
- Algorithms for Network Capacity Planning and Optimal
Routing Based on Time-Varying Traffic Matrices
Project Description: We are designing algorithms for network capacity planning and optimal routing based on time-varying traffic matrices. We intend to extend the algorithms and techniques to other areas of network design too.
Project Lead: Professor Vishal Misra, Department of Computer Science, Columbia University; Participants: Abhinav Kamra, Department of Computer Science, Columbia University
- Reconfiguration of the logical topology in WDM networks
using simulation-based Morkov Decision Processes
Project Description: In this study we use average day to day behaviour of a network to predict the future trend of traffic and we use that as part of the process to determine how to reconfigure the virtual topology of the network. We would use the data from Internet2 network both for obtaining this average day to day behaviour and as sample paths for our simulations
Project Lead: Professor Mark Shayman, University of Maryland; Participants: Professor Steve Marcus, Professor Richard La, Pedram Fard, Kwangil Lee, Yuneng Xie, University of Maryland
Collaborative Data Streaming for Monitoring High-Speed Networks
Project Description: In recent years, the problem of monitoring and analyzing the aggregate traffic flowing through many high-speed links has emerged as an important and challenging problem in network measurement and management. Monitoring the characteristics of this aggregate traffic is essential for detecting “global” events that are intrinsically distributed through the network. Examples of such events range from global top-traffic sources (global elephants) to incipient worm infections. It is hard to detect such events using traditional per-link monitoring mechanisms since the signal is usually too feeble to be observed locally. Such events may leave indelible signatures in the aggregate traffic, but only through the correlation of traffic among many links can this signature be revealed.
Project Lead: Professor Jun (Jim) Xu, Georgia Tech. Project Participants: Abhishek Kumar, Min-Ho Sung, and Qi Zhao, Georgia Tech
project, University Wisconsin Madison and University of
Project Description: The main objective of this project is to characterize a variety of flow workloads using new techniques that, for each workload of interest, accurately capture and give insight into: (1) the variations in data flow arrival rate, and (2) the key correlations in the workload statistics. The new analysis methods also include anomaly detection.
Project Leads: Derek Eager, Mary Vernon, and Su Zhang
Strategies for Internetwork Monitoring, University of
Michigan, University of Wisconsin, Boston University
Project Description: This project addresses the longstanding and difficult problem of detecting and classifying spatially distributed network anomalies from multiple monitoring sites. To characterize baseline vs. anomalous behavior of the Internet requires deployment of collaborative data collection, anomaly detection and pattern recognition for complex large scale systems. The project combines the forces of leading researchers in three complementary disciplines: (i) networking and data collection; (ii) statistical data analysis and signal processing; (iii) decentralized decision-making. The research goes well beyond the state-of-the art anomaly detection for centrally administered networks. In particular tools and practical data sharing algorithms are being developed for detecting coordinated intrusions, distributed denial of service attacks, and quality-of-service degradations in decentralized networks such as the Internet.
Project Lead: Al Hero, University of Michigan. Project Participants: Stephane Lafortune, Demos Teneketzis, and George Michailidis, University of Michigan; Paul Barford and Rob Nowak, University of Wisconsin; Eric Kolaczyk and Mark Crovela, Boston University
- Department of Computer Science, University of Pennsylvania
Project Description: Impact of Aggregation of Traffic on Routing Performance: The principal focus of our project is to determine how aggregation of traffic affects routing performance. Specifically, we construct traffic matrices from actual traffic traces by aggregation at various levels of granularity (prefixes of length /0, /4, /6 and /8) and explore how they affect routing issues like load balancing, long term/short term stability etc.
Project Lead: Dr. Roch Guerin, University of Pennsylvania; Project Participants: Ashwin Sridharan
Project, University of Wisconsin-Madison and the Oregon Health
& Science University
Project Description: This portion of the Niagara project addresses query processing over data streams. A particular interest is accommodating streams that are slightly disordered on the attributes of interest. Flow records are processed to measure the disorder that naturally occurs. For example, the order in which flow records are collected depends on eviction of flows from the router cache and may not exactly coincide with the order in which the last packet of each flow was sent. The data distribution can then be used to generate synthetic flow records with varying degrees of disorder, for testing of alternative query evaluation techniques.
