I am an Associate Professor in the Network System Lab group of the Software and Computer Systems division at the KTH Royal Institute of Technology, Sweden.
My research interests lie in computer networking and, more specifically, in aspects of Internet protocols and architectures ranging from security and privacy to network design and optimization, including Software Defined Networking (SDN) approaches to these challenges, next-generation Internet eXchange Points (IXPs), and beyond.
Prior to join KTH, I was a postdoctoral researcher in the INL networking group at the Université catholique de Louvain and a postdoctoral researcher at the Hebrew University of Jerusalem. In 2013, I was a visiting scholar in the Berkeley NetSys Lab at the University of Berkeley I received my Ph.D. from Roma Tre University in 2014, advised by Prof. Giuseppe Di Battista.
Doctoral/postdoctoral position? Please contact me directly about doctoral or postdoctoral positions.
Three papers accepted. Our work on 1) generating verifiable code, 2) discovering software vulnerabilities, and 3) reducing the size of code-generation transforms-based models have been accepted for publication at the LLM4Code workshop!
Runner-up best paper. Our work on benchmarking LLMs for network management tasks has been shortlisted for the best paper award at ACM CoNEXT 2024.
Paper accepted. Our work on accelerating network functions by storing payloads on a high-speed switch has been published at the EuroP4 2024 workshop.
Paper accepted. Our work on accelerating network functions with differnet levels of flow-level granularities has been accepted at ACM CoNEXT 2024.
Talk at Nvidia. I was thrilled to present our ongoing work within the SEMLA project, including results from our accepted CoNEXT'24 paper, within the research seminars organized by Nvidia.
Paper accepted. Our work on quantifying the benefits and challenges of using Large Language Models for configuring networks has been accepted at ACM CoNEXT 2024.
Talk at 5G Italy. It was my great pleasure to present our ongoing work on using LLMs for orchestrating networks at the 5G Italy event.
Welcome Mohammad! Mohammad Siavashi will start his doctoral studies in our group, focusing on systems for large language models.
Best paper at CoNEXT. Congratulations to Mariano and Tommaso for leading our work on supporting million of state insertions in ASIC switches, which has received the best paper award at CoNEXT.
Welcome Changjie! Changjie Wang will start his doctoral studies in our group from Dec. 1. Welcome on board!
Paper accepted. Congratulations to our visiting postdoc, Thiago, on his paper acceptance at NOMS 2024. Thiago and co-authors demonstrate the possibility of using GANs to train RL-based models while retaining simulation accuracy.
Talk at Global Connect. I will be giving a talk on our SEMLA project (i.e., LLMs for network management) at the workshop organized in Paris before CoNEXT. I look forward to interesting discussions.
Project funding. Our 12-million SEK project on harnessing large language models for cybersecurity has been granted by Vinnova. This is a collaboration with RedHat, RISE, and Saab.
Paper accepted at CoNEXT. Our work on supporting million of low-latency flow-state insertions in terabit-per-second ASIC switches has been accepted to ACM CoNEXT! Congrats to Mariano and Tommaso who led the work!.
Summer internship time. This year we have three students taking a summer internship in our group. Welcome to Chaitanya (working on FPGAs), Changjie (working on GPT), and Parnian (working on ML for health-care).
Talk at Politecnico di Milano. I had the great pleasure to share our recent NSDI work (Ribosome) within the group led by Gianni Antichi. It was incredibly rewarding to receive so many excellent questions!
Talk at Aalto University. I had the great pleasure to share our recent work towards accelerating network functions in a talk at Aalto University in Helsinki hosted by Mario Di Francesco.
Alexandros' talk at RIPE SEE. Alexandros presented our work on BGP stealthy attacks at RIPE SEE. A link to the video of the talk is available here.
Welcome Thiago! During the next six month, we will be hosting Thiago Caproni Tavares as a postdoctoral fellow. He will be working on ML for networking.
Talk at RedHat. It was great to have the opportunity to present in a keynote our three recent works on terabit-per-second network functions at the PerfConf organized by RedHat. Thanks Simone Ferlin for the kind invitation.
Paper accepted. The work led by Alexandros Milolidakis on analyzing the effectiveness of the BGP public monitoring infrastructure in detecting sophisticated BGP attacks has been accepted for publication in IEEE Access.
Paper accepted at SIGMETRICS! Our work on analyzing the impact of multi-pipe ASIC switch architectures on network monitoring applications has been accepted at ACM Sigmetrics 2023. The paper is available here.
IS1200: Computer Hardware Engineering! Starting from this year, I will inherit and teach a bachelor course on computer architectures. The course activities that have been organized over the years are spot on, with an incredible amount of opportunities to learn a variety of aspects about how processors operate + hands-on experience on real hardware devices with project activities.
