Craig Labovitz

Current

Craig Labovitz is Chief Scientist at Arbor Networks where he is responsible for the core technology, architecture and commercial strategy behind Arbor's successful carrier security products.

Dr. Labovitz is a recognized expert on Internet infrastructure security and cyber threats. His research lead both to the technology in Arbor's carrier security products as well as ATLAS, Arbor Network's global, real-time Internet infrastructure security monitoring system. Labovitz's analysis of Internet scale threats and traffic, including government censorship, DDoS and the evolution of Internet peering, has generated important new findings and garnered global media attention. In a recent article, Wired Magazine praised ATLAS as "likely knowing more about the Internet's ebbs and flows than anyone outside of the National Security Agency".

In the 1990s, his research demonstrated fundamental limitations in the core routing architecture of the Internet. His seminal work on Internet routing stability and convergence served as a catalyst for significant changes in commercial Internet routing software implementation and impacted routing policies employed by Internet Service Providers throughout the world. His work was recently recognized with an ACM SIGCOMM Test of Time Award in 2008.

His security and traffic engineering technology commercialized at Arbor is deployed in more than 400 Internet Service Providers, cable operators, content providers, and mission-critical networks around the globe. Today, over 70 percent of Internet backbone transit traffic is protected by products stemming from his research. Tektronix Communications, a division of Danaher, acquired Arbor in August, 2010.

In addition to his extensive commercial product and research background, Dr. Labovitz has over a decade of operational network engineering experience. He served as one of the original engineers for the NSFNet backbone and later the Internet Routing Registry and Routing Arbiter. He has also served as a consultant on diverse range of network engineering projects, including Sprint's first Internet email infrastructure, design of the Department of Defense research network, and the first commercial aviation Internet service. Labovitz also played important roles in early IPv6 engineering and the 6Bone precursor to the today's IPv6 Internet. Dr. Labovitz is an active participant in the global network engineering community, including service on the program committee and as the Chair of North American Network Operators Group (NANOG).

Dr. Labovitz's research interests include large scale distributed systems, fixed and mobile carrier infrastructure security, traffic engineering, and network architectures.

Labovitz is the author of more than a dozen peer-reviewed networking research papers, journal articles and patents. His research has been cited thousands of times in national media articles and academic publications. He is a frequent speaker at industry and academic conferences. Dr. Labovitz received his PhD and MSE from the University of Michigan and his BSE from the University of Pennsylvania.

Background

Chief Scientist, Arbor Networks (2007-present)
Responsible for overall company strategy, technical direction, research, and product design / architecture as well as company and product evangelism.

Chief Architect, Arbor Networks (2003-2007)
Product development, engineering group management, technical leadership, design of all security detection and mitigation algorithms.

Director of Engineering, Arbor Networks (2001-2003)
Engineering / QA management. Product management, design, and development. Sales engineering and support.

Microsoft (1999-2001)
Member of the Networking and Systems Research Group contributing to the first Windows IPv6 implementation (including v6 Routing) and conducting network security and routing research.

Principal Investigator, Merit Networks (1996-2000)
Principal investigator and project director of several National Science Foundation and industry (MSF, Microsoft, Intel) research projects. Directed team of faculty, graduate student and professional staff researchers.

Director of Engineering, Merit Networks (1996-2000)
Managed research and development group working on next-generation technologies, including IPv6, wireless and security. Additional responsibilities included Internet Routing Registry development and commercial service, NANOG (including serving as the conference chair), the Routing Arbiter project and several National Science Foundation and Defense Department research grants.

Backbone Engineer, Merit Networks (1992-1996)
NSFNet backbone engineering and oncall / operations / planning. Responsible for router configuration, tool development, network trouble-shooting and operations.

Cardiothoracic Imaging Research Center, Researcher (1990-1992)
Member of research team developing image processing algorithms and visualization techniques for large-scale volumetric studies of the heart.

