about ANT

who we are

The ANT Lab is a research group spanning several departments at the University of Southern California (USC), including USC/Information Sciences Institute and USC/Computer Science, USC/Electrical Engineering, USC/Information Technology Services, University of Memphis’ Computer Science Department. (See our people page for more.)

what we do

Our goal is to improve the Internet by discovering new methods, tools, and protocols to improve our understanding of the Internet and its security, privacy, and efficency. We address important problems in networking and cybersecurity from several perspectives:

  • science: how big is the Internet? how stable is it? who uses it? where?
  • applications: what data drives security research? how do we balance data privacy and utility?
  • engineering: what is tomorrow’s critical infrastructure? how can research influence it?

We use many approaches:

  • Internet measurement with active and passive data collection. (For example, anonymized packet capture, and 24x7, IPv4-wide outage detection)
  • big data analysis of network data. We use Hadoop and related tools in our own cluster to process terabytes of data per week.
  • development and validation of new methodologies. Our techniques use experimentation, simulation, data collection, and mathematical analysis.
  • interaction of research and operations. Our work is informed by, and strives to apply to, the real world.

We have pioneered new techniques, including recently:

  • Internet outage detection with Trinocular, probing 4M networks every 11 minutes, 24x7 since Oct. 2014.
  • Understanding IP anycast as one tool to speed data and mitgate Distributed Denial-of-Service attacks.
  • Mapping the cloud and services understanding anycast and tracking Google’s growth.

These techniques have produced tools and datasets that are widely used:

  • IPv4 outage detection: we’ve been tracking outages in the entire IPv4 address space since 2014.
  • IP Hitlists are used by multiple research groups, describing where is most likely to respond to traceroutes
  • Hadoop Bzip2 Splitting: we developed support for parallel processing of bzip2 files in Hadoop (in Apache Hadoop since 0.22).

(See our datasets and software pages for more.)

history and support

Our research has been supported by the NSF, DARPA, U.S. DHS, and industry from Cisco, Verisign, Northrup Grumman, and Michael Keston. (We thank them for their generosity!)

And a big thanks to our collaborators and supports who host measurement machines!

The work has spanned a dozen research projects, nearly fifteen years, and eight co-PIs and more than 21 students (with more than 17 PhD and 5 MS graduates).

For a play-by-play, see the ANT blog, our publications, and specific projects.