互聯(lián)網(wǎng)數(shù)據(jù)分析合作協(xié)會(huì)

1、CAIDA.ORGCooperative Association for Internet Data Analysis互聯(lián)網(wǎng)數(shù)據(jù)分析合作協(xié)會(huì)1CAIDA Web Site2BackgroundThe Cooperative Association for Internet Data Analysis (CAIDA) is located at the San Diego Supercomputer Center (SDSC) on the campus of the University of California, San Diego. CAIDA坐落于加州大學(xué)圣迭戈分校中的圣迭戈超級(jí)計(jì)算中

2、心。3Backgroundprovides tools and analyses promoting the engineering and maintenance of a robust, scalable global Internet infrastructure.為協(xié)助建造和保持一個(gè)健壯的、可擴(kuò)展的全球互聯(lián)網(wǎng)結(jié)構(gòu)，提供工具和分析。4Content of CAIDAToolsAnalysisOutreachProjectsMembers5Tools Developed by CAIDAin measurementAutoFocusBelugaCflowdCoralReefIffinder

3、MantraNeTrametRTGScamperskitter6Tools Developed by CAIDAin visualizationGeoPlotGTraceLibSeaMapnetOtterPlanktonPlot-latlongPlotpathsWalrus7Other ToolsDeveloped by CAIDAArts+DnsstatDnstopFlowScanChart:GraphNetGeoOwlRRDtool8AnalysisCAIDA collects, monitors, analyzes, and visualizes several forms of Int

4、ernet traffic data concerning network topology, workload characterization, performance, routing, and multicast behavior. CAIDA收集、監(jiān)控、分析和可視化以下幾種互聯(lián)網(wǎng)流量數(shù)據(jù)：關(guān)于網(wǎng)絡(luò)拓?fù)?、工作量特性、性能、路由和多播行為?AnalysisThese analyses serve a variety of disciplines/purposes, including research, policy, education, and visualization. 這些分

5、析為各種學(xué)科/用途提供服務(wù)，包括研究、策略制定、教育和可視化。10AnalysisTopologyWorkload CharacterizationPerformanceRoutingMulti-castSecurity11OutreachThe transfer of technology is fundamental to CAIDAs mission. CAIDAs ongoing outreach efforts are intended to enhance community capabilities associated with designing, operating, an

6、d researching network technologies. 傳播技術(shù)是CAIDA的使命中重要的一部分。CAIDA正在進(jìn)行的努力是要加強(qiáng)和設(shè)計(jì)、運(yùn)行和研究網(wǎng)絡(luò)技術(shù)有關(guān)的溝通能力。12OutreachCAIDA outreach efforts have included workshops on Passive Traffic Monitoring and Analysis (January 1999); Network Visualization (April 1999); use of cflowd for router-based monitoring (September 1

7、999); and use of RRDtool for trend analysis (September 1999). CAIDA的對(duì)外工作包括被動(dòng)流量測(cè)量會(huì)議（1999.1），網(wǎng)絡(luò)可視化會(huì)議（1999.4），cflowd在基于路由器的監(jiān)測(cè)中的使用的會(huì)議（1999.9），RRDtool在趨勢(shì)分析中的使用的會(huì)議（1999.9）。13OutreachCAIDA has hosted several training sessions for university faculty, including a 2-day course on network simulation (VINT/ns),

8、 a TCP analysis course, a routing class, and a Traffic Analysis class. A similar 5-day workshop was held in June 2000. In support of the ITL program, an ITL-only workshop was held in June 2001. CAIDA還主辦了幾個(gè)針對(duì)大學(xué)教師的培訓(xùn)。14OutreachISMA - Internet Statistics and Metrics Analysis WorkshopsISMA workshops are

9、 held to discuss the current and future state of Internet measurement and analysis. 互聯(lián)網(wǎng)統(tǒng)計(jì)和測(cè)量分析會(huì)議是來(lái)討論當(dāng)前和未來(lái)的互聯(lián)網(wǎng)測(cè)量和分析的形勢(shì)。15OutreachISMA - Internet Statistics and Metrics Analysis WorkshopsThe intent of the workshops are to facilitate discussion among communities of academia, equipment vendors, and serv

