As a principal scientist at Information Sciences Institute and chief scientist of the Network and Cybersecurity Divsion. I am active in research in several areas. My current research interests are Internet measurement with applications in security and policy, and design of network protocol and critical systems. I also teach and advise students at the USC Computer Science Department.
Two things for fun: see LA through ISI’s eyes (or at least windows). Suprisingly, My Erdős number is 3, through Fan Chung Graham (via On unavoidable graphs and 6 other papers) and Walter Willinger (via Towards an AS-to-Organization Map, thanks to Walter’s prolific and useful collaboration!). My Bacon number is, however infinite.
For students interested in working with me or entering USC, please see my advice page.
Research Projects
At ISI my research examines how observe and analyze Internet topology and traffic to improve network reliability, security, protocols, and critical services. My networking research occurs in the context of ANT, the Analysis of Network Traffic group at ISI.
In these areas I’m currently active on several research projects:
-
PIMAWAT: The PIMAWAT Project (Collaborative Research: IMR: MM-1-B: Privacy in Internet Measurements Applied To WAN and Telematics, supported by NSF CISE) will demonstrate new methods to provide data networking datasets that respect end-user privacy, but are still able to support new research in allow network protocols, security, privacy, and machine learning. Started in 2023; supported by NSF.
-
SAFED-ASP: Safe And Flexible Experimental Dataset Access and Sharing–Planning (SAFED-ASP) is a planning grate to assess methods to support federated sharing of network data while managing privacy. Started in 2022; supported by NSF.
-
Internet-Map: A Traffic Map for the Internet will develop an Internet traffic map, esimating where users and services are in the Internet and how they relate. PI: Ethan Katz-Bassett (Columbia). Started in 2022; supported by NSF.
-
CLASSNET: Community Labeling and Sharing of Security and Networking Test datasets (CLASSNET) will support network and security research with new, labeled, rich and diverse datasets to the research community. PI: Jelena Mirkovic. Started in 2021; supported by NSF.
-
SABRES: A project examining 5G infrastructure, seeking to improve slice allcation and security. PI: Erik Kline. Started in 2020; supported by DARPA.
-
EIEIO: Event Identification and Evaluation of Internet Outages is a project that will develop new algorithms to help understand Internet reliablity by improving coverage of Internet outage detection, identifying events in this raw data, and relating these events to the real world. Started in 2020; supported by NSF.
-
DIINER: DNS, Identity, and Internet Naming for Experimentation and Research is a project designed to support new new research in Internet naming and trust. Our goal is to support research and ease transition from research to operational deployment, while preserving stability. Started in 2019; supported by NSF.
-
NIPET: Evaluating the potential of new research infrastructure to support resarch on Internet naming, identity, and the DNS. NSF support for a plannning grant (Planning for Identity and Naming Experimentation Shared Testbed). PI is John Heidemann. Supported by NSF and DHS. Started in 2015.
In addition, I thank foundation support from a Michael Keston Research Grant (2017) and The Rose Foundation (2021). And I am grateful for industrial support from Intel Corporation (2000-2003), Northrop Grumman (2003, 2014-2017), Chevron (2004-2013), Cisco (2005, 2007), Verisign (2014-2016), Northop Grumman (2014-2017), and Amazon (2018),
Research collaborations
Networking research is strongly collaborative. Organizations with which I am affiliated:
- the ISI Computer Networks Division
- the USC Computer Science Department (and NSL there)
- ANT: the USC/ISI Analysis of Network Traffic group
(And of course, many student, industry faculty collaborators as well.)
Prior Research Projects
A fun thing about research is that it is always changing, so it’s always new. Individual projects tend to be fairly short, although of course research themes span multiple projects.
From 2000-2013 I lead I-LENSE, the ISI Laboratory for Embedded Networked Sensor Experimentation to study wireless and sensor networking.
My work has spanned a number of the research projects:
-
MINCEQ: Measuring the Internet during Novel Coronavirus to Evaluate Quarantine is a project to measure changes in Internet use during the COVID-19 outbreak of 2020. 2020 to 2022; supported by NSF.
