You searched for +publisher:"Colorado State University" +contributor:("Papadopoulos, Christos").
Showing records 1 – 12 of
12 total matches.
No search limiters apply to these results.
Colorado State University
1.
Calderon Jaramillo, Andres.
Supporting localized interactions using named data networking.
Degree: MS(M.S.), Computer Science, 2018, Colorado State University
URL: http://hdl.handle.net/10217/185703 
► A common application in the Internet of Things (IoT) is the access to devices in a specific location. For example, a user may walk into…
(more)
▼ A common application in the Internet of Things (IoT) is the access to devices in a specific location. For example, a user may walk into a room and use a mobile device to control the lights or to access the temperature reading. Similarly, things in a location need to advertise their services. For example, when a printer is moved into a room, it needs to make its presence known so that users in that room can access it with minimal configuration. An application developer can achieve these tasks by referring to devices using intuitive names such as /csu/mainCampus/csBuilding/room258/printer/activate. To construct such a name, the developer must make the application aware of the current location. Furthermore, the device must enforce a location-based access control policy to ensure that only users in the same location as the device are allowed to access the device. Our goal is to design a system that leverages the power of names in the Named Data Networking architecture to allow application developers to write code to access and advertise services in a location such as a room or a building. Our system provides a convenient level of indirection so that developers can use names such as /thisRoom/printers/default/activate to initiate a spontaneous interaction with local devices. In this thesis, we describe the system architecture and a prototype implementation. Furthermore, we explore trust and security issues and qualitatively compare our NDN-based solution against an IP-based solution.
Advisors/Committee Members: Papadopoulos, Christos (advisor), Bohm, Wim (committee member), Hayne, Stephen (committee member).
Subjects/Keywords: Location Awareness; Named Data Networking; Internet of Things; Spontaneous Interaction; Location-based Services
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Calderon Jaramillo, A. (2018). Supporting localized interactions using named data networking. (Masters Thesis). Colorado State University. Retrieved from http://hdl.handle.net/10217/185703
Chicago Manual of Style (16th Edition):
Calderon Jaramillo, Andres. “Supporting localized interactions using named data networking.” 2018. Masters Thesis, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/185703.
MLA Handbook (7th Edition):
Calderon Jaramillo, Andres. “Supporting localized interactions using named data networking.” 2018. Web. 08 Dec 2019.
Vancouver:
Calderon Jaramillo A. Supporting localized interactions using named data networking. [Internet] [Masters thesis]. Colorado State University; 2018. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/185703.
Council of Science Editors:
Calderon Jaramillo A. Supporting localized interactions using named data networking. [Masters Thesis]. Colorado State University; 2018. Available from: http://hdl.handle.net/10217/185703
Colorado State University
2.
Limo, Chepchumba Soti.
Decentralized and dynamic community formation in P2P networks and performance of community based caching.
Degree: MS(M.S.), Electrical and Computer Engineering, 2015, Colorado State University
URL: http://hdl.handle.net/10217/167211
► Distributed Hash Tables (DHT) are commonly used in large Peer-to-Peer networks to increase the efficiently of resolving queries. Minimizing the resource discovery time in P2P…
(more)
▼ Distributed Hash Tables (DHT) are commonly used in large Peer-to-Peer networks to increase the efficiently of resolving queries. Minimizing the resource discovery time in P2P networks is highly desirable to improve system-wide performance. Distributed caching is an approach used to reduce the look-up time. File sharing P2P networks have shown that there exists nodes/users who share similar interests based on semantics, geography, etc., and a group of nodes that share similar interests are said to form a community. A Community Based Caching (CBC) algorithm where nodes make caching decisions based on personal interests is investigated. One of CBC’s major contributions is that it alleviates the issue of nodes being limited to caching resources that are popular relative to the entire network. Instead, caching decisions are primarily based on a node's community affiliations and interests. Community discovery algorithms that currently exists either need a centralized source(s) to aid in community discovery or require additional messaging and complicated computations to determine whether to join a group or not. In many cases, nodes are also limited to being members of only one community at a time. A dynamic and decentralized community discovery algorithm, Dynamic Group Discovery (DGD), is proposed. DGD also allows nodes to be members of multiple communities at the same time. DGD's behavior and performance is then evaluated in conjunction with the Community Based Caching algorithm. To aid in group discovery during run time (i.e., dynamically), DGD uses special keys with embedded group identification information. Oversim, a flexible overly network simulation framework is used to evaluate the proposed DGD algorithm. Performance of DGD is compared to Chord and Static Group Allocation (SGA), in which group identification is done only once. Performance is evaluated for different network sizes, community sizes, and asymmetry among communities. Performance results are presented and analyzed when queries are resolved using cache data versus when queries are resolved using non-cache data. The analysis shows that DGD generally improves lookup performance when cache data is used to resolved queries. However, when non-cache data is used, DGD occasionally performs slightly worse than Chord and SGA. For example, in a network with 10,000 nodes, asymmetrical communities and no churn group churn, DGD outperforms Chord by approximately half a hop and 0.1 seconds in latency. When churn was introduced to the same network, DGD performance drops by approximately one hop and 0.15 seconds in latency. The results also show that approximately 90% of the queries are resolved using non-cache data and therefore, even though DGD is guaranteed to reduce lookup time when asymmetrical communities are present and cache records are to used to resolve queries, it is often not enough to significantly improve overall system performance. The results however confirm that caching resources based on personal interests really does reduced lookup performance when…
Advisors/Committee Members: Jayasumana, Anura P. (advisor), Yang, Liuqing (committee member), Papadopoulos, Christos (committee member).
