Archived pages will be placed here as needed.
To better understand the topological and economic structure of the Internet, we developed a method to map Autonomous Systems (AS) to organizations that operate them. Our AS-ranking interactive page provides an organization-based ranking of Internet providers.
December 10-11, 2003 An analysis by David Moore and Colleen Shannon of the December 2003 Distributed Denial-of-Service (DDoS) Attack against the SCO Group.
An analysis by Colleen Shannon and David Moore of the spread of the Witty Internet Worm in March 2004.
Analysis of the Sapphire Worm - A joint effort of CAIDA, ICSI, Silicon Defense, UC Berkeley EECS and UC San Diego CSE
The Sapphire Worm was the fastest spreading computer worm in history. The worm began at about 5:30 AM (UTC) on January 25th and spread by infecting copies of Microsoft SQL Server and MSDE 2000 (Microsoft SQL Server Desktop Engine) that were exposed to the Internet.
This report describes the response from CAIDA to the vulnerability MS08-67, by activating the Network Telescope to monitor any activity related to the vulnerability. We analyzed the traffic received by the Network Telescope, but no evidence of outbreak was found based on our observations.
Code-Red Worms: A Global Threat. We would like to thank Pat Wilson, Brian Kantor, Vern Paxson, Jeff Brown, Bill Fenner, Stefan Savage and kc claffy. We would also like to thank Cisco for their generous support, without which these analyses would have been impossible.
Mirrored from the CAIDA blog post, regarding the Carna botnet scans.
An analysis by David Moore and Colleen Shannon of the spread of the Nyxem (or Blackworm or Kama Sutra or MyWife or CME 24) Virus in January and early February 2006.
From 2010-2013, CAIDA performed a study of the economics of Internet interconnection, supported by the NSF grant CNS-1017064, “NetSE-Econ: The economics of transit and peering interconnections in the Internet”.
We present an analysis comparing five demographic measures against three measures of Internet resources, stratified by continent with substratification by country. Two continents and one country consume a much larger Internet resource allocation than predicted by their demographic size.
We seek a mapping from an IP address to the Autonomous System (AS) that owns that IP address. This analysis studies whether the current choice of routing tables is the best in terms of the increase in address space coverage, new ASes, prefixes, AS links, and AS paths that the tables give.
The ARIN IPv6 Penetration Survey, ARIN IPv6 Penetration Survey, IPv4 WHOIS Map, IPv4 Census Map present the rates of consumption and use of Internet identifiers. We have shifted our efforts toward understanding the economic and security implications of IPv4 address ownership.
This report presents the results of a controlled “anycast switching” experiment conducted on the Chilean .CL ccTLD anycast infrastructure. Using traces from the .CL anycast cloud, we measure the time it takes for a client to get redirected from a failing node to the next available node.
This visualization shows the geographic distribution of DNS clients for anycast instances. We provide two world maps for each root with individual anycast servers placed on the map. Wedges indicate the direction, distance, and number of clients observed.
In this report, we conduct a systematic comparison of Internet topologies derived from different data sources and characterizing the Internet at three granularities: IP address (interface), router, and Autonomous System (AS).
To visualize the use of IPv4 Internet address space, we create heatmaps that use intensity of color (heat) to show the use of addresses belonging to the same network. These heatmaps also make use of a fractal mapping technique that describes a space-fitting curve.
This webpage describes the methodology for generating dual AS and router-level Internet topologies. We also present analysis that is used to justify some of the design decisions in the generator, which is available upon request.
Data derived from the external DIMES dataset is posted here as a reference for future analysis in hyperbolic embedding of the Internet AS-level topology.
To increase our understanding of the evolution of large scale networks, we build and analyze models for Internet topology evolution. We attempt to faithfully reproduce observed data and develop methodologies for evaluating and validating various classes of formal network growth models.
Internet traffic classification gains continuous attention. Related papers tend to try to classify whatever traffic samples with no systematic integration of results. To fill this gap, we have created a structured taxonomy of traffic classification papers and their data sets.
To visualize IPv4 Internet address space we create heatmaps that use intensity of color (heat) to show the use of addresses belonging to the same network. By creating these maps of observable empirical data, we hope to learn about how the current IPv4 address space is used.
CAIDA’s Internet policy research tries to address the issues of economics, ownership, and trust which create obstacles to progress on most of the top problems of the Internet.
This page displays a snapshot of Internet Protocol version 6 (IPv6) topology at the Autonomous System (AS) level. The graph is derived from IPv6 forward paths as seen from a single observation point within Japan’s academic network on June 6, 2003.
Network topologies may be treated as a directed graph. Specific methods and definitions for analyzing network topology using graph theory.
Visualization of Autonomous Systems (AS) inter-connections between Internet eXchange points (IX) in 2002.
An annotated bibliography of papers and presentations in the wide-area networking literature. Note: This effort ended in 2013, but remains for historical purposes.