Education

University of Michigan
Phd (dissertation: "Scalability of the Internet Routing Infrastructure")
MSE Computer Science Engineering

University of Pennsylvania
BSE Computer Science / Electrical Engineering
Minor in Mathematics
Cum Laude

Selected Papers

Internet Inter-Domain Traffic
Craig Labovitz, Scott Iekel-Johnson, Danny McPherson, Jon Oberheide, and Farnam Jahanian
Proceedings of ACM SIGCOMM 2010, New Delhi. August, 2010.
PDF Slides

Experiences With Monitoring OSPF on a Regional Service Provider Network
David Watson, Farnam Jahanian and Craig Labovitz
Proceedings of the 23rd International Conference on Distributed Computing Systems. May 19-22, 2003.
PDF

The Impact of Internet Policy and Topology on Delayed Routing Convergence
Craig Labovitz, Abha Ahuja and Roger Wattenhofer
Proceedings of IEEE INFOCOM 2001
PDF

Delayed Internet Routing Convergence
Craig Labovitz, Abha Ahuja, Abhijit Bose, and Farnam Jahanian
Proceedings of ACM SIGCOMM 2000
Version also appeared in IEEE/ACM Transactions on Networking 2001.
PDF Slides

Origins of Internet Routing Instability
Craig Labovitz, Gerald Malan, and Farnam Jahanian
Proceedings of IEEE INFOCOM 1999
PDF

Experimental Study of Internet Stability and Wide-Area Backbone Failures
Craig Labovitz, Abha Ahuja, and Farnam Jahanian
Proc. International Symposium on Fault-Tolerant Computing 1998
PDF

Internet Routing Instability
Craig Labovitz, G. Robert Malan and Farnam Jahanian
Proceedings of ACM SIGCOMM 1997, Cannes, France.
Also version appeared in IEEE/ACM Transactions on Networking 1997
1998 Best Paper Award
2008 ACM Test of Time Award
PDF

Selected Technical Reports

Six Months, Six Providers and IPv6
Craig Labovitz. March, 2011

World-Wide Network Infrastructure Security Report VI
Craig Labovitz, Roland Dobbins and Carlos Morales. January, 2011.

World-Wide Network Infrastructure Security Report V
Craig Labovitz, Roland Dobbins and Danny McPherson. January, 2010.

Tracking the IPv6 Migration
Scott Iekel-Johnson, Craig Labovitz, and Danny McPherson
Arbor Technical Report, August 2008.

World-Wide Network Infrastructure Security Report IV
Craig Labovitz, and Danny McPherson. January, 2009.

World-Wide Network Infrastructure Security Report III
Craig Labovitz, Danny McPherson and Mike Hollyman. Sept, 2007.

Shining Light on Dark Address Space
Craig Labovitz, Abha Ahuja, Michael Bailey. December, 2001.

World-Wide Network Infrastructure Security Report II
Craig Labovitz and Danny McPherson. Sept, 2006.

World-Wide Network Infrastructure Security Report I
Craig Labovitz and Danny McPherson. Sept, 2005.

Selected Recent Presentations

Internet Traffic 2007 - 2011
Global Peering Forum. Santi Monica, CA. April 2011.
Slides Conference

3G Mobile/Packet Core Security and Engineering Challenges
A look at mobile infrastructure security trends and open problems including 3G attack surface and protocol vulnerabilities. NANOG 51. Miami, Florida. February 2011.
Slides Conference

Egypt Traffic Disruption
Presentation at NANOG security BOF on ongoing Egypt traffic disruptions. Slides also presented during main session lightening talks. NANOG 51. Miami, Florida. February 2011.
Slides

How Not to Start a Startup and Save the Internet
Xconomy Forum: 5x5. A presentation on the history of the Internet, Arbor's startup "big-idea" and the future of network security. Boston, MA. December 8, 2010.
Slides Conference

Rethinking Computing
ATT CyberSecurity Conference panel discussion. October 13 2010. Middletown, NJ
Conference

Botnets, DDoS and Ground-Truth -- A Look at 5,000 Operator Confirmed Attacks
NANOG50. Atlanta, Georgia. October 3, 2010
Slides Conference

The End of the Internet and Why Analysts Should Care
Yankee Group Quarterly Meeting. Invited talk. Boston, MA. September 29, 2010.

