about ANT

who we are

The ANT Lab is a research group spanning several departments at the University of Southern California (USC), including USC/Information Sciences Institute, USC/Computer Science, USC/Electrical Engineering, USC/Information Technology Services, Colorado State University’s Computer Science Department, and Los Alamos National Laboratory. (See our people page for more.)

what we do

Our goal is to improve the Internet by discovering new ways to understand network topology, traffic, use and abuse. We address important problems in networking and cybersecurity from several perspectives:

  • science: how big is the Internet? how stable is it? who uses it? where?
  • applications: what data drives security research? how do we balance data privacy and utility?
  • engineering: what is tomorrow’s critical infrastructure? how can research influence it?

We use many approaches:

  • Internet measurement with active and passive data collection. (For example, IPv4 censuses, anonymized packet capture)
  • big data analysis of network data. We use Hadoop and related tools in our own cluster, and Torque and traditional HPC at USC.
  • development and validation of new methodologies. Our techniques use experimentation, simulation, data collection, and mathematical analysis.
  • interaction of research and operations. Our work is informed by the real world.

We have pioneered new techniques, including recently:

  • Internet outage detection with Trinocular, probing 4M networks every 11 minutes, 24x7 since Oct. 2014.
  • Understanding IP anycast as one tool to speed data and mitgate Distributed Denial-of-Service attacks.
  • Mapping the cloud and services understanding anycast and tracking Google’s growth.

These techniques have produced tools and datasets that are widely used:

  • IPv4 censuses: we’ve been scanning the entire IPv4 address space since 2003
  • IP Hitlists are used by multiple research groups, describing where is most likely to respond to traceroutes
  • Hadoop Bzip2 Splitting: we developed support for parallel processing of bzip2 files in Hadoop (in Apache Hadoop since 0.22).

(See our datasets and software pages for more.)

history and support

Our research has been supported by the U.S. DHS, NSF, DARPA, and industry from Cisco, Verisign, Northrup Grumman, and Michael Keston. (We thank them for their generosity!)

And a big thanks to our collaborators and supports who host measurement machines!

The work has spanned a dozen research projects, nearly fifteen years, and eight co-PIs and more than 20 students (with more than 16 PhD and 5 MS graduates).

For a play-by-play, see the ANT blog, our publications, and specific projects.