Northwestern
Lab for Internet and Security Technology (LIST)
The LIST team as of
December 2007.
The
Internet has become the major communication infrastructure of the society.
However, the evolution of Internet has spawned rich complexity and
vulnerability in its infrastructure. For complexity, it has proved difficult to
characterize, understand, and model the enormous volume and great variety of
Internet traffic in terms of large-scale behaviors. For vulnerability,
fundamentally, the Internet was not designed with security as one of its
principles.
The
theme of my research is to understand the complex artifacts of the current
Internet through measurement, monitoring and diagnosis of the large-scale Internet
traffic. In particular, we take challenges to monitor and diagnose 1) the
high-speed networks with 10s Gigabit/second throughput and 2) very large scale
networks and distributed systems, such as the P2P systems.
Then
based on deep understanding of the network complexity and vulnerability, we
take two approaches to improve the reliability, agility and security of the
current Internet (including wireless networks): 1) to design network-based
intrusion detection, prevention and mitigation systems to combat the emerging
large-scale attacks, such as worms and botnets; and 2) to design new protocols
and architecture to improve the reliability and security of the Internet.
Our
research methodology is the combination of theory, synthetic/real trace driven
simulation, and real-world implementation and deployment. We draw from diverse
fields of applied mathematics, such as combinatorial
algorithms, linear algebra and statistical learning as needed to better
understand the design space structure. To get access to the real Internet
measurement (often proprietary), we have been actively collaborating with
researchers from various places, such as AT&T
Labs, Motorola Labs, Yahoo!, Keynote,
Microsoft Research, Fermi National Labs, National Laboratory for Applied Network Research
(NLANR), and the Internet Storm Center
of the SANS (SysAdmin, Audit, Network, Security)
Institute.
