Alberto Dainotti

Research Scientist
office: San Diego Supercomputer Center, room 331
phone: 858-534-9249
email: alberto AT caida DOT org
address: San Diego Supercomputer Center
              University of California San Diego
              9500 Gilman Drive, MC 0505
              La Jolla, CA 92093-0505

PGP key fingerprint: 039F FC8A C1AA E4EE 371A 7EC3 6948 20E3 FBB5 2865

My Google Scholar page

My CV

Full publication list in chronological order, or by topic, or by journal/conf/editorial

Updates

new [Oct 2020] Many congrats to Rama for leading our paper on IPv4 and IPv6 address assignemnt practices that was accepted at CoNEXT 2020

new [Aug 2020] We had two papers accepted at IMC 2020.

new [Feb 2020] Data from our IODA project was featured in an article from the Wall Street Journal on Internet shutdowns.

[Dec 2019] We had two papers accepted at PAM 2020.

[Oct 2019] We received the IMC distinguished paper award for our study on identifying serial BGP hijackers.

[Jul 2019] Our study investigating use of DoS attacks during elections in autocracies has been published in the Journal of Conflict Resolution. Great multidisciplinary team. Some ideas developed during IMAPS Workshops. Many congrats @philutsc

[Jul 2019] Our paper on identifying Serial BGP Hijackers has been accepted at IMC 2019. Congrats especially to Cecilia@MIT for leading this work.

[Jul 2019] Check out our work on detecting anycast prefixes using only passive BGP data analysis just published on ACM SIGCOMM CCR. Congrats especially to @Ru1B1an and @haoscs, who btw is starting as Asst Prof. @ODU.

[Apr 2019] We had three papers accepted at TMA 2019!

[Dec 2018] Our paper on identifying correlated Internet connectivity failures was accepted to PAM '19.

[Dec 2018] Our Blink paper was accepted to USENIX NSDI '19.

[Aug 2018] Our ARTEMIS paper was accepted to IEEE/ACM Transactions on Networking.

[Aug 2018] Our paper on DoS attacks and BGP blackholing was accepted to IMC.

[Dec 2017] I'll serve as general co-chair for CoNEXT 2018 in Crete, GR together with Xenofontas Dimitropoulos.

[Nov 2017] Our work on inferring Carrier-Grade Deployments using passive measurements was accepted to IEEE INFOCOM 2018.

[Aug 2017] "Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem" accepted at IMC 2017

[May 2017] "SWIFT: Predictive Fast Reroute" accepted at ACM SIGCOMM 2017!!

[Jan 2017] I'll be co-chairing the ACM SIGCOMM 2017 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks (Big-DAMA 2017). Consider submitting a paper!

[Dec 2016] Alistair has been awarded the 2017 IRTF Applied Networking Research Prize for our IMC paper on BGPStream!

[Jul 2016] I have been awarded a research grant from Cisco Systems for our work on BGPStream and to collaborate with them to add native support to OpenBMP.

[Jul 2016] Our paper on BGPStream will appear at IMC 2016. (pdf)

[Jul 2016] Read about the CAIDA BGP Hackathon 2016 on ACM SIGCOMM CCR.

[Feb 2016] I'm organizing the 1st CAIDA BGP Hackathon together with USC, RIPE NCC, Route Views, FORTH, UFMG.

[Nov 2015] Check out my invited talk at IETF 94 Measuring and Monitoring BGP

[Nov 2015] We just released BGPStream v1.0

[Sep 2015] Check out our latest paper at IMC 2015 on Leveraging Internet Background Radiation for Opportunistic Network Analysis

[Apr 2015] We published a follow-up analysis of the sipscan at TMA 2015: How Dangerous Is Internet Scanning? A Measurement Study of the Aftermath of an Internet-Wide Scan

[Dec 2014] North Korea got disconnected from the Internet a few times in the last days of 2014. We published a live graph of its BGP reachability status as a preview of our work on detecting and characterizing Internet outages

[Oct 2014] We published a technical report on our Internet census

[Aug 2014] Check our blog post about the recent Time Warner Cable outage

[Aug 2014] Submit your paper to the special issue on the International Journal of Network Management on ``Measure, Detect and Mitigate: Challenges and Trends in Network Security'' (Deadline 1st of December)

[Aug 2014] Our paper on discovering network tarpits in collaboration with Lance and Rob @ CMAND @ NPS was accepted at the Annual Computer Security Applications Conference (ACSAC), 2014.

