CMAND Logo

Center for Measurement and Analysis of Network Data @ NPS

Home | News | People | Projects | Papers | Data cmand.org : Projects
  • High-Frequency Active Internet Topology Mapping
    Summary: Current large-scale topology mapping systems require multiple days to characterize the Internet due to the large amount of probing traffic they incur. The accuracy of maps from existing systems is unknown, yet empirical evidence suggests that additional fine-grained probing exposes hidden links and temporal dynamics. Through longitudinal analysis of data from the Archipelago and iPlane systems, in conjunction with our own active probing, we examine how to shorten Internet topology mapping cycle time. In particular, this work develops discriminatory primitives that maximize topological fidelity while being efficient.
    More info: https://www.cmand.org/direct

  • IPv6 Measurement and Mapping
    Summary: As part of a collaboration with CAIDA funded by the NSF, we are actively investigating IPv6 measurement, including: topology, security, and adoption. Recent work has developed new methods for performing IPv6 alias resolution.
    More info: https://www.cmand.org/ipv6

  • Tamper-evident TCP
    Summary: TCP-HICCUPS (Handshake-based Integrity Check of Critical Underlying Protocol Semantics) is a tamper-evident extension of TCP designed to shed light on currently opaque middlebox behavior, revealing packet header manipulation to both sides of a TCP. HICCUPS introduces no new options or TCP/IP field semantics, is incrementally deployable, and "raises the bar" on middleboxes that seek to evade detection.
    More info: https://www.cmand.org/hiccups

  • Network and Topology Deception
    Summary: Among available network security defenses is the class of deceptive network strategies. More advanced deception includes not only providing a believable target, but actively influencing the adversary through deceit. Our work seeks to both implement and discover various forms of network and topology deception.
    More info: https://www.cmand.org/degreaser

  • Furious MAC
    Summary: Furious MAC is a project to understand, map, and correlate wireless hardware identifiers.
    More info: https://www.cmand.org/furiousmac

  • Transport-Layer Abusive Traffic Detection and Mitigation
    Summary: Abusive traffic abounds on the Internet, often originating from "botnets," distributed collections of compromised hosts under common control. We are investigating a unique approach to detecting bots, botnet infrastructure, and mitigating abusive traffic via transport-level (i.e. TCP) traffic signal analysis. Our key insight is that local botnet behavior manifests remotely as a discriminative signal. Rather than relying on content signatures or reputation measures, we exploit botnets' basic requirement to source large amounts of data, be it attacks, scam-hosting, spam, or other yet-to-be imagined malicious traffic. By using statistical traffic signal characterization methods, we can provide a difficult-to-subvert discriminator. This IP and content agnostic approach is privacy preserving, permitting deployment within the network core and offering the possibility to stanch malicious traffic before it saturates access links.
    More info: https://www.cmand.org/tta

  • Understanding the Efficacy of IP Source Address Validation
    Summary: IP source address forgery, or "spoofing," is a long-recognized consequence of the Internet's lack of packet-level authenticity. Despite historical precedent and filtering and tracing efforts, attackers continue to utilize spoofing for anonymity, indirection, and amplification. Using a distributed infrastructure and active measurement, we collect data on the prevalence and efficacy of current best-practice source address validation techniques. We uncover significant differences in filtering depending upon network geographic region, type, and size. We provide initial longitudinal results on the evolution of spoofing revealing no mitigation improvement over four years of measurement. Our analysis provides an empirical basis for evaluating incentive and coordination issues surrounding existing and future Internet packet authentication strategies.
    More info: http://spoofer.caida.org

Center for Measurement and Analysis of Network Data | Based at the Naval Postgraduate School
Contact Us