-
GAWSEED: Global Analysis of Weak Signals for Enterprise Event Detection is a project examining detection of weak signals in network traffic. PIs are John Heidemann and Wes Hardaker. 2018 to 2022. Supported by DARPA.
-
DDIDD: DDoS Defense In Depth for DNS appled existing and developed new defenses against Distributed-Denial-of-Service attacks for operational DNS infrastructure, making these tools available as open source. PIs John Heidemann, Jelena Mirkovic, and Wes Hardaker. Joint work with B-Root. 2017 to 2021; supported by NFS.
-
LACANIC: Los Angeles/Colorado Application and Network Information Community: LACANIC’s goal is to develop datasets and measurement techniques that improve Internet security and reliability. We distribute these datasets through IMPACT. PIs John Heidemann, Christos Papadopoulos (on leave), Craig Partridge. 2018 to2020; Supported by DHS.
-
DIVOICE: Detecting, Interpreting, and Validating from Outside, In, and Control, Disruptive Events is a project to detect and understand Network/Internet Disruptive Events (NIDEs)–outages in the Internet. 2018 to 2020; supported by DHS.
-
PAADDOS: Plannning for Anycast as Anti-DDoS is a project to defend against large-scale DDoS attacks by making anycast-based capacity more effective than it is today. Started in 2018; supported by DHS, in collaboration with University of Twente with support from NWO.
-
EARR: Enabling Anycast in the Research Root-2016 is a project that helps exploring how measurement infrastructure interacts with anycast for the Internet Domain Name System (DNS). EARR builds on B-Root and contributes towards our long-term goal of creating a naming testbed. PIs are John Heidemann and Wes Hardaker. 2017-2018, supported by DHS.
-
IIOVADR: Interactive Internet Outage Visualization to Assess Disaster Recovery is a project supporting the use of Internet outage measurements to help understand and recover from natural disasters. 2018-2019. Supported by NFS.
-
Retro-Future Bridge and Outages: Technology transfer of Retro-future data sharing and Internet outage detection. PI is John Heidemann. 2016-2018, supported by DHS.
-
LACREND: Internet traffic analysis to improve network security. PIs are John Heidemann and Christos Papadopoulos (at CSU). 2012-2017, supported by DHS.
-
Retro-Future: New approaches to Internet analysis over time and across organizations. PIs are Mike Fisk (LANL), John Heidemann, and Christos Papadopoulos (CSU). 2012-2016, supported by DHS.
-
PINEST: Evaluating the potential of new research infrastructure to support resarch on Internet naming, identity, and the DNS. NSF support for a plannning grant (Planning for Identity and Naming Experimentation Shared Testbed). PI is John Heidemann. Started in 2015, supported by NSF and DHS.
-
MEGA is developing new models and algorithms to examine dynamic, multi-modal, large-scale social and computer networks. PI is Ashish Goel (Stanford), am am co-PI at USC. (Started July 2012, ISI efforts completed 2014, supported by DARPA DSO.)
-
CiSoft: I’m active in several CiSoft efforts, with my current focus being applying inexpensive, pervasive sensing to enhance production. Prior work has including improving oilfields safety, support underwater monitoring systems, subsidence monitoring, energy harvesting, and multi-sensor fusion. (2004-2013, supported by Chevron via USC’s CiSoft.)
-
I was involved with the UCLA-headquartered Center for Embedded Networked Sensing from 2004 to 2010 (website removed 2016)
-
LANDER-2007: Internet traffic analysis to improve network security. (2007-2013, supported by DHS.)
-
AMITE is building an annotated, edge-considering Internet topology. PIs are John Heidemann and Ramesh Govindan (USC/CS). (2009-2012, supported by DHS.)
-
DATUNR is developing an open, always-on testbed for underwater networking research. PIs are John Heidemann and Wei Ye (USC/ISI) and Urbashi Mitra (USC/EE). (August 2008 to May 2012, supported by NSF.)
-
ORTUN is developing an open, deployable testbed for underwater research. We expect to provide bouys with both WHOI and SNUSE modems that can be deployed several times a year in different environemnts. PI is Jim Preisig (WHOI); ISI PIs are Wei Ye and John Heidemann. (2007-2011, supported by NSF.)
