互联网数据分析合作协会

1、CAIDA.ORGCooperative Association for Internet Data Analysis互联网数据分析合作协会1CAIDA Web Site2BackgroundThe Cooperative Association for Internet Data Analysis (CAIDA) is located at the San Diego Supercomputer Center (SDSC) on the campus of the University of California, San Diego. CAIDA坐落于加州大学圣迭戈分校中的圣迭戈超级计算中

2、心。3Backgroundprovides tools and analyses promoting the engineering and maintenance of a robust, scalable global Internet infrastructure.为协助建造和保持一个健壮的、可扩展的全球互联网结构，提供工具和分析。4Content of CAIDAToolsAnalysisOutreachProjectsMembers5Tools Developed by CAIDAin measurementAutoFocusBelugaCflowdCoralReefIffinder

3、MantraNeTrametRTGScamperskitter6Tools Developed by CAIDAin visualizationGeoPlotGTraceLibSeaMapnetOtterPlanktonPlot-latlongPlotpathsWalrus7Other ToolsDeveloped by CAIDAArts+DnsstatDnstopFlowScanChart:GraphNetGeoOwlRRDtool8AnalysisCAIDA collects, monitors, analyzes, and visualizes several forms of Int

4、ernet traffic data concerning network topology, workload characterization, performance, routing, and multicast behavior. CAIDA收集、监控、分析和可视化以下几种互联网流量数据：关于网络拓扑、工作量特性、性能、路由和多播行为。9AnalysisThese analyses serve a variety of disciplines/purposes, including research, policy, education, and visualization. 这些分

5、析为各种学科/用途提供服务，包括研究、策略制定、教育和可视化。10AnalysisTopologyWorkload CharacterizationPerformanceRoutingMulti-castSecurity11OutreachThe transfer of technology is fundamental to CAIDAs mission. CAIDAs ongoing outreach efforts are intended to enhance community capabilities associated with designing, operating, an

6、d researching network technologies. 传播技术是CAIDA的使命中重要的一部分。CAIDA正在进行的努力是要加强和设计、运行和研究网络技术有关的沟通能力。12OutreachCAIDA outreach efforts have included workshops on Passive Traffic Monitoring and Analysis (January 1999); Network Visualization (April 1999); use of cflowd for router-based monitoring (September 1

7、999); and use of RRDtool for trend analysis (September 1999). CAIDA的对外工作包括被动流量测量会议（1999.1），网络可视化会议（1999.4），cflowd在基于路由器的监测中的使用的会议（1999.9），RRDtool在趋势分析中的使用的会议（1999.9）。13OutreachCAIDA has hosted several training sessions for university faculty, including a 2-day course on network simulation (VINT/ns),

8、 a TCP analysis course, a routing class, and a Traffic Analysis class. A similar 5-day workshop was held in June 2000. In support of the ITL program, an ITL-only workshop was held in June 2001. CAIDA还主办了几个针对大学教师的培训。14OutreachISMA - Internet Statistics and Metrics Analysis WorkshopsISMA workshops are

9、 held to discuss the current and future state of Internet measurement and analysis. 互联网统计和测量分析会议是来讨论当前和未来的互联网测量和分析的形势。15OutreachISMA - Internet Statistics and Metrics Analysis WorkshopsThe intent of the workshops are to facilitate discussion among communities of academia, equipment vendors, and serv

10、ice providers, who share an interest in and incentive to understand one anothers interests and concerns with Internet statistics and analysis.这个会议的目的是方便学术界团体，设备提供商和服务提供商之间的交流。16OutreachIEC - Internet Engineering Curriculum Repository The Internet Engineering Curriculum Repository (IEC) is a project

11、of CAIDA (Cooperative Association for Internet Data Analysis) to help educators and others interested in Internet technology keep up with developments in the field.互联网工程课程库是CAIDA的一个项目，来帮助教育工作者和其他对互联网技术有兴趣的人紧跟这个领域的发展。17OutreachITL - Internet Teaching LaboratoriesAs an extension of the IEC project, CA

12、IDA will help develop Internet Teaching Laboratory (ITL) facilities at several U.S. Colleges and Universities. Few networking courses include a hands-on laboratory component, often due to a lack of equipment. 作为IEC项目的扩展，CAIDA还将在几个美国大学帮助发展互联网教学实验室。很少的网络课程有动手操作的实验室，这多数是由于缺少设备。18OutreachITL - Internet