End of the year summary. It has been a fantastic 2022! Research-wise, Hamid presented Reframer at NSDI 2022 and we got an accepted paper for NSDI 2023. We also received a conditional acceptance notification for a paper at SIGMETRICS 2023. We also filed four patent applications on high-speed network functions in collaboration with Ericsson. We received funding from Digital Futures to continue our Emergence project and we received an Intel gift for different programmable devices that we will deploy in our lab. I had the priviledge to give a keynote at ACM CoNEXT where I could talk about our last three years of research. Teaching-wise, we are now back on campus and we can finally meet students for real (as opposed to blank screens on Zoom)! It is such a pleasure to see the curiosity and energy from the students in a physical class. We look forward to an even better 2023 year!
Funded project. Emergence 2.0 on Securing Edge Networks with a Programmable Intelligent Architecture has been funded with a Research Pair Consolidator Grant by KTH Digital Futures!
Invited keynote at ACM CoNEXT 2022. I received a kind invitation to give a keynote at ACM CoNEXT. Thanks to Justine Sherry and Marinho Barcellos, the TPC co-chairs, for inviting me.
NSDI TPC invitation. I will serve as a TPC member for the upcoming Usenix NSDI 2024.
Camera-ready of Ribosome (NSDI 2023) available. In this work accepted at NSDI 2023, we leverage emerging network disaggregation paradigms to dramatically push the performance boundary of general-pupose CPU packet processors. We demonstrate almost 300 Gbps of throughput for a variety of memory-intensive per-flow stateful network functions including rate limiters and packet schedulers. The camera-ready of the paper is available here. Find all the code here.
Castor Days on SDN at KTH. We organized a full-day even on Software-Defined Networking at KTH within the Castor Software Research Center in collaboration with Ericsson and SAAb. We had top-notch talks from both academia and industry. A video is available here.
Paper accepted at NSDI. Our work on novel approaches for realizing terabits-per-second stateful network functions has been accepted to NSDI 2023.
Alexandros' licentiate defense. On June 14, Alexandros Milolidakis has successfully defended his licentiate thesis titled "Understanding the Capabilities of Route Collectors to Observe Stealthy Hijacks". I would like to thank the advanced reviewer Prof. Gerald Q. Maguire Jr., the special reviewer Prof. Alberto Dainotti, and the examiner Prof. Roberto Guanciale.
Community Award at USENIX NSDI 2022. We are honoured to receive the "Community Award" at the NSDI 2022 conference for the best paper whose code and/or data set is made publicly available by the final papers deadline. Award screenshot
Docentship!I have officially become a Docent in Algorithms for Computer Networks.
Talk at the MARSAL workshop. I presented our recent efforts towards multi-Tbps stateful P4 packet processing during the MARSAL workshop organized by NVidia and NEC. The recording link will come soon.
Talk at the Durham university. I presented an extended version of our NSDI'20 work on high-speed load balancers during the Nestid seminars at Durham university.
Distinguished TPC member at INFOCOM! "This distinction is awarded based upon ratings by peer TPC members, fairness in review scores, and promptness in meeting various deadlines during the review process." This is the third time in the last four years that I am honored to receive this recognition. Awarded to 100 out of 465 TPC reviewers.
Intel hardware grant! A huge thank to Intel for awarding our research with an Intel hardware grant. We can now expand our experiments on Tofino dapataplanes with embedded FPGAs.
Promotion! I have been promoted to Associate Professor! A huge and heartfelt thanks to all my collaborators and previous advisors as well as all the support from KTH, the EECS school, and the Computer Science department.
Patent filed. We filed a patent on "System and method for accurate traffic monitoring on multi-pipeline switches" in collaboration with Ericssson Research.
Talk at Digital Future. I gave a seminar on building high-speed datacenter load balancers at Digital Futures.
PC chair at SIGCOMM demos. I will serve as a co-chair at ACM SIGCOMM Posters and Demos 2022. This year demos are planned to be held on site! We look forward to receive your most exciting and creative demonstrations!
VR Starting Grant funded! My project proposal "ResoNet: Resilient Optimized Network Synthesis" has been funded by a VR Starting Grant with 4M SEK (400K EUR). The project will start in 2022.
VR project funded! Together with Dejan Kostic, Magnus Boman, and Sabine Koch, our project "Scalable Federated Learning" has been funded by a VR Project with 3.8 MSEK (380K EUR). The proejct will start in 2022.
Talk at Digitalize Stockholm. I gave a short talk about our ongoing research on high-speed machine learning for network cybersecurity at Digitalize Stockholm. You can find the short video here on Youtube.