-
MADCAT is exploring the study of periodic patterns in Internet traffic to detect security problems (2006-2010, supported by NSF).
-
MR-Net is exploring the use of parallel algorithms to processes of very large network datasets–Billions of pings in the Internet address space, flow headers packet headers. We are exploring the use of map/reduce-style parallelism over clusters of PCs. (2008-2010, supported by NSF, with additional support from ISI New Research Inititatives.)
-
SRVC is exploring how automatic configuration and local- and wide-area communication for vehicle classification systems (2007-2010, supported by METRANS).
-
SISS is looking at how sensornets and the Internet can work together (2006-2009, supported by NSF).
-
SNUSE is developing sensor networks suitable for undersea use. (2004-2008, supported by NSF.)
-
LANDER: Internet traffic analysis to improve network security. (2004-2007, supported by DHS.)
-
Rapidly Deployable Sensors for Vehicle Counting and Classification (2003-2005) is investigating the use of sensor networks to classify roadway traffic. This proposal is funded by USC/CSULB METRANS with Genevieve Guiliano as co-PI.
-
MACSS (MAC Protocols Specific for Sensor Networks, 2002-2005) is investigating Media Access Control (MAC) protocol design for sensor networks: energy efficiency via coordinated sleep, and interactions between the MAC and the physical layer and sensors. We also plan to study how sensor net applications differ from Internet-style applications. MACSS is supported by NSF and Intel Corporation.
-
Pervasive Monitoring and Control of Water Lifeline Systems for Disaster Recovery (2002-2004) is investigating sensor net infrastructure and data integration algorithms applied to enhance the performance of civil infrastructure systems, particularly utility lifeline systems, under both emergency and daily operational conditions. This project is supported by NSF and is joint work with Masanobu Shinozuka (UC Irvine).
-
CONSER (Collaborative Simulation for Education and Research, 2000-2004): CONSER is developing network simulation and visualization tools (ns and nam) to support networking research for protocol development and evaluation, and network education, illustrating concepts about existing and new network protocols.
-
SAMAN (Simulation Augmented by Measurement and Analysis for Networks, 2000-2004): evaluated rapidly generating representative traffic models for network simulation, applying analytic techniques to speed simulation, and how to make current networks more robust to failure.
-
SCADDS (Scalable Coordination Architectures for Deeply Distributed Systems, 2000-2003): early work in sensor networking, including directed diffusion, adaptive fidelity, localization, and MAC protocols suitable for long-lived, self-configuring networks.
-
VINT (1997-2000), network simulation, in collaboration with Deborah Estrin and Polly Huang and others
-
LSAM (1995-1998), web caching and transport-layer research, in collaboration with Joe Touch, Vikram Vishweswariah, and Lars Eggert, and others
-
GOST (1995-1997), Prospero and file system stacking, in collaboration with Cliff Neuman and others
Earlier Research
In addition to work at ISI, I did my graduate work at UCLA as part of the Ficus project. My PhD dissertation (under Gerald Popek) concerned stackable filing, an approach to structure file-system components to support rapid development and deployment of new services. While at UCLA I also contributed to the Ficus replicated file system.
Before graduate school I worked for several years at the folks of Microimages (when it was still a research project at the University of Nebraska, Lincoln).
(Research) Community Service
One aspect of being active in academic research is supporting the process of peer review. To that end I am an senior member of ACM, and a fellow of IEEE Computer Society. I also particpate in various program committees, including TPC co-chair of ACM SIGCOMM 2019, ACM Workshop on Underwatner Networks 2009, ACM SenSys 2006, and IEEE EmNets 2005. I also served as general co-chair of ACM IMC 2016 and ACM Hotnets 2014](http://conferences.sigcomm.org/hotnets/2014/).
In the past, I was an associate editor of the ACM Transactions on Sensor Networks, IEEE Transactions on Mobile Computing, on the editorial board of IEEE Pervasive Computing Magazine, and a member of Usenix.