Files in this item



application/pdfCHAUDHRY-THESIS-2018.pdf (10MB)Restricted Access
(no description provided)PDF


Title:Network analysis, inference and verification
Author(s):Chaudhry, Gohar Irfan
Advisor(s):Caesar, Matthew
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
anomaly detection
Abstract:Securely operating large-scale networks is a non-trivial task involving interactions between various hardware devices, protocols, and configurations, all of which need to work in tandem for the network to be secure and in the desired state that the network administrators want it to be in. Misconfigurations or malicious activities in the network can disrupt it resulting in dire effects including but not limited to outages of critical applications and breach of sensitive information. In this work, we propose a robust framework for diagnosing such anomalies across enterprise networks, and study their impact in terms of changes in routing behavior and reachability. To study the network as closely as possible to its actual behavior we perform analysis on data plane features as they govern the journey of a packet during its life-cycle across the network. We perform temporal analysis of the network as a whole and inspect the evolution of various properties. We then determine the deviation of the network relative to its previous states and identify as accurately as possible if the current state is anomalous. Given the historic states of the network over some time, we also try to infer high-level policies and invariants in the network. These allow for running various verification techniques on the network. Finally, we propose a network verification tool designed to verify the network as a dynamic, multi-layer distributed system. The richness of this tool’s network model allows it to find network issues that are not detectable using state of the art tools which work solely on either data plane states or control plane states without examining the interaction of the two among themselves and temporally with the network environment. Building on this verification tool, we propose a technique for high-coverage testing of end-to-end network correctness using the real software that is deployed in these networks; our design is effectively a hybrid, using an explicit-state model checker to explore all network-wide execution paths and event orderings, but executing real software as subroutines for each device. We show that this approach can detect correctness issues that would be missed both by existing verification and testing approaches, and a prototype implementation suggests that the technique can scale to larger networks with reasonable performance. Thus, our framework provides an end to end solution for network analysis, inference and verification.
Issue Date:2018-04-24
Rights Information:Copyright 2018 Gohar Irfan Chaudhry
Date Available in IDEALS:2019-08-23
Date Deposited:2018-05

This item appears in the following Collection(s)

Item Statistics