In October we had a ANT research group lunch to celebrate the PhD graduation of Liang Zhu. Congratulations on his accomplishments and we all enjoyed tasty dim sum.
We are happy to announce a new project Plannning for Anycast as Anti-DDoS (PAADDoS).
The PAADDoS project’s goal is to defend against large-scale DDoS attacks by making anycast-based capacity more effective than it is today.
We will work toward this goal by (1) developing tools to map anycast catchments and baseline load, (2) develop methods to plan changes and their effects on catchments, (3) develop tools to estimate attack load and assist anycast reconfiguration during an attack. and (4) evaluate and integration of these tools with traditional DoS defenses.
We expect these innovations to improve service resilience in the face of DDoS attacks. Our tools will improve anycast agility during an attack, allowing capacity to be used effectively.
We are happy to announce a new project, Detecting, Interpreting, and Validating from Outside, In, and Control, Disruptive Events (DIVOICE).
The DIVOICE project’s goal is to detect and understand Network/Internet Disruptive Events (NIDEs)—outages in the Internet.
We will work toward this goal by examining outages at multiple levels of the network: at the data plane, with tools such as Trinocular (developed at USC/ISI) and Disco (developed at IIJ); at the control plane, with tools such as BGPMon (developed at Colorado State University); and at the application layer.
We expect to improve methods of outage detection, validate the work against each other and external sources of information, and work towards attribution of outage root causes.
DIVOICE is a joint effort of the ANT Lab involving USC/ISI (PI: John Heidemann) and Colorado State University (PI: Craig Partridge). DIVOICE builds on prior work on the LACANIC and Retro-Future Bridge and Outage projects. DIVOICE is supported by the DHS HSARPA Cyber Security Division via contract number 70RSAT18CB0000014.
We are happy to announce a new project, Global Analysis of Weak Signals for Enterprise Event Detection (GAWSEED). GAWSEED project is studing weak signals across multiple large-enterprise datasets looking for signs of malicious activity so small they may be passed over by a single enterprise’s operational staff. More details are on the GAWSEED project web page.
GAWSEED is part of ANT Lab at USC/ISI (PIs: John Heidemann and Wes Hardaker in the networking division, and Aram Galystan from the AI division. It is joint work with researchers at PARSONS Corporation. It is supported by DARPA as part of the CHASE program.
We would like to thank Kensuke Fukuda for joining us as a visiting scholar from April 2017 to February 2018. This visit was his second to our group, and it was great having Fukuda-san back with us while he continues his work with the National Institute of Informatics in Japan.
Kensuke’s first visit resulted in it development of DNS backscatter, a new technique that can detect scanners and spammers in IPv4. On this visit he worked with us to understand how to adapt DNS backscatter to IPv6. A paper about this work appears at ACM IMC 2018.
We had a going away lunch with Kensuke, his family, and part of the ANT lab in February 2018. Because it was during the regular week, several lab members were unable to attend.