• Publications
  • Influence
Building a Dynamic Reputation System for DNS
Notos, a dynamic reputation system for DNS, is proposed that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services. Expand
The road to SDN: an intellectual history of programmable networks
The intellectual history of programmable networks, including active networks, early efforts to separate the control and data plane, and more recent work on OpenFlow and network operating systems are traced. Expand
Improving network management with software defined networking
Three problems in network management are identified: enabling frequent changes to network conditions and state, providing support for network configuration in a highlevel language, and providing better visibility and control over tasks for performing network diagnosis and troubleshooting. Expand
Accountable internet protocol (aip)
This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in whichExpand
How to lease the internet in your spare time
This work presents a high-level design for Cabo, an architecture that enables this separation of infrastructure providers and service providers and describes challenges associated with realizing this architecture. Expand
In VINI veritas: realistic and controlled network experimentation
VINI's high-level design and the challenges of virtualizing a single network are presented, and an implementation of VINI on PlanetLab, running the "Internet In a Slice", shows that it provides a realistic and controlled environment for evaluating new protocols and services. Expand
The Road to SDN
Designing and managing networks has become more innovative over the past few years with the aid of SDN (software-defined networking), but it is actually part of a long history of trying to make computer networks more programmable. Expand
Design and implementation of a routing control platform
It is shown that RCP assigns routes correctly, even when the functionality is replicated and distributed, and that networks using RCP can expect comparable convergence delays to those using today's iBGP architectures. Expand
Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces
Results from the evaluation, which includes real-world deployment, confirm the effectiveness of the proposed clustering system and show that the approach can aid the process of automatically extracting network signatures for detecting HTTP traffic generated by malware-compromised machines. Expand
SDX: a software defined internet exchange
The experiments demonstrate that the SDX implementation can implement representative policies for hundreds of participants who advertise full routing tables while achieving sub-second convergence in response to configuration changes and routing updates. Expand