Bias reduction in traceroute sampling: towards a more accurate map of the Internet

Traceroute sampling is an important technique in exploring the internet router graph and the autonomous system graph. Although it is one of the primary techniques used in calculating statistics about the internet, it can introduce bias that corrupts these estimates. This paper reports on a theoretical and experimental investigation of a new technique to reduce the bias of traceroute sampling when estimating the degree distribution. We develop a new estimator for the degree of a node in a traceroute-sampled graph; validate the estimator theoretically in Erdos-Renyi graphs and, through computer experiments, for a wider range of graphs; and apply it to produce a new picture of the degree distribution of the autonomous system graph.Comment: 12 pages, 3 figure

Spreading paths in partially observed social networks

Understanding how and how far information, behaviors, or pathogens spread in social networks is an important problem, having implications for both predicting the size of epidemics, as well as for planning effective interventions. There are, however, two main challenges for inferring spreading paths in real-world networks. One is the practical difficulty of observing a dynamic process on a network, and the other is the typical constraint of only partially observing a network. Using a static, structurally realistic social network as a platform for simulations, we juxtapose three distinct paths: (1) the stochastic path taken by a simulated spreading process from source to target; (2) the topologically shortest path in the fully observed network, and hence the single most likely stochastic path, between the two nodes; and (3) the topologically shortest path in a partially observed network. In a sampled network, how closely does the partially observed shortest path (3) emulate the unobserved spreading path (1)? Although partial observation inflates the length of the shortest path, the stochastic nature of the spreading process also frequently derails the dynamic path from the shortest path. We find that the partially observed shortest path does not necessarily give an inflated estimate of the length of the process path; in fact, partial observation may, counterintuitively, make the path seem shorter than it actually is.Comment: 12 pages, 9 figures, 1 tabl

A model to study cyber attack mechanics and denial-of-service exploits over the internet\u27s router infrastructure using colored petri nets

The Internet‟s router infrastructure, a scale-free computer network, is vulnerable to targeted denial-of-service (DoS) attacks. Protecting this infrastructure‟s stability is a vital national interest because of the dependence of economic and national security transactions on the Internet. Current defensive countermeasures that rely on monitoring specific router traffic have been shown to be costly, inefficient, impractical, and reactive rather than anticipatory. To address these issues, this research investigation considers a new paradigm that relies on the systemic changes that occur during a cyber attack, rather than individual router traffic anomalies. It has been hypothesized in the literature that systemic knowledge of cyber attack mechanics can be used to infer the existence of an exploit in its formative stages, before severe network degradation occurs. The study described here targeted DoS attacks against large-scale computer networks. To determine whether this new paradigm can be expressed though the study of subtle changes in the physical characteristics of the Internet‟s connectivity environment, this research developed a first of its kind Colored Petri Net (CPN) model of the United States AT&T router connectivity topology. By simulating the systemic affects of a DoS attack over this infrastructure, the objectives of this research were to (1) determine whether it is possible to detect small subtle changes in the connectivity environment of the Internet‟s router connectivity infrastructure that occur during a cyber attack; and (2) if the first premise is valid, to ascertain the feasibility of using these changes as a means for (a) early infrastructure attack detection and (b) router infrastructure protection strategy development against these attacks. Using CPN simulations, this study determined that systemic network changes can be detected in the early stages of a cyber attack. Specifically, this research has provided evidence that using knowledge of the Internet‟s connectivity topology and its physical characteristics to protect the router infrastructure from targeted DoS attacks is feasible. In addition, it is plausible to use these techniques to detect targeted DoS attacks and may lead to new network security tools

Describing and simulating internet routes

International audienceThis contribution deals with actual routes followed by packets in the Internet at the ip level. We first propose a set of statistical properties to analyse such routes. We then use the results to suggest and evaluate methods for generating artificial routes suitable for simulation purposes. The proposed approach also leads to insight on various network models. The present work is based on large data sets provided mainly by caida’s skitter infrastructure