5,132 research outputs found
Why (and How) Networks Should Run Themselves
The proliferation of networked devices, systems, and applications that we
depend on every day makes managing networks more important than ever. The
increasing security, availability, and performance demands of these
applications suggest that these increasingly difficult network management
problems be solved in real time, across a complex web of interacting protocols
and systems. Alas, just as the importance of network management has increased,
the network has grown so complex that it is seemingly unmanageable. In this new
era, network management requires a fundamentally new approach. Instead of
optimizations based on closed-form analysis of individual protocols, network
operators need data-driven, machine-learning-based models of end-to-end and
application performance based on high-level policy goals and a holistic view of
the underlying components. Instead of anomaly detection algorithms that operate
on offline analysis of network traces, operators need classification and
detection algorithms that can make real-time, closed-loop decisions. Networks
should learn to drive themselves. This paper explores this concept, discussing
how we might attain this ambitious goal by more closely coupling measurement
with real-time control and by relying on learning for inference and prediction
about a networked application or system, as opposed to closed-form analysis of
individual protocols
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Characterizing a Meta-CDN
CDNs have reshaped the Internet architecture at large. They operate
(globally) distributed networks of servers to reduce latencies as well as to
increase availability for content and to handle large traffic bursts.
Traditionally, content providers were mostly limited to a single CDN operator.
However, in recent years, more and more content providers employ multiple CDNs
to serve the same content and provide the same services. Thus, switching
between CDNs, which can be beneficial to reduce costs or to select CDNs by
optimal performance in different geographic regions or to overcome CDN-specific
outages, becomes an important task. Services that tackle this task emerged,
also known as CDN broker, Multi-CDN selectors, or Meta-CDNs. Despite their
existence, little is known about Meta-CDN operation in the wild. In this paper,
we thus shed light on this topic by dissecting a major Meta-CDN. Our analysis
provides insights into its infrastructure, its operation in practice, and its
usage by Internet sites. We leverage PlanetLab and Ripe Atlas as distributed
infrastructures to study how a Meta-CDN impacts the web latency
- …