Subjects/Keywords: Communities; Caching; P2P Networs
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Limo, C. S. (2015). Decentralized and dynamic community formation in P2P networks and performance of community based caching. (Masters Thesis). Colorado State University. Retrieved from http://hdl.handle.net/10217/167211
Chicago Manual of Style (16th Edition):
Limo, Chepchumba Soti. “Decentralized and dynamic community formation in P2P networks and performance of community based caching.” 2015. Masters Thesis, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/167211.
MLA Handbook (7th Edition):
Limo, Chepchumba Soti. “Decentralized and dynamic community formation in P2P networks and performance of community based caching.” 2015. Web. 08 Dec 2019.
Vancouver:
Limo CS. Decentralized and dynamic community formation in P2P networks and performance of community based caching. [Internet] [Masters thesis]. Colorado State University; 2015. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/167211.
Council of Science Editors:
Limo CS. Decentralized and dynamic community formation in P2P networks and performance of community based caching. [Masters Thesis]. Colorado State University; 2015. Available from: http://hdl.handle.net/10217/167211
Colorado State University
3.
Zhang, Han.
Detecting advanced botnets in enterprise networks.
Degree: PhD, Computer Science, 2017, Colorado State University
URL: http://hdl.handle.net/10217/181362
► A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive…
(more)
▼ A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive compared to common virus and malware, because they control the resources from many compromised computers. Botnets provide a very important platform for attacks, such as Distributed Denial-of-Service (DDoS), spamming, scanning, and many more. To foil detection systems, botnets began to use various evasion techniques, including encrypted communications, dynamically generated C&C domains, and more. We call such botnets that use evasion techniques as advanced botnets. In this dissertation, we introduce various algorithms and systems to detect advanced botnets in enterprise-like network environment. Encrypted botnets introduce several problems to detection. First, to enable research in detecting encrypted botnets, researchers need samples of encrypted botnet traces with ground truth, which are very hard to get. Traces that are available are not customizable, which prevents testing under various controlled scenarios. To address this problem we introduce BotTalker, a tool that can be used to generate customized encrypted botnet communication traffic. BotTalker emulates the actions a bot would take to encrypt communication. To the best of our knowledge, BotTalker is the first work that provides users customized encrypted botnet traffic. The second problem introduced by encrypted botnets is that Deep Packet Inspection (DPI)-based security systems are foiled. We measure the effects of encryption on three security systems, including Snort, Suricata and BotHunter (BH) using the encrypted botnet traffic generated by BotTalker. The results show that encryption foils these systems greatly. Then, we introduce a method to detect encrypted botnet traffic based on the fact that encryption increases data's entropy. In particular, we present two high-entropy (HE) classifiers and add one of them to enhance BH by utilizing the other detectors it provides. By doing this HE classifier restores BH's ability to detect bots, even when they use encryption. Entropy calculation at line speed is expensive, especially when the flows are very long. To deal with this issue, we introduce two algorithms to classify flows as HE by looking at only part of a flow. In particular, we classify a flow as HE or low entropy (LE) by only considering the first M packets of the flow. These early HE classifiers are used in two ways: (a) to improve the speed of bot detection tools, and (b) as a filter to reduce the load on an Intrusion Detection System (IDS). We implement the filter as a preprocessor in Snort. The results show that by using the first 15 packets of a flow the traffic delivered to IDS is reduced by more than 50% while maintaining more than 99.9% of the original alerts. Comparing our traffic reduction scheme with other work we find that they need to inspect at least 13 times more packets than ours or they miss about 70 times of the alerts. To improve the resiliency of communication between…
Advisors/Committee Members: Papadopoulos, Christos (advisor), Ray, Indrakshi (committee member), Pallickara, Shrideep (committee member), Hayne, Stephen C. (committee member).