TPC Invitation. I will serve as a TPC member for Euro P4 2021! We look forward to seeing your latest work on programmable dataplanes!
Paper accepted! Our extended version of the Cheetah LB from NSDI'20 has been accepted for publication in the IEEE/ACM Transactions on Networking journal. We are now also supporting uniform and resilient load balancing of QUIC traffic!
Paper accepted! Deliberately delaying packets may sound like a bad idea for latency-critical system. Yet, we show that when the delay is limited, this can bring dramatic packet processing performance gains (up to 80% of additional throughput in practice). Don't miss our upcoming talk at USENIX NSDI 2022.
Summer internships! Two master students will join our group during hte summer to work on ML-based traffic classification.
Paper accepted! Our work on designing a decentralized SDN-based Internet eXchange Point (IXP) network has been accepted for publication at the IEEE Transactions on Network Science and Engineering journal. The key idea is to distribute the SDN responsibilities among the IXP networks instead of centralizing them at a single entity.
WASP industrial grant funded! Together with Simone Ferlin (Ericsson), we received an "industrial doctoral student" grant to work on disaggregated datacenters.
Paper accepted! Our work on benchmarking different data structures for supporting connection tracking has been accepted at HPSR! This is the first work of Massimo, who started his doctoral studies in our groups just five months ago, which has been co-supervised with Tom Barbette.
Paper accepted (and master thesis defense)! Our preliminary work on predicting the load on Kubernetes clusters has been accepted at EuroMLSys! This work is the result of a fantastic effort from Thomas Wang during his master thesis under the supervision of Simone Ferlin at Ericsson. Come to see Thomas' talk on April 26!
Welcome Fabio! We are really happy to host Fabio Verdi, an associate professor at the Federal University of Sao Carlos, for one year here at KTH. He plans to make programmable networks as resilient and performant as possible.
TPC invitation! I will serve as a TPC member for TMA 2021! We look forward to seeing your latest work on Internet network measurements!
Survey paper accepted! Our survey on fast failover techniques has been accepted at IEEE Communications Surveys and Tutorials! We cover aspects of network robustness ranging from Ethernet, and IP networks, to BGP and the emerging SDN and P4 programmable networks. A technical report can be found here.
PC invitation! I will serve as a TPC member for ICNP 2021! Please consider submitting a paper on your latest work on Internet network protocols.
TPC co-chair invitation. I will serve as a TPC co-chair at ACM CoNEXT 2021. We are looking forward to building a strong and exciting technical program for the conference.
Demo co-chair invitation. I will serve as a co-chair at ACM SIGCOMM Demo 2021. This year demos will be held virtually. We look forward to receive your most exciting and creative demonstrations!
Paper accepted! Our measurement of high-speed multi-100G Network Interface Cards (NICs) has been accepted for publication at PAM'21.
Paper accepted! An extended version of our CoNEXT'19 work on fast reroute with programmable switches has been accepted for publication in IEEE/ACM Transactions on Networking.
PC invitation! I will serve as a TPC member for the PAM 2021 conference! Share your latest measurements with the community!
Poster accepted! Our preliminary work on intra-core data center load balancing has been accepted as a poster at ACM CoNEXT. See the extended abstract here.
PC invitation! I will serve as a TPC member for the CoNEXT Student workshop 2020! We are looking for students who wants to share their preliminary work with the broader networking research community!
PC invitation! I will serve as a TPC member for EuroP4 2020! We are looking forwards to seeing your latest work on top of programmable devices!
Welcome Giacomo and Massimo! We have two new PhD students joining our group at KTH, Giacomo Verardo and Massimo Girondi. Giacomo plans to overcome today's scalability limitations of federated learning approaches. Massimo plans to harness the new powerful functionalities of the emerging SmartNICs to enhance today's network services.
PC invitation! I will serve as a TPC member for INFOCOM 2021! We are looking forwards to seeing your latest work!
Summer internship! Erfan Wu will join us for a summer internship to work on advanced datacenter load balancing in QUIC.
The EMERGENCE project has been funded by the Digital Future intiative! Stay tuned for more updates!
Awarded the IEEE ComSoc William R. Bennett Prize! I am extremely honored to have received the IEEE Communication Society William R. Bennett Prize for our Transactions on Networking paper titled "Traffic Engineering with ECMP: An Algorithmic Perspective". The prize is awarded to the single best publication of an original paper published in the IEEE/ACM Transactions on Networking or the IEEE Transactions on Network and Service Management in the previous three calendar years.
PC invitation! I will serve as a TPC member for CoNEXT 2020! Please consider submitting a paper on your latest networking work.
