CYBER SECURITY DIVISION 2014 R&D SHOWCASE AND TECHNICAL WORKSHOP Internet topology and performance analytics for mapping critical network infrastructure CAIDA/UCSD PI k claffy 16-18 December 2014 1
Team Profile Center for Applied Internet Data Analysis (CAIDA) Founded by PI and Director k claffy Independent analysis and research group 15+ years experience in data collection, curation, and research Known for data collection tools, analysis, and data sharing located at the UC San Diego s Supercomputer Center Key personnel: Bradley Huffaker, Young Hyun, Marina Fomenkov, Josh Polterock, Ken Keys, Matthew Luckie 2
Need: Situational Awareness of Internet Fundamental Global Cybersecurity Challenge The Internet s scope and complexity is growing faster than our capability to understand or measure its structure, dynamics, or vulnerabilities. [46k independent networks: typically commercial, competitive, opaque] 3
Approach: Infrastructure, Data, Analytics 1. Design, implement, validate measurement algorithms Sustainable and scalable system design 2. Deploy and manage measurement infrastructure 106+ Archipelago monitors (38 IPv6, 58 Pi s, 36 RadClock) Continually and comprehensively probe IP address space 3. Apply algorithms and infrastructure to improve integrity and scope of maps Derive router- and AS-level topologies Curated data kits shared with researchers (ITDK) 4. Inform real-world problems with better understanding of the Internet s structure, routing dynamics, performance, and vulnerabilities 4
Approach: Increase Completeness, Accuracy and Richness of Topology Map AS Ranking by Customer Cones (BCP38) Archipelago Router-level map PoP- level map Operator valida0on 5
Approach: Curate Data to Enable Others Synthesize data to curate Internet Topology Data Kit Augment with BGP, DNS lookups, geolocation data, other sources of trace route data Derived: IP paths, AS paths, router aliases Results: relationship-aware AS graph; AS-to- Organization mappings; router graph including geolocation & ownership [Eventually] support interactive use of data kit 6
Approach: ITDK WorkFlow cyberspace is complicated! http://www.caida.org/data/internet-topology-data-kit/ Center for Applied Internet Data Analysis ITDK: Internet Topology Data Kit Process IP traceroute BGP looking servers glass servers BGP BGP looking glass glass servers BGP Collectors CAIDA DDec Internet digital envoy Netacuity MAXMIND GeoLite City DNS DNS servers servers data collectors data servers CAIDA A rchipelago scamper MIDAR data files data processes iffinder geographic IPv4 address geolocation AS level BGP paths geographic IPv4 address geolocation DNS HostDB hostnames IP level Ark traces MIDAR router aliases Iffinder AS relationship complex AS relationship multi-lateral peering AS relationship peering from traceroute AS Relationship conventional Geolocation process DRoP hostname decode AS Assignment process Filter IP Hostnames process kapar process AS relationships conventional peering AS relationships conventional AS relationships complex new AS relationships conventional AS graph AS customer cone ITDK Datasets router geolocation router AS assignment hostnames router graph nodes links 7
Benefits: Enabling Wide Range of Security and Stability Research router topology mapping and validation architecting interdomain atlas of congestion Structure business relationship inference and validation filter policy congruity scalable measurement systems Performance Security mapping of fragility evolution of advanced TCP features understanding TCP s resilience to attacks forged address detection and mitigation
Benefits: Broader Impact www.caida.org macroscopic topology, AS rank Network intelligence: prefix hijacking, outages broader impacts Network intelligence: TreasureMap TR: DNS server placement CCS: routing bottlenecks IMC: mapping google expansion PAM: policy violations IMC: MPLS deployment TR: defend against Tor adversaries IMC: router fingerprinting IMC: ECN readiness PAM: traceroute pitfalls 9
Macroscopic Internet Graph 2014 (v4,6) http://www.caida.org/research/topology/as_core_network/2014/ 10
Competition Related Work In academics, we view as related work rather than competition and try to reduce unnecessary redundancy. RIPE Atlas (http://atlas.ripe.net/) Internet Atlas (http://internetatlas.org/) iplane datasets (http://iplane.cs.washington.edu/data/data.html) DIMES (http://www.netdimes.org/) zmap (https://zmap.io/) Renesys (http://www.renesys.com/) recently acquired by Dyn 11
Current Status: Recent achievements (infrastructure, software/services, data) Deployed 27 Ark nodes (2014) bringing total to 106 Implemented & deployed Dolphin: bulk DNS resolution tool public release of DNS Decoder (DDec) automated hostnamebased geolocation data store and feedback collection service released beta version of interactive intermediate (PoP/citylevel) map validation functionality for testing & feedback (Apr) produced new AS classification derived from: darknet traffic data, AS-relationships, BGP announcements, peeringdb released April 2014 Internet Topology Data Kit (ITDK), with router and BGP-derived AS level topology published AS Core Topology Graph poster for 2014 new interactive data interface (caida.org tab) 12
Current Status: Recent achievements (publications, workshops, predictions) two papers at IMC2014 (&TPRC14): Fine-Grained AS Relationship Inference and Challenges in Inferring Internet Interdomain Congestion ACM SIGCOMM CCR papers on DNS-based router positioning (DRoP), spurious routes in BGP data two papers to appear PAM2015: IPv6 AS Relationships, Clique, and Congruence, Measuring and Characterizing IPv6 Router Availability (collaboration with NPS.edu) invited panel (slides&video online): Internet Architecture Innovation: 2020 and 2030, Duke Law s Center for Innovation Policy Forum Active Internet Measurement Workshop (AIMS2014) Workshop on Internet Economics (WIE2014) New CAIDA program plan 2014-2017 13
Next Steps: CAIDA Interactive http://www.caida.org/interactive/ Interactive views of data that allows users to: Learn from annotated Internet data Provide feedback on analysis & inference methods Execute on-demand measurements Correlate with other data sources Aiming for user-friendly interface to topology data and infrastructure AS Rank as-rank.caida.org DDec ddec.caida.org DatCat www.datcat.org CHARTH USE charthouse.caida.org Vela vela.caida.org 14
Contact Information k claffy kc@caida.org http://www.caida.org/ 15