Subjects/Keywords: DNS; Network Security; Intrusion Detection System; Botnet
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Zhang, H. (2017). Detecting advanced botnets in enterprise networks. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/181362
Chicago Manual of Style (16th Edition):
Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Doctoral Dissertation, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/181362.
MLA Handbook (7th Edition):
Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Web. 08 Dec 2019.
Vancouver:
Zhang H. Detecting advanced botnets in enterprise networks. [Internet] [Doctoral dissertation]. Colorado State University; 2017. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/181362.
Council of Science Editors:
Zhang H. Detecting advanced botnets in enterprise networks. [Doctoral Dissertation]. Colorado State University; 2017. Available from: http://hdl.handle.net/10217/181362
Colorado State University
4.
Shannigrahi, Susmit.
Future of networking is the future of Big Data, The.
Degree: PhD, Computer Science, 2019, Colorado State University
URL: http://hdl.handle.net/10217/197325
► Scientific domains such as Climate Science, High Energy Particle Physics (HEP), Genomics, Biology, and many others are increasingly moving towards data-oriented workflows where each of…
(more)
▼ Scientific domains such as Climate Science, High Energy Particle Physics (HEP), Genomics, Biology, and many others are increasingly moving towards data-oriented workflows where each of these communities generates, stores and uses massive datasets that reach into terabytes and petabytes, and projected soon to reach exabytes. These communities are also increasingly moving towards a global collaborative model where scientists routinely exchange a significant amount of data. The sheer volume of data and associated complexities associated with maintaining, transferring, and using them, continue to push the limits of the current technologies in multiple dimensions - storage, analysis, networking, and security. This thesis tackles the networking aspect of big-data science. Networking is the glue that binds all the components of modern scientific workflows, and these communities are becoming increasingly dependent on high-speed, highly reliable networks. The network, as the common layer across big-science communities, provides an ideal place for implementing common services. Big-science applications also need to work closely with the network to ensure optimal usage of resources, intelligent routing of requests, and data. Finally, as more communities move towards data-intensive, connected workflows - adopting a service model where the network provides some of the common services reduces not only application complexity but also the necessity of duplicate implementations. Named Data Networking (NDN) is a new network architecture whose service model aligns better with the needs of these data-oriented applications. NDN's name based paradigm makes it easier to provide intelligent features at the network layer rather than at the application layer. This thesis shows that NDN can push several standard features to the network. This work is the first attempt to apply NDN in the context of large scientific data; in the process, this thesis touches upon scientific data naming, name discovery, real-world deployment of NDN for scientific data, feasibility studies, and the designs of in-network protocols for big-data science.
Advisors/Committee Members: Papadopoulos, Christos (advisor), Partridge, Craig (advisor), Pallickara, Shrideep (committee member), Ray, Indrakshi (committee member), Burns, Patrick J. (committee member), Monga, Inder (committee member).
Subjects/Keywords: Future Internet Architecture; Large Scientific Data; Networking for big data; Information Centric Networking; Big Science; Named Data Networking
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Shannigrahi, S. (2019). Future of networking is the future of Big Data, The. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/197325
Chicago Manual of Style (16th Edition):
Shannigrahi, Susmit. “Future of networking is the future of Big Data, The.” 2019. Doctoral Dissertation, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/197325.
MLA Handbook (7th Edition):
Shannigrahi, Susmit. “Future of networking is the future of Big Data, The.” 2019. Web. 08 Dec 2019.
Vancouver:
Shannigrahi S. Future of networking is the future of Big Data, The. [Internet] [Doctoral dissertation]. Colorado State University; 2019. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/197325.
Council of Science Editors:
Shannigrahi S. Future of networking is the future of Big Data, The. [Doctoral Dissertation]. Colorado State University; 2019. Available from: http://hdl.handle.net/10217/197325
Colorado State University
5.
Shah, Anant.
Systems for characterizing Internet routing.
