Shir Landau-Feibish: Network Analytics at Scale

×

Error message

  • Deprecated function: Creation of dynamic property LdapUserConf::$createLDAPAccounts is deprecated in LdapUserConf->load() (line 265 of /var/lib/drupal7/modules/ldap/ldap_user/LdapUserConf.class.php).
  • Deprecated function: Creation of dynamic property LdapUserConf::$createLDAPAccountsAdminApproval is deprecated in LdapUserConf->load() (line 266 of /var/lib/drupal7/modules/ldap/ldap_user/LdapUserConf.class.php).

The drastically growing scale of today's networks makes managing them a significant challenge. Timely detection and response to events such as congestion, failure, and attack are crucial for proper network operation and require analyzing voluminous traffic quickly and accurately.  To do so, we must devise new techniques for network monitoring and control, that identify and fix problems when and where they happen.In this talk I will present two results, that address detection and mitigation of common network problems, the first is queue buildup and the second is zero-day attacks. First, I will present a system for real-time detection of queue buildup in programmable switches. Short-lived traffic surges can cause periods of unexpectedly high queue utilization and may lead to packet loss.We will present a system that detects congestion as it forms, and identifies the flows causing queue buildup within the data plane using P4. We show that our system accurately targets the responsible flows at the sub-millisecond level. This is a joint work with Xiaoqi Chen, Yaron Koral, Jennifer Rexford and Ori Rottenstreich. Second, I will present a system for automatic signature extraction for zero-day attacks.   Attack signatures, which include one or more strings (or regular expressions) common to packets in an attack, are usually generated a-priori and then used in intrusion detection systems to identify certain content in future traffic.However, existing signatures can not assist in detecting yet unknown attacks. We present a system for automatic extraction of signatures for zero-day Distributed Denial of Service (DDoS) attacks. Our system finds popular strings of variable length in a set of packets, using the classic Space-Saving heavy-hitters algorithm as a building block. This is a joint work with Yehuda Afek and Anat Bremler-Barr.

Date and Time: 
Thursday, November 29, 2018 - 13:30 to 14:30
Speaker: 
Shir Landau-Feibish
Location: 
C110
Speaker Bio: 

Shir Landau Feibish is a postdoctoral researcher at Princeton University, hosted by Prof. Jennifer Rexford. Her main research interests are in monitoring and management of computer networks, programmable networks and network security. Currently, her research focuses on building tools for network monitoring by tailoring streaming methods to the computational model and constraints of programmable switches.Shir received a Ph.D. in Computer Science from Tel Aviv University, where she was advised by Prof. Yehuda Afek.She has received several awards including the Eric and Wendy Schmidt Postdoctoral Award for Women in Mathematical and Computing Sciences, and was also the second place winner in the Broadcom Foundation University Research Competition.