12:45PM, Thursday, June 1st 2006.
Gates 104

Introspective Networks

George Varghese
UC San Diego / Cisco Systems

About the talk:
As networks plod along, beyond the stir of Active Networks and the ambitious agenda of Cognitive Networks, lies the more modest goal of what I call Introspective Networks.  For a network, introspection is the ability to discover patterns in traffic that can then be used (say) for better resource management, and to mitigate security threats.  While offline introspection based on packet logs is being done, I focus here on online pattern detection at say 40 Gbps.  In the measurement arena, the push for such real-time pattern detection comes from ISPs who have long since been plagued by the lack of assistance for managing their networks.  In the security space, the push comes from the increasing cost of deploying perimeter security solutions; this has led some analysts to propose doing intrusion detection within the network.  Besides these motivating forces, there is also a corresponding opportunity in terms of recent results in streaming algorithms, as well as the large amount of logic available in modern ASICs.

In this talk, after laying out this research agenda, I will go beyond generalities to provide specific examples of the benefits of introspection.  I first describe several component algorithms such as multistage filters, multiresolution bitmaps, partial completion filters, and Approximate State Machines.  I then show how these components can be put together to solve useful problems such as computing traffic matrices, detecting DoS attacks within the network, automatically detecting the signatures of new and unknown worms, and detecting P2P traffic.  I will describe our early experience with EarlyBird, a system for worm detection that automatically extracted the signatures of all worms that hit the UCSD campus in a few minutes (compared to the hours required by human analysts) and ran at high speeds.


About the speaker:
George Varghese is a Professor of Computer Science at UCSD where he does research on network protocol implementation, measurement, and network security.   He received his Ph.D. from MIT in 1993, and was elected to be a Fellow of the ACM in 2004.   Several networking inventions that he has co-invented (e.g., DRR, IP lookups, timing wheels) are commonly used in commercial products.  He is the author of the textbook "Network Algorithmics" published by Morgan Kaufman in 2004.  From June 2004 to June 2005, he was co-founder and CTO of NetSift Inc., which was acquired by Cisco Systems.