Degree: PhD, Computer Science, 2018, Colorado State University
URL: http://hdl.handle.net/10217/189413
► Today the Internet plays a critical role in our lives; we rely on it for communication, business, and more recently, smart home operations. Users expect…
(more)
▼ Today the Internet plays a critical role in our lives; we rely on it for communication, business, and more recently, smart home operations. Users expect high performance and availability of the Internet. To meet such high demands, all Internet components including routing must operate at peak efficiency. However, events that hamper the routing system over the Internet are very common, causing millions of dollars of financial loss, traffic exposed to attacks, or even loss of national connectivity. Moreover, there is sparse real-time detection and reporting of such events for the public. A key challenge in addressing such issues is lack of methodology to study, evaluate and characterize Internet connectivity. While many networks operating autonomously have made the Internet robust, the complexity in understanding how users interconnect, interact and retrieve content has also increased. Characterizing how data is routed, measuring dependency on external networks, and fast outage detection has become very necessary using public measurement infrastructures and data sources. From a regulatory standpoint, there is an immediate need for systems to detect and report routing events where a content provider's routing policies may run afoul of
state policies. In this dissertation, we design, build and evaluate systems that leverage existing infrastructure and report routing events in near-real time. In particular, we focus on geographic routing anomalies i.e., detours, routing failure i.e., outages, and measuring structural changes in routing policies.
Advisors/Committee Members: Papadopoulos, Christos (advisor), Pallickara, Shrideep (committee member), Ray, Indrakshi (committee member), Gersch, Joseph (committee member), Luo, J. Rockey (committee member), Bush, Randy (committee member).
Subjects/Keywords: Border Gateway Protocol; Internet Routing; Routing Anomalies; Detours; Autonomous Systems; Outages
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Shah, A. (2018). Systems for characterizing Internet routing. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/189413
Chicago Manual of Style (16th Edition):
Shah, Anant. “Systems for characterizing Internet routing.” 2018. Doctoral Dissertation, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/189413.
MLA Handbook (7th Edition):
Shah, Anant. “Systems for characterizing Internet routing.” 2018. Web. 08 Dec 2019.
Vancouver:
Shah A. Systems for characterizing Internet routing. [Internet] [Doctoral dissertation]. Colorado State University; 2018. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/189413.
Council of Science Editors:
Shah A. Systems for characterizing Internet routing. [Doctoral Dissertation]. Colorado State University; 2018. Available from: http://hdl.handle.net/10217/189413
6.
Bose, Divyanka.
Security of virtual coordinate based Wireless Sensor Networks.
Degree: MS(M.S.), Electrical and Computer Engineering, 2016, Colorado State University
URL: http://hdl.handle.net/10217/170287
► Wireless Sensor Networks (WSNs) perform critical functions in many applications such as, military surveillance, rescue operations, detection of fires and heath care monitoring. In these…
(more)
▼ Wireless Sensor Networks (WSNs) perform critical functions in many applications such as, military surveillance, rescue operations, detection of fires and heath care monitoring. In these applications, nodes in the network carry critical and sensitive data. Thus, WSNs are prone to various kinds of attacks that target different protocols and layers of the network. Also, most of the WSNs are placed remotely that makes it difficult to implement security measures after deployment. Thus, security of WSNs needs to be considered at the initial stage of system design. In many applications, the nodes are deployed randomly, and thus are unpredictable in terms of physical network topology. Virtual Coordinate (VC) based WSNs possess significant advantages over Geographical Coordinate (GC) based WSNs. This is because VCs negate the need for physical localization of nodes, which require costly techniques like GPS. The VCs of the nodes in the network are very important for basic functionalities such as routing and self-organization. However, security of VCs has not been extensively researched even though routing algorithms rely on the correctness of the VCs for proper functioning. VC based WSNs are susceptible to attacks resulting from malicious modification of VCs of individual nodes. While the impact of some such attacks is localized, others such as Coordinate Deflation and Wormholes (tunneling) can cause severe disruptions. This thesis proposes techniques for the detection and mitigation of attacks, which are aimed at the VC based WSNs. We propose a novel approach where coordinate attacks are identified by detecting changes in the shape of the network, extracted using Topology Maps. A comprehensive solution for detection of coordinate-based attacks on VC systems is presented that combines Beta Reputation System and a reputation based routing scheme. Latter ensures safe communication that bypasses malicious nodes during detection process. The Coordinate Deflation and Wormhole attacks are discussed and the effect and intensity of these attacks are addressed. Two methods are proposed and compared for the detection of attacks. In the first method, the topology distortion is rated using clusters identifiable by existing VCs, thus requiring low computation and communication overhead. A measure of topology distortion is presented. The existence of a trusted base station is needed for this method. In the second method, the detection is distributed and removes the need for a base station/server. We compare the advantages and disadvantages of the two methods, and discuss the scenarios in which these algorithms maybe implemented. Simulation based evaluations demonstrate that both the schemes efficiently detects Deflation and Wormhole attacks. We choose a variety of dense networks with different topologies and deployment characteristics for evaluation. Networks with voids, representative of physical spaces with voids, as well as randomly deployed networks are considered, to ensure the correct operation and scalability of the…
Advisors/Committee Members: Jayasumana, Anura (advisor), Pasricha, Sudeep (committee member), Papadopoulos, Christos (committee member).
