D3
Internet Architecture

Aniss Maghsoudlou

Aniss Maghsoudlou

Adresse
Max-Planck-Institut für Informatik
Saarland Informatics Campus
Campus E1 4
66123 Saarbrücken
Standort
E1 4 - 513
Telefon
+49 681 9325 3518
Fax
+49 681 9325 3599

Personal Information

Aniss is a PhD student at Internet Architecture group at Max Planck Institute for Informatics. She has been working on several projects on network measurement, to investigate how internet traffic really looks like and to simplify management of the large scale traffic in ISPs and IXPs. She has also worked on Software-defined WLANs as her Master's thesis at Sharif University of Technology.

Publications

2021
Maghsoudlou, A., Gasser, O., & Feldmann, A. (2021). Zeroing in on Port 0 Traffic in the Wild. In Passive and Active Measurement (PAM 2021). Virtual Event: Springer. doi:10.1007/978-3-030-72582-2_32
Export
BibTeX
@inproceedings{Maghsoudlou_PAM21, TITLE = {Zeroing in on Port 0 Traffic in the Wild}, AUTHOR = {Maghsoudlou, Aniss and Gasser, Oliver and Feldmann, Anja}, LANGUAGE = {eng}, ISBN = {978-3-030-72581-5}, DOI = {10.1007/978-3-030-72582-2_32}, PUBLISHER = {Springer}, YEAR = {2021}, MARGINALMARK = {$\bullet$}, DATE = {2021}, BOOKTITLE = {Passive and Active Measurement (PAM 2021)}, EDITOR = {Hohlfeld, Oliver and Lutu, Andra and Levin, Dave}, PAGES = {547--563}, SERIES = {Lecture Notes in Computer Science}, VOLUME = {12671}, ADDRESS = {Virtual Event}, }
Endnote
%0 Conference Proceedings %A Maghsoudlou, Aniss %A Gasser, Oliver %A Feldmann, Anja %+ Internet Architecture, MPI for Informatics, Max Planck Society Internet Architecture, MPI for Informatics, Max Planck Society Internet Architecture, MPI for Informatics, Max Planck Society %T Zeroing in on Port 0 Traffic in the Wild : %G eng %U http://hdl.handle.net/21.11116/0000-0008-4577-5 %R 10.1007/978-3-030-72582-2_32 %D 2021 %B 22nd International Passive and Active Measurement Conference %Z date of event: 2021-03-29 - 2021-04-01 %C Virtual Event %B Passive and Active Measurement %E Hohlfeld, Oliver; Lutu, Andra; Levin, Dave %P 547 - 563 %I Springer %@ 978-3-030-72581-5 %B Lecture Notes in Computer Science %N 12671
2020
Maghsoudlou, A., Gasser, O., & Feldmann, A. (2020). Reserved: Dissecting Internet Traffic on Port 0. In Extended abstract of a poster presented at Passive and Active Measurement Conference (PAM) 2020. Virtual Conference. Retrieved from http://arxiv.org/abs/2004.03653
(arXiv: 2004.03653)
Abstract
Transport protocols use port numbers to allow connection multiplexing on Internet hosts. TCP as well as UDP, the two most widely used transport protocols, have limitations on what constitutes a valid and invalid port number. One example of an invalid port number for these protocols is port 0. In this work, we present preliminary results from analyzing port 0 traffic at a large European IXP. In one week of traffic we find 74GB port 0 traffic. The vast majority of this traffic has both source and destination ports set to 0, suggesting scanning or reconnaissance as its root cause. Our analysis also shows that more than half of all port 0 traffic is targeted to just 18 ASes, whereas more than half of all traffic is originated by about 100 ASes, suggesting a more diverse set of source ASes.
Export
BibTeX
@inproceedings{Maghsoudlou_PAM2020, TITLE = {Reserved: {D}issecting Internet Traffic on Port 0}, AUTHOR = {Maghsoudlou, Aniss and Gasser, Oliver and Feldmann, Anja}, LANGUAGE = {eng}, URL = {http://arxiv.org/abs/2004.03653}, EPRINT = {2004.03653}, EPRINTTYPE = {arXiv}, YEAR = {2020}, MARGINALMARK = {$\bullet$}, ABSTRACT = {Transport protocols use port numbers to allow connection multiplexing on Internet hosts. TCP as well as UDP, the two most widely used transport protocols, have limitations on what constitutes a valid and invalid port number. One example of an invalid port number for these protocols is port 0. In this work, we present preliminary results from analyzing port 0 traffic at a large European IXP. In one week of traffic we find 74GB port 0 traffic. The vast majority of this traffic has both source and destination ports set to 0, suggesting scanning or reconnaissance as its root cause. Our analysis also shows that more than half of all port 0 traffic is targeted to just 18 ASes, whereas more than half of all traffic is originated by about 100 ASes, suggesting a more diverse set of source ASes.}, BOOKTITLE = {Extended abstract of a poster presented at Passive and Active Measurement Conference (PAM) 2020}, ADDRESS = {Virtual Conference}, }
Endnote
