On September 9th-10th, 2019, CAIDA hosted the 2nd International Workshop on Darkspace and UnSolicited Traffic Analysis (DUST 2019) at the San Diego Supercomputer Center, UCSD, San Diego, California.
The goal of the DUST workshop series is to bring together researchers, operators, and analysts interested in unsolicited traffic analysis, especially traffic destined to unassigned (dark) IP address space.
In this workshop we will introduce the STARDUST project and the developing state of the STARDUST architecture, as well as discuss future directions in consideration of the needs and requirements for prospective users.
Participation in DUST 2019 is by invitation only.
Place: SDSC East, Synthesis Center EB-143,
San Diego Supercomputer Center, UC San Diego Campus, La Jolla, CA
Topics of Interest
IP darkspaces are global routable address spaces that contain no active hosts. All traffic to an IP darkspace is unsolicited and unidirectional. Observing and analyzing darkspace traffic has helped detect and analyze global incidents such as scannning, DDoS attacks, network outages and misconfigurations.
The workshop seeks to provide a forum for discussion of the science, engineering, and policy challenges associated with darkspace and unsolicited traffic analysis. We expect interested parties to include:
- operators of darkspace monitors
- researchers engaged in darkspace and unsolicited traffic analysis
- scientists interested in working on the UCSD darkspace data
- scientists or organizations interested in setting up a darkspace monitor
- scientists working on related topics (e.g. honeynets, intrusion detection, data sharing, etc.)
The intended outcomes of the workshops include:
- collect feedback about functionality and applications of the STARDUST infrastructure
- establishing policies and mechanisms to enable broader sharing of darkspace data including real-time sharing
- improve scientific methods for darkspace and unsolicited traffic analysis
- combine and compare data from darkspace monitors at different locations
- share experience from darkspace monitor operation (lessons learned) and darkspace data analysis
- establish methods for synchronizing darkspace monitoring efforts
A high-level goal is to facilitate the creation of a community of STARDUST users and darkspace monitor operators and scientists to share data and coordinate future activities.
The workshop will begin at 9am and adjourn at 5pm each day. Talks will be anywhere between 5 to 20 minutes, with 10 minutes for questions. There will be time made for open discussion on the second day.
September 9 (Monday)
- 08:00 - 09:00 Breakfast
- 09:00 - 10:00 Welome & Participants Introductions
- Alberto Dainotti and Alistair King (CAIDA/UC San Diego), Introductions, Agenda
- 10:00 - 11:30 STARDUST
- Alistair King (CAIDA/UC San Diego), STARDUST
- 10:40 - 11:00 Break
- Shane Alcock (University of Waikato), Software for a 10Gb Network Telescope: the nDAG Multicaster
- 11:30 - 12:30 Application to Education
- Tanja Zseby (TU Wien), Teaching Network Security with IP Darkspace Data
- 12:30 - 14:00 Lunch
- 14:00 - 15:00 Distributed Telescopes
- Philipp Richter (Massachusetts Institute of Technology), Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope
- 15:00 - 15:45 Real-Time Data Analysis Architectures
- Shane Alcock (University of Waikato), Software for a 10Gb Network Telescope: corsaro Utilities
- 15:45 - 16:00 Break
- 16:00 - 16:45 Real-Time Data Analysis Architectures, continued
- Abdul Qadeer (USC), Plumb: Parallel Processing of Streaming Pcaps for Darknets, Links and Backscatter Data
- 16:45 - 17:20 Detecting IP Spoofing
- Raphael Hiesgen (HAW Hamburg), An Active Telescope for Spoofing Detection
- 17:20 Wrap-up
- 18:00 - 20:00 Dinner off-site
September 10 (Tuesday)
- 08:00 - 09:00 Breakfast
- 09:00 - 10:00 Interaction: What did I learn from yesterday
- 10:00 - 11:45 Detecting IP Spoofing, continued
- Marinho Barcellos (UFRGS), Challenges in Inferring Spoofed Traffic at IXPs
- Thomas Schmidt (HAW Hamburg) and Matthias Wählisch (Freie Universität Berlin), A Reproducibility Study of "IP Spoofing Detection in Inter-Domain Traffic"