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Bose, D. (2016). Security of virtual coordinate based Wireless Sensor Networks. (Masters Thesis). Colorado State University. Retrieved from http://hdl.handle.net/10217/170287
Chicago Manual of Style (16th Edition):
Bose, Divyanka. “Security of virtual coordinate based Wireless Sensor Networks.” 2016. Masters Thesis, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/170287.
MLA Handbook (7th Edition):
Bose, Divyanka. “Security of virtual coordinate based Wireless Sensor Networks.” 2016. Web. 08 Dec 2019.
Vancouver:
Bose D. Security of virtual coordinate based Wireless Sensor Networks. [Internet] [Masters thesis]. Colorado State University; 2016. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/170287.
Council of Science Editors:
Bose D. Security of virtual coordinate based Wireless Sensor Networks. [Masters Thesis]. Colorado State University; 2016. Available from: http://hdl.handle.net/10217/170287
7.
Luo, Mante.
Horizontal scaling of video conferencing applications in virtualized environments.
Degree: MS(M.S.), Computer Science, 2017, Colorado State University
URL: http://hdl.handle.net/10217/178879
► Video conferencing is one of the most widely used services in the world. However, it usually requires dedicated hardware and expensive licenses. Cloud computing has…
(more)
▼ Video conferencing is one of the most widely used services in the world. However, it usually requires dedicated hardware and expensive licenses. Cloud computing has helped many companies achieve lower operation costs, and many applications including video conferencing are being transitioned into the cloud. However, most video-conferencing applications do not support horizontal scaling as a built-in feature, which is essential to embrace the advantages of virtualized environments. The objective of this thesis is to explore horizontal scaling of video conferencing applications. We explore these ideas in the context of a Jitsi an open-source video-conferencing. The thesis develops a methodology for horizontal scaling in the Amazon EC2 cloud with the objective of ensuring quality of service such as per-packet latency (primarily), loss rates, jitter, and the number of participants per session. We build predictive models to inform our horizontal scaling decisions. Proactive scaling allows us to preserve several qualities of service metrics for video-conferencing. Scaling in the EC2 environment is fast and cost-effective with the added benefit of high availability, which helps us support large number of users consistently without much downtime.
Advisors/Committee Members: Pallickara, Shrideep (advisor), Papadopoulos, Christos (committee member), Turk, Daniel (committee member).
Subjects/Keywords: Distributed Systems; Cloud Computing; Video-conferencing
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Luo, M. (2017). Horizontal scaling of video conferencing applications in virtualized environments. (Masters Thesis). Colorado State University. Retrieved from http://hdl.handle.net/10217/178879
Chicago Manual of Style (16th Edition):
Luo, Mante. “Horizontal scaling of video conferencing applications in virtualized environments.” 2017. Masters Thesis, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/178879.
MLA Handbook (7th Edition):
Luo, Mante. “Horizontal scaling of video conferencing applications in virtualized environments.” 2017. Web. 08 Dec 2019.
Vancouver:
Luo M. Horizontal scaling of video conferencing applications in virtualized environments. [Internet] [Masters thesis]. Colorado State University; 2017. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/178879.
Council of Science Editors:
Luo M. Horizontal scaling of video conferencing applications in virtualized environments. [Masters Thesis]. Colorado State University; 2017. Available from: http://hdl.handle.net/10217/178879
Colorado State University
8.
Bartlett, Jason D.
Representing BGP and routing flows in XML.