2nd Distinguished TPC member at INFOCOM! "This distinction is awarded based upon ratings by peer TPC members, fairness in review scores, and promptness in meeting various deadlines during the review process." Awarded to 100 out of 433 TPC reviewers.
Paper accepted to ACM CCR! Our work "Path Persistence in the Cloud: An empirical study of the effectsof Traffic Engineering in the AWS Network" has been accepted to ACM CCR.
PC invitation! I will serve as a TPC member for ICNP 2020! Please consider submitting a paper on your latest work on Internet network protocols.
Paper accepted at NSDI! I am very happy to announce that "A High-Speed Load-Balancer Design with Guaranteed Per-Connection-Consistency" got accepted to NSDI. This paper was a collaboration within the NSLab at KTH and two internship students from our master program!
The SE-CAID Datalab will be funded by Vinnova! I am very excited to announce that we received funding for building the SE-CAID datalab, whose objective is "to deploy a national telecom and digitalization data lab that broadly supports industrial and academic R&D, allowing for industries, SMEs and academia to share a broad range of telecom data and AI models". Stay tuned for more updates!
Farhad successfully defended his master thesis! In his thesis, Farhad investigated the problem of modeling a function describing the link "criticality" for Traffic-Engineering purposes. Link to the thesis on DiVA KTH (not yet available).
Paper accepted at CCR! Our survey on Internet peering interconnection practices has been accepted to ACM CCR.
PURR received the "Artefact Evaluated - Reusable" ACM badge at CoNEXT'19! The badge represents the highest recognition for a work whose data and code has been made available to the public and the results of the paper easy to reproduce.
Featured at RIPE Labs, at APNIC blog, and video of the talk at RIPE'79! Our ongoing work on inter-datacenter load balancing has been summarized in a recent blog post at RIPE Labs and APNIC blog. I also presented our work at the RIPE79 meeting. A video of the talk is available here.
Henrik successfully defended his master thesis! In his thesis, Henrik investigated the feasibility of realizing highly resilient fast reroute mechanisms on highly programmable switches. Link to the thesis on DiVA KTH (not yet available).
Two papers accepted at CoNEXT'19! Both PURR, a general programmable primitive for fast failover and our study on leveraging database normalization theory to model programmable packet processing pipelines have been accepted to CoNEXT'19.
Finalist for the Facebook Networking Systems research award! I reached the finals for the Facebook Networking Systems research award thanks to our recent work on stateless load balancers.
Welcome Hamid! A new PhD student has joined our group at KTH, Hamid Ghasemirahni. He plans to boost the performance of today's wide-area communication on commodity devices.
Selected by the RIPE RACI for presenting our work at the RIPE'79 meeting! I will present our recent study on Cloud inter-datacenter performance at the upcoming 79'th RIPE meeting in Rotterdam! Many thanks to the RIPE RACI initiative for inviting us to present it.
Summer internships! Chen Tang and Haoran Yao joined us for a summer internship to work on advanced datacenter load balancing.
Invited talk! I gave a talk on Robust and Scalable Internet Routing
at the NSF workshop on "Foundations of Internet Routing" at Cornell University (New York, US). Thanks to Nate Foster, Dexter Kozen, Robert Kleinberg, and Praveen Kumar for the kind invitation and the great organization!
Invited talk! I gave an invited lecture on SDN and programmable networks
at the ITN school on "SDN and multi-tenancy in mobile networks" at Ericsson (Kista, Sweden). Thanks to Christos Verikoukis for the kind invitation and Peter Ohlen for hosting the event!
Dagstuhl workshop! I have attended a fantastic workshop on "Programmable dataplane networks" in Dagstuhl (Germany) perfectly organized by Gianni Antichi, Theophilus Benson, Nate Foster, Fernando Ramos, and Justine Sherry!
PC invitation! I will serve as a TPC member for INFOCOM 2020! Please consider submitting a paper on your latest networking work.
PC invitation! I will serve as a TPC member for ICNP 2019! Please consider submitting a paper on your latest work on Internet network protocols.
Distinguished TPC member at INFOCOM! "This distinction is awarded based upon ratings by peer TPC members, fairness in review scores, and promptness in meeting various deadlines during the review process." Awarded to 100 out of 464 TPC reviewers.
Teaching starts again! I am very excited to give for the first time the Advanced Internetworking II course at KTH. We are going to explore the Link Layer (Layer 2) and try to understand how it ended up incorporating many of the Network Layer (Layer 3) functionalities!
Welcome Alexandros! A new PhD student has joined the NSLab at KTH, Alexandros Milolidakis. He plans to discover novel ways to secure Internet routing from a variety of different attacks.
Raheem successfully defended his master thesis! In his thesis, Raheem studied novel SDN-based approaches to secure IXPs from so-called unwanted traffic attacks. Link to the thesis on DiVA KTH.
