Browsing by Subject "Networking"

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Bridging Brown County Case Study: Connecting Communities and Finding a Future
    (University of Minnesota. Extension Service, 2006) Brandt, Erin
  • Thumbnail Image
    Item
    Creating scalable, efficient and namespace independent routing framework for future networks.
    (2011-06) Jain, Sourabh
    In this thesis we propose VIRO -- a novel and paradigm-shifting approach to network routing and forwarding that is not only highly scalable and robust, but also is namespace- independent. VIRO provides several advantages over existing network routing architectures, including: i) VIRO directly and simultaneously addresses the challenges faced by IP networks as well as those associated with the traditional layer-2 technologies such as Ethernet -- while retaining its "plug-&-play" feature. ii) VIRO provides a uniform convergence layer that inte- grates and unifies routing and forwarding performed by the traditional layer-2 (data link layer) and layer-3 (network layer), as prescribed by the conventional local-area/wide-area network di- chotomy and layered architecture. iii) Perhaps more importantly, VIRO decouples routing from addressing, and thus is namespace-independent. Hence VIRO allows new (global or local) ad- dressing and naming schemes (e.g., HIP or flat-id namespace) to be introduced into networks without the need to modify core router/switch functions, and can easily and flexibly support inter-operability between existing and new addressing schemes/namespaces. In the second part of this thesis, we present Virtual Ethernet Id Layer, in short VEIL, a practical realization of VIRO routing protocol to create a large-scale Ethernet networks. VEIL is aimed at simplifying the management of large-scale enterprise networks by requiring minimal manual configuration overheads. It makes it tremendously easy to plug-in a new routing-node or a host-device in the network without requiring any manual configuration. It builds on top of a highly scalable and robust routing substrate provided by VIRO, and supports many advanced features such as seamless mobility support, built-in multi-path routing and fast-failure re-routing in case of link/node failures without requiring any specialized topologies. To demonstrate the feasibility of VEIL, we have built a prototype of VEIL, called veil-click, using Click Modular Router framework, which can be co-deployed with existing Ethernet switches, and does not require any changes to host-devices connecting to the network.
  • Thumbnail Image
    Item
    Impacts of a Bridging Cohort Leadership Program: Network Brown County
    (St. Paul, MN: University of Minnesota Extension Service, 2011-10) Rasmussen, Catherine; Armstrong, Jessica; Chazdon, Scott
    Network Brown County is a leadership education program that brings together groups of 15-20 Brown County residents of diverse backgrounds for nine one-day sessions. Participants meet new people, discover new places in the county, broaden their knowledge of community resources, and increase understanding of issues facing the county. To date, six annual cohorts have completed the program. This study sought to determine participant-identified outcome success and impact of Network Brown County using the Community Capitals Framework, and to measure impacts using participants, as well as community stakeholders, as data sources.
  • Thumbnail Image
    Item
    Securing and Protecting Enterprise Networks via Data-driven Analytics and Application-aware SDN
    (2016-09) Mekky, Hesham
    The popularity of online services, such as social networks and online banking, has made them a popular platform for attackers. Cybercriminals leverage them to spread malicious software (malware) and steal personal information. In a cybercriminal operation, miscreants infect their victims'’ machines with malware that performs malicious activities. This occurs due to poor security measures implemented by enterprise networks, and the complexity of network management tools. By studying existing malware distribution networks and enterprise networks management tools, we aim to understand the techniques used to infect victims such as drive-by downloads, study malware families and design better detection methodologies, and seek solutions towards an improved network management framework. Towards these goals, this thesis studies three orthogonal problems aiming at addressing security and management problems in modern networks. First, we study malware infections due to drive-by downloads using a large ISP dataset. We show that attackers employ redirections which automatically redirect users' requests through a series of intermediate websites, before landing on the final distribution site. To detect these malicious redirections, we developed a machine learning framework that relies on a distinctive set of features to label the malicious redirections and block them. Second, we study malware network traces for infected hosts in an enterprise network using real malware traces, and we show that malware traffic comes mixed up with legitimate user traffic such as browsing traffic. To improve malware detection, we developed a novel system that decomposes the traffic into separate components, and applies the detection system to the suspected malware component only, and consequently improve detection rates. Third, we postulate native network functions within the Software-defined Network (SDN) data plane, where the same logical controller controls both network services and routing. This is enabled by extending Software-defined Networking to support stateful flow handling based on higher layers in the packet beyond layers 2-4. As a result, network functions (a.k.a middleboxes) can be chained on demand, directly on the data plane. We present an implementation of this architecture based on Open vSwitch, and show that it enables popular network functions effectively and addresses the management problems in enterprise networks. In summary, this thesis addresses these three closely related problems by: (1) protecting enterprise networks from drive-by downloads launched using redirections via a data-driven approach; (2) detecting existing malware activity on the network by decomposing the end-host traffic into a benign component and a suspected malware component, then classifying the malware into its malware family; and (3) building a flexible network architecture that enables managing network functions (e.g. such as systems in (1) and (2) and others like firewalls and load balancers) within the data plane along with the routing using a unified control plane.