10、ice providers, who share an interest in and incentive to understand one anothers interests and concerns with Internet statistics and analysis.這個(gè)會(huì)議的目的是方便學(xué)術(shù)界團(tuán)體，設(shè)備提供商和服務(wù)提供商之間的交流。16OutreachIEC - Internet Engineering Curriculum Repository The Internet Engineering Curriculum Repository (IEC) is a project

11、of CAIDA (Cooperative Association for Internet Data Analysis) to help educators and others interested in Internet technology keep up with developments in the field.互聯(lián)網(wǎng)工程課程庫(kù)是CAIDA的一個(gè)項(xiàng)目，來(lái)幫助教育工作者和其他對(duì)互聯(lián)網(wǎng)技術(shù)有興趣的人緊跟這個(gè)領(lǐng)域的發(fā)展。17OutreachITL - Internet Teaching LaboratoriesAs an extension of the IEC project, CA

12、IDA will help develop Internet Teaching Laboratory (ITL) facilities at several U.S. Colleges and Universities. Few networking courses include a hands-on laboratory component, often due to a lack of equipment. 作為IEC項(xiàng)目的擴(kuò)展，CAIDA還將在幾個(gè)美國(guó)大學(xué)幫助發(fā)展互聯(lián)網(wǎng)教學(xué)實(shí)驗(yàn)室。很少的網(wǎng)絡(luò)課程有動(dòng)手操作的實(shí)驗(yàn)室，這多數(shù)是由于缺少設(shè)備。18OutreachITL - Internet

13、Teaching LaboratoriesCAIDA has received a generous donation of routers, interface cards, CSU/DSUs, software and engineering expertise from Cisco Systems, Cable and Wireless, and MCI Worldcom that we will use to build ITLs at about 25 U.S. Universities.CAIDA從Cisco，MCI和世通等公司，收到了一些慷慨的捐助，包括路由器，接口卡，信道服務(wù)單

14、元/數(shù)據(jù)服務(wù)單元，軟件和硬件，會(huì)用于在美國(guó)的25所大學(xué)建設(shè)實(shí)驗(yàn)室。19ProjectsCAIDA is actively involved with several Internet related projects. CAIDA積極參與了和互聯(lián)網(wǎng)有關(guān)的項(xiàng)目。20ProjectsAnalysis & Visualization of IP Connectivity （2004.1-2005.6）21Analysis & Visualization of IP ConnectivityPrimary members:k claffyPh.D. UCSD Computer Science & En

15、gineering, 1994Bradley HuffakerM.S. UCSD Computing Science & Engineering, 199822Analysis & Visualization of IP ConnectivityWe would like to build on the success of our last two years of research and analysis of Internet connectivity, which Cisco has found useful from both a research and operational

16、perspective for the last two years.這個(gè)項(xiàng)目研究目標(biāo)是研究和分析互聯(lián)網(wǎng)的連接,之前的兩年他們也一直在做,是和Cisco合作，Cisco認(rèn)可了他們前兩年的研究成果，認(rèn)為在研究和實(shí)際操作方面都比較有用，所以繼續(xù)給與支持。23Analysis & Visualization of IP ConnectivityFor 2004-2005 our goal will be to derive three new connectivity information maps, which will involve analysis, and visualization c

17、omponents, as well as creating publically available software and databases that will support the community in a wide variety of operational analysis and research tasks. 這個(gè)項(xiàng)目04到05年的目標(biāo)是得到三個(gè)新的連接信息的地圖，包括了分析和可視化部分。同時(shí)要?jiǎng)?chuàng)建公眾可用的軟件和數(shù)據(jù)庫(kù)，廣泛地為其他的進(jìn)行實(shí)際操作分析和研究工作的組織提供支持。24Analysis & Visualization of IP Connectivity1

