# The 2nd ACEMS Workshop on Challenges of Data and Control of Networks (ACDCN), 2018

The ACEMS Workshop on Challenges of Data and Control of Networks is broad-ranging workshop covering topics in measurement, management and control of networks. In particular, we want to consider networked cyber-physical systems and related security issues, but other topics from wireless, WWW, and other network management settings are welcomed. The workshop will have a strong theme of data that is hard to acquire, hard to work with, and hard to analyse.

This years event is aimed at building on the success of the 2017 workshop.

### Program:

Rough schedule and locations

• Tue 27th: 4.30-6.00 Meet and Greet (Common area, Level 5 of Inkgarni Wardli Building)
• Wed 28th: 9.00-5.00 Technical Talks (JCSC, Level 26, 91 King William Street).
• Wed 28th: 6.00-10.00 Dinner, Ding Hao, 26 Gouger St, Adelaide.
• Thur 29th: 9.30-12.30 Technical Talks, and wrap up

Detailed program

Day Time
Tue 4.30-6.00pm Meet and Greet, Wine and beer on level 5 (Inkgarni Wardli)
Wed 9.00-9.25 Coffee
9.25-9.30 Welcome
9.30-10.30 Randy Bush, Critical Infrastructure vs Computer Science vs Software Engineering
bonus talk, Weaponizing BGP Using Communities
10.30-11.00 Morning Tea
11.00-12.00 Cristel Pelsser, Detecting outages from unsolicited traffic
12.00-2.00 Lunch
2.00-3.40 Short talks on network measurements
Ashley Flavel
Byron Ellacott, APNIC
Prosha Rahman, UNSW
Chris Wiren, DST
3.40-4.00 Afternoon tea
4.00-5.00 Darryl Veitch, Network Timing: the Good, the Bad, the Ugly, and how to Make it Stop
6.00 (for 6.30) Dinner at Ding Hao
Thur 9.30-10.30 Walter Willinger, The “public” Internet - a network of last resort?
bonus talk,
10.30-11.00 Morning tea
11.00-12.30 Short talks on cybersecurity, discussion and wrap up
Dinesha Ranathunga, UoA
Ayyoob Hamza, UNSW
Hassan Habibi Gharakheili, UNSW
Matt Roughan, ACEMS and Uni. of Adelaide

### Keynote Speakers:

Walter Willinger, Chief Scientist, NIKSUN Inc.

Talk: The “public” Internet - a network of last resort?

Abstract: With the emergence of modern Internet exchange points (IXP) around the world and the related increase in the number of network interconnections used for public peering, the last 10-15 years have seen a significant densification of the Internet’s interconnection or peering fabric and a widely-reported flattening of its topological structure. At the same time, how the hundreds of thousands of network interconnections that make up today’s Internet peering fabric are being utilized (i.e., how much and what traffic traverses any given public or private peering) has remained an open problem.

In this talk, I argue that solving this problem will not get any easier in the near future. In particular, I will provide evidence that shows that an increasing portion of Internet traffic will by-pass the public Internet altogether and will therefore remain invisible to third-party observers (e.g., academic researchers). Among the main reasons for this development are (i) an emerging architectural design that is common among some of the large content provider networks and combines a provider-specific global-scale peering fabric with a provider-operated private backbone and (ii) a new type of interconnection service that is backed by the large cloud providers and, in effect, ensures that an enterprise’s cloud-related traffic does not traverse the public Internet but is instead handed over to the relevant cloud provider by means of a direct private “virtual” interconnection.

Bio: Walter Willinger is Chief Scientist at NIKSUN, Inc., the world leader in real-time monitoring and cyber forensics solutions. Before joining NIKSUN, he worked at AT&T Labs-Research in Florham Park, NJ from 1996 to 2013 and at Bellcore Applied Research from 1986 to 1996. He received his Dipl. Math. from the ETH Zurich and his M.S. and Ph.D. in Operations Research and Industrial Engineering from Cornell University. He is a Fellow of ACM (2005), Fellow of IEEE (2005), AT&T Fellow (2007), and Fellow of SIAM (2009), co-recipient of the 1995 IEEE Communications Society W.R. Bennett Prize Paper Award and the 1996 IEEE W.R.G. Baker Prize Award, and co-recipient of the 2005 and 2016 ACM/SIGCOMM Test-of-Time Paper Awards. His paper “On the Self-Similar Nature of Ethernet Traffic” is featured in “The Best of the Best - Fifty Years of Communications and Networking Research,” a 2007 IEEE Communications Society book compiling the most outstanding papers published in the communications and networking field in the last half century.

Randy Bush, IIJ

Talk: BGP Communities: Another Routing System Can of Worms

BGP communities are a mechanism widely used by operators to manage policy, mitigate attacks, and engineer traffic; e.g., to drop unwanted traffic, filter announcements, adjust local preference, and prepend paths to influence peer selection.