Degree: MS(M.S.), Computer Science, 2007, Colorado State University
URL: http://hdl.handle.net/10217/79008
► Monitoring routing in the Internet is a significant aspect of network security today. Incorrect information that is introduced into the system can result in problems…
(more)
▼ Monitoring routing in the Internet is a significant aspect of network security today. Incorrect information that is introduced into the system can result in problems ranging from a particular service or website becoming temporarily inaccessible, to large blocks of network addresses becoming cut off from the rest of the Internet, to potentially-sensitive user information being redirected to a malicious actor. Current monitoring projects generate a huge dataset for users for sift through. A single collection point collecting routing data from a dozen routers can archive 1800 update messages every 15 minutes. The largest current monitoring projects have 12-16 collection points, some of which can have several dozen routers feeding data into them, and some of which have been saving data for a decade or more. These archives are stored in a binary format called MRT that appends metadata about the particular routing session being monitored to the raw data received by a router. They also depend on tools to convert the binary into usable, but rigid, ASCII formats. Ideally, this data could be represented in a standardized ASCII format that both human user and machine application can make use of. Furthermore, such a format ought to be able to be easily extended, whether to represent new features in the underlying data or to transport user-specific annotations, without creating compatibility problems. XML and XSD provide the mechanisms necessary to accomplish this and the framework necessary to do it in such a way that the resulting definitions can become standardized. This work presents an XSD-based generic format for representing the flow of routing data between arbitrary routers. To provide a concrete realization of this idea, additional schema are defined to describe Border Gateway Protocol messages and several common networking datatypes. All of these schema are defined to provide validation of their underlying data, but are also flexible enough to accommodate extensions within the data and additional datatypes not already included in the schema.
Advisors/Committee Members: Massey, Daniel F. (advisor), Papadopoulos, Christos (committee member), Hayne, Stephen C. (committee member).
Subjects/Keywords: BGP; Internet routing; network security; routing monitoring; routing protocols; XML
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Bartlett, J. D. (2007). Representing BGP and routing flows in XML. (Masters Thesis). Colorado State University. Retrieved from http://hdl.handle.net/10217/79008
Chicago Manual of Style (16th Edition):
Bartlett, Jason D. “Representing BGP and routing flows in XML.” 2007. Masters Thesis, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/79008.
MLA Handbook (7th Edition):
Bartlett, Jason D. “Representing BGP and routing flows in XML.” 2007. Web. 08 Dec 2019.
Vancouver:
Bartlett JD. Representing BGP and routing flows in XML. [Internet] [Masters thesis]. Colorado State University; 2007. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/79008.
Council of Science Editors:
Bartlett JD. Representing BGP and routing flows in XML. [Masters Thesis]. Colorado State University; 2007. Available from: http://hdl.handle.net/10217/79008
Colorado State University
9.
Gersch, Joseph E.
ROVER : a DNS-based method to detect and prevent IP hijacks.
Degree: PhD, Computer Science, 2007, Colorado State University
URL: http://hdl.handle.net/10217/80941
► The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result,…
(more)
▼ The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non-participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Internet scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability.
Advisors/Committee Members: Massey, Daniel (advisor), Papadopoulos, Christos (committee member), Strout, Michelle M. (committee member), Hayne, Stephen C. (committee member).
Subjects/Keywords: security; ROVER; simulation; BGP; IP hijacking
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Gersch, J. E. (2007). ROVER : a DNS-based method to detect and prevent IP hijacks. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/80941
Chicago Manual of Style (16th Edition):
Gersch, Joseph E. “ROVER : a DNS-based method to detect and prevent IP hijacks.” 2007. Doctoral Dissertation, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/80941.
MLA Handbook (7th Edition):
Gersch, Joseph E. “ROVER : a DNS-based method to detect and prevent IP hijacks.” 2007. Web. 08 Dec 2019.
Vancouver:
Gersch JE. ROVER : a DNS-based method to detect and prevent IP hijacks. [Internet] [Doctoral dissertation]. Colorado State University; 2007. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/80941.
Council of Science Editors:
Gersch JE. ROVER : a DNS-based method to detect and prevent IP hijacks. [Doctoral Dissertation]. Colorado State University; 2007. Available from: http://hdl.handle.net/10217/80941
Colorado State University
10.
Kambhampati, Vamsi K.
Protecting critical services from DDoS attacks.