18、.Depict inter-AS connectivity at an organizational (common AS administration) granularity as well as AS granularity, which will require new supporting CAIDA software that intelligently synthesizes registry information from several disparate sources. We already have research agreements with the four

19、main address registries for bulk access to their registry data. 描繪一個(gè)自治系統(tǒng)的連接圖。25Analysis & Visualization of IP Connectivity2.Develop a pop-level map of the Internet with as much policy structure as we can directly gather and indirectly infer. CAIDA will use, and extend where necessary, tools develope

20、d in last years URB project 1 to gather the data for this task. 開發(fā)一個(gè)互聯(lián)網(wǎng)地圖，包括盡可能多的結(jié)構(gòu)，直接收集到或者間接推斷都可以。26Analysis & Visualization of IP Connectivity3.Build a hierachically structured topology map of the IPv6 Internet and correlate structure and growth patterns with that of IPv4 topology. This task relie

21、s on: (1) an active WIDE/CAIDA collaboration on IPv6 macroscopic topology measurement 2; (2) years of previous CAIDA work in IPv4 topology analysis.建立一個(gè)IPv6的層次結(jié)構(gòu)的拓?fù)鋱D。27Analysis & Visualization of IP ConnectivityThis project involves three levels of contributions:the visual maps, and the insights the

22、y reveal to non-experts;the associated topology knowledge bases;the supporting measurement, analysis, and presentation software.28Projects(NSF 04-540) NeTS-NR Toward Mathematically Rigorous Next-Generation Routing Protocols for Realistic Network Topologies（2003-2005）29(NSF 04-540)Most experts agree

23、that the existing data network architecture is severely stressed and reaching its capability limits. The evolutionary dynamics of several critical components of the infrastructure suggest that the existing system will not scale properly to accommodate even another decade of growth.多數(shù)專家認(rèn)為現(xiàn)存的數(shù)據(jù)網(wǎng)絡(luò)結(jié)構(gòu)已經(jīng)不

24、堪重負(fù)。這個(gè)結(jié)構(gòu)中的重要部分的發(fā)展已經(jīng)預(yù)示著現(xiàn)存的系統(tǒng)已經(jīng)不能再正常的擴(kuò)大了，即使是只容納10年的增長(zhǎng)。30(NSF 04-540)A mathematically rigorous formulation of scalability aspects of routing in networks is a well-studied problem in the theory of distributed computation. 對(duì)網(wǎng)絡(luò)路由在可擴(kuò)展性方面用數(shù)學(xué)上的嚴(yán)格公式表示，這是一個(gè)已經(jīng)在分布計(jì)算理論中研究得很好的問(wèn)題了。31(NSF 04-540)At the core of this

25、problem is a triangle of trade-offs among routing table size, convergence parameters, and path length inflation. By trade-off we mean that, for example, routing table size decrease comes at a price of increase in average path length.這個(gè)問(wèn)題的核心是在路由表的大小，收斂參數(shù)和路徑長(zhǎng)度的增加三個(gè)方面作交換?！敖粨Q”的意思是，比如，路由表的減小是以平均路徑長(zhǎng)度的增加為代

26、價(jià)的。32(NSF 04-540)We propose to open a new area of research focused on applying key theoretical routing results in distributed computation to extremely practical purposes, i.e. fixing the Internet.這個(gè)項(xiàng)目的目的是研究如何應(yīng)用主要路由理論，應(yīng)用領(lǐng)域從分布式計(jì)算到極端的應(yīng)用目的，也就是，修復(fù)互聯(lián)網(wǎng)。33(NSF 04-540)Therefore, the first high-level question

27、 we seek to answer is: will a viable next-generation data network architecture require a (by definition radical) paradigm shift? For example, will graph-theoretic abstraction of network topology eventually be insufficient?總之，第一個(gè)我們尋求回答的高層次問(wèn)題是：可行的下一代數(shù)據(jù)網(wǎng)絡(luò)需要模型的改變嗎？比如，用圖論來(lái)作為對(duì)網(wǎng)絡(luò)拓?fù)涞某橄筮€能行嗎？34(NSF 04-540)Thr

