Score
Building and troubleshooting networked systems by understanding the TCP/IP stack, routing and switching, congestion control and protocols (HTTP, TCP, UDP, BGP), socket programming, network security, and using tools like Wireshark, iptables, and traceroute.
This study investigates the non-deterministic nature of Internet user packet routing paths and the mechanisms by which they are influenced by service providers and IP protocol versions. Leveraging five years of large-scale traceroute measurements spanning six ISP types, twenty autonomous systems, and fourteen countries, the work systematically reveals—across multiple nations, diverse ISP categories, and an extended temporal scale—that user-level paths frequently deviate from geographically shortest routes, often exhibiting significant cross-border detours. The research further demonstrates that transitioning between ISPs or upgrading to IPv6 substantially alters routing policies and end-to-end latency, highlighting the pronounced impact of both administrative and protocol-level factors on path selection in real-world networks.
Inconsistent reassembly strategies for IP fragmentation and TCP segmentation across network protocol stack implementations cause divergent parsing of overlapping packets between NIDS and monitored hosts, enabling evasion attacks and other security vulnerabilities. Method: We propose PYROLYSE, the first formal testing framework to systematically audit IPv4/IPv6 and TCP reassembly behavior under *n* ≤ 3 overlapping fragments, covering 23 mainstream OSes, NIDS, and embedded protocol stacks. Contribution/Results: Our audit reveals 14–20 distinct behavioral classes and uncovers eight security defects—including CVE-identified vulnerabilities—demonstrating that binary-fragment-based NIDS detection logic fails to generalize to ternary or higher-order overlaps. Crucially, we show that reassembly behavior under multi-fragment overlap cannot be reliably inferred from pairwise fragment tests, underscoring the urgent need for formal verification methods targeting higher-order overlapping scenarios.
Ensuring functional correctness and performance resilience of network protocols under component failures and adversarial attacks remains a significant challenge. Method: This paper proposes a synergistic analysis framework integrating formal verification with attack synthesis. It models protocol behavior using a formal specification language and employs logical predicates, trace analysis, and model checking to achieve closed-loop verification—simultaneously establishing correctness guarantees and automatically generating realistic attack scenarios. Contribution/Results: Diverging from conventional unidirectional verification, our approach innovatively embeds attack-path generation directly into the verification workflow, enabling reproducible and interpretable failure attribution. Experimental evaluation across multiple mainstream network protocols demonstrates substantial improvements in vulnerability detection rates and attack-surface characterization accuracy. The results validate the feasibility and practicality of formal methods for deep, security-critical analysis of complex network protocols.
Detecting and reproducing boundary-case vulnerabilities—especially those arising from state machine logic flaws in network protocols—remains challenging for conventional fuzzing due to inadequate coverage and poor reproducibility. Method: This paper proposes the first closed-loop approach integrating formal protocol specification inference, lightweight symbolic execution, and controllable vulnerability trace generation. It leverages SMT-driven state modeling, automatic synthesis of protocol interaction constraints, and automated proof-of-concept (PoC) generation to achieve end-to-end automation from vulnerability discovery to precise reproduction. Contribution/Results: Evaluated on 12 mainstream protocol stacks, the method discovers 17 previously unknown vulnerabilities—including 6 assigned CVEs—with an average reproduction time under 8 seconds and a false positive rate below 3%. It significantly improves accuracy, interpretability, and reproducibility in deep protocol vulnerability detection.
Ambiguities in the IETF QUIC specification (draft-29) hinder precise implementation and complicate compliance verification. Method: This work presents the first comprehensive formal model of draft-29, built within the Ivy framework and integrating state-machine modeling, SMT-based constraint solving, and differential testing to automate compliance validation across seven mainstream QUIC client/server implementations. Contribution/Results: Leveraging formal reverse analysis, we systematically uncover specification ambiguities and propose actionable remediation paths. Our approach identifies multiple critical compliance violations across implementations and pinpoints several interoperability-affecting specification ambiguities—directly informing ongoing IETF standard revisions. The methodology establishes a scalable, end-to-end framework for protocol formal verification, bridging high-level specifications with executable conformance checks while supporting both automated bug detection and specification refinement.