Degree: PhD, Computer Science, 2007, Colorado State University
URL: http://hdl.handle.net/10217/67463
► Critical services such as emergency response, industrial control systems, government and banking systems are increasing coming under threat from Distributed Denial of Service (DDoS) attacks.…
(more)
▼ Critical services such as emergency response, industrial control systems, government and banking systems are increasing coming under threat from Distributed Denial of Service (DDoS) attacks. To protect such services, in this dissertation we propose Epiphany, an architecture that hides the service IP address making it hard for an attacker to find, attack and disable the service. Like other location hiding based approaches, Epiphany provides access to the service through numerous lightweight proxies, which present a very wide target for the attacker. However, unlike these solutions Epiphany uses a novel approach to hide the service from both clients and proxies, thus eliminating the need to trust proxies or apply a filtering perimeter around the service destination. The approach uses dynamically generated hidden paths that are fully controlled by the service, so if a specific proxy misbehaves or is attacked, it can be promptly removed. Since the service cannot be targeted directly, the attacker may target the proxy infrastructure. To combat such threats, Epiphany separates the proxies into setup and data proxies. Setup proxies are only responsible for letting a client make initial contact with the service, while data proxies provide further access to the service. However, the setup proxies employ IP anycast to isolate the network into distinct regions. Connection requests generated in a region bounded by an anycast setup proxy are automatically directed to that proxy. This way, the attacker botnet becomes dispersed, i.e., the attacker cannot combine bots from different regions to target setup proxies in specific networks. By adding more anycast setup proxies, networks that only have legitimate clients can be freed from the perils of unclean networks (i.e., networks with attackers). Moreover, the attacker activity becomes more exposed in these unclean networks, upon which the operators may take further action such as remove them or block them until the problem is resolved. Epiphany data proxies are kept private; the service can assign different data proxies to distinct clients depending on how they are trusted. The attacker cannot disrupt on-going communication of a client who's data proxy it does not know. We evaluate the effectiveness of Epiphany defenses using simulations on an Internet scale topology, and two different implementations involving real Internet routers and an overlay on PlanetLab.
Advisors/Committee Members: Massey, Daniel (advisor), Papadopoulos, Christos (advisor), Strout, Michelle M. (committee member), Chong, Edwin K. P. (committee member).
Subjects/Keywords: distributed denial of service; proxies; location hiding; hidden paths
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kambhampati, V. K. (2007). Protecting critical services from DDoS attacks. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/67463
Chicago Manual of Style (16th Edition):
Kambhampati, Vamsi K. “Protecting critical services from DDoS attacks.” 2007. Doctoral Dissertation, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/67463.
MLA Handbook (7th Edition):
Kambhampati, Vamsi K. “Protecting critical services from DDoS attacks.” 2007. Web. 08 Dec 2019.
Vancouver:
Kambhampati VK. Protecting critical services from DDoS attacks. [Internet] [Doctoral dissertation]. Colorado State University; 2007. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/67463.
Council of Science Editors:
Kambhampati VK. Protecting critical services from DDoS attacks. [Doctoral Dissertation]. Colorado State University; 2007. Available from: http://hdl.handle.net/10217/67463
Colorado State University
11.
Belyaev, Kirill Alexandrovich.
Hermes - scalable real-time BGP broker with routing streams integration.
Degree: MS(M.S.), Computer Science, 2007, Colorado State University
URL: http://hdl.handle.net/10217/70666
► BGP is the de facto inter-domain routing protocol of Internet and understanding BGP is critically important for current Internet research and operations. Current Internet research…
(more)
▼ BGP is the de facto inter-domain routing protocol of Internet and understanding BGP is critically important for current Internet research and operations. Current Internet research is heavily dependent upon the availability of reliable up-to-date BGP data sources and often evaluated using data drawn from the operational Internet. The BGP real data supports a wide range of efforts ranging from understanding the Internet topology to building more accurate simulations for network protocols. To study and address the Internet research challenges, accessible BGP data is needed. Fortunately a number of BGP monitoring projects have been deployed for BGP data provision. However experience over a number of years has also indicated some major limitations in the current BGP data collection model with the most dramatic one being the inability to deliver real-time data and incapability to process and analyze this data fast enough in a flexible and efficient manner. This thesis presents the design and implementation of the new tool for analyzing BGP routing data in real-time - Hermes BGP Broker. Hermes is build upon the solid foundation of the related project - BGPmon [CSU] that is the BGP aggregation and monitoring platform that uses a publish/subscribe overlay network to provide real-time access to vast numbers of peers and clients. All routing events are consolidated into a single XML stream. XML allows to add additional features such as labeling updates to allow easy identification of useful data by clients and other related data structuring. Hermes as the Broker for BGPmon represents the next generation of route monitoring and analysis tools that bring routing data to the level of end-user applications. The main contribution of this thesis is the design and implementation of a new BGP route analysis platform that can be extensively used both in research and operational communities. Our work on Hermes has delivered the system that is able to analyze continuous XML data stream of BGP updates in real time and select non-duplicate messages that correspond to the specified regular expression pattern. Besides effective filtering mechanism Hermes is capable to scale really well with a large number of concurrent stream subscribers. Its performance under intensive benchmarking has been evaluated and estimated to be suitable for real-world deployment under heavy load with a large number of concurrent clients. The system is also able to distribute the filtering computations among a number of nodes and form Hermes data stream meshes of various topologies.
