Showing papers by "Sonia Fahmy published in 2012"

Detecting network anomaly

Abstract: A method for detecting an anomaly in a network can include combining a number of data-created sketch-sets and requesting a finer sketch-set for an identified sketch-set among the combined number of sketch-sets using an aggregator, and creating the finer sketch-set for the identified sketch-set to detect the anomaly in the network using a monitor.

Design and evaluation of the S 3 monitor network measurement service on GENI

Abstract: Network monitoring capabilities are critical for both network operators and networked applications. In the context of an experimental test facility, network measurement is important for researchers experimenting with new network architectures and applications, as well as operators of the test facility itself. The Global Environment for Network Innovations (GENI) is a sophisticated test facility comprised of multiple “control frameworks.” In this paper, we describe the design and implementation of S3 Monitor, a scalable and extensible monitoring service for GENI. A key feature of S3 Monitor is a flexible design that allows easy “plug in” of new network measurement tools. We discuss our deployment experiences with S3 Monitor on GENI, and give experimental results to quantify the performance and system footprint of S3 Monitor. We find that the S3 Monitor service is light-weight and scales well as the number of paths to be monitored increases.

Content retrieval using cloud-based DNS

Abstract: Cloud-computing systems are rapidly gaining momentum, providing flexible alternatives to many services. We study the Domain Name System (DNS) service, used to convert host names to IP addresses, which has historically been provided by a client's Internet Service Provider (ISP). With the advent of cloud-based DNS providers such as Google and OpenDNS, clients are increasingly using these DNS systems for URL and other name resolution. Performance degradation with cloud-based DNS has been reported, especially when accessing content hosted on highly distributed CDNs like Akamai. In this work, we investigate this problem in depth using Akamai as the content provider and Google DNS as the cloud-based DNS system. We demonstrate that the problem is rooted in the disparity between the number and location of servers of the two providers, and develop a new technique for geolocating data centers of cloud providers. Additionally, we explore the design space of methods for cloud-based DNS systems to be effective. Client-side, cloud-side, and hybrid approaches are presented and compared, with the goal of achieving the best client-perceived performance. Our work yields valuable insight into Akamai's DNS system, revealing previously unknown features.

Link correlation and network coding in broadcast protocols for wireless sensor networks

Abstract: Correlated packet reception can be advantageous for sensor network broadcast protocols. By exploiting link correlation information, researchers have devised efficient single packet flooding protocols. In this work, we use testbed experiments to gain insight into the behavior of link correlation-aware broadcast protocols. We observe that, in the presence of varying link correlation, traditional link correlation-aware flooding mechanisms do not perform well in disseminating multiple packets due to reliability requirements and redundant transmissions. We conduct simulations to compare existing link correlation-aware flooding protocols with two versions of a multi-packet dissemination protocol, where one uses network coding and the other exploits both link correlation and network coding. Simulation results indicate the potential of the latter approach to be used as a reliable multi-packet dissemination protocol in practical scenarios. We also compare this protocol with existing multi-packet dissemination protocols, and reveal cases when certain protocols perform better than others.

Detecting unsafe BGP policies in a flexible world

Abstract: Internet Service Providers (ISPs) need to balance multiple opposing objectives. On one hand, they strive to offer innovative services to obtain competitive advantages; on the other, they have to interconnect with potentially competing ISPs to achieve reachability, and coordinate with them for certain services. The complexity of balancing these objectives is reflected in the diversity of policies of the Border Gateway Protocol (BGP), the standard inter-domain routing protocol. Unforeseen interactions among the BGP policies of different ISPs can cause routing anomalies. In this work, we propose a methodology to allow ISPs to check their BGP policy configurations for guaranteed convergence to a single stable state. This requires that a set of ISPs share their configurations with each other, or with a trusted third party. Compared to previous approaches to BGP safety, we (1) allow ISPs to use a richer set of policies, (2) do not modify the BGP protocol itself, and (3) detect not only instability, but also multiple stable states. Our methodology is based on the extension of current theoretical frameworks to relax their constraints and use incomplete data. We believe that this provides a rigorous foundation for the design and implementation of safety checking tools.

An energy-efficient approach for provenance transmission in wireless sensor networks

Abstract: Assessing the trustworthiness of sensor data and transmitters of this data is critical for quality assurance. Trust evaluation frameworks utilize data provenance along with the sensed data values to compute the trustworthiness of each data item. However, in a sizeable multi-hop sensor network, provenance information requires a large and variable number of bits in each packet, resulting in high energy dissipation due to the extended period of radio communication, and making trust systems unusable. We propose energy-efficient provenance encoding and construction schemes, which we refer to as Probabilistic Provenance Flow (PPF). To the best of our knowledge, ours is the first work to make the Probabilistic Packet Marking (PPM) approach for IP traceback feasible for sensor networks. We design two bit-efficient provenance encoding schemes along with a complementary vanilla scheme. Depending on the network size and bit budget, we select the best method using mathematical approximations and numerical analysis. Our TOSSIM simulations demonstrate that the encoding schemes of PPF have identical performance with a low bit budget (∼ 32-bit), requiring 33% fewer packets and 30% less energy than PPM variants to construct provenance. With a two-fold increase in bit budget, PPF with the selected encoding scheme reduces the energy consumption by 60%.1

Reducing the complexity of BGP stability analysis with hybrid combinatorial-algebraic models

Abstract: Routing stability and correctness in the Internet have long been a concern. Despite this, few theoretical frameworks have been proposed to check BGP configurations for convergence and safety. The most popular approach is based on the Stable Paths Problem (SPP) model. Unfortunately, SPP requires enumeration of all possible control-plane paths, which is infeasible in large networks. In this work, we study how to apply algebraic frameworks to the BGP configuration checking problem. We propose an extension of the Stratified Shortest Path Problem (SSPP) model that has a similar expressive power to SPP, but enables more efficient checking of configuration correctness. Our approach remains valid when BGP policies are applied to iBGP sessions - a case which is often overlooked by previous work, although common in today's Internet. While this paper focuses mainly on iBGP problems, our methodology can be extended to eBGP if operators are willing to share their local-preference configurations.

Detecting the unintended in BGP policies

Abstract: Internet Service Providers (ISPs) use routing policies to implement the requirements of business contracts, manage traffic, address security concerns and increase scalability of their network. These routing policies are often a high-level expression of strategies or intentions of the ISP. They have meaning when viewed from a network-wide perspective (e.g., mark on ingress, filter on egress). However, configuring these policies for the Border Gateway Protocol (BGP) is undertaken at a low-level, on a per router basis. Unintended routing outcomes have been observed. In this work, we define a language that allows analysis of network-wide configurations at the high-level. This language aims at bridging the gap between router configurations and abstract mathematical models capable of capturing complex policies. The language can be used to verify desired properties of routing protocols and hence detect potential unintended states of BGP. The language is accompanied by a tool suite that parses router configuration languages (which by their nature are vendor-dependent) and translates them into vendor-independent representations of policies.