%0 Conference Proceedings %A Maghsoudlou, Aniss %A Gasser, Oliver %A Feldmann, Anja %+ Internet Architecture, MPI for Informatics, Max Planck Society Internet Architecture, MPI for Informatics, Max Planck Society Internet Architecture, MPI for Informatics, Max Planck Society %T Reserved: Dissecting Internet Traffic on Port 0 : %G eng %U http://hdl.handle.net/21.11116/0000-0006-0D13-7 %U http://arxiv.org/abs/2004.03653 %D 2020 %B The Passive and Active Measurement Conference %Z date of event: 2020-03-30 - 2020-03-31 %C Virtual Conference %X Transport protocols use port numbers to allow connection multiplexing on Internet hosts. TCP as well as UDP, the two most widely used transport protocols, have limitations on what constitutes a valid and invalid port number. One example of an invalid port number for these protocols is port 0. In this work, we present preliminary results from analyzing port 0 traffic at a large European IXP. In one week of traffic we find 74GB port 0 traffic. The vast majority of this traffic has both source and destination ports set to 0, suggesting scanning or reconnaissance as its root cause. Our analysis also shows that more than half of all port 0 traffic is targeted to just 18 ASes, whereas more than half of all traffic is originated by about 100 ASes, suggesting a more diverse set of source ASes. %K Computer Science, Networking and Internet Architecture, cs.NI %B Extended abstract of a poster presented at Passive and Active Measurement Conference (PAM) 2020
Saidi, S. J., Maghsoudlou, A., Foucard, D., Smaragdakis, G., Poese, I., & Feldmann, A. (2020a). Exploring Network-Wide Flow Data with Flowyager. IEEE Transactions on Network and Service Management, 17(4). doi:10.1109/TNSM.2020.3034278
Export
BibTeX
@article{Saidi_10.1109/TNSM.2020.3034278, TITLE = {Exploring Network-Wide Flow Data with {Flowyager}}, AUTHOR = {Saidi, Said Jawad and Maghsoudlou, Aniss and Foucard, Damien and Smaragdakis, Georgios and Poese, Ingmar and Feldmann, Anja}, LANGUAGE = {eng}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2020.3034278}, PUBLISHER = {IEEE}, ADDRESS = {Piscataway, NJ}, YEAR = {2020}, MARGINALMARK = {$\bullet$}, DATE = {2020}, JOURNAL = {IEEE Transactions on Network and Service Management}, VOLUME = {17}, NUMBER = {4}, PAGES = {1988--2006}, }
Endnote
%0 Journal Article %A Saidi, Said Jawad %A Maghsoudlou, Aniss %A Foucard, Damien %A Smaragdakis, Georgios %A Poese, Ingmar %A Feldmann, Anja %+ Internet Architecture, MPI for Informatics, Max Planck Society Internet Architecture, MPI for Informatics, Max Planck Society External Organizations Internet Architecture, MPI for Informatics, Max Planck Society External Organizations Internet Architecture, MPI for Informatics, Max Planck Society %T Exploring Network-Wide Flow Data with Flowyager : %G eng %U http://hdl.handle.net/21.11116/0000-0007-7295-0 %R 10.1109/TNSM.2020.3034278 %7 2020 %D 2020 %J IEEE Transactions on Network and Service Management %V 17 %N 4 %& 1988 %P 1988 - 2006 %I IEEE %C Piscataway, NJ %@ false
Saidi, S. J., Maghsoudlou, A., Foucard, D., Smaragdakis, G., Poese, I., & Feldmann, A. (2020b). Exploring Network-Wide Flow Data with Flowyager. Retrieved from https://arxiv.org/abs/2010.13120
(arXiv: 2010.13120)
Abstract
Many network operations, ranging from attack investigation and mitigation to traffic management, require answering network-wide flow queries in seconds. Although flow records are collected at each router, using available traffic capture utilities, querying the resulting datasets from hundreds of routers across sites and over time, remains a significant challenge due to the sheer traffic volume and distributed nature of flow records. In this paper, we investigate how to improve the response time for a priori unknown network-wide queries. We present Flowyager, a system that is built on top of existing traffic capture utilities. Flowyager generates and analyzes tree data structures, that we call Flowtrees, which are succinct summaries of the raw flow data available by capture utilities. Flowtrees are self-adjusted data structures that drastically reduce space and transfer requirements, by 75% to 95%, compared to raw flow records. Flowyager manages the storage and transfers of Flowtrees, supports Flowtree operators, and provides a structured query language for answering flow queries across sites and time periods. By deploying a Flowyager prototype at both a large Internet Exchange Point and a Tier-1 Internet Service Provider, we showcase its capabilities for networks with hundreds of router interfaces. Our results show that the query response time can be reduced by an order of magnitude when compared with alternative data analytics platforms. Thus, Flowyager enables interactive network-wide queries and offers unprecedented drill-down capabilities to, e.g., identify DDoS culprits, pinpoint the involved sites, and determine the length of the attack.
Export
BibTeX
