Data for Good seminars address societal challenges and bring humanistic perspectives to science and technology.
L. Jean Camp, Professor of Informatics & Computer Science, Indiana University
February 17, 2021 (3:00 PM – 4:00 PM ET) – Online Event
Cybersecurity Center, Columbia Data Science Institute
Barnard Computer Science
About the Seminar
Reckoning with Routing: An Interdisciplinary Approach to Understanding Internet Control Plane Attacks
Abstract: Securing Internet routing against anomalies requires building approaches that are effective against intelligent actors who control a part of that network. Routing anomalies are detected on the order of tens of thousands of time a year hidden in a network described by a constantly updated routing table of a million entires. Such anomalies may be accidents, but there is anecdotal evidence that indicates criminal intent. There are also case studies that illustrate the use of these for national intelligence. Any given anomaly could be an accident, a crime, or an attack. Although it is impossible to directly observe the motivation of those who generate these anomalies, aggregate data about the sources of these anomalies is available. Here I report on the use of tools of macroeconomics to provide insights into the possible nature of these anomalies. The results of linear regression shows support for the possibility that anomalies are driven by crime, specifically for the guardianship and relative deprivation theories of crime. In addition to these findings from regression analysis, clustering indicates that civil conflict and surveillance are associated with a disproportionate origination of routing anomalies. This examination motivated further investigation into the efficacy of blocking based on jurisdictions of autonomous systems. An examination of global financial institutions offer a promise that this may not be disruptive under normal conditions. Most recent results show that large-scale disruptions can be identified and mitigated before widespread diffusion of malicious announcements by measuring only the time between announcements (depending on the location of the attack and the detector).