MADCAT: Maltraffic Analysis and Detection in Challenging and Aggregate Traffic (NeTS-NBD)
The MR-Net project ran from 2006 to 2010 and is now complete. Its research results are now used by several other projects at ISI and elsewhere. For follow-on work, please see current work by the ANT Lab.
MADCAT is a joint research effort of USC/Information Sciences Institute, USC's Electrical Engineering Dept., and Colorado State University's Computer Science Dept.
The Internet can be a dangerous place, with malware taking control of users' computers and turning them against others or themselves. Many compromised computers generate maltraffic, which includes denial-of-service (DoS) attacks, spyware reporting home, unauthorized applications (applications in violation of a corporate acceptable use policy such as peer-to-peer file sharing, chat, games), spam (both inbound and outbound), and worms.
Firewalls, intrusion detection systems, anti-virus programs, proxies and filters all try to defend against maltraffic. Unfortunately, defense is increasingly difficult due to traffic encryption, edge-level aggregation (making filtering and blacklisting result in collateral damage), and large traffic volumes and active cloaking allowing maltraffic to hide itself.
MADCAT proposes to use signal processing and detection theory as new tools to address these problems in detecting maltraffic.
MADCAT is supported by the National Science Foundation's
Networking Technology and Systems (NeTS) program,
- Genevieve Bartlett, USC CS PhD Graduate (2010) (USC CSD and ISI)
- Xinming He, USC CS PhD graduate (2006) (USC CSD)
- John Heidemann, faculty and co-PI (USC/ISI)
- Wen-tien Kung, MS graduate (2005) (USC EE)
- Sean McPherson, USC EE PhD graduate (2011) (USC EE)
- Urbashi Mitra, faculty and co-PI (USC EE)
- Antonio Ortega, faculty and co-PI (USC EE)
- Rishi Sinha, USC CS PhD graduate (2006) (USC/CSD)
- Gautam Thatte, PhD graduate (2011) (USC EE Dept.)
- Xun Fan and John Heidemann. Selecting Representative IP Addresses for Internet Topology Studies. In Proceedings of the ACM Internet Measurement Conference, p. to appear. Melbourne, Australia, ACM. November, 2010.
- Gautam Thatte, Urbashi Mitra, and John Heidemann. Parametric Methods for Anomaly Detection in Aggregate Traffic. ACM/IEEE Transactions on Networking, 19 (2 ), pp. 512-525, August, 2010. (Appeared in print April 2011). http://dx.doi.org/10.1109/TNET.2010.2070845
- John Heidemann and Christos Papadopoulos. Uses and Challenges for Network Datasets. In Proceedings of the IEEE Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH), p. to appear. Washington, DC, USA, IEEE. March, 2009. <http://www.isi.edu/~johnh/PAPERS/Heidemann09a.html>.
- Xue Cai and John Heidemann. Active Probing to Classify Internet Address Blocks (Extended Abstract for SIGCOMM'08 Poster). Technical Report ISI-TR-653, USC/Information Sciences Institute, August, 2008.
- John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, Genevieve Bartlett, and Joseph Bannister. Census and Survey of the Visible Internet In Proceedings of the ACM Internet Measurement Conference, p. to appear. Vouliagmeni, Greece, ACM. October, 2008.
- Gautam Thatte, Urbashi Mitra and John Heidemann. Detection of Low-rate Attacks in Computer Networks. In Proceedings of the 11th IEEE Global Internet, Phoenix, Arizona, USA, IEEE. April, 2008.
- John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, and Genevive Bartlett, and Joseph Bannister. Census and Survey of the Visible Internet (extended). Technical Report ISI-TR-2008-649, USC/Information Sciences Institute, February, 2008.
John Heidemann and Yuri Pradkin.
"Mapping the Internet Address Space" (poster).
Described on the "Mapping the Internet Address Space" web page.
- Genevieve Bartlett, John Heidemann, Christos Papadopoulos, and James
Estimating P2P Traffic Volume at USC. Technical Report ISI-TR-2007-645, USC/Information Sciences
Institute, July, 2007.
- John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, and Joseph Bannister. Exploring Visible Internet Hosts through Census and Survey. Technical Report ISI-TR-2007-640, USC/Information Sciences Institute, May, 2007.
- Genevieve Bartlett, John Heidemann, and Christos Papadopoulos. Understanding Passive and Active Service Discovery. Technical Report ISI-TR-2007-642, USC/Information Sciences Institute, May, 2007. http://www.isi.edu/~johnh/PAPERS/Bartlett07b.html
- Genevieve Bartlett, John Heidemann and Christos Papadopoulos. Inherent Behaviors for On-line Detection of Peer-to-Peer File Sharing. In Proceedings of the 10th IEEE Global Internet, Anchorage, Alaska, USA, IEEE. May, 2007. An extended version of this paper is available as a techreport: ISI-TR-2006-647
For related publications, please see the ANT publications web page.
See also ANT software.
See the see the ANT traces page.