Internet topology and performance analytics for mapping critical network infrastructure

(1)

CYBER SECURITY DIVISION 

2014 R&D SHOWCASE AND TECHNICAL WORKSHOP

Internet topology and performance analytics

for mapping critical network infrastructure

CAIDA/UCSD

PI k claffy

(2)

06/19/14 2014 DHS S&T (R&E) CYBER SECURITY Site Visit

Team Profile

Center for Applied Internet Data Analysis (CAIDA)

– Founded by PI and Director k claffy

– Independent analysis and research group

–15+ years experience in data collection, curation, and research – Known for data collection tools, analysis, and data sharing – located at the UC San Diego’s Supercomputer Center

Key personnel: Bradley Huffaker, Young Hyun, Marina Fomenkov, Josh Polterock, Ken Keys, Matthew Luckie

(3)

Need: Situational Awareness of Internet

Fundamental Global Cybersecurity Challenge

The Internet’s scope and complexity

is growing faster than our capability

to understand or measure its

structure, dynamics, or

vulnerabilities.

[46k independent networks: typically

commercial, competitive, opaque]

(4)

Approach: Infrastructure, Data, Analytics

1. Design, implement, validate measurement

algorithms

• Sustainable and scalable system design

2. Deploy and manage measurement infrastructure

• 106+ Archipelago monitors (38 IPv6, 58 Pi’s, 36 RadClock) • Continually and comprehensively probe IP address space

3. Apply algorithms and infrastructure to improve

integrity and scope of maps

• Derive router- and AS-level topologies

• Curated data kits shared with researchers (ITDK)

4. Inform real-world problems with better

understanding of the Internet’s structure, routing

dynamics, performance, and vulnerabilities

(5)

Approach: Increase Completeness,

Accuracy and Richness of Topology Map

AS Ranking by Customer Cones (BCP38)

PoP-‐level map

Router-level map

Operator valida0on

(6)

• Synthesize data to curate Internet Topology Data Kit

• Augment with BGP, DNS lookups, geolocation data, other sources of trace route data

• Derived: IP paths, AS paths, router aliases

• Results: relationship-aware AS graph;

AS-to-Organization mappings; router graph including

geolocation & ownership

• [Eventually] support interactive use of data kit

6

(7)

Approach: ITDK WorkFlow

cyberspace is complicated! http://www.caida.org/data/internet-topology-data-kit/ DNS router aliases Internet IP level Ark traces kapar process Iffinder MIDAR AS Assignment process AS level BGP paths scamper

ITDK: Internet Topology Data Kit Process data collectors

data processes data files Center for Applied Internet Data Analysis

hostnames HostDB Filter IP Hostnames process geographic IPv4 address geolocation Geolocation process AS relationship peering from traceroute AS Relationship conventional AS relationships conventional AS relationships conventional peering AS relationship multi-lateral peering DRoP hostname decode A r c h i p e l a g o iﬃnder MIDAR CAIDA AS relationship complex geographic IPv4 address geolocation M A XM I N D GeoLite City Netacuity digital envoy CAIDA DDec data servers serversBGP looking glass BGP looking glass servers BGP CollectorsCollectorsCollectorsBGP BGP BGP

looking glasslooking glassIP traceroute_serversBGP _DNS

(8)

Security Performance

Structure

business relationship  inference and validation router topology 

mapping and validation

forged address  detection and  mitigation understanding TCP’s  resilience to attacks architecting interdomain atlas  of congestion scalable  measurement  systems filter policy  congruity evolution of advanced TCP  features mapping of  fragility

Benefits: Enabling Wide Range of

Security and Stability Research

(9)

broader impacts

IMC: mapping 

google expansion policy violationsPAM: CCS: routing 

bottlenecks

TR: DNS server  placement Network intelligence: 

prefix hijacking, outages Network intelligence:  “TreasureMap” IMC: MPLS deployment w w w .caid a.org macroscopic  topology,  AS rank

(10)

Macroscopic Internet Graph 2014 (v4,6)

http://www.caida.org/research/topology/as_core_network/2014/

(11)

Competition – Related Work

• In academics, we view as related work rather than

competition and try to reduce unnecessary redundancy.

• RIPE Atlas (http://atlas.ripe.net/)

• Internet Atlas (

http://internetatlas.org/

)

• iPlane datasets (

http://iplane.cs.washington.edu/data/data.html

)

• DIMES (

http://www.netdimes.org/

)

• zMap (

https://zmap.io/

)

(12)

Current Status: Recent achievements

(infrastructure, software/services, data)

• Deployed 27 Ark nodes (2014) bringing total to 106

• Implemented & deployed Dolphin: bulk DNS resolution tool • public release of DNS Decoder (DDec) automated

hostname-based geolocation data store and feedback collection service • released beta version of interactive intermediate

(PoP/city-level) map validation functionality for testing & feedback (Apr) • produced new AS classification derived from: darknet traffic

data, AS-relationships, BGP announcements, peeringDB • released April 2014 Internet Topology Data Kit (ITDK), with

router and BGP-derived AS level topology

• published AS Core Topology Graph poster for 2014 • new interactive data interface (caida.org tab)

(13)

• two papers at IMC2014 (&TPRC14): “Fine-Grained AS

Relationship Inference” and “Challenges in Inferring Internet Interdomain Congestion”

• ACM SIGCOMM CCR papers on DNS-based router

positioning (DRoP), spurious routes in BGP data • two papers to appear PAM2015: “IPv6 AS Relationships,

Clique, and Congruence”, “Measuring and Characterizing IPv6 Router Availability” (collaboration with NPS.edu)

• invited panel (slides&video online): “Internet Architecture Innovation: 2020 and 2030”, Duke Law’s Center for

Innovation Policy Forum

• Active Internet Measurement Workshop (AIMS2014) • Workshop on Internet Economics (WIE2014)

Internet topology and performance analytics for mapping critical network infrastructure

2014 R&D SHOWCASE AND TECHNICAL WORKSHOP