Advisors/Committee Members: Massey, Daniel F. (advisor), Papadopoulos, Christos (committee member), Pallickara, Shrideep (committee member), Hayne, Stephen C. (committee member).
Subjects/Keywords: BGP routing; XML streaming database platform
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Belyaev, K. A. (2007). Hermes - scalable real-time BGP broker with routing streams integration. (Masters Thesis). Colorado State University. Retrieved from http://hdl.handle.net/10217/70666
Chicago Manual of Style (16th Edition):
Belyaev, Kirill Alexandrovich. “Hermes - scalable real-time BGP broker with routing streams integration.” 2007. Masters Thesis, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/70666.
MLA Handbook (7th Edition):
Belyaev, Kirill Alexandrovich. “Hermes - scalable real-time BGP broker with routing streams integration.” 2007. Web. 08 Dec 2019.
Vancouver:
Belyaev KA. Hermes - scalable real-time BGP broker with routing streams integration. [Internet] [Masters thesis]. Colorado State University; 2007. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/70666.
Council of Science Editors:
Belyaev KA. Hermes - scalable real-time BGP broker with routing streams integration. [Masters Thesis]. Colorado State University; 2007. Available from: http://hdl.handle.net/10217/70666
Colorado State University
12.
Yan, He.
Management of internet-based service quality.
Degree: PhD, Computer Science, 2007, Colorado State University
URL: http://hdl.handle.net/10217/67660
► An increasingly diverse set of services, content distribution network (CDN), Internet games, streaming videos, online-banking, IPTV, VPN, cloud computing and VoIP, are built on top…
(more)
▼ An increasingly diverse set of services, content distribution network (CDN), Internet games, streaming videos, online-banking, IPTV, VPN, cloud computing and VoIP, are built on top of Internet. For most of these Internet-based services, best effort delivery is no longer an acceptable mode of operation as ultra-high reliability and performance is demanded to meet the stringent service-level requirements. In this dissertation, we focus on the research problem: how to manage the Internet- based service quality in a efficient and proactive manner from a service provider's point of view. Managing Internet-based service quality is extremely challenging due to its massive scale, complicated topology, high protocol complexity, ever-changing software or hardware environment and multiple administrative domains. We propose to look into this problem from two views (user view and network view) and design a novel infrastructure that consists of three systems (Argus, G-RCA and TowerScan) to enable managing Internet-based service quality from both views. We deployed our infrastructure in a tier-1 ISP that provides various Internet-based service and it has proven to be a highly effective way to manage the quality of Internet-based services.
Advisors/Committee Members: Massey, Daniel (advisor), Papadopoulos, Christos (committee member), Pallickara, Shrideep (committee member), Turk, Dan (committee member), Ge, Zihui (committee member), Yates, Jennifer (committee member).
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Yan, H. (2007). Management of internet-based service quality. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/67660
Chicago Manual of Style (16th Edition):
Yan, He. “Management of internet-based service quality.” 2007. Doctoral Dissertation, Colorado State University. Accessed December 08, 2019.
http://hdl.handle.net/10217/67660.
MLA Handbook (7th Edition):
Yan, He. “Management of internet-based service quality.” 2007. Web. 08 Dec 2019.
Vancouver:
Yan H. Management of internet-based service quality. [Internet] [Doctoral dissertation]. Colorado State University; 2007. [cited 2019 Dec 08].
Available from: http://hdl.handle.net/10217/67660.
Council of Science Editors:
Yan H. Management of internet-based service quality. [Doctoral Dissertation]. Colorado State University; 2007. Available from: http://hdl.handle.net/10217/67660
. 
Open Access Theses and Dissertations
