Detecting Network-Wide and Router-Specific Misconfigurations Through Data Mining

Le, Franck; Lee, Sihyung; Wong, Theodore M.; Kim, Hyong S.; Newcomb, Darrell

doi:10.1109/tnet.2008.925631

Cited by 33 publications

(22 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…-Router-level path variability: Router-level maps of an AS are far more variable than AS-level maps: the latter rely on AS peering information (which is based on business relationships, that do not change frequently), while the former change with network conditions. Routing tables themselves are prone to inconsistencies and bogus routes [48,54]. -Imperfect coverage by Traceroute: We used a large number of planetlab nodes to launch traceroute probes 14 , but there remains a chance that some routes are simply not covered; further increasing the number of vantage points, i.e.…”

Section: Limitationsmentioning

confidence: 99%

Mending Wall: On the Implementation of Censorship in India

Gosain

Agarwal

Shekhawat

et al. 2018

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

This paper presents a study of the Internet infrastructure in India from the point of view of censorship.First, we show that the current state of affairs -where each ISP implements its own content filters (nominally as per a governmental blacklist) -results in dramatic differences in the censorship experienced by customers. In practice, a well-informed Indian citizen can escape censorship through a judicious choice of service provider.We then consider the question of whether India might potentially follow the Chinese model and institute a single, government-controlled filter. This would not be difficult, as the Indian Internet is quite centralized already. A few "key" ASes (≈ 1% of Indian ASes) collectively intercept ≈ 95% of paths to the censored sites we sample in our study, and also to all publicly-visible DNS servers. 5, 000 routers spanning these key ASes would suffice to carry out IP or DNS filtering for the entire country; ≈ 70% of these routers belong to only two private ISPs. If the government is willing to employ more powerful measures, such as an IP Prefix Hijacking attack, any one of several key ASes can censor traffic for nearly all Indian users.Finally, we demonstrate that such federated censorship by India would cause substantial collateral damage to non-Indian ASes whose traffic passes through Indian cyberspace (which do not legally come under Indian jurisdiction at all).

show abstract

Section: Limitationsmentioning

confidence: 99%

Mending Wall: On the Implementation of Censorship in India

Gosain

Agarwal

Shekhawat

et al. 2018

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

show abstract

“…In SANE, the ACLs can be specified in a natural way so as to capture the semantics clearly. Le et al [17] used data mining techniques to analyze security policies and to detect possible misconfigurations in the policies. They considered the notion of association rule mining to extract usable safe configurations of routers and detect anomalies in other routers using the extracted patterns.…”

Section: A Network Reachabilitymentioning

confidence: 99%

Privacy-Preserving Quantification of Cross-Domain Network Reachability

Chen¹,

Bezawada

Liu

2015

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

Network reachability is an important characteristic for understanding end-to-end network behavior and helps in detecting violations of security policies across the network. While quantifying network reachability within one administrative domain is a difficult problem in itself, performing the same computation across a network spanning multiple administrative domains presents a novel challenge. The problem of quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies of individual domains is a serious concern and needs to be protected through this process. In this paper, we propose the first cross-domain privacy-preserving protocol for quantifying network reachability. Our protocol constructs equivalent representations of the Access Control List (ACL) rules and determines network reachability while preserving the privacy of the individual ACLs. This protocol can accurately determine the network reachability along a network path through different administrative domains. We have implemented and evaluated our protocol on both real and synthetic ACLs. The experimental results show that the online processing time of an ACL containing thousands of rules is less than 25 s. Given two ACLs, each containing thousands of rules, the comparison time is less than 6 s, and the total communication cost is less than 2100 kB.Index Terms-Cross domain, network reachability quantification, privacy preserving. 1063-6692

show abstract

“…Similar approaches were used to suggest to firewall administrators policies that match prespecified goals [16]. Other works used rule mining and Bayesian inference to analyze router policies and automatically detect configuration errors (e.g., [21]). …”

Section: Privacy In Online Social Networkmentioning

confidence: 99%

What you want is not what you get

Sinha

Bauer

2013

Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security

View full text Add to dashboard Cite

As the amount of content users publish on social networking sites rises, so do the danger and costs of inadvertently sharing content with an unintended audience. Studies repeatedly show that users frequently misconfigure their policies or misunderstand the privacy features offered by social networks.A way to mitigate these problems is to develop automated tools to assist users in correctly setting their policy. This paper explores the viability of one such approach: we examine the extent to which machine learning can be used to deduce users' sharing preferences for content posted on Facebook. To generate data on which to evaluate our approach, we conduct an online survey of Facebook users, gathering their Facebook posts and associated policies, as well as their intended privacy policy for a subset of the posts. We use this data to test the efficacy of several algorithms at predicting policies, and the effects on prediction accuracy of varying the features on which they base their predictions. We find that Facebook's default behavior of assigning to a new post the privacy settings of the preceding one correctly assigns policies for only 67% of posts. The best of the prediction algorithms we tested outperforms this baseline for 80% of participants, with an average accuracy of 81%; this equates to a 45% reduction in the number of posts with misconfigured policies. Further, for those participants (66%) whose implemented policy usually matched their intended policy, our approach predicts the correct privacy settings for 94% of posts.

show abstract

Detecting Network-Wide and Router-Specific Misconfigurations Through Data Mining

Cited by 33 publications

References 9 publications

Mending Wall: On the Implementation of Censorship in India

Mending Wall: On the Implementation of Censorship in India

Privacy-Preserving Quantification of Cross-Domain Network Reachability

What you want is not what you get

Contact Info

Product

Resources

About