[Jan 2014] New estimates of IPv4 address space usage in our paper accepted at ACM SIGCOMM CCR: ``Estimating Internet address space usage through passive measurements''

[May 2013] Check out our blog post about the scans from the Carna botnet. Cited also by WIRED (link)

[Dec 2012/Mar 2013] USENIX published the video of my invited talk at USENIX LISA '12 and also a report of it in USENIX Login magazine

[Dec 2012] Check out our blog post on observing the Syrian Internet blackout from the UCSD Network Telescope

[Sep 2012] Our research activity on Internet outages has been covered in September issue of Communications of the ACM Magazine (link)
..more press coverage also at Heise Online (if you can read Deutsch)

[Jul 2012] Our paper ``Analysis of a "/0" Stealth Scan from a Botnet'' has been accepted at IMC 2012

[Jun 2012] Our work on exploiting malware traffic pollution for detecting and analyzing Internet outages has been awarded as one of the three best papers in ACM SIGCOMM Computer Communication Review of the past 12 months. I will present it in a special session at SIGCOMM 2012

[Jun 2012] I've been awarded the IRTF Applied Networking Research Prize 2012 (link)

[Mar 2012] We've been "press-released" :) And covered by the WSJ blog, among others

[Jan 2012] Our work on exploiting malware traffic pollution for detecting and analyzing Internet outages has been published on ACM SIGCOMM Computer Communication Review, January 2012

[Jan 2012] Our paper entitled "Issues and Future Directions in Traffic Classification" has been published on IEEE Network, January 2012

[Nov 2011] Our work on the Internet "kill switch" in Libya and Egypt has been presented at IMC 2011, Berlin, November 2011

Short Bio

I am a Research Scientist at CAIDA, the Center for Applied Internet Data Analysis, which is part of the San Diego Supercomputer Center at University of California San Diego, USA. In 2008 I received my Ph.D. in Computer Engineering and Systems at University of Napoli "Federico II", Italy. Most of my research is at the intersection of Internet security and Internet measurement and data analysis. I am interested in large-scale data analysis and real-time Internet monitoring, which together often turn into "Internet Intelligence": building global monitoring systems for the timely detection and visualization of Internet blackouts; devising approaches to detect global routing attacks; inferring address space utilization and structure; understanding trends and impact of DoS attacks, etc. I am also interested in understanding how Internet cybersecurity events and phenomena have geopolitical motivations and implications, which led me to start in 2014 a series of small workshops on Internet Measurement and Political Science. While most of my work is basic research, I also enjoy building running systems (such as IODA) and software tools and APIs (BGPStream, TIE). All of which would not be possible without the talented people I am fortunate to work with.

Research Interests

Current Projects


IODA monitors the Internet 24/7 to detect and visualize large connectivity outages in realtime	MapKIT: "Mapping Key Internet Terrain". Methods to identify structural weaknesses in the physical and logical Internet topology of countries and geographic regions	ARTEMIS: an open source tool for realtime BGP Hijacking detection and mitigation


BGPStream: open source tools and APIs (Python, C) for realtime BGP monitoring and data analysis	GRIP (preview): The Global Routing Intelligence Platform continuously monitors BGP data from RouteViews and RIPE RIS to detect and visualize routing attacks and misconfigurations	STARDUST: making Network Telescope data streams and infrastructure easily accessible to students and researchers

Most recent publications

DynamIPs: Analyzing address assignment practices in IPv4 and IPv6
R. Padmanabhan, J. P. Rula, P. Richter, S. D. Strowes, A. Dainotti
CoNEXT 2020

AS-Path Prepending: there is no rose without a thorn
P. Marcos, L. Prehn, L. Leal, A. Dainotti, A. Feldmann, M. Barcellos
IMC 2020

MAnycast2 – Using Anycast to Measure Anycast
R. Sommese, G. Akiwate, L. Bertholdo, M. Jonker, R. van Rijswijk-Deij, A. Dainotti, K. Claffy, A. Sperotto
IMC 2020

To Filter or not to Filter: Measuring the Benefits of Registering in the RPKI Today (pdf)
C. Testart, P. Richter, A. King, A. Dainotti, D. Clark
PAM 2020

When parents and children disagree: Diving into DNS delegation inconsistency
R. Sommese, G. C. M. Moura, M. Jonker, R. van Rijswijk-Deij, A. Dainotti, KC Claffy, A. Sperotto
PAM 2020

Selected Publications (full list: chronological order, by topic, by journal/conf/editorial)

Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table (pdf)
C. Testart, P. Richter, A. King, A. Dainotti, D. Clark
ACM IMC 2019
Distinguished paper award at IMC 2019
Press coverage: ZDNet, IEEE Spectrum, Bruce Schneier's Blog