Unfortunately, we show that BGP communities can be exploited by remote parties to influence routing in unintended ways. The BGP community-based vulnerabilities we expose are enabled by a combination of complex policies, error-prone configurations, a lack of cryptographic integrity and authenticity over communities, and the wide extent of community propagation. Due in part to their ill-defined semantics, BGP communities are often propagated far further than a single routing hop, even though their intended scope is typically limited to nearby ASes. Indeed, we find 14% of transit ASes forward received BGP communities onward. Given the rich inter-connectivity of transit ASes, this means that communities effectively propagate globally. As a consequence, remote adversaries can use BGP communities to trigger remote blackholing, steer traffic, and manipulate routes even without prefix hijacking. We highlight examples of these attacks via scenarios that we tested and measured both in the lab as well as in the wild. While we suggest what can be done to mitigate such ill effects, it is up to the Internet operations community whether to take up the suggestions.

Bio: Randy Bush is a Research Fellow and network operator at Internet Initiative Japan, Japan’s oldest commercial ISP, and a Member of Technical Staff at Arrcus, a maker of router software. He specializes in network measurement especially routing, network security, routing protocols, and IPv6 deployment. He was among the inaugural inductees into the Internet Society Internet Hall of Fame in 2012. Bush was the founding engineer of Verio in the late 1990s, and worked there for five year as the Vice President of IP Networking. He has served as a member of the IESG and in various other roles within the IETF. He was also a founder of the Network Startup Resource Center (NSRC), http://www.nsrc.org/, an NSF-supported pro bono effort to help develop and deploy networking technology in the developing economies. In amongst these activities he is also an active researcher, and is co-author of many papers.

Cristel Pelsser, Universite de Strasbourg

Talk: Detecting outages from unsolicited traffic

Abstract: The Internet is a complex ecosystem. It is composed of thousands of Autonomous Systems operated by various teams, each having a very limited view outside their own network. This makes it hard for a single operator’s team to pinpoint the causes of service degradation or disruption when the problem lies outside their network. In this paper, we aim to detect remote outages from the Internet Background Radiation dataset. We use the number of IPs seen per minute per AS. We show that the number of IPs seen from each AS follows a periodic pattern. We then use ARIMA to predict the number of IPs to be expected in the next time window. Significant deviations from our prediction are indicators of an outage in the considered AS. We ran our detection on the CAIDA backscatter data from MM/YY to MM/YY. When using a confidence interval of 95\% for our predictions, we reach a true positive rate of VALUE while our false positive rate stay low (VALUE).

Bio: Cristel Pelsser is a professor at the University of Strasbourg. Her research focusses on core Internet technologies. Her aim is to facilitate network operations, avoid network disruptions and, when they occur, pinpoint the failure precisely in order to quickly fix the issue. Cristel obtained her PhD at the Université catholique de Louvain (UcL) in Belgium. She was then a post doc at NTT laboratories and a researcher at Internet Initiative Japan both in Tokyo. She is the winner of the Best paper award at DRCN 2016, and the Applied Networking Research Prize of the Internet Research Task Force (IRTF) in 2013.

Darryl Veitch, University of Technology Sydney

Talk: Network Timing: the Good, the Bad, the Ugly, and how to Make it Stop!

Network based synchronization of software clocks is a service relied upon by the global computer population, and in particular much of network measurement. It is made possible by the existence of a forest of timeservers (rooted in the hardware-assisted Stratum-1 servers), time distribution protocols such as NTP, and synchronization algorithms. Given the importance, and age, of this Internet `sub-system’, naturally it is performing reliably, right? In this talk the Good, the Bad, and the Ugly of network timekeeping will be revealed, using some dramatic examples from data collected by our reference timing testbed. We will describe how unreliable server behaviour can be detected, what we have found so far in the public Internet, what happens during Leap Seconds, point the finger at the Good and Bad guys, and finally discuss the prospects of Timing Verification as a Service to address timing issues for the measurement community and beyond.

Bio: Darryl Veitch completed his Ph.D in mathematics Ph.D.~from DAMPT at, Cambridge (1990). He has worked at TRL (Telstra, Melbourne), CNET (France Telecom, Paris), KTH (Stockholm), INRIA (Sophia Antipolis and Paris, France), Bellcore (New Jersey), RMIT (Melbourne), Technicolor (Paris) and EMUlab and CUBIN at The University of Melbourne, where he was a Professorial Research Fellow until late 2014. Most recently he has moved to UTS. He is a Fellow of the IEEE, and amongst many other activities he is currently on the Steering Committee, ACM Internet Measurement Conference. His research interests are in computer networking and include traffic modelling, parameter estimation, the theory and practice of active measurement, traffic sampling and sketching, information theoretic security, and clock synchronisation over networks.

### Registration

Registration is open. Please go to the registration page, and select the appropriate category.

Workshop numbers will be strictly limited with preference given on a first come basis.

Costs:

Type Cost
ACEMS Student $0 External Student$50
ACEMS Member $100 External$250

### Other activities you should know about:

There are quite a few other activities happening in Adelaide near-abouts, and other ACEMS workshops running in December:

### Local Arrangements

Possible accommodation locations in the city are

But there are several others nearby.