Network


Latest external collaboration on country level. Dive into details by clicking on the dots.

Hotspot


Dive into the research topics where Christos Papadopoulos is active.

Publication


Featured researches published by Christos Papadopoulos.


acm special interest group on data communication | 2014

Named data networking

Lixia Zhang; Alexander Afanasyev; Jeffrey A Burke; Van Jacobson; Kimberly C. Claffy; Patrick Crowley; Christos Papadopoulos; Lan Wang; Beichuan Zhang

Named Data Networking (NDN) is one of five projects funded by the U.S. National Science Foundation under its Future Internet Architecture Program. NDN has its roots in an earlier project, Content-Centric Networking (CCN), which Van Jacobson first publicly presented in 2006. The NDN project investigates Jacobsons proposed evolution from todays host-centric network architecture (IP) to a data-centric network architecture (NDN). This conceptually simple shift has far-reaching implications for how we design, develop, deploy, and use networks and applications. We describe the motivation and vision of this new architecture, and its basic components and operations. We also provide a snapshot of its current design, development status, and research challenges. More information about the project, including prototype implementations, publications, and annual reports, is available on named-data.net.


acm special interest group on data communication | 2003

A framework for classifying denial of service attacks

Alefiya Hussain; John S. Heidemann; Christos Papadopoulos

Launching a denial of service (DoS) attack is trivial, but detection and response is a painfully slow and often a manual process. Automatic classification of attacks as single- or multi-source can help focus a response, but current packet-header-based approaches are susceptible to spoofing. This paper introduces a framework for classifying DoS attacks based on header content, and novel techniques such as transient ramp-up behavior and spectral analysis. Although headers are easily forged, we show that characteristics of attack ramp-up and attack spectrum are more difficult to spoof. To evaluate our framework we monitored access links of a regional ISP detecting 80 live attacks. Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis. We validate our results through monitoring at a second site, controlled experiments, and simulation. We use experiments and simulation to understand the underlying reasons for the characteristics observed. In addition to helping understand attack dynamics, classification mechanisms such as ours are important for the development of realistic models of DoS traffic, can be packaged as an automated tool to aid in rapid response to attacks, and can also be used to estimate the level of DoS activity on the Internet.


principles of distributed computing | 1998

An error control scheme for large-scale multicast applications

Christos Papadopoulos; Guru M. Parulkar; George Varghese

Retransmission based error control for large scale multicast applications is dificult because of implosion and exposure. Existing schemes (SRM, RMTe TMTe LBRRM) have good solutions to implosion, but only approximate solutions to exposure. We present a scheme that achieves finer grain fault recovery by exploiting new forwarding services that allow us to create a dynamic hierarchy of receivers. We extend the IP Multicast service model so that routers provide a more refined form of multicasting (which may be useful to other applications), that enables local recovery. The new services are simple to implement and do not require routers to examine or store application packets; hence, they do not violate layering. Besides providing better implosion control and less exposure than other schemes, our scheme integrates well with the current IP model, has small recovery latencies (it requires no back-off delays), and completely isolates group members from topology. Our scheme can be used with a variety of multicast routing protocols, including DVMRP and PIM. We have implemented our scheme in NetBSD Unix, using about 250 lines of new C-code. The implementation requires two new IP options, 4 additional bytes in each routing entry and a slight modiJication to IGMP reports. The forwarding overhead incurred by the new services is actually lower than forwarding normal multicast trafic.


darpa information survivability conference and exposition | 2003

Cossack: coordinated suppression of simultaneous attacks

Christos Papadopoulos; Robert Lindell; John Mehringer; Alefiya Hussain; Ramesh Govindan

DDoS attacks are highly distributed, well coordinated, offensive assaults on services, hosts, and infrastructure of the Internet. Effective defensive countermeasures to DDoS attacks require equally sophisticated, well coordinated, monitoring, analysis, and response. The Cossack project is developing technology to thwart such attacks by deploying a set of watchdogs at edge networks, which employ distributed coordination to rapidly detect, and neutralize attacks.


information hiding | 2002

Eliminating Steganography in Internet Traffic with Active Wardens

Gina Fisk; Mike Fisk; Christos Papadopoulos; Joshua Neil

Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. In this paper we examine the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall. In particular, we concentrate on structured carriers with objectively defined semantics, such as the TCP/IP protocol suite rather than on the subjective, or unstructured carriers such as images that dominate the information hiding literature. We introduce the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications. For unstructured carriers, which lack objective semantics, wardens can use techniques such as adding noise to block subliminal information. However, these techniques can break the overt communications of structured carriers which have strict semantics. We therefore use a specification-based approach to determine MRF. We use MRF to reason about opportunities for embedding covert or subliminal information in network protocols and develop both software to exploit these channels, as well as an active warden implementation that stops them. For unstructured carriers, MRF is limited by human perception, but for structured carriers, well known semantics give us high assurance that a warden can completely eliminate certain subliminal or covert channels.


internet measurement conference | 2008

Census and survey of the visible internet

John S. Heidemann; Yuri Pradkin; Ramesh Govindan; Christos Papadopoulos; Genevieve Bartlett; Joseph A. Bannister

Prior measurement studies of the Internet have explored traffic and topology, but have largely ignored edge hosts. While the number of Internet hosts is very large, and many are hidden behind firewalls or in private address space, there is much to be learned from examining the population of visible hosts, those with public unicast addresses that respond to messages. In this paper we introduce two new approaches to explore the visible Internet. Applying statistical population sampling, we use censuses to walk the entire Internet address space, and surveys to probe frequently a fraction of that space. We then use these tools to evaluate address usage, where we find that only 3.6% of allocated addresses are actually occupied by visible hosts, and that occupancy is unevenly distributed, with a quarter of responsive /24 address blocks (subnets) less than 5% full, and only 9% of blocks more than half full. We show about 34 million addresses are very stable and visible to our probes (about 16% of responsive addresses), and we project from this up to 60 million stable Internet-accessible computers. The remainder of allocated addresses are used intermittently, with a median occupancy of 81 minutes. Finally, we show that many firewalls are visible, measuring significant diversity in the distribution of firewalled block size. To our knowledge, we are the first to take a census of edge hosts in the visible Internet since 1982, to evaluate the accuracy of active probing for address census and survey, and to quantify these aspects of the Internet.