28、ee related and clearly defined tasks：1)execute the next step on the path toward construction of practically acceptable next-generation routing protocols based on mathematically rigorous routing algorithms;朝著制定實(shí)用的可接受的基于數(shù)學(xué)上嚴(yán)格的路由算法的下一代路由協(xié)議的目標(biāo)，繼續(xù)走下去。2) validate the applicability of the above algorithms

29、against several sources of real Internet topology data; 驗(yàn)證上述算法在幾個(gè)實(shí)際的互聯(lián)網(wǎng)拓?fù)鋽?shù)據(jù)源的情況下的可用性。35(NSF 04-540)3) build and evaluate a model for Internet topology evolution, which reflects fundamental laws of evolution of large-scale networks. 為互聯(lián)網(wǎng)拓?fù)涞倪M(jìn)化發(fā)展建立模型并且進(jìn)行評(píng)價(jià)，這個(gè)模型反映大規(guī)模網(wǎng)絡(luò)的發(fā)展的基本規(guī)律。36(NSF 04-540)The extensio

30、n of network modeling methodology proposed in this section will have impact beyond the realm of the current Internet. Indeed, the results will be elegantly generic in nature; they will shed light on evolution of not only the Internet but also of many other types of self-evolving large-scale networks

31、, such as biological, social, and language networks.網(wǎng)絡(luò)模型方法論的擴(kuò)展將超出現(xiàn)有的互聯(lián)網(wǎng)的領(lǐng)域。事實(shí)上，研究的結(jié)果在自然界非常通用；不僅適用于互聯(lián)網(wǎng)，還是用于其它的自進(jìn)化的大規(guī)模網(wǎng)絡(luò)，比如生物、社會(huì)和語(yǔ)言網(wǎng)絡(luò)。37ProjectsNSF-01-160: Quantitative Network Security Analysis（2003-2005）38Quantitative Network Security AnalysisThe field of system security research has long been domin

32、ated by individual qualitative results - either demonstrations of individual system vulnerabilities or expositions on the protection provided by individual security measures (e.g., firewalls, virus detectors, IDS systems, etc). 系統(tǒng)安全研究領(lǐng)域很長(zhǎng)時(shí)間以來(lái)都被單獨(dú)的定性的結(jié)論統(tǒng)治-或者是系統(tǒng)的缺點(diǎn)，或者是單獨(dú)的安全措施（防火墻，病毒監(jiān)控，入侵檢測(cè)系統(tǒng)等）保護(hù)下暴露出來(lái)的

33、弱點(diǎn)。39Quantitative Network Security AnalysisThese contributions, though clearly valuable, are difficult to evaluate without a complementary quantitative context describing the prevalence and impact of various attacks, vulnerabilities, and responses.這些定性的結(jié)論，雖然明顯是有價(jià)值的，但是沒(méi)有作為補(bǔ)充的定量的上下文來(lái)描述各種攻擊、缺點(diǎn)的流行和影響，這些

34、結(jié)論是很難評(píng)價(jià)的。40Quantitative Network Security AnalysisThe need for empirical data of this type is critical, both for guiding future security research and to provide a well-reasoned basis for developing operational best practices. 為了引導(dǎo)將來(lái)的安全研究和為開發(fā)出可操作的最好的實(shí)際系統(tǒng)提供充分論證基礎(chǔ)，對(duì)這種經(jīng)驗(yàn)數(shù)據(jù)的需要都是很緊迫的。41Quantitative Network

35、 Security AnalysisAt the same time, there are tremendous challenges in collecting and analyzing network information at sufficient scale that these findings are globally meaningful.同時(shí)，要在足夠大范圍內(nèi)，收集和分析對(duì)全球都有意義的網(wǎng)絡(luò)信息，還存在著很大的挑戰(zhàn)。42Quantitative Network Security AnalysisIn previous work, we have demonstrated t

