ABSTRACT:

As networks plod along, beyond the stir of Active Networks and the ambitious agenda of Cognitive Networks, lies the more modest goal of what I call Introspective Networks.  For a network, introspection is the ability to discover patterns in traffic that can then be used (say) for better resource management, and to mitigate security
threats.  While offline introspection based on packet logs is being done, I focus here on online pattern detection at say 40 Gbps.  In the measurement arena, the push for such real-time pattern detection comes from ISPs who have long since been plagued by the lack of assistance for managing their networks.  In the security space, the push comes from the increasing cost of deploying perimeter security solutions; this has led some analysts to propose doing intrusion detection within the network.  Besides these motivating forces, there is also a corresponding opportunity in terms of recent results in streaming algorithms, as well as the large amount of logic available in modern ASICs.

In this talk, after laying out this research agenda, I will try and go beyond generalities to provide some specific examples of the benefits of introspection.  I first describe several component algorithms such as multistage filters, multiresolution bitmaps, and partial completion filters.  I then show how these components can be put together to solve useful problems such as computing traffic matrices, detecting DoS attacks within the network, and automatically detecting the signatures of new and unknown worms.  I will describe our early experience with EarlyBird, a system for worm detection that automatically extracted the signature of 3 latent worms.  This encourages us to hope that EarlyBird will identify a genuinely new worm in an early stage of infestation without human intervention.


BIOGRAPHY:

George Varghese worked at DEC for several years designing DECNET protocols before obtaining his Ph.D in 1992 from MIT.  He is currently a professor of computer science at UCSD, where he works on efficient
protocol implementation and protocol design.  Several of the algorithms he has helped develop (e.g., IP Lookups, timing wheels, DRR) have found their way into commercial systems.  He became an ACM Fellow in 2002.