PC invitation! I will serve as a TPC member for HPSR 2019! We are looking forward to seeing your latest work on switching and routing!
PC invitation! I will serve as a TPC member for the Asia-Pacific Workshop on Networking (APNet) 2019! We are looking forward to seeing your newest work on computer networking and systems!
Student Research Competition final at SIGCOMM! Together with Professor Zhi-Li Zhang (University of Minnesota), we organized the ACM Student Research Competition in parallel with the SIGCOMM conference. A video of the SRC award session can be found here.
PC invitation! I will serve as a TPC member for CCGrid 2019! Please consider submitting a paper on your latest cluster, cloud, and grid computing work.
Talk at P4 workshop! I presented our work on Fast Reroute in P4 at the P4 workshop in Stanford! PDF
Paper accepted! "Prelude: Ensuring Inter-Domain Loop-Freedom in SDN-Enabled Networks" has been accepted to the The Second Asia-Pacific Workshop on Networking (APNet'18)!
Two posters accepted! Our posters "Dynam-IX: a Dynamic Interconnection eXchange" and "Picking a Partner: A Fair Blockchain Based Scoring Protocol for Autonomous Systems" have been accepted to the Applied Networking Research Workshop (ANRW 2018)!
Paper accepted! "Supporting Emerging Applications With Low-Latency Failover in P4" has been accepted to the ACM SIGCOMM 2018 Workshop on Networking for Emerging Applications and Technologies (NEAT 2018)!
Talk at RIPE'76! I presented our Dynam-IX project at the 76th RIPE meeting in Marseille! Many thanks to the RIPE RACI initiative for inviting us to present our most recent work: video.
PC invitation! I will serve as a TPC member for the ACM CoNEXT Student Workshop 2018! Please consider submitting a paper on your latest networking work.
Paper accepted! "Oblivious Routing in IP Networks" has been accepted to Transactions on Networking!
PC invitation! I will serve as a TPC member for INFOCOM 2019! Please consider submitting a paper on your latest networking work.
Paper accepted! "Moving Bits with a Fleet of Shared Virtual Routers" has been accepted to IFIP Networking 2018!
PC invitation! I will serve as a TPC member for ICNP 2018! Please consider submitting a paper on your latest work on Internet network protocols.
Paper accepted! "TI-MFA: Keep Calm and Reroute Segments Fast" has been accepted to GI 2018!
Moved to KTH as an Assistant Professor!
PC invitation! I will serve as a TPC member for LANMAN 2018! We are looking forward to seeing your latest work on networking!
PC invitation! I will serve as a TPC member for the Poster and Demo session at SOSR 2018! We are looking forward to seeing your current work on networking!
Paper presentation! I presented SIXPACK at CoNEXT'17!
PC invitation! I will serve as a TPC member for HPSR 2018! We are looking forward to seeing your latest work on switching and routing!
Co-chair invitation! I will co-chair the SIGCOMM Student Research Competition 2018! More information to come!
PC invitation! I will serve as a TPC member for the APNeT 2018! We are looking forward to seeing your newest work on computer networking and systems!
PC invitation! I will serve as a TPC member for the EuroSys Doctoral Workshop 2018! Please consider submitting your current work and present it at a prestigious venue!
PC invitation! I will serve as a TPC member for SOSR 2018! Please consider submitting a paper on your latest work on Software Defined Networking!
Paper accepted! SIXPACK has been accepted to CONEXT 2017!
Paper accepted! "ENDEAVOUR: A Scalable SDN Architecture for Real-World IXPs" has been accepted to JSAC 2017!
PC invitation! I will serve as a TPC member for CCGrid 2018! Please consider submitting a paper on your latest cluster, cloud, and grid computing work.
Poster accepted! "Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps" has been accepted to SIGCOMM 2017!
PC invitation! I will serve as a TPC member for INFOCOM 2018! Please consider submitting a paper on your latest networking work.
Demo accepted! "SDN-enabled Traffic Engineering and Advanced Blackholing at IXPs" has been accepted to SOSR 2017!
PC invitation! I will serve as a TPC member for ICNP 2017! Please consider submitting a paper on your latest work on Internet network protocols.
Paper accepted! "Decentralized Consistent Updates in SDN" has been accepted to SOSR 2017!
Paper accepted! "PrIXP: Preserving the Privacy of Routing Policies at Internet eXchange Points" has been accepted to IM 2017!
PC invitation! I will serve as a TPC member for SWFAN 2017 (Infocom workshop)! Please consider submitting a paper on your latest Software-Driven Flexible and Agile Networking work.
