UC San Diego / Cisco Systems
About the talk:
|As networks plod along, beyond the stir of Active Networks and
the ambitious agenda of Cognitive Networks, lies the more modest goal of
what I call Introspective Networks. For a network, introspection
is the ability to discover patterns in traffic that can then be used (say)
for better resource management, and to mitigate security threats.
While offline introspection based on packet logs is being done, I focus
here on online pattern detection at say 40 Gbps. In the measurement
arena, the push for such real-time pattern detection comes from ISPs who
have long since been plagued by the lack of assistance for managing their
networks. In the security space, the push comes from the increasing
cost of deploying perimeter security solutions; this has led some analysts
to propose doing intrusion detection within the network. Besides
these motivating forces, there is also a corresponding opportunity in terms
of recent results in streaming algorithms, as well as the large amount
of logic available in modern ASICs.
In this talk, after laying out this research agenda, I will go beyond generalities to provide specific examples of the benefits of introspection. I first describe several component algorithms such as multistage filters, multiresolution bitmaps, partial completion filters, and Approximate State Machines. I then show how these components can be put together to solve useful problems such as computing traffic matrices, detecting DoS attacks within the network, automatically detecting the signatures of new and unknown worms, and detecting P2P traffic. I will describe our early experience with EarlyBird, a system for worm detection that automatically extracted the signatures of all worms that hit the UCSD campus in a few minutes (compared to the hours required by human analysts) and ran at high speeds.
About the speaker:
|George Varghese is a Professor of Computer Science at UCSD where he does research on network protocol implementation, measurement, and network security. He received his Ph.D. from MIT in 1993, and was elected to be a Fellow of the ACM in 2004. Several networking inventions that he has co-invented (e.g., DRR, IP lookups, timing wheels) are commonly used in commercial products. He is the author of the textbook "Network Algorithmics" published by Morgan Kaufman in 2004. From June 2004 to June 2005, he was co-founder and CTO of NetSift Inc., which was acquired by Cisco Systems.|