NeTS-NBD: Maltraffic Analysis and Detection in Challenging and Aggregate Traffic (MADCAT)
Project Summary
MADCAT is a joint research effort of
USC/Information Sciences Institute,
USC's Electrical Engineering Dept.,
and
Colorado State University's Computer Science Dept.
The Internet can be a dangerous place, with malware
taking control of users' computers and turning them against others
or themselves.
Many compromised computers generate
maltraffic, which includes
denial-of-service (DoS) attacks, spyware reporting home,
unauthorized applications (applications in violation of a corporate
acceptable use policy such as peer-to-peer file sharing, chat, games),
spam (both inbound and outbound), and worms.
Firewalls, intrusion detection systems, anti-virus programs, proxies and filters
all try to defend against maltraffic.
Unfortunately, defense is increasingly difficult
due to
traffic encryption,
edge-level aggregation (making filtering and blacklisting
result in collateral damage),
and
large traffic volumes and active cloaking
allowing maltraffic to hide itself.
MADCAT proposes to use
signal processing and detection theory
as new tools to address these problems in detecting maltraffic.
MADCAT is supported by the National Science Foundation's
Networking Technology and Systems (NeTS) program,
grant number
CNS-0626696.
People
(listed alphabetically)
- Genevieve Bartlett
- John Heidemann (co-PI, USC/ISI)
- Sean McPherson
- Urbashi Mitra (co-PI, USC/EE)
- Antonio Ortega (co-PI, USC/EE)
- Christos Papadopoulos (co-PI, USC/CSD)
- Gautam Thatte
Publications
- Xun Fan and John Heidemann.
Selecting Representative IP Addresses for Internet Topology Studies. In Proceedings of the ACM Internet Measurement Conference, p. to appear. Melbourne, Australia, ACM. November, 2010.
-
Gautam Thatte, Urbashi Mitra, and John Heidemann. Parametric Methods for Anomaly Detection in Aggregate Traffic. ACM/IEEE Transactions on Networking, 19 (2 ), pp. 512-525, August, 2010. (Appeared in print April 2011). http://dx.doi.org/10.1109/TNET.2010.2070845
- John Heidemann and Christos Papadopoulos.
Uses and Challenges for Network Datasets. In Proceedings of the IEEE Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH), p. to appear.
Washington, DC, USA, IEEE.
March, 2009.
<http://www.isi.edu/~johnh/PAPERS/Heidemann09a.html>.
- Xue Cai and John Heidemann.
Active Probing to Classify Internet Address Blocks (Extended Abstract for SIGCOMM'08 Poster). Technical Report ISI-TR-653, USC/Information Sciences
Institute, August, 2008.
-
John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, Genevieve Bartlett, and Joseph Bannister.
Census and Survey of the Visible
Internet In Proceedings of the ACM Internet Measurement
Conference, p. to appear. Vouliagmeni, Greece, ACM. October, 2008.
-
Gautam Thatte, Urbashi Mitra and John Heidemann.
Detection of Low-rate Attacks in Computer Networks.
In Proceedings of the 11th IEEE Global Internet, Phoenix,
Arizona, USA, IEEE. April, 2008.
-
John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, and Genevive Bartlett, and Joseph Bannister.
Census and Survey of the Visible Internet (extended). Technical Report ISI-TR-2008-649, USC/Information Sciences Institute, February, 2008.
-
John Heidemann and Yuri Pradkin.
"Mapping the Internet Address Space" (poster).
September 2007.
Described on the "Mapping the Internet Address Space" web page.
- Genevieve Bartlett, John Heidemann, Christos Papadopoulos, and James
Pepin.
Estimating P2P Traffic Volume at USC. Technical Report ISI-TR-2007-645, USC/Information Sciences
Institute, July, 2007.
-
John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, and Joseph Bannister.
Exploring Visible Internet Hosts through Census and Survey. Technical Report ISI-TR-2007-640, USC/Information Sciences Institute, May, 2007.
- Genevieve Bartlett, John Heidemann, and Christos Papadopoulos.
Understanding Passive and Active Service
Discovery. Technical Report ISI-TR-2007-642, USC/Information Sciences
Institute, May, 2007. http://www.isi.edu/~johnh/PAPERS/Bartlett07b.html
- Genevieve Bartlett, John Heidemann and Christos Papadopoulos.
Inherent Behaviors for On-line Detection of Peer-to-Peer File Sharing.
In Proceedings of the 10th IEEE Global Internet, Anchorage,
Alaska, USA, IEEE. May, 2007. An extended version of this paper is
available as a techreport: ISI-TR-2006-647
For related publications, please see the ANT publications web page.
Software
See the see the ANT distribution web page.
Traces
See the see the ANT traces page.
Related Links
ANT: the Analysis of Network Traffic research group
Please send comments about this web page to

Last modified: $Date: 2011-12-05 14:01:53 -0800 (Mon, 05 Dec 2011) $