Cheleby:Subnet‐Level Internet Topology

Mehmet Hadi Guneswith Hakan Kardes and Mehmet B. Akgun

Department of Computer Science and Engineering

University of Nevada, Reno

Subnet Resolution

2

observed topology inferred topology

genuine topologyC D

A B

C D

A B

C D

A B

Cheleby: Subnet-Level Internet Topology

[Observed] Degree vs. [Actual] Interfaces

3

A B C

X Y Z

DA B

D C X

Z Y

Degree: the number of one hop neighbors Interface: the number of links the system is attached to

0

2

4

6

8

0 2 4 6

Degree Distribution

0

2

4

6

8

0 2 4 6

Interface Distribution

Cheleby: Subnet-Level Internet Topology

Hyper Graphs 

• Networks modeled as graphs G=(V,E)• Hyper graphs:  H= (X,E) can accurately model multi‐access links– also, bipartite (2‐mode) graphs

4

4 3 2 2

3 2 2 2 1 1

Cheleby: Subnet-Level Internet Topology

Cheleby System Overview

5

Initial Pruner (IP)

Structural Graph Indexer 

(SGI)

SubNet Inferrer(SNI)

Analytical IP Alias Resolver v2               

(APARv2), iffinder

Graph Based Induction (GBI)

Network Topology

Raw Data

Traces• x - - L.2 - S.2 - y• x - - A.1 - W.1 - - z• y - S.1 - L.1 - - x• y - S.1 – U.1 - - C.1 - - z• z - - C.2 - - - x• z - - C.2 - - U.2 - S.3 - y

U K C N

L H A W

S

x

y

z

Cheleby: Subnet-Level Internet Topology

PlanetLabVantage Points

http://cheleby.cse.unr.edu

Round Trip Time Analysis

6

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

11 44 87 130

173

216

259

302

345

388

431

474

517

560

603

646

689

732

775

818

861

904

947

990

1033

1076

1119

1162

1205

1248

1291

1334

1377

1420

1463

1506

1549

1592

1635

CDF of IP

 add

resses

Round Trip Time (in msec)

IPs Observed Unresponsive

Hops (Trailing *’s filtered)

213,303,135 17,537,018

92.40% 7.60%

Cheleby: Subnet-Level Internet Topology

Unresponsive Routers

Cheleby: Subnet-Level Internet Topology 7

• Responsiveness to Direct Probes

• Responsiveness to Indirect Probes

Team Analysis

8Cheleby: Subnet-Level Internet Topology

Resolution results

• Alias Resolution

• Subnet Inference

Cheleby: Subnet-Level Internet Topology 9

• Exponents : ‐2.17, ‐2.02, ‐1.92, respectively

Degree Distribution

10Cheleby: Subnet-Level Internet Topology

Interface Distribution

• Exponents : ‐2.71, ‐2.69, ‐2.74,  respectively11Cheleby: Subnet-Level Internet Topology

Subnet Distribution

12

• Exponents : ‐3.42, 3.62, respectivelyNodes in Subnets

Cheleby: Subnet-Level Internet Topology

Synthetic Topology Generation

yes

Network SizeID

SD

no

Generate Nodes Generate Subnets

Satisfies Subnet  & Interface 

Distributions !!!

Calculate Degree Distribution based on DD

Heterogeneous Swap

Match ? Final Topology

Cheleby: Subnet-Level Internet Topology 13

• Single connected component is feasible only when • connectivity parameter <1

Connectivity Analysis

14

Relation between Interface Distribution and Number of Subnets

Feasible Region

Cheleby: Subnet-Level Internet Topology

Subnet Distribution: ExploreNET

15

1

10

100

1000

10000

100000

1 10 100 1000 10000Number of  Nodes in Subnets

0.00001

0.0001

0.001

0.01

0.1

1

1 10 100 1000 10000

CCDF

[10 to 250] -1.09

Cheleby: Subnet-Level Internet Topology

Estimating Network Layer Subnet Characteristics via Statistical Sampling, M. Engin Tozal and Kamil Sarac, IFIP/TC6 Networking, Prague, Czech Republic, May’12

TraceNET

SourceDestination

DestinationSource

Traceroute Path

TraceNET Path

TraceNET: An Internet Topology Data Collector, M. Engin Tozal and Kamil Sarac, ACM Internet Measurement Conference, Melbourne, Australia, November 2010

Work in Progress

17

AS 1

AS 2

AS 3

AS 4

AS of InterestVP

VP

VP

VP VP

VP

VP

Alias Resolution

Subnet Resolution

Cheleby: Subnet-Level Internet Topology Per Destination load balancers ?

Network Traffic Analysis

with Bing Li, Jeff Springer, George Bebis

Design Goals

• Real time network query– near real time measurement and analysis

• Distributed system for – data collecting, storing, accessing, measuring and analyzing NetFlow

• Models of detection and classification based on profiling and behavior

Network Traffic Analysis 19

Design Components

Network Traffic Analysis 20

Demonstration

• Model Host Roles

• Algorithms: – On‐line Support Vector Machine– Decision Tree

• Ground Truth:– Host Information in Active Directory and vulnerability scanner Nessus database

Network Traffic Analysis 21

Client vs Server Classification

Network Traffic Analysis 22

Personal System vs Public System

Network Traffic Analysis 23

Web Server vs Email Server

Network Traffic Analysis 24

Classifying Two Different Colleges

Network Traffic Analysis 25

Anonymizer Usage

• Anonymity network usage via Pig scripting– 205 million packets– about 1.44TB data

• Analyzed Anonymity NetworksNetwork Servers Service

Tor 61,798 General

I2P 2,267 P2P

JAP 11 General

Remailers 15 Email

Proxies 7,246 General

Commercial Anomymizer,Gotrusted General

Anonymity Network Geolocation

Thanks