Internet Inter-domain Traffic
ACM SIGCOMM. New Delhi, India. August 2010.
Slides Conference Paper

The Rapid Consolidation of Internet Content
IETF 77 Plenary / Keynote. Invited Talk. Anaheim, CA. March 2010.
Slides

The Future of Internet Traffic and Topology
Telefonica / Cambridge 2020 Networking Summit. Invited talk. Madrid, Spain. June 2010.
Conference

Fifth Annual Infrastructure Security Survey
NANOG 48. Atlanta Georgia, 2010.
Slides Conference

2009 Internet Observatory Report
NANOG 47. Dearborn, Michigan. October 2009.
Slides Conference

A One Year Measurement Study of IPv6 Inter-Domain Traffic in the Internet
NANOG 44. Los Angelas, CA. October 2008.
Slides Conference

BGP Flow Specification
NANOG 38. St. Louis, Missouri. October 2006.
Slides Conference

Research Projects

IPv6 Routing Security
(1 yr / Microsoft grant, principal investigator)
Developed IPv6 routing implementation for the Microsoft Windows / NT platform and researched security implications.
Internet Measurement Performance Analysis (IPMA)
(3 yr / $1.8 million NSF grant, principal investigator)
A large scale study of the evolving commercial Internet routing and IXP / peering infrastructure. Project developed some of the first Internet visualization and traffic analysis tools. Research uncovered significant unexpected properties / flaws in Internet routing and security.
Merit Routing Toolkit (MRT)
(2 yr / $1.2 million NSF grant, principal investigator)
One of the first open-source implementations of core routing protocols (BGP, OSPF, RIP, etc.) and IPv6 protocols. The project explored scalability of Internet routing and uncovered wide-spread, critical flaws in most commercial routers. Now an IETF standard, MRT protocols form the basis for most routing protocol export / storage.

Representative Recent Press

CBC Radio. Kill Switch. Guest on national Canadian radio interview show discussing technology behind Egyptian Internet outage and threats to North American networks. February 14, 2011.
CBS Evening News. "Egyptian Internet Crackdown". Interview on national television news about my analysis of Egyptian Internet traffic. Story includes reference to my graphs of Egypt Internet data. January 31, 2010.
CNN. Reports say Egypt Web shutdown is coordinated, extensive. Print and television interview on Egyptian Internet outage. Reports also highlight my graphic of Egypt Internet traffic. January 30, 2011.
USA Today. "Cyberattacks on company websites intensify". Story on growing DDoS attacks and Internet worms based on interview and my papers / blog posts. January 5, 2010.
San FranCisco Chronicle. "'Cyber war' damage minor, but threat isn't". Story on the threat of hactivists and Cyberwar based on interviews and my blog posts. December 11, 2010.
Washington Post. "WikiLeaks hit with two cyber-attacks". Story on Wikileaks Cablegate DDoS attack based on interview and my blog post. December 1, 2010.
Wall Street Journal. "WikiLeaks Using Amazon Servers After Attack". Article cites my Wikileaks attack analysis. November 29, 2010.
MIT Technology Review. "Wikileaks Isn't Going Anywhere". Article cites my Wikileaks attack analysis. November 29, 2010.
PCWorld. "China Internet 'Hijack' Called Exaggeration". Interview and article cites by China Hijack blog post. Nov 21, 2010.
BBC. "Burma hit by massive net attack ahead of election". Interview and article based on my Burma DDoS analysis / blog. November 4, 2010.
CNN. "Google accounts for 6.4 percent of internet traffic". Article cites my research on Google traffic growth. October 26, 2010.
IEEE Computer Magazine. "Network-Usage Changes Push Internet Traffic to the Edge". Extensive interview and story primarily based on my inter-domain traffic research. October 2010.
Network World. "Gap Between IPv4 Depletion, IPv6 Adoption Widens". Article cites my research on IPv6 deployment. October 18, 2010.
PC Magazine. "IPV4 to IPv6 IP Address Transition Becoming Critical". Interview and article cites my research on security implications of IPv4 exhaustion. October 18, 2010.
Forbes. "Forbes Facebook Downtime: IT Outage Or