- 11:45 - 12:00 Break
- 12:00 - 13:15 Cybersecurity Monitoring and Forensic Analysis
- Michael Kallitsis (Merit Network / University of Michigan), ORION: Observatory for Cyber-Risk Insights and Outages of Networks
- Idilio Drago (Politecnico di Torino), Darknets for Security Monitoring @ Polito
- Alberto Dainotti (CAIDA/UC San Diego), STARDUST and HI-CUBE (Hub for Internet Incident Investigation) leveraging each other
- 13:15 - 14:15 Lunch
- 14:15 - 15:45 STARDUST Brainstorming and Discussion
- 15:45 - 16:15 Break
- 16:15 - 17:00 Wrap up Discussions
- 17:00 Adjourn
For this workshop, attendees are expected to make their own hotel reservations and transportation arrangements from their hotels to the workshop. For CAIDA's list of local hotels including shuttle availability, see the updated Local Hotels list (PDF). Contact the hotel directly for hotel shuttle schedules (if available) to the San Diego Supercomputer Center (SDSC).
This workshop is being held in the SDSC East Building's Synthesis Center / Visualization Lab, Room B143-E.
(For those GPS-enabled attendees, the GPS coordinates near the conference room is WGS84: 32°53'04.00"N, 117°14'22.00"W)
General driving directions to SDSC are located on the CAIDA Contact and Visitor Info page.
- Shuttle to Hotels: SuperShuttle can be arranged to shuttle to UC San Diego campus or your hotel.
- Car: Rental available at the airport near the baggage claim areas of Terminals 1 and 2.
- Taxis and drop-off: San Diego Taxi Information maintains a list of taxis with rates and additional information. Uber and Lyft are also well established in San Diego and now have access to service San Diego's airport. GPSes will need to go to the intersection of Hopkins Drive and Voigt Lane.
10100 Hopkins Drive, La Jolla, CA 92093 is the nearest street address most GPSes/maps recognize. This should take you to a small turn-in in front of the SDSC East Entrance / Auditorium, with a building sign visible that reads "Halicioğlu Data Science Center".
- Parking on campus
The most convenient parking is in the Hopkins parking structure at Hopkins Dr and Voigt Dr, just south of SDSC.
Parking Permits: Parking permits are required to park on UC San Diego Campus.
On arrival to campus on the morning of Day 1 from 8am-9am, temporarily park at the curb alongside the trees in front of the SDSC building on Hopkins Drive (see Drop off/Loading Zone). If there is a CAIDA staff member there, tell them that you are here for DUST, and we will give you a special one-day parking permit, and then point you to the Hopkins Parking Structure for parking. If no one is there, park briefly and head up the stairs into the lobby to get a complementary permit. Otherwise, parking permits are sold at the permit machines by the elevators in the structure for $30/day.
Parking permits for the following day will be provided upon request.
Parking legally is the attendee's responsibility. With a kiosk-purchased parking permit, you can park in any White " V ", Yellow " S " only, unless otherwise indicated. (New since 2018: purchased permits are no longer valid in green "B" spaces.) Please be sure to read the directions on the parking permit. Parking is limited, especially if arriving after 8am (if Hopkins is full, Pangea Parking Structure is the nearest parking alternative within walking distance to SDSC). The penalty for an improperly parked car is at least $65 per day. We cannot be held responsible for citations issued for parking in an incorrect space or improperly displaying your permit.
From the Hopkins Structure, after setting your permit, take the elevators down to the 2nd floor and walk safely out to Hopkins Dr. and the front of the Supercomputer Center. Walking past the Auditorium outside on your left (and a sign reading "Halicioğlu Data Science Center"), go up the large staircase to the entrance of the East building, and go through the black double doors. Now inside the building, look under the staircase ahead to find Room B143-E, also labeled "Synthesis Center / Visualization Lab".