12 research outputs found
Bias reduction in traceroute sampling: towards a more accurate map of the Internet
Traceroute sampling is an important technique in exploring the internet
router graph and the autonomous system graph. Although it is one of the primary
techniques used in calculating statistics about the internet, it can introduce
bias that corrupts these estimates. This paper reports on a theoretical and
experimental investigation of a new technique to reduce the bias of traceroute
sampling when estimating the degree distribution. We develop a new estimator
for the degree of a node in a traceroute-sampled graph; validate the estimator
theoretically in Erdos-Renyi graphs and, through computer experiments, for a
wider range of graphs; and apply it to produce a new picture of the degree
distribution of the autonomous system graph.Comment: 12 pages, 3 figure
Spreading paths in partially observed social networks
Understanding how and how far information, behaviors, or pathogens spread in
social networks is an important problem, having implications for both
predicting the size of epidemics, as well as for planning effective
interventions. There are, however, two main challenges for inferring spreading
paths in real-world networks. One is the practical difficulty of observing a
dynamic process on a network, and the other is the typical constraint of only
partially observing a network. Using a static, structurally realistic social
network as a platform for simulations, we juxtapose three distinct paths: (1)
the stochastic path taken by a simulated spreading process from source to
target; (2) the topologically shortest path in the fully observed network, and
hence the single most likely stochastic path, between the two nodes; and (3)
the topologically shortest path in a partially observed network. In a sampled
network, how closely does the partially observed shortest path (3) emulate the
unobserved spreading path (1)? Although partial observation inflates the length
of the shortest path, the stochastic nature of the spreading process also
frequently derails the dynamic path from the shortest path. We find that the
partially observed shortest path does not necessarily give an inflated estimate
of the length of the process path; in fact, partial observation may,
counterintuitively, make the path seem shorter than it actually is.Comment: 12 pages, 9 figures, 1 tabl
A model to study cyber attack mechanics and denial-of-service exploits over the internet\u27s router infrastructure using colored petri nets
The Internet‟s router infrastructure, a scale-free computer network, is vulnerable to targeted denial-of-service (DoS) attacks. Protecting this infrastructure‟s stability is a vital national interest because of the dependence of economic and national security transactions on the Internet. Current defensive countermeasures that rely on monitoring specific router traffic have been shown to be costly, inefficient, impractical, and reactive rather than anticipatory.
To address these issues, this research investigation considers a new paradigm that relies on the systemic changes that occur during a cyber attack, rather than individual router traffic anomalies. It has been hypothesized in the literature that systemic knowledge of cyber attack mechanics can be used to infer the existence of an exploit in its formative stages, before severe network degradation occurs. The study described here targeted DoS attacks against large-scale computer networks. To determine whether this new paradigm can be expressed though the study of subtle changes in the physical characteristics of the Internet‟s connectivity environment, this research developed a first of its kind Colored Petri Net (CPN) model of the United States AT&T router connectivity topology.
By simulating the systemic affects of a DoS attack over this infrastructure, the objectives of this research were to (1) determine whether it is possible to detect small subtle changes in the connectivity environment of the Internet‟s router connectivity infrastructure that occur during a cyber attack; and (2) if the first premise is valid, to ascertain the feasibility of using these changes as a means for (a) early infrastructure attack detection and (b) router infrastructure protection strategy development against these attacks.
Using CPN simulations, this study determined that systemic network changes can be detected in the early stages of a cyber attack. Specifically, this research has provided evidence that using knowledge of the Internet‟s connectivity topology and its physical characteristics to protect the router infrastructure from targeted DoS attacks is feasible. In addition, it is plausible to use these techniques to detect targeted DoS attacks and may lead to new network security tools
Describing and simulating internet routes
International audienceThis contribution deals with actual routes followed by packets in the Internet at the ip level. We first propose a set of statistical properties to analyse such routes. We then use the results to suggest and evaluate methods for generating artificial routes suitable for simulation purposes. The proposed approach also leads to insight on various network models. The present work is based on large data sets provided mainly by caida’s skitter infrastructure