Research Projects

  • Traffic measurement from ISP backbones

    We are collecting month-long aggregated traffic logs for different traffic groups from 9 major ISPs in Japan twice per year, in May and November, in order to analyze the macro-level impact of residential broadband traffic. These traffic groups are carefully selected to be summable, and not to count the same traffic multiple times (the results).
    The participating ISPs are IIJ, K-Opticom, KDDI, NTT Communications, SoftBank (former Softbank Telecom and fomer Softbank BB), BIGLOBE, J:COM, NIFTY, and NTT plala.
  • MAWI: Publicly available packet traces from the WIDE backbone

    Packet trace data is essential to study network dynamics, usage characteristics, and growth patterns, as well as various protocol design.
    Despite the increasing demands, it is difficult to obtain packet traces, especially at a backbone network.
    Packet traces could contain user privacy information so that they are usually available only under non-disclosure agreements.

    As a chair of the MAWI (Measurement and Analysis on the WIDE Internet) working group of the WIDE Project, I have been working on building a public traffic trace repository.
    Our challenges include:

    • collecting packet traces from the WIDE backbone network.
      (sampling method, automation, high-speed packet capturing)
    • creating a large set of publicly available traces by removing or scrambling sensitive information.
      (development of tools and scrambling method)
    • development of tools to analyze and visualize packet traces.

    The WIDE traffic data repository contains packet traces from the WIDE backbone.

  • NECOMA Project: Cybersecurity for improved resilience against cyber threats

    NECOMA addresses the aspect of data collection, leveraging past and current work on the topic with the goal to expand these existing mechanisms and orient them towards threat data analysis.
    Second, it addresses threat data analysis not only from the perspective of understanding attackers and vulnerabilities, but also from the point of view of the target and victim, needing to protect itself in real-time and in the most efficient manner possible; this will be achieved through the development of metrics that allow to measure the impact of attacks on the protected infrastructure or endpoint.
    Third, it aims to develop and demonstrate new cyberdefense mechanisms that leverage these metrics for deployment and evaluation.
    These three aspects will be analyzed both from an infrastructure perspective (networks and large computing infrastructures) and endpoints (smartphones and browsers). The results of the NECOMA project will be showcased in demonstrators that will highlight the innovations of the project and prepare exploitation.
  • agurim: a traffic monitoring took by multi-dimensional aggregation

    Agurim is a network traffic monitor based on flexible multi-dimensional flow aggregation in order to identify significant aggregate flows in traffic. A user can dynamically switch views based on traffic volume or packet counts, address or protocol attributes, with different temporal and spacial granularities. The supported data sources are pcap, sFlow, and netFlow.
  • Network anomaly detection

    This project aims at efficiently detecting network anomalies using various techniques.
  • Network security analysis

    This project is for cyber-security and threat analysis.
  • DNS measurement

    This project is an ongoing effort to investigate the root name server performance from various locations of the Internet. We use simple probe programs to measure the responsetime of the root servers. We also measure the response time of the ccTLD servers to compare them with the root servers.

    More information is available from the DNS measurement page.

  • IPv4/IPv6 comparative path analysis

    One of the major hurdles limiting IPv6 adoption is the existence of poorly managed experimental IPv6 sites that negatively affect the perceived quality of the IPv6 Internet. To assist network operators in improving IPv6 networks, we are exploring methods to identify wide-area IPv6 network problems. Our approach makes use of parallel IPv4 and IPv6 connectivity to dual-stacked nodes.

    We identify the existence of an IPv6 path problem by comparing IPv6 delay measurements to IPv4 delay measurements. Our test results indicate that the majority of IPv6 paths have delay characteristics comparable to those of IPv4, although a small number of paths exhibit a much larger delay with IPv6. Thus, we hope to improve the quality of the IPv6 Internet by identifying the worst set of problems.

    Our methodology is simple. We create a list of systems with IPv6 and IPv4 addresses in actual use by monitoring DNS messages. We then measure delay to each address in order to select a few systems per site based on their IPv6:IPv4 response-time ratios. Finally, we run traceroute with Path MTU discovery to the selected systems and then visualize the results for comparative path analysis.

    More information is available from the dualstack path analysis page.

  • Network data visualization

    Visualization is essential to network traffic analysis.
    We are exploring techniques for visualizing network related information.
  • ALTQ

    Queue management is an essential component in managing network traffic.
    A large number of queueing disciplines have been proposed to date in order to meet a wide range of requirements.
    However, FIFO queueing is the only queueing discipline used in traditional UNIX systems.

    The ALTQ project is aimed at providing a flexible queueing platform in order to promote research and operational experience in the field.
    The ALTQ software release includes a queueing framework and a set of advanced queueing disciplines such as CBQ, HFSC, RED, WFQ BLUE, and RIO. ALTQ also includes traffic conditioning elements for diffserv.
    The ALTQ release for FreeBSD has been publicly available since March 1997, and used by many groups world wide. NetBSD and OpenBSD are also supported.

    The H-FSC implementation in ALTQ is a joint work with Hui Zhang and his group members at CMU during my stay at CMU in July 1999.