Jaideep Chandrashekar scite author profile

Duan

Zhang

et al.

Slow convergence in the lnternet can be directly attributed to the "path exploration" phenomenon, inherent in aU path vector protocols. The root cause €or path exploration is the dependency among paths propagated through the network. Addressing this problem in BGP is particularly dimcult as the AS paths exchanged between BGP routers are highly summarized. In this paper, we describe why path exploration cannot be countered effectively within the existing BGP framework, and propose a simple, novel mechanism-forward edge sequence numbersto annotate the AS paths with additional "path dependency'' information. We then develop an enhanced path vector algorithm, EPIC, shown to limit path expIoration and lead to faster convergence. In contrast to other solutions, ours is shown to be correct on a very general model of Internet topology end BGP operation. Using theoretical analysis and simulations, we demonstrate that EPlC can achieve a dramatic improvement in routing convergence, compared to BGP and other existing solutions.

Exploiting Temporal Persistence to Detect Covert Botnet Channels

Giroire

Taft

et al. 2009

Abstract. We describe a method to detect botnet command and control traffic and individual end-hosts. We introduce the notion of "destination traffic atoms" which aggregate the destinations and services that are communicated with. We then compute the "persistence", which is a measure of temporal regularity and that we propose in this paper, for individual destination atoms. Very persistent destination atoms are added to a host's whitelist during a training period. Subsequently, we track the persistence of new destination atoms not already whitelisted in order to identify suspicious C&C destinations. A particularly novel aspect is that we track persistence at multiple timescales concurrently. Importantly, our method does not require any a-priori information about destinations, ports, or protocols used by the C&C communication, nor do we require payload inspection. We evaluate our system using extensive user traffic traces collected from an enterprise network, along with collected botnet traces.We demonstrate that our method correctly identifies a botnet's C&C traffic, even when it is very stealthy. We also show that filtering outgoing traffic with the constructed whitelists dramatically improves the performance of traditional anomaly detectors. Finally, we show that the C&C detection can be achieved with a very low false positive rate.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates

Duan

Yuan

2006

Abstract-The Distributed Denial of Services (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge, or spoof, the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets.In this paper we propose an inter-domain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. IDPFs are constructed from the information implicit in BGP route updates and are deployed in network border routers. A key feature of the scheme is that it does not require global routing information. Based on extensive simulation studies, we show that even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.

On Properties of Internet Exchange Points and Their Impact on AS Topology and Relationship

Duan

2004

Abstract. Internet eXchange Points (IXPs) are one of two primary methods for Autonomaus Systems (ASes) to interconnect with each other for exchanging traffic and for global Internet reachability. This paper explores the properties of IXPs and their impact on the AS topology and AS business relations using Scriptraute and Skitter traceroute probes, BGP routing archives and other data. With these datasets we develop an algorithm to discover IXPs aud infer ASes that participate at these IXPs. Using the discovered IXPs and their inferred AS participants, we analyze and characterize the properties of IXPs and their participants such as size, geographical locations. We also investigate the impact of IXPs on the global AS topology and business relations between ASes. Our study sheds light on the Internet interconnection practices and the evolution of the Internet, in particular, the potential role IXPs play in such evolution.

A first step toward understanding inter-domain routing dynamics

2005