36、echniques for attacking these problems in the context of Internetconnected systems - particularly focusing on large-scale attacks such as denial-of-service and self-propagating network worms. 目前他們已經(jīng)找到了處理這些問(wèn)題的技術(shù)，有關(guān)互聯(lián)系統(tǒng)的上下文-尤其是大規(guī)模攻擊，比如DoS攻擊和自我繁殖的網(wǎng)絡(luò)蠕蟲攻擊。43Quantitative Network Security AnalysisUsing a n

37、ew technique, called backscatter analysis, combined with the large address space network telescope we have developed at UCSD, we have been able to monitor the global prevalence of denial-of-service (DoS) activity on the Internet.他們新開發(fā)了一項(xiàng)新技術(shù)，叫做“背向散射分析”，結(jié)合已經(jīng)在加州大學(xué)圣迭戈分校開發(fā)成功的有巨大地址空間的“網(wǎng)絡(luò)望遠(yuǎn)鏡”，他們可以監(jiān)控DoS攻擊全球

38、互聯(lián)網(wǎng)的流行情況。44Quantitative Network Security AnalysisOur approach allows us to quantitatively measure each individual attack, its duration, its intensity, and identify the victim and the services targeted. Our initial study demonstrated that DoS attacks occur with great frequency and target a wide-varie

39、ty of sites and network infrastructure. 前面的工作使我們能定量的分析每個(gè)攻擊，他的持續(xù)時(shí)間，強(qiáng)度，識(shí)別受害者和被攻擊的服務(wù)。前面的研究表明，DoS攻擊在頻繁的發(fā)生，攻擊各種網(wǎng)站和網(wǎng)絡(luò)結(jié)構(gòu)。45Quantitative Network Security AnalysisIn related work, we have used a similar approach to monitor the spread of Internet worms such as CodeRed and Nimda. 最近，他們還使用了類似的方法來(lái)監(jiān)控互聯(lián)網(wǎng)的病毒，比如紅色代碼

40、和尼姆達(dá)。46Quantitative Network Security AnalysisUsing this data, we identified the growth pattern of these attacks, characterized the victims to identify common traits that made them vulnerable, and analyzed the effectiveness of security personnel in repairing their systems across the Internet.用這些數(shù)據(jù)，我們

41、識(shí)別了這些攻擊的增長(zhǎng)模式，描繪了受害者的特點(diǎn)，確定了使他們?nèi)菀资艿焦舻墓餐攸c(diǎn)，分析了安全人員在通過(guò)互聯(lián)網(wǎng)修復(fù)系統(tǒng)方面的效力。47Quantitative Network Security AnalysisFinally, we have also developed a preliminary analysis of the technical requirements for effective worm countermeasures. 最后，對(duì)高效的對(duì)付蠕蟲的策略的技術(shù)要求我們已經(jīng)作了初步的分析。48Quantitative Network Security AnalysisBy c

42、ombining spreading models, population data extracted from real Internet worm epidemics, and measured models of Internet topology, we have shown that any reactive worm defense will require extremely widespread deployment and very short reaction times (a few minutes or less).通過(guò)結(jié)合傳播模式、數(shù)量等從實(shí)際的互聯(lián)網(wǎng)蠕蟲的傳播得來(lái)

43、的數(shù)據(jù)，以及對(duì)互聯(lián)網(wǎng)拓?fù)浣Y(jié)構(gòu)的測(cè)量，發(fā)現(xiàn)任何反應(yīng)式的蠕蟲防御需要廣泛的部署和非常短的反應(yīng)時(shí)間（即分鐘或更少）。49Quantitative Network Security AnalysisUsing these ideas as a basis, we propose to develop a combination of network analysis techniques and network measurement infrastructure to analyze large-scale Internet security threats.項(xiàng)目目標(biāo)：上述思想作為基礎(chǔ)，我們要開發(fā)結(jié)

44、合了網(wǎng)絡(luò)網(wǎng)絡(luò)分析技術(shù)和網(wǎng)絡(luò)測(cè)量結(jié)構(gòu)的系統(tǒng)來(lái)分析大規(guī)模互聯(lián)網(wǎng)的安全威脅。 50Quantitative Network Security AnalysisIn particular, we plan to investigate the following questions: how do the nature of these threats change over time, how effective are attackers at compromising services, and how well do existing security countermeasures prov