@online{Saidi_arXiv2010.13120, TITLE = {Exploring Network-Wide Flow Data with Flowyager}, AUTHOR = {Saidi, Said Jawad and Maghsoudlou, Aniss and Foucard, Damien and Smaragdakis, Georgios and Poese, Ingmar and Feldmann, Anja}, LANGUAGE = {eng}, URL = {https://arxiv.org/abs/2010.13120}, EPRINT = {2010.13120}, EPRINTTYPE = {arXiv}, YEAR = {2020}, MARGINALMARK = {$\bullet$}, ABSTRACT = {Many network operations, ranging from attack investigation and mitigation to traffic management, require answering network-wide flow queries in seconds. Although flow records are collected at each router, using available traffic capture utilities, querying the resulting datasets from hundreds of routers across sites and over time, remains a significant challenge due to the sheer traffic volume and distributed nature of flow records. In this paper, we investigate how to improve the response time for a priori unknown network-wide queries. We present Flowyager, a system that is built on top of existing traffic capture utilities. Flowyager generates and analyzes tree data structures, that we call Flowtrees, which are succinct summaries of the raw flow data available by capture utilities. Flowtrees are self-adjusted data structures that drastically reduce space and transfer requirements, by 75% to 95%, compared to raw flow records. Flowyager manages the storage and transfers of Flowtrees, supports Flowtree operators, and provides a structured query language for answering flow queries across sites and time periods. By deploying a Flowyager prototype at both a large Internet Exchange Point and a Tier-1 Internet Service Provider, we showcase its capabilities for networks with hundreds of router interfaces. Our results show that the query response time can be reduced by an order of magnitude when compared with alternative data analytics platforms. Thus, Flowyager enables interactive network-wide queries and offers unprecedented drill-down capabilities to, e.g., identify DDoS culprits, pinpoint the involved sites, and determine the length of the attack.}, }
Endnote
%0 Report %A Saidi, Said Jawad %A Maghsoudlou, Aniss %A Foucard, Damien %A Smaragdakis, Georgios %A Poese, Ingmar %A Feldmann, Anja %+ Internet Architecture, MPI for Informatics, Max Planck Society Internet Architecture, MPI for Informatics, Max Planck Society External Organizations Internet Architecture, MPI for Informatics, Max Planck Society External Organizations Internet Architecture, MPI for Informatics, Max Planck Society %T Exploring Network-Wide Flow Data with Flowyager : %G eng %U http://hdl.handle.net/21.11116/0000-0007-8562-4 %U https://arxiv.org/abs/2010.13120 %D 2020 %X Many network operations, ranging from attack investigation and mitigation to traffic management, require answering network-wide flow queries in seconds. Although flow records are collected at each router, using available traffic capture utilities, querying the resulting datasets from hundreds of routers across sites and over time, remains a significant challenge due to the sheer traffic volume and distributed nature of flow records. In this paper, we investigate how to improve the response time for a priori unknown network-wide queries. We present Flowyager, a system that is built on top of existing traffic capture utilities. Flowyager generates and analyzes tree data structures, that we call Flowtrees, which are succinct summaries of the raw flow data available by capture utilities. Flowtrees are self-adjusted data structures that drastically reduce space and transfer requirements, by 75% to 95%, compared to raw flow records. Flowyager manages the storage and transfers of Flowtrees, supports Flowtree operators, and provides a structured query language for answering flow queries across sites and time periods. By deploying a Flowyager prototype at both a large Internet Exchange Point and a Tier-1 Internet Service Provider, we showcase its capabilities for networks with hundreds of router interfaces. Our results show that the query response time can be reduced by an order of magnitude when compared with alternative data analytics platforms. Thus, Flowyager enables interactive network-wide queries and offers unprecedented drill-down capabilities to, e.g., identify DDoS culprits, pinpoint the involved sites, and determine the length of the attack. %K Computer Science, Networking and Internet Architecture, cs.NI

Research Interests

  • Network Measurement
  • Software-defined Networking
  • Wireless Networks

Teachings

  • Data Networks (Tutor/Teaching Assistant): Winter 2018, Summer 2020, MPI/UdS
  • Computer Networks Laboratory (Tutor), Winter 2015, Sharif University of Technology

Recent Positions

July 2018 - today:
Research Assistant, Max Planck Institute for Informatics

 

April 2018 - June 2018:
Research Assistant, Technische Universitat Berlin

Education

July 2018 - present:
Ph. D. student in Computer Science at the Universität des Saarlandes, Saarbrücken, Germany and the Max-Planck-Institut für Informatik

September 2014 - January 2017:
M.Sc. in Information Technology at Sharif University of Technology, Iran.

September 2010 - August 2014:
B.Sc. in Information Technology Engineering at Tehran University, Iran.