PC invitation! I will serve as a TPC member for ITC 2017! Please consider submitting a paper for Area 2: Future Internet Architectures (incl. SDN, NFV, HPC, ICN, CCN).
Paper accepted! On the Resiliency of Static Forwarding Tables has been accepted to Transaction on Networking!
Paper accepted! COYOTE has been accepted to CONEXT 2016!
Paper accepted! Traffic Engineering with ECMP has been accepted to Transaction on Networking!
Paper accepted! SIXPACK has been accepted to the Applied Networking Research Workshop in Berlin!
Paper accepted! ez-Segway has been accepted to the Applied Networking Research Workshop in Berlin!
Paper accepted! On the Resiliency of Randomized Routing Against Multiple Edge Failures has been accepted to ICALP!
Paper presentation! I presented "The Quest for Static Resilient Routing Tables" at INFOCOM 2016!
Key themes: Large Language Models, cyber-security, resilience, software development, computer networks
The SEMLA project seeks to make the development of software systems more resilient, secure, and cost-effective. SEMLA leverages recent advancements in machine learning (ML) and artificial intelligence (AI) to automate critical yet common & time-consuming tasks in software development that often lead to catastrophic security vulnerabilities. SEMLA aims to achieve the following three objectives: (i) quickly learning about new vulnerabilities, (ii) enabling developers to generate secure code, (iii) realizing resilient infrastructure.
Link: project blog.
Start/end date: 01 Nov 2023 - 31 Oct 2025
Project cost: 12M SEK (1M EUR)
Funding body: Vinnova
Key themes: Network sythesis, benchmarking, machine learning, programmable networks, high-speed forwarding, SDN, P4, algebra
Internet networks are essential to our society. Yet, recent trends have shown a growing friction between the assumptions made decades ago and the unprecedented scale at which today's networks operate. Global electricity consumption of datacenter networks are expected to rise from 1% to 20% by 2030. To reduce energy usage, operators must today accurately capture low-level details of all the devices in a network and their traffic characteristics. As an example, the throughput of a network card may drop by 90% depending on the incoming traffic.
In this proposal, called ResoNet, we propose an ambitious research agenda that aims at developing new network synthesis methods that guarantee performance and robustness requirements. Based on our preliminary results, this may reduce energy usage of the datacenter servers by a factor of 3x.
Start/end date: 01 Jan 2022 - 31 Dec 2026
Budget: 4M SEK (400K EUR)
Funding body: Vetenskaprådet (VR) Starting Grant
Key themes: Machine learning, programmable networks, high-speed forwarding, SDN, P4
Thwarting cyberattacks is a complex problem. Traditional network technologies are not designed to learn how to distinguish legitimate traffic from malicious one but rather to forward traffic towards their destinations at the highest possible speed. In this project, called EMERGENCE, we will overcome the aforementioned challenges by designing, implementing, and deploying the first ML framework tailored for high-speed real-time network cybersecurity applications. The project is highly interdisciplinary, requiring in-depth knowledge from the fields of machine learning and network systems. To analyze the inherent volatile nature of Internet traffic, EMERGENCE will study novel scientific approaches to extract information from high-speed network devices at increasing levels of granularity.
Start/end date: 01 Jan 2021 - 31 Dec 2024
Budget: 4M SEK (400K EUR)
Other partners: RISE
Funding body: KTH Digital Futures
Key themes: Machine learning, data lab, telecommunication digital data
The objective of SE-CAID is to deploy a national telecom and digitalization data lab that broadly supports industrial and academic R&D, allowing for industries, SMEs and academia to share a broad range of telecom data and AI models. SE-CAID will be focused on: 1) building a platform and API that allows for open and controlled access of data (in distributed and centralised way) and 2) developing a process to handle the legal aspects of sharing data that does not fall into the category of open data sets.
Start/end date: 06 Dec 2019 - 05 Dec 2021
Budget: 4.5M SEK (450K EUR)
Other partners: RISE, Lund University, Ericsson, STOKAB
Funding body: Vinnova
Key themes: Programmable switches, layer-4 load balancing, P4, SDN, QUIC, TCP
Large service providers use load balancers to dispatch millions of incoming connections per second towards thousands of servers. There are two basic yet critical requirements for a load balancer: uniform load distribution of the incoming connections across the servers and per-connection-consistency (PCC), i.e., the ability to map packets belonging to the same connection to the same server even in the presence of changes in the number of active servers and load balancers. Yet, meeting both these requirements at the same time has been an elusive goal. Today’s load balancers minimize PCC violations at the price of non-uniform load distribution.
Our objective is to build highly efficient load balancer mechanisms that enable arbitrary server selection mechanisms and guarantee PCC. Check our ongoing efforts below.
