acm sigcomm

This paper undertakes quantification of the validity of IRR data along various dimensions: overall consistency with BGP data, dependence ontype of AS, and on IRR region. Specific focus is on the (IP-prefix, AS origin) pair, PO pair for short, the consistency of which is checked across the IRR data and the BGP data. For the IRR data, are presentative subset of IRR data is taken from two IRR databases, RIPE and RADB, in Jan 2013. And for the BGP data, PO pairs published by CAIDA (in the same month), as extracted from RouteViews, is taken.Using this data, the paper shows that registration of PO pairs in IRR is common among more than three-quarters of ASes. Such registrationis especially common among small-to-medium sized transit providers, likely since they manage a small number of customer ASes (a few tens to a few hundreds). The analysis also shows that the trustworthiness of the IRR data varies with region; some regional registries are better maintained than others. The significance of this work lies in the potential application of IRR data in preventing or at least mitigating inter-domain routing issues due to prefix misconfigurations or prefix hijacking attacks. While the paper is an initial step in quantifying the validity of IRR data, the actual scheme for the use of IRR for BGP prefix filtering is part of this paper’s future work. Also of potential interest in related future work, is the examination of inter-AS relations in the context of overlapping PO pairs in the IRR, as well as checking the overall conclusions in the paper using other IRR data and using activ measurements (e.g. using PlanetLab).

The area of network traffic classification, which aims at labeling network traffic according to application or application type, is constantly evolving. When classification based on port inspection got deployed, applications started using dynamic ports. Then, the deployment of deep-packet inspection caused some applications to use encryption or variable length padding. Every new application development triggers new traffic classification techniques. Often each technique is tested in different environments and using proprietary network traces making it hard to reproduce the results, compare techniques, and fully understand the limits and benefits of each technique.
This paper presents a tool to benchmark traffic classification techniques, called NeTraMark. NeTraMark is extensible, so researchers can plug-in their techniques to compare to other classification algorithms. NeTraMark already includes implementations of eleven existing classification algorithms ranging from port and deep-packet inspection to graph-based classifiers. It also implements a number of evaluation metrics and a visualization module. Researchers can easily compare the results of classification techniques under the same metrics. Since publicly available full-payload traces are rare, NeTraMark can be deployed at different sites to run on locally available data sets. In summary, NeTraMark combines a number of features that should facilitate the life of developers of traffic classification techniques. The source code is available, so we should all contribute with our own algorithms and techniques. A community effort should lead to better standards for evaluating traffic classification techniques.