Thu, May 13, 2021 @ 11:00 AM - 01:00 PM
Thomas Lord Department of Computer Science
Ph.D. Candidate: Sivaram Ramanathan
Committee: Dr. Jelena Mirkovic, Dr. Minlan Yu, Dr. Emilio Ferrara and Dr. Ramesh Govindan
Time: May 13, 2021, 11am
Title: Improving Network Security and Performance Through Programmability and Machine Learning
The rise in different types of applications has attracted many users to the Internet. Companies generate revenue from users and a key component for user retention is reliable network performance. Network operators are constantly scaling their infrastructure to provide tight network and security guarantees to their users. However, issues in networks such as packet drops, low utilization of links, and targeted attacks can violate these guarantees.
Network operators use different tools to understand and diagnose problems in the network. As the network scales to support more users, tools that are traditionally used to understand and diagnose problems, also need to change. For instance, there exist transient events occurring at microsecond granularity in datacenter networks that could affect the network\'s performance. Traditional tools may miss such events as they work at coarser time granularities.
As networks grow to accommodate more users, securing the network has also become hard. In the past year, there has been a 776% increase in large volumetric denial of service (DDoS) attacks and networks have spent up to $50,000 to protect themselves. Moreover, most deployed defenses are reactive, where a mitigation strategy is only developed when symptoms of attacks are seen. Proactively detecting attackers would not only block all attack traffic but also reduce cost for victim networks.
In this talk, we use recent advancements in programmable switches and machine learning to develop frameworks for better network management. We present SPred, which uses machine learning models in switches to detect transient events faster. We designed SDProber to balance the cost of monitoring with event detection time. We also built frameworks that help network operators to meet security guarantees. We present SENSS, which allows networks to coordinate with upstream networks to develop better detection and mitigation strategies against DDoS attacks. Finally, we present BLAG that makes blocklists more suitable for emergency response by combining blocklists of different attack types and reducing the collateral damage by using a recommendation system and reused address detection.
Our work has had several real-world impacts. SENSS has been deployed in three academic networks to provide better detection of DDoS attacks. Our technique to identify reused addresses is being adopted by IPInfo, which maintains a large repository of IP address-related information. Finally, AT&T has partially deployed SDProber in their network to detect persistent congestion and we hold two patents for SDProber and SPred.
Topic: Sivaram\'s Defense
Join Zoom Meeting
Audiences: Everyone Is Invited
Contact: Lizsl De Leon