Shir Landau-Feibish


The Blavatnik School of Computer Science - Tel Aviv University

Network Analytics at Scale

The drastically growing scale of today's networks makes managing them a significant challenge. Timely detection and response to events such as congestion, failure, and attack are crucial for proper network operation and require analyzing voluminous traffic quickly and accurately.  To do so, we must devise new techniques for network monitoring and control, that identify and fix problems when and where they happen.  In this talk I will present two results, that address detection and mitigation of common network problems,  the first is queue buildup and the second is zero-day attacks. First, I will present a system for real-time detection of queue buildup in programmable switches. Short-lived traffic surges can cause periods of unexpectedly high queue utilization and may lead to packet loss. We will present a system that detects congestion as it forms, and identifies the flows causing queue buildup within the data plane using P4. We show that our system accurately targets the responsible flows at the sub-millisecond level. This is a joint work with Xiaoqi Chen, Yaron Koral, Jennifer Rexford and Ori Rottenstreich. Second, I will present a system for automatic signature extraction for zero-day attacks.  Attack signatures, which include one or more strings (or regular expressions) common to packets in an attack, are usually generated a-priori and then used in intrusion detection systems to identify certain content in future traffic.  However, existing signatures can not assist in detecting yet unknown attacks. We present a system for automatic extraction of signatures for zero-day Distributed Denial of Service (DDoS) attacks. Our system finds popular strings of variable length in a set of packets, using the classic Space-Saving heavy-hitters algorithm as a building block. This is a joint work with Yehuda Afek and Anat Bremler-Barr.

Date: Sun 09 Dec 2018

Start Time: 11:30

1061 | Electrical Eng. Building