13、Teaching LaboratoriesCAIDA has received a generous donation of routers, interface cards, CSU/DSUs, software and engineering expertise from Cisco Systems, Cable and Wireless, and MCI Worldcom that we will use to build ITLs at about 25 U.S. Universities.CAIDA从Cisco，MCI和世通等公司，收到了一些慷慨的捐助，包括路由器，接口卡，信道服务单

14、元/数据服务单元，软件和硬件，会用于在美国的25所大学建设实验室。19ProjectsCAIDA is actively involved with several Internet related projects. CAIDA积极参与了和互联网有关的项目。20ProjectsAnalysis & Visualization of IP Connectivity （2004.1-2005.6）21Analysis & Visualization of IP ConnectivityPrimary members:k claffyPh.D. UCSD Computer Science & En

15、gineering, 1994Bradley HuffakerM.S. UCSD Computing Science & Engineering, 199822Analysis & Visualization of IP ConnectivityWe would like to build on the success of our last two years of research and analysis of Internet connectivity, which Cisco has found useful from both a research and operational

16、perspective for the last two years.这个项目研究目标是研究和分析互联网的连接,之前的两年他们也一直在做,是和Cisco合作，Cisco认可了他们前两年的研究成果，认为在研究和实际操作方面都比较有用，所以继续给与支持。23Analysis & Visualization of IP ConnectivityFor 2004-2005 our goal will be to derive three new connectivity information maps, which will involve analysis, and visualization c

17、omponents, as well as creating publically available software and databases that will support the community in a wide variety of operational analysis and research tasks. 这个项目04到05年的目标是得到三个新的连接信息的地图，包括了分析和可视化部分。同时要创建公众可用的软件和数据库，广泛地为其他的进行实际操作分析和研究工作的组织提供支持。24Analysis & Visualization of IP Connectivity1

18、.Depict inter-AS connectivity at an organizational (common AS administration) granularity as well as AS granularity, which will require new supporting CAIDA software that intelligently synthesizes registry information from several disparate sources. We already have research agreements with the four

19、main address registries for bulk access to their registry data. 描绘一个自治系统的连接图。25Analysis & Visualization of IP Connectivity2.Develop a pop-level map of the Internet with as much policy structure as we can directly gather and indirectly infer. CAIDA will use, and extend where necessary, tools develope

20、d in last years URB project 1 to gather the data for this task. 开发一个互联网地图，包括尽可能多的结构，直接收集到或者间接推断都可以。26Analysis & Visualization of IP Connectivity3.Build a hierachically structured topology map of the IPv6 Internet and correlate structure and growth patterns with that of IPv4 topology. This task relie

21、s on: (1) an active WIDE/CAIDA collaboration on IPv6 macroscopic topology measurement 2; (2) years of previous CAIDA work in IPv4 topology analysis.建立一个IPv6的层次结构的拓扑图。27Analysis & Visualization of IP ConnectivityThis project involves three levels of contributions:the visual maps, and the insights the

22、y reveal to non-experts;the associated topology knowledge bases;the supporting measurement, analysis, and presentation software.28Projects(NSF 04-540) NeTS-NR Toward Mathematically Rigorous Next-Generation Routing Protocols for Realistic Network Topologies（2003-2005）29(NSF 04-540)Most experts agree

23、that the existing data network architecture is severely stressed and reaching its capability limits. The evolutionary dynamics of several critical components of the infrastructure suggest that the existing system will not scale properly to accommodate even another decade of growth.多数专家认为现存的数据网络结构已经不

24、堪重负。这个结构中的重要部分的发展已经预示着现存的系统已经不能再正常的扩大了，即使是只容纳10年的增长。30(NSF 04-540)A mathematically rigorous formulation of scalability aspects of routing in networks is a well-studied problem in the theory of distributed computation. 对网络路由在可扩展性方面用数学上的严格公式表示，这是一个已经在分布计算理论中研究得很好的问题了。31(NSF 04-540)At the core of this

25、problem is a triangle of trade-offs among routing table size, convergence parameters, and path length inflation. By trade-off we mean that, for example, routing table size decrease comes at a price of increase in average path length.这个问题的核心是在路由表的大小，收敛参数和路径长度的增加三个方面作交换。“交换”的意思是，比如，路由表的减小是以平均路径长度的增加为代

26、价的。32(NSF 04-540)We propose to open a new area of research focused on applying key theoretical routing results in distributed computation to extremely practical purposes, i.e. fixing the Internet.这个项目的目的是研究如何应用主要路由理论，应用领域从分布式计算到极端的应用目的，也就是，修复互联网。33(NSF 04-540)Therefore, the first high-level question