Project Leads: Professor David Maier (OHSU) and Professor David DeWitt (UW-M), Professor Jeffrey Naughton (UW-M) and Professor David Maier (OHSU/OGI School of Science & Engineering); Project Participants (OHSU): Kristin Tufte, Jin Li, Peter Tucker,and Vassilis Papadimos
- Internet Tsunami
Warning System Project, Department of Computer Science,
Carnegie Mellon University
Project Description: The Internet Tsunami Warning System project aims to develop distributed high speed network monitoring system to automatically detect and react to Internet attacks at their early stage. We use the NetFlow data to evaluate our system.
Project Lead: Dawn Song, Carnegie Mellon University
- Computer Network
Research Group, Department of Computer Science, University of
Massachusetts at Amherst
Project Description: Study of the temporal-spatial correlations in network traffic for the Internet2 network: We will apply traditional statistical techniques including calculation of correlations, power spectral densities, wavelet analyses, and information theoretic techniques including calculation of entropy, conditional entropy, etc.
Project Lead: Don Towsley, University of Massechusetts; Participant: Jing Weng
Project, University of Minnesota
Project Description: The overall objective of MINDS research is to develop high performance data mining algorithms and tools that will provide support required to analyze the massive data sets generated by various processes that monitor computing and information systems in order to respond to cyber threats in a timely manner. The main approach we take in analyzing such datasets is anomaly detection. Anomaly detection has the unique property that it can discover the presense of previously unseen behavior such as new types of cyber attacks. It is also useful from a network management standpoint as it will bring the new network behavior to the administrators attention. The input to MINDS system is NetFlow V5 data. We are also working on a version that works with tcpdump data.
Project Lead: Vipin Kumar, University of Minnesota
- Boston University,
Department of Computer Science and Department
of Mathematics and Statistics
Project Description: Spatio-Temporal Network Analysis: Many studies have characterized traffic at the level of individual IP flows, and at the link level. In this project we are interested in the properties of traffic at an intermediate level -- the level of source-destination flows, ie, all traffic flowing from a given origin router to a given destination router. We are specifically interested in traffic properties at small time scales over a long period of time. Correlation with Internet2 routing data is used in this project. (i.e. IS-IS weights used for routing).
Project Leads: Mark Crovella and Eric Kolaczyk, Boston University
- Kent State University Computer Science Department
Project Description: Traffic Management and QoS Provisioning in IP Networks: The objective of this work is to investigate the impact of self-similar traffic on the performance of output buffers in switches and routers. It is a known fact that the superposition of independent alternating renewal processes (flows) can show self-similar characteristics. Since analytical and empirical studies have shown that self-similar traffic can have a detrimental impact on the QoS, finding an effective buffer management algorithm that can manage self-similar traffic has become an important problem in traffic engineering. Optimal resource allocation is directly affected by optimal buffer size and buffer management policy, bandwidth assignment and traffic management. In this project we study the effect of self-similar and bursty traffic on the triggered threshold buffer management algorithms. Besides the second-order self-similar traffic, we are investigating the effects of fractional Brownian motion on active queue management schemes.
Project Lead: Hassan Peyravi, Kent State University
Research Lab at Case Western Reserve
Project Description: The main objective of this project is to assess the presence and incidence of alpha flows in backbone links. A flow is said to be an alpha flow if it sends massive amount of data (an "elephant flow") and moreover it has high end-to-end available bandwidth compared to that of the link where the measurement is taken. The relevance of alpha flows is that they can saturate buffers, thereby leading to packet losses and poor levels of service even in overprovisioned best-effort network.
Project Lead: Vincenzo Liberatore, Case Western Reserve University
- WAIL: The Wisconsin
Advanced Internet Laboratory
Project Description: Flow sampling and Anomaly Detection using Internet2 flow data
Project Lead: Paul Barford, University of Wisconsin