COLLOQUIUM Department of Computer Science and Engineering University of South Carolina Network Connectivity: Solving a Mystery Carrie Gates CERT Network Situational Awareness Carnegie Mellon University and Faculty of Computer Science Dalhousie University Date: August 19, 2004 (Thursday) Time: 3:30-4:30PM Place: Swearingen 1A03 (Faculty Lounge) Abstract We have access to network flow data from the border of a large ISP's customer network. We have started examining these data in terms of connection information. In particular, we have focused on categorizing outside hosts by the number of inside hosts they attempt to contact in a given hour. We find that there are typically about one million or so sources that attempt to contact only one destination in a given hour, while a very small number of sources attempt contacts with 100,000 or more distinct destinations per hour. In general, the connection data plot as a smooth, slightly concave to the upper right, log-log curve, however in the region of 150 to 350 destinations per hour and 30 to 60 sources per hour, the curve shows a distinct wave or waterfall structure. If we plot successive hours of data to form a 3 dimensional surface, the wave persists in time. The wave was consistently present from the start of our observation in January 2003 until mid August 2003, when it abruptly disappeared. It reappeared, in a slightly different form, sometime between February 4th and 15th 2004 and has persisted at least through mid-May 2004. This talk will present ongoing work in examining these phenomena, and will hypothesize on possible causes. Carrie Gates is a visiting scientist with the CERT Network Situational Awareness program at the Software Engineering Institute, Carnegie Mellon University, and a PhD candidate at Dalhousie University, Canada. Her dissertation topic is the modeling and detection of distributed port scanning, and her general research interests are in the areas of network security and network traffic modeling and analysis. She has received numerous scholarships, including, most recently, the IBM Scholars PhD Fellowship, for 2003 and 2004. She received her Masters degree in Computer Science in 1995, with a thesis topic on neural networks. She left academia to pursue a career in systems administration, where she developed her interest in networks and security, returning to academia full-time in 2001 to pursue a PhD.