IEEE ACM Transactions on Networking | 1993

Experimental evaluation of SUNOS IPC and TCP/IP protocol implementation

Christos Papadopoulos; Gurudatta M. Parulkar

Results of a study that characterizes the performance of SunOS Inter-Process Communication (IPC) and TCP/IP protocol implementation for distributed high-bandwidth applications are presented. Components studied include queuing in different layers, protocol control mechanisms (such as flow and error control), per-packet processing, buffer requirements, and interaction with the operating system. The Unix kernel and two public-domain tools for IPC measurement are reviewed. >


acm sigmm workshop on experiential telepresence | 2003

From remote media immersion to Distributed Immersive Performance

Alexander A. Sawchuk; Elaine Chew; Roger Zimmermann; Christos Papadopoulos; Chris Kyriakakis

We present the architecture, technology and experimental applications of a real-time, multi-site, interactive and collaborative environment called Distributed Immersive Performance (DIP). The objective of DIP is to develop the technology for live, interactive musical performances in which the participants - subsets of musicians, the conductor and the audience - are in different physical locations and are interconnected by very high fidelity multichannel audio and video links. DIP is a specific realization of broader immersive technology - the creation of the complete aural and visual ambience that places a person or a group of people in a virtual space where they can experience events occurring at a remote site or communicate naturally regardless of their location. The DIP experimental system has interaction sites and servers in different locations on the USC campus and at several partners, including the New World Symphony of Miami Beach, FL. The sites have different types of equipment to test the effects of video and audio fidelity on the ease of use and functionality for different applications. Many sites have high-definition (HD) video or digital video (DV) quality images projected onto wide screen wall displays completely integrated with an immersive audio reproduction system for a seamless, fully three-dimensional aural environment with the correct spatial sound localization for participants. The system is capable of storage and playback of the many streams of synchronized audio and video data (immersidata), and utilizes novel protocols for the low-latency, seamless, synchronized real-time delivery of immersidata over local area networks and wide-area networks such as Internet2. We discuss several recent interactive experiments using the system and many technical challenges common to the DIP scenario and a broader range of applications. These challenges include: (1). low latency continuous media (CM) stream transmission, synchronization and data loss management; (2). low latency, real-time video and multichannel immersive audio acquisition and rendering; (3). real-time continuous media stream recording, storage, playback; (4). human factors studies: psychophysical, perceptual, artistic, performance evaluation; (5). robust integration of all these technical areas into a seamless presentation to the participants.


acm special interest group on data communication | 2011

Routing policies in named data networking

Steven DiBenedetto; Christos Papadopoulos; Daniel Massey

Modern inter-domain routing with BGP is based on policies rather than finding shortest paths. Network operators devise and implement policies affecting route selection and export independently of others. These policies are realized by tuning a variety of parameters, or knobs, present in BGP. Similarly, NDN, a information-centric future Internet architecture, will utilize a policy-based routing protocol such as BGP. However, NDN allows a finer granularity of policies (content names rather than hosts) and more traffic engineering opportunities. This work explores what routing policies could look like in an NDN Internet. We describe the knobs available to network operators and their possible settings. Furthermore, we explore the economic incentives present in an NDN Internet and reason how they might drive operators to set their policies.


ieee international conference computer and communications | 2006

Identification of Repeated Denial of Service Attacks

Alefiya Hussain; John S. Heidemann; Christos Papadopoulos

Denial of Service attacks have become a weapon for extortion and vandalism causing damages in the millions of dollars to commercial and government sites. Legal prosecution is a powerful deterrent, but requires attribution of attacks, currently a difficult task. In this paper we propose a method to automatically fingerprint and identify repeated attack scenarios—a combination of attacking hosts and attack tool. Such fingerprints not only aid in attribution for criminal and civil prosecution of attackers, but also help justify and focus response measures. Since packet contents can be easily manipulated, we base our fingerprints on the spectral characteristics of the attack stream which are hard to forge. We validate our methodology by applying it to real attacks captured at a regional ISP and comparing the outcome with header-based classification. Finally, we conduct controlled experiments to identify and isolate factors that affect the attack fingerprint.

Collaboration


Dive into the Christos Papadopoulos's collaboration.

Top Co-Authors

Avatar

John S. Heidemann

Information Sciences Institute

View shared research outputs
Top Co-Authors

Avatar

Daniel Massey

Colorado State University

View shared research outputs
Top Co-Authors

Avatar

Alefiya Hussain

University of Southern California

View shared research outputs
Top Co-Authors

Avatar

Genevieve Bartlett

Information Sciences Institute

View shared research outputs
Top Co-Authors

Avatar

Han Zhang

Colorado State University

View shared research outputs
Top Co-Authors

Avatar

Xinming He

University of Southern California

View shared research outputs
Top Co-Authors

Avatar

Chengyu Fan

Colorado State University

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Manaf Gharaibeh

Colorado State University

View shared research outputs
Top Co-Authors

Avatar

Pavlin Radoslavov

International Computer Science Institute

View shared research outputs
Researchain Logo
Decentralizing Knowledge