Goddess of the Tree

Radia Perlman (born 1951) is a prominent woman in the field of software design and network engineering. She is most famous for inventing the spanning-tree protocol (STP) which is fundamental in the operation of network switching to prevent loops which would otherwise flood and crash IT networks. Radia’s work contributed to the development of the Internet and she is often given the nom de plume “the mother of the Internet” [1]. Whilst developing Spanning-tree she penned a poem called Algoryhme.

I attempt to summarise my PhD work on botnet detection by tweaking Radia's poem. My work utilises the IPFIX standard protocol to detect both C&C and P2P botnets as an improvement over the currently defacto standard NetFlow protocol. IPFIX is used to collect network traffic information and outputs the findings as a property graph, which can be used to visualise “botnests” (Figure 1) - a device hosting the botnet server which must be destroyed in order to eliminate this family of malware.

 Figure 1. A property graph created by IPFIX

displaying a “botnest” in PC #7

Bot-oryhme

I think that I shall never see
A graph more nice than property.

A graph whose reason is to be
All spider-like and lovely.

A graph that must be sure to span
Botnests contained in every LAN.

Each bot must be eliminated
By source IP it is detected.

Malware will surely never go

If only spotted with NetFlow.

This system outputs many pics

Of botnets found by IPFIX.

Bots attack folks like you and me,
Graphs destroy bots called P2P.

My contribution from my PhD

On Internet Security.

 Radia’s original poem can be found here: http://etherealmind.com/algorhyme-radia-perlman/

[1]	The Atlantic, "Radia Perlman: Don’t Call Me the Mother of the Internet," 2014. [Online]. Available: http://www.theatlantic.com/technology/archive/2014/03/radia-perlman-dont-call-me-the-mother-of-the-internet/284146/.