View on GitHub » Read about our Cheetah LB » Watch the Cheetah talk »
Key themes: Internet Exchange Point, SDN, BGP, Network Management
The focus of the project is to enable added-value services to be provided thanks to Software-Defined Networking (SDN), on top of Internet Exchange Points and other network interconnnection fabrics. The services would relate not only to the flexibility of the interconnection fabric, but most importantly to enable the content and data center ecosystem that is present at the interconnection fabric to collaborate. The ultimate goal is to create a service marketplace on top of the ecosystem composed of Cloud/data centers, networked applications, and the interconnection fabric.
The objective of ENDEAVOUR is to address current limitations of the Internet interconnection model, as well as to open the opportunity for novel services, creating the possibility for new economic models around the created ecosystems.
Website: www.h2020-endeavour.eu
Start/end date: 01/01/2015 - 31/12/2017
Budget: 4.2M EUR
Other partners: Queen Mary University of London, University of Cambridge, DE-CIX, LAAS-CNRS, IBM Zurich
Funding body: EU Horizon 2020
Key themes: Internet Exchange Point, BGP, privacy preservation
Internet eXchange Points (IXPs), where a quickly increasing number of networks exchange routing information, play an ever growing role in Internet inter-connection. To facilitate the exchange of routes among their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This poses fundamental questions regarding the privacy guarantees of route-computation on confidential business information. Indeed, as evidenced from interaction with IXP administrators, and survey of network operators, this state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design an RS service that leverages Secure Multi-Party Computation (SMPC) techniques to keep peering policies confidential, while maintaining, and even extending, the functionalities of today's RSes. We assess the effectiveness and scalability of our system by evaluating a prototype implementation using traces of data from one of the largest IXPs in the world. Our evaluation results indicate that our RS system can scale to support privacy-preserving route-computation even at IXPs with many hundreds of member networks.
View on BitBucket » Read our short paper » Watch our talk »
Join work with : Marco Canini (KAUST), Daniel Demmler (TU Darmstadt), Michael Schapira (HUJI), Thomas Schneider, (TU Darmstadt)
Key themes: Traffic Engineering, SDN, traffic uncertainty
To optimize the flow of traffic in IP networks, operators do traffic engineering (TE), i.e., tune routing-protocol parameters in response to traffic demands. TE in IP networks typically involves configuring static link weights and splitting traffic between the resulting shortest-paths via the Equal-Cost-MultiPath (ECMP) mechanism. Unfortunately, ECMP is a notoriously cumbersome and indirect means for optimizing traffic flow, often leading to poor network performance. Also, obtaining accurate knowledge of traffic demands as the input to TE is elusive, and traffic conditions can be highly variable, further complicating TE. We leverage recently proposed schemes for increasing ECMP's expressiveness via carefully disseminated bogus information ("lies") to design COYOTE, a readily deployable TE scheme for robust and efficient network utilization. COYOTE leverages new algorithmic ideas to configure (static) traffic splitting ratios that are optimized with respect to all (even adversarially chosen) traffic scenarios within the operator's "uncertainty bounds". Our experimental analyses show that COYOTE significantly outperforms today's prevalent TE schemes in a manner that is robust to traffic uncertainty and variation. We discuss experiments with a prototype implementation of COYOTE.
Joint work with: Gábor Rétvári (Budapest University of Technology and Economics), Michael Schapira (HUJI)
Key themes: SDN, robustness, resiliency, fast failover
Fast Reroute (FRR) and other forms of immediate failover have long been used to recover from certain classes of failures without invoking the network control plane. While the set of such techniques is growing, the level of resiliency to failures that this approach can provide is not adequately understood. In this paper, we embarked upon a systematic algorithmic study of the resiliency of forwarding tables in a variety of models (i.e., deterministic/probabilistic routing, with packet-header-rewriting, with packet-duplication). Our results show that the resiliency of a routing scheme depends on the ``connectivity'' $k$ of a network, i.e., the minimum number of link deletions that partition a network. We complement our theoretical result with extensive simulations. We show that resiliency to $4$ simultaneous link failures, with limited path stretch, can be achieved without any packet modification/duplication or randomization. Furthermore, our routing schemes provide resiliency against $k-1$ failures, with limited path stretch, by storing $\log(k)$ bits in the packet header, with limited packet duplication, or with randomized forwarding technique.
