GGrantIndex
← Search

NeTS: Medium: Characterizing Enterprise Networks

$593,493FY2012CSENSF

International Computer Science Institute, Berkeley CA

Investigators

Abstract

The Internet is a global ``network of networks,'' connecting a broad range of edge networks together into a fabric that enriches the lives and businesses of millions of people every day. Study of the Internet---from routing behavior to traffic characteristics to inferring operator policies to security properties and beyond---has blossomed over the past two decades. A large literature now exists of studies undertaken by the research community, producing much empirically-based insight into the Internet's operation. However, the edge networks that the Internet weaves together---from cellular to enterprise to residential to data center networks---have received far less empirical study. The complexity of these networks grows ever-increasing, yet our understanding has failed to keep pace. Despite their widespread use and major roles in facilitating modern economic productivity, networks at this scale have received at best fleeting examination in the research literature. Part of the issue with studying these types of networks is that general availability of analysis tools is nearly non-existent. While tools to analyze packet trace data from wide-area networks are plentiful, this is not the case for enterprise networks. For instance, there are many application layer protocols that manifest inside enterprise networks, but rarely transit the shared Internet, for which no packet trace analysis tools exist. In this project we will develop such tools in the context of the Bro intrusion detection system. These tools will form a capability that enables deep analysis of enterprise networks by the research community at-large. Intellectual merit: Enterprise networks are vastly complicated entities that have been significantly understudied by the community. This project will dramatically broaden and deepen our capability to soundly measure these critical networks. Broader impact: By building enterprise network analysis techniques directly into the open-source Bro network monitoring system, we will enable broad access to these new capabilities, aiding both researchers conducting investigations of enterprise networks, and security operators who deploy Bro to protect their networks. As Bro has hundreds of users, providing this latter group with new analysis capabilities will have a significant real-world impact on network security.

View original record on NSF Award Search →
NeTS: Medium: Characterizing Enterprise Networks · GrantIndex