Implementation and Deployment of a Distributed Network Topology Discovery Algorithm

In the past few years, the network measurement community has been interested in the problem of internet topology discovery using a large number (hundreds or thousands) of measurement monitors. The standard way to obtain information about the internet topology is to use the traceroute tool from a small number of monitors. Recent papers have made the case that increasing the number of monitors will give a more accurate view of the topology. However, scaling up the number of monitors is not a trivial process. Duplication of effort close to the monitors wastes time by reexploring well-known parts of the network, and close to destinations might appear to be a distributed denial-of-service (DDoS) attack as the probes converge from a set of sources towards a given destination. In prior work, authors of this report proposed Doubletree, an algorithm for cooperative topology discovery, that reduces the load on the network, i.e., router IP interfaces and end-hosts, while discovering almost as many nodes and links as standard approaches based on traceroute. This report presents our open-source and freely downloadable implementation of Doubletree in a tool we call traceroute@home. We describe the deployment and validation of traceroute@home on the PlanetLab testbed and we report on the lessons learned from this experience. We discuss how traceroute@home can be developed further and discuss ideas for future improvements

Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

Evaluation of a Large-Scale Topology Discovery Algorithm

peer reviewedIn the past few years, the network measurement community has been interested in the problem of internet topology discovery using a large number (hundreds or thousands) of measurement monitors. The standard way to obtain information about the internet topology is to use the traceroute tool from a small number of monitors. Recent papers have made the case that increasing the number of monitors will give a more accurate view of the topology. However, scaling up the number of monitors is not a trivial process. Duplication of effort close to the monitors wastes time by reexploring well-known parts of the network, and close to destinations might appear to be a distributed denial-of-service (DDoS) attack as the probes converge from a set of sources towards a given destination. In prior work, authors of this paper proposed Doubletree, an algorithm for cooperative topology discovery, that reduces the load on the network, i.e., router IP interfaces and end-hosts, while discovering almost as many nodes and links as standard approaches based on traceroute. This paper presents our open-source and freely downloadable implementation of Doubletree in a tool we call traceroute@home. We evaluate the performance of our implementation on the PlanetLab testbed and discuss a large-scale monitoring infrastructure that could benefit of Doubletree

Retouched Bloom Filters: Allowing Networked Applications to Flexibly Trade Off False Positives Against False Negatives

Where distributed agents must share voluminous set membership information, Bloom filters provide a compact, though lossy, way for them to do so. Numerous recent networking papers have examined the trade-offs between the bandwidth consumed by the transmission of Bloom filters, and the error rate, which takes the form of false positives, and which rises the more the filters are compressed. In this paper, we introduce the retouched Bloom filter (RBF), an extension that makes the Bloom filter more flexible by permitting the removal of selected false positives at the expense of generating random false negatives. We analytically show that RBFs created through a random process maintain an overall error rate, expressed as a combination of the false positive rate and the false negative rate, that is equal to the false positive rate of the corresponding Bloom filters. We further provide some simple heuristics and improved algorithms that decrease the false positive rate more than than the corresponding increase in the false negative rate, when creating RBFs. Finally, we demonstrate the advantages of an RBF over a Bloom filter in a distributed network topology measurement application, where information about large stop sets must be shared among route tracing monitors.Comment: This is a new version of the technical reports with improved algorithms and theorical analysis of algorithm

Localization of nodes in wired and wireless networks

This thesis focuses on the implementation of algorithms for localization of nodes in wired and wireless networks. The thesis is organized into two papers. The first paper presents the localization algorithms based on time of arrival (TOA) and time difference of arrival (TDOA) techniques for computer networks such as the Internet by using round-trip-time (RTT) measurements obtained from known positions of the gateway nodes. The RTT values provide an approximate measure of distance between the gateway nodes and an unknown node. The least squares technique is then used to obtain an estimated position of the unknown node. The second paper presents localization of an unknown node during route setup messages in wireless ad hoc and sensor networks using a new routing protocol. A proactive multi-interface multichannel routing (MMCR) protocol, recently developed at Missouri S&T, was implemented on the Missouri S&T motes. This protocol calculates link costs based on a composite metric defined using the available end-to-end delay, energy utilization, and bandwidth, and it chooses the path that minimizes the link cost factor to effectively route the information to the required destination. Experimental results indicate enhanced performance in terms of quality of service, and implementation of this protocol requires no modification to the current IEEE 802.11 MAC protocol. Received signal strength indicator (RSSI) values are recorded from the relay nodes (gateway nodes) to the unknown node during route setup messages. The location of the unknown node is estimated using these values with some a priori profiling and the known positions of the relay nodes as inputs to the least squares technique --Abstract, page iv

Improved Algorithms for Network Topology Discovery

peer reviewedTopology discovery systems are starting to be introduced in the form of easily and widely deployed software. However, little consideration has been given as to how to perform large-scale topology discovery efficiently and in a network-friendly manner. In prior work, we have described how large numbers of traceroute monitors can coordinate their efforts to map the network while reducing their impact on routers and end-systems. The key is for them to share information regarding the paths they have explored. However, such sharing introduces considerable communication overhead. Here, we show how to improve the communication scaling properties through the use of Bloom filters to encode a probing stop set. Also, any system in which every monitor traces routes towards every destination has inherent scaling problems. We propose capping the number of monitors per destination, and dividing the monitors into clusters, each cluster focusing on a different destination list