This study addresses the scalability bottleneck in unicast and multicast routing caused by the dual role of IP addresses as both identifiers and locators. It systematically traces the evolution of Internet routing scalability solutions, first articulating the map-and-encap architecture as a unifying paradigm and identifying the essential conditions for its successful deployment. Through historical protocol analysis, architectural comparisons, and conceptual abstraction—encompassing approaches such as BIER and tunnel encapsulation—the work reveals that BGP’s lack of intra-domain egress router topology abstraction is a fundamental limitation. The paper proposes core principles to guide future scalable routing designs, emphasizing the critical roles of locally driven incentives and effective topology abstraction in protocol evolution.
This work addresses the gap in current systems education, where learning resources often consist of superficial tutorials or AI-generated summaries that inadequately convey foundational design principles and thus fail to cultivate robust engineering capabilities. To remedy this, we propose a structured learning pathway centered on seminal research papers from distributed systems, operating systems, and big data domains. Integrating insights from leading academic curricula and industry practices, our approach emphasizes technical depth and problem-solving reasoning. By engaging learners in close reading of original literature, critical analysis of architectural trade-offs, and cross-domain synthesis, the framework fosters a deep understanding of underlying mechanisms and cultivates systems thinking—thereby equipping practitioners to effectively tackle complex engineering challenges and progress toward professional-level systems expertise.
This work proposes a novel robustness-centered evaluation paradigm for network protocol assessment by introducing automated adversarial testing. Traditional approaches, which rely on manual testing or real-world traces, often fail to cover unanticipated network conditions and may overlook critical flaws. In contrast, the proposed method leverages machine learning to generate adversarial network environments and integrates adversarial optimization with noise-robustness techniques to systematically stress-test both single-path and multipath congestion control protocols. Applied to the Linux kernel, this approach successfully produced effective adversarial scenarios for 27 congestion control algorithms, uncovering previously unknown kernel vulnerabilities and protocol limitations. The results demonstrate a significant enhancement in the depth and breadth of robustness evaluation for network protocols.
This work proposes a novel interactive analysis system centered on three-dimensional network topology to overcome the limitations of traditional PCAP analysis tools, which present data as linear lists and fail to reveal underlying communication structures. The system maps hosts, sessions, and protocols to nodes, edges, and visual clusters, respectively, and enables bidirectional synchronized filtering with the packet list. By adopting 3D space as the default view—implemented using Three.js—it intuitively encodes key features such as communication density, clustering structure, host centrality, and traffic volume through depth perception. Supporting parsing of PCAP/PCAPNG formats and decoding of over 90 protocols, the approach significantly enhances the observability of structural patterns in network traffic, facilitating efficient identification of anomalous communications, critical nodes, and protocol distributions.
Existing network traffic generation methods struggle to accurately model multi-flow interactions and TCP state machines because they directly decode raw packet fields, conflating behavioral semantics with protocol constraints and relying on heuristic post-hoc repairs. This work proposes TraceCodec, the first framework to integrate a neural codec with a deterministic protocol compiler in a collaborative architecture. By shifting the generation space from raw packet headers to a structured latent space of packet actions—each comprising a timestamp, an explicit flow slot, and transmission cues—and modeling sequences of continuous latent variables, TraceCodec decouples generative logic from protocol implementation. This enables synthesis of high-fidelity PCAP traces without requiring post-generation correction. Evaluated on the CICIDS2017 Monday dataset, TraceCodec achieves packet count, protocol composition, and flow size errors below 0.03%, significantly outperforming baselines in flow count accuracy, TCP state fidelity, and preservation of multi-flow interleaving structures.