27、 we seek to answer is: will a viable next-generation data network architecture require a (by definition radical) paradigm shift? For example, will graph-theoretic abstraction of network topology eventually be insufficient?总之，第一个我们寻求回答的高层次问题是：可行的下一代数据网络需要模型的改变吗？比如，用图论来作为对网络拓扑的抽象还能行吗？34(NSF 04-540)Thr

28、ee related and clearly defined tasks：1)execute the next step on the path toward construction of practically acceptable next-generation routing protocols based on mathematically rigorous routing algorithms;朝着制定实用的可接受的基于数学上严格的路由算法的下一代路由协议的目标，继续走下去。2) validate the applicability of the above algorithms

29、against several sources of real Internet topology data; 验证上述算法在几个实际的互联网拓扑数据源的情况下的可用性。35(NSF 04-540)3) build and evaluate a model for Internet topology evolution, which reflects fundamental laws of evolution of large-scale networks. 为互联网拓扑的进化发展建立模型并且进行评价，这个模型反映大规模网络的发展的基本规律。36(NSF 04-540)The extensio

30、n of network modeling methodology proposed in this section will have impact beyond the realm of the current Internet. Indeed, the results will be elegantly generic in nature; they will shed light on evolution of not only the Internet but also of many other types of self-evolving large-scale networks

31、, such as biological, social, and language networks.网络模型方法论的扩展将超出现有的互联网的领域。事实上，研究的结果在自然界非常通用；不仅适用于互联网，还是用于其它的自进化的大规模网络，比如生物、社会和语言网络。37ProjectsNSF-01-160: Quantitative Network Security Analysis（2003-2005）38Quantitative Network Security AnalysisThe field of system security research has long been domin

32、ated by individual qualitative results - either demonstrations of individual system vulnerabilities or expositions on the protection provided by individual security measures (e.g., firewalls, virus detectors, IDS systems, etc). 系统安全研究领域很长时间以来都被单独的定性的结论统治-或者是系统的缺点，或者是单独的安全措施（防火墙，病毒监控，入侵检测系统等）保护下暴露出来的

33、弱点。39Quantitative Network Security AnalysisThese contributions, though clearly valuable, are difficult to evaluate without a complementary quantitative context describing the prevalence and impact of various attacks, vulnerabilities, and responses.这些定性的结论，虽然明显是有价值的，但是没有作为补充的定量的上下文来描述各种攻击、缺点的流行和影响，这些

34、结论是很难评价的。40Quantitative Network Security AnalysisThe need for empirical data of this type is critical, both for guiding future security research and to provide a well-reasoned basis for developing operational best practices. 为了引导将来的安全研究和为开发出可操作的最好的实际系统提供充分论证基础，对这种经验数据的需要都是很紧迫的。41Quantitative Network

35、 Security AnalysisAt the same time, there are tremendous challenges in collecting and analyzing network information at sufficient scale that these findings are globally meaningful.同时，要在足够大范围内，收集和分析对全球都有意义的网络信息，还存在着很大的挑战。42Quantitative Network Security AnalysisIn previous work, we have demonstrated t

36、echniques for attacking these problems in the context of Internetconnected systems - particularly focusing on large-scale attacks such as denial-of-service and self-propagating network worms. 目前他们已经找到了处理这些问题的技术，有关互联系统的上下文-尤其是大规模攻击，比如DoS攻击和自我繁殖的网络蠕虫攻击。43Quantitative Network Security AnalysisUsing a n

37、ew technique, called backscatter analysis, combined with the large address space network telescope we have developed at UCSD, we have been able to monitor the global prevalence of denial-of-service (DoS) activity on the Internet.他们新开发了一项新技术，叫做“背向散射分析”，结合已经在加州大学圣迭戈分校开发成功的有巨大地址空间的“网络望远镜”，他们可以监控DoS攻击全球

38、互联网的流行情况。44Quantitative Network Security AnalysisOur approach allows us to quantitatively measure each individual attack, its duration, its intensity, and identify the victim and the services targeted. Our initial study demonstrated that DoS attacks occur with great frequency and target a wide-varie

39、ty of sites and network infrastructure. 前面的工作使我们能定量的分析每个攻击，他的持续时间，强度，识别受害者和被攻击的服务。前面的研究表明，DoS攻击在频繁的发生，攻击各种网站和网络结构。45Quantitative Network Security AnalysisIn related work, we have used a similar approach to monitor the spread of Internet worms such as CodeRed and Nimda. 最近，他们还使用了类似的方法来监控互联网的病毒，比如红色代码