45、ide a meaningful defense against these threats in practice? 特別是，我們計(jì)劃研究下面的問(wèn)題：這些威脅的是怎樣隨著時(shí)間變化的，攻擊者在危及服務(wù)安全的時(shí)候的有多高效，現(xiàn)有的安全措施在面臨這樣的威脅的時(shí)候能提供什么樣的保護(hù)？51Quantitative Network Security AnalysisWe expect to be able to measure the vast majority of large-scale Internet attacks and capture global DoS, worm, and port

46、scan activity on an ongoing basis. 我們希望能測(cè)量大規(guī)模的互聯(lián)網(wǎng)攻擊的絕大部分，并且捕捉到全球的DoS攻擊，蠕蟲和對(duì)端口掃描活動(dòng)。52Quantitative Network Security AnalysisWe plan to extend our backscatter algorithms and measurement infrastructure to track Internet attacks in real-time and actively probe victimized hosts to understand the impact of

47、 these attacks, the distribution of various vulnerabilities, and the efficacy of employed security measures.我們計(jì)劃把我們的背向散射算法和測(cè)量結(jié)構(gòu)擴(kuò)展到實(shí)時(shí)追蹤互聯(lián)網(wǎng)攻擊，以及主動(dòng)探測(cè)受到攻擊的主機(jī)來(lái)了解這些攻擊的影響，各種弱點(diǎn)的分布，和部署的安全措施的效果。53Quantitative Network Security AnalysisFinally, we will modify our monitors to redirect a subset of packets to simu

48、lated hosts (a so-called honeynet) to automatically identify and characterize new worms as they emerge.我們還計(jì)劃修改監(jiān)控器，重定向一些包到模擬主機(jī)（所謂的“honeynet”），在新的蠕蟲剛出現(xiàn)的時(shí)候就自動(dòng)識(shí)別和描述它們。54Quantitative Network Security AnalysisThe potential impact of this proposal is the creation of an empirical dataset that describes larg

49、e-scale attacks across the global Internet. 我們還會(huì)創(chuàng)建一個(gè)經(jīng)驗(yàn)數(shù)據(jù)集，描述全球互聯(lián)網(wǎng)的大規(guī)模攻擊。55Quantitative Network Security AnalysisMoreover, the real-time nature of this dataset could be widely valuable for operationally detecting, tracking, and characterizing large-scale threats as they occur. 此外，這個(gè)數(shù)據(jù)集的實(shí)時(shí)特性會(huì)廣泛的對(duì)實(shí)際的探測(cè)

50、、跟蹤和描述大規(guī)模威脅有價(jià)值。56Quantitative Network Security AnalysisGiven ongoing requests from government, industry, and academia that we receive for our preliminary data, we believe that there is keen, widespread interest for the large-scale data that we propose to create.有了政府、工業(yè)界和學(xué)術(shù)界的要求，我們收到了初步的數(shù)據(jù)，我們相信對(duì)我們要?jiǎng)?chuàng)建的

51、大規(guī)模數(shù)據(jù)會(huì)有急切的廣泛傳播的興趣。57Internet Atlas Project（2001-2004）58Internet Atlas Project（2001-2004）59Internet Atlas Project（2001-2004）60Projectsipnc (Inter-Provider Notification Channel) Analysis & Visualization of BGP Connectivity Among Autonomous Systems NCS: Routing Analysis and Peering Policy for Enhancing

52、 Internet Performance and Security SD-NAP(San Diego Network Access Point)61ProjectsAtoms - Atomised Routing (CiscoURB 2002) Advanced Techniques to Detect and Control Global Security Threats NMS - Network Modeling and SimulationBandwidth Estimation Project Analysis of the DNS root and gTLD nameserver system 62Thank you for your attention!Presented by sillness.lee63AutoFocusAutoFocus is a traffic