Joint work with: Andrei Gurtov (Linkoping), Aleksander Madry (MIT), Slobodan Mitrovic (EPFL), Ilya Nikolaevskiy (Aalto), Aurojit Panda (UC Berkeley), Michael Schapira (HUJI), Scott Shenker (ICSI/UC Berkeley)
Key themes: Traffic Engineering, ECMP, computational complexity
To efficiently exploit network resources operators do traffic engineering (TE), i.e., adapt the routing of traffic to the prevailing demands. TE in large IP networks typically relies on configuring static link weights and splitting traffic between the resulting shortest-paths via the Equal-Cost-MultiPath (ECMP) mechanism. Yet, despite its vast popularity, crucial operational aspects of TE via ECMP are still little-understood from an algorithmic viewpoint. We embark upon a systematic algorithmic study of TE with ECMP. We first consider the standard “splittable-flow” model of TE with ECMP, put forth in [18]. We settle a long-standing open question by proving that, in general, even approximating the optimal link-weight configuration for ECMP within any constant ratio is an intractable feat. We also initiate the analytical study of TE with ECMP on specific network topologies and, in particular, datacenter networks. We prove that while TE with ECMP remains suboptimal and computationallyhard for hypercube networks, ECMP can, in contrast, provably achieve optimal traffic flow for the important category of folded Clos networks. We next investigate the approximability of TE with ECMP in the more realistic “unsplittable-flow” model and present upper and lower bounds for scheduling “elephant” flows on top of ECMP (as in, e.g., Hedera [4]). Our results complement and shed new light on past experimental and empirical studies of the performance of TE with ECMP.
Joint work with: Guy Kindler (HUJI), Michael Schapira (HUJI)
Our research group develops cutting-edge network systems with a focus on high performance and resilience. We uniquely combine aspects of low-level hardware-aware programming, algorithmic theory, and machine learning with the goal of innovating real-world applications.
Follow recent news from our group at our blog.
Associate professor
- Working on verifiable code generation with LLMs
- Working on security and LLMs
- Working on security and LLMs
- Working on security and LLMs
- Working on network functions and offloading to SmartNICs
- Working on network functions and offloading to SmartNICs
Thesis title: "Improving Megaflow Cache Performance in Open vSwitch with Coflow-Aware Branch Prediction". Link to PDF coming soon.
Thesis title: "Building Domain-Specific Sub-Models from Large Language Models using Pruning". Link to PDF.
Thesis title: "Transformer-Based Models for Code Vulnerability Detection". Link to PDF.
Thesis title: "Network Management Automation with LLMs".>
Thesis title: "Improving and Evaluating TRex Traffic Generator through P4 Switches". Link to PDF.
Thesis title: "Improving network performance with a polarization-aware routing approach". Link to PDF.
Thesis title: "Investigating the Effectiveness of Stealthy Hijacks against Public Route Collectors". Link to PDF.
Thesis title: "Investigating Causes of Jitter in Container Networking". Link to PDF.
Thesis title: "Design and evaluation of an inter-core QUIC connection migration approach for intra-server load balancing". Link to PDF.
Thesis title: "Implementation and Evaluation of In-Band Network Telemetry in P4". Link to PDF.
Thesis title: "The Design and Evaluation of a Seamless Approach to Migrate the State of QUIC Connections for Load Balancing Purposes". Link to PDF.
Thesis title: "Predictive CPU autoscaling in containerized using Holt-winters exponential smoothing and LSTM networks".
Thesis title: "On the Feasibility of Deploying Highly Resilient Data Plane Forwarding Mechanisms Using Programmable Switches".
Thesis title: "Link Criticality Characterization for Network Optimization".
Thesis title: "Mitigation of inter-domain Policy Violations at Internet eXchange Points". Link to PDF.
White to move. What is the best continuation to this brilliant chess puzzle?
You are forced to enter into a dark room. Inside the room, there is a table with $100$ non-overlapping coins placed on its surface. Each coin is either colored white or black. Once you enter the room, you cannot distinguish whether a coin has its upper side colored in black or white. You will be saved only if you will be able to partition the coins into two groups, each group with the same number of coins with the white side oriented upwards. You are allowed to flip the coins as many time as you want. Luckily, before entering the room, you overheard a vital information: 70 coins have their black side oriented upwards while the 30 remaining coins have their white side oriented upwards. Will you be able to survive?
There are $n$ prisoners serving a long-time sentence. One day, the director of the prison communicates them that the day after they will be disposed in a row in such a way that each prisoner will only be able to see the prisoners in front of him. Each prisoner will be wearing a hat, without knowing it color, which can be either black or white. As such, each prisoner does not know the color of its hat but he can see the color of the hats of the prisoners in front of him. Starting from the latter prisoner (the one that sees all the other prisoners), each prisoner will be asked to loudly guess the color of its hat by saying either "white" or black". Everyone can hear the answers. The prisoner will be killed if it fails to guess the color of its hat and it will be saved otherwise. The prisoners decides to agree on the strategy that guarantees the maximum number of survivors. How many people will survive for certain the day after?