40、和尼姆达。46Quantitative Network Security AnalysisUsing this data, we identified the growth pattern of these attacks, characterized the victims to identify common traits that made them vulnerable, and analyzed the effectiveness of security personnel in repairing their systems across the Internet.用这些数据，我们

41、识别了这些攻击的增长模式，描绘了受害者的特点，确定了使他们容易受到攻击的共同特点，分析了安全人员在通过互联网修复系统方面的效力。47Quantitative Network Security AnalysisFinally, we have also developed a preliminary analysis of the technical requirements for effective worm countermeasures. 最后，对高效的对付蠕虫的策略的技术要求我们已经作了初步的分析。48Quantitative Network Security AnalysisBy c

42、ombining spreading models, population data extracted from real Internet worm epidemics, and measured models of Internet topology, we have shown that any reactive worm defense will require extremely widespread deployment and very short reaction times (a few minutes or less).通过结合传播模式、数量等从实际的互联网蠕虫的传播得来

43、的数据，以及对互联网拓扑结构的测量，发现任何反应式的蠕虫防御需要广泛的部署和非常短的反应时间（即分钟或更少）。49Quantitative Network Security AnalysisUsing these ideas as a basis, we propose to develop a combination of network analysis techniques and network measurement infrastructure to analyze large-scale Internet security threats.项目目标：上述思想作为基础，我们要开发结

44、合了网络网络分析技术和网络测量结构的系统来分析大规模互联网的安全威胁。 50Quantitative Network Security AnalysisIn particular, we plan to investigate the following questions: how do the nature of these threats change over time, how effective are attackers at compromising services, and how well do existing security countermeasures prov

45、ide a meaningful defense against these threats in practice? 特别是，我们计划研究下面的问题：这些威胁的是怎样随着时间变化的，攻击者在危及服务安全的时候的有多高效，现有的安全措施在面临这样的威胁的时候能提供什么样的保护？51Quantitative Network Security AnalysisWe expect to be able to measure the vast majority of large-scale Internet attacks and capture global DoS, worm, and port

46、scan activity on an ongoing basis. 我们希望能测量大规模的互联网攻击的绝大部分，并且捕捉到全球的DoS攻击，蠕虫和对端口扫描活动。52Quantitative Network Security AnalysisWe plan to extend our backscatter algorithms and measurement infrastructure to track Internet attacks in real-time and actively probe victimized hosts to understand the impact of

47、 these attacks, the distribution of various vulnerabilities, and the efficacy of employed security measures.我们计划把我们的背向散射算法和测量结构扩展到实时追踪互联网攻击，以及主动探测受到攻击的主机来了解这些攻击的影响，各种弱点的分布，和部署的安全措施的效果。53Quantitative Network Security AnalysisFinally, we will modify our monitors to redirect a subset of packets to simu

48、lated hosts (a so-called honeynet) to automatically identify and characterize new worms as they emerge.我们还计划修改监控器，重定向一些包到模拟主机（所谓的“honeynet”），在新的蠕虫刚出现的时候就自动识别和描述它们。54Quantitative Network Security AnalysisThe potential impact of this proposal is the creation of an empirical dataset that describes larg

49、e-scale attacks across the global Internet. 我们还会创建一个经验数据集，描述全球互联网的大规模攻击。55Quantitative Network Security AnalysisMoreover, the real-time nature of this dataset could be widely valuable for operationally detecting, tracking, and characterizing large-scale threats as they occur. 此外，这个数据集的实时特性会广泛的对实际的探测

50、、跟踪和描述大规模威胁有价值。56Quantitative Network Security AnalysisGiven ongoing requests from government, industry, and academia that we receive for our preliminary data, we believe that there is keen, widespread interest for the large-scale data that we propose to create.有了政府、工业界和学术界的要求，我们收到了初步的数据，我们相信对我们要创建的

51、大规模数据会有急切的广泛传播的兴趣。57Internet Atlas Project（2001-2004）58Internet Atlas Project（2001-2004）59Internet Atlas Project（2001-2004）60Projectsipnc (Inter-Provider Notification Channel) Analysis & Visualization of BGP Connectivity Among Autonomous Systems NCS: Routing Analysis and Peering Policy for Enhancing

52、 Internet Performance and Security SD-NAP(San Diego Network Access Point)61ProjectsAtoms - Atomised Routing (CiscoURB 2002) Advanced Techniques to Detect and Control Global Security Threats NMS - Network Modeling and SimulationBandwidth Estimation Project Analysis of the DNS root and gTLD nameserver system 62Thank you for your attention!Presented by sillness.lee63AutoFocusAutoFocus is a traffic