Blink: Fast Connectivity Recovery Entirely in the Data Plane (pdf)
T. Holterbach, E. Costa Molero, M. Apostolaki, A. Dainotti, S. Vissicchio, L. Vanbever
USENIX NSDI 2019

ARTEMIS: Neutralizing BGP Hijacking within a Minute (pdf)
P. Sermpezis, V. Kotronis, P. Gigis, X. Dimitropoulos, D. Cicalese, A. King, and A. Dainotti
IEEE/ACM Transactions on Networking
Press coverage: The Register, Cyberscoop

Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem (pdf)
M. Jonker, A. King, J. Krupp, C. Rossow, A. Sperotto, A. Dainotti
ACM IMC 2017
Press coverage: CircleID, ESET WeLiveSecurity, The Register, IBM Security Intelligence

SWIFT: Predictive Fast Reroute (pdf)
T. Holterbach, S. Vissicchio, A. Dainotti, L. Vanbever
ACM SIGCOMM 2017

BGPStream: a framework for live and historical BGP data analysis (pdf)
C. Orsini, A. King, V. Giotsas, D. Giordano, A. Dainotti
ACM SIGCOMM Internet Measurement Conference IMC 2016
IRTF Applied Networking Research Prize 2017

Analysis of a "/0" Stealth Scan from a Botnet (pdf)
A. Dainotti, A. King, K. C. Claffy, F. Papale, A. Pescapè
ACM SIGCOMM Internet Measurement Conference IMC 2012
Finalist for best paper award at IMC 2012
Press coverage: Dark Reading, Spam Fighter, The H Security

Extracting Benefit from Harm: Using Malware Pollution to Analyze the Impact of Political and Geophysical Events on the Internet (pdf)
A. Dainotti, R. Amman, E. Aben, K. C. Claffy
ACM SIGCOMM Computer Communication Review, January 2012
Best of ACM SIGCOMM CCR award 2012
Press coverage: Wall Street Journal Blog, Communications of the ACM, ACM TechNews, Tom's Guide

Analysis of Country-wide Internet Outages Caused by Censorship (pdf)
A. Dainotti, C. Squarcella, E. Aben, K. C. Claffy, M. Chiesa, M. Russo, A. Pescapè,
ACM SIGCOMM Internet Measurement Conference IMC 2011 - November 2011, Berlin (Germany)
IRTF Applied Networking Research Prize 2012
Press coverage: Communications of the ACM

Other Professional Activities

Editorial board member for: ACM SIGCOMM Computer Communication Review (2015-2018), IEEE/ACM Transactions on Networking (since 2017)
Steering Committee member for the TMA Conference 2018, 2017
General chair for CoNEXT 2018
TPC chair for: PAM 2020, TMA 2014, Big-DAMA 2018, 2017
TPC member for: ACM IMC 2020, 2019, 2013, ACM CoNEXT 2017, PAM 2019 - 2014, IEEE ICC 2017 - 2014, 2007, TMA 2019 - 2012, IEEE ICNC 2013, IEEE Globecom 2012
Independent reviewer of projects and evaluator of project proposals for the European Commission (Horizon 2020, FP7 ICT) and the US National Science Foundation

Funding

I gratefully acknowledge funding from the National Science Foundation, the US Department of Homeland Security, Cisco Systems, Comcast, and the Open Technology Fund

NSF
EAGER:Experimental Deployment of the ARTEMIS BGP Hijacking Detection Prototype in Research and Educational Networks, 2018-2019
HIJACKS: Detecting and Characterizing Internet Traffic Interception based on BGP Hijacking, 2014-2019
Sustainable Tools for Analysis and Research on Darknet Unsolicited Traffic (STARDUST), 2017-2020
Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation, 2017-2021
Integrated Platform for Applied Network Data Analysis (PANDA), 2017-2020
Detection and analysis of large-scale Internet infrastructure outages (IODA), 2012-2016

DHS
IODA-NP: Multi- source Realtime Detection of Macroscopic Internet Connectivity Disruption, 2018-2019
Advancing Scientific Study of Internet Security and Topological Stability (ASSISTS), 2018-2020
Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention (MADDVIPR), 2018-2022

Open Tech Fund
An Observatory for Realtime Monitoring and Analysis of Internet Blackouts Caused by Censorship, 2019-2020
An Observatory for Realtime Monitoring and Analysis of Internet Blackouts Caused by Censorship, 2018-2019

Internet Society (ISOC)
IODA: Internet Outage Detection and Analysis, 2020

Cisco Systems
Native support for the BGP Monitoring Protocol in BGPStream, 2016-2017

Comcast
ARTEMIS: Neutralizing BGP Hijacking within a Minute, 2018-2019
Monitoring and Visualizing Internet Outages, 2013