Network analysis, inference and verification

Chaudhry, Gohar Irfan

Permalink

https://hdl.handle.net/2142/105115 Copy

Description

Title

Network analysis, inference and verification

Author(s)

Chaudhry, Gohar Irfan

Issue Date

2018-04-24

Director of Research (if dissertation) or Advisor (if thesis)

Caesar, Matthew

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• networks
• analysis
• inference
• verification
• plankton
• veriflow
• testing
• anomaly
• detection
• anomaly detection

Abstract

Securely operating large-scale networks is a non-trivial task involving interactions between various hardware devices, protocols, and configurations, all of which need to work in tandem for the network to be secure and in the desired state that the network administrators want it to be in. Misconfigurations or malicious activities in the network can disrupt it resulting in dire effects including but not limited to outages of critical applications and breach of sensitive information. In this work, we propose a robust framework for diagnosing such anomalies across enterprise networks, and study their impact in terms of changes in routing behavior and reachability. To study the network as closely as possible to its actual behavior we perform analysis on data plane features as they govern the journey of a packet during its life-cycle across the network. We perform temporal analysis of the network as a whole and inspect the evolution of various properties. We then determine the deviation of the network relative to its previous states and identify as accurately as possible if the current state is anomalous. Given the historic states of the network over some time, we also try to infer high-level policies and invariants in the network. These allow for running various verification techniques on the network. Finally, we propose a network verification tool designed to verify the network as a dynamic, multi-layer distributed system. The richness of this tool’s network model allows it to find network issues that are not detectable using state of the art tools which work solely on either data plane states or control plane states without examining the interaction of the two among themselves and temporally with the network environment. Building on this verification tool, we propose a technique for high-coverage testing of end-to-end network correctness using the real software that is deployed in these networks; our design is effectively a hybrid, using an explicit-state model checker to explore all network-wide execution paths and event orderings, but executing real software as subroutines for each device. We show that this approach can detect correctness issues that would be missed both by existing verification and testing approaches, and a prototype implementation suggests that the technique can scale to larger networks with reasonable performance. Thus, our framework provides an end to end solution for network analysis, inference and verification.

Graduation Semester

2018-05

Type of Resource

text

Permalink

http://hdl.handle.net/2142/105115

Copyright and License Information

Copyright 2018 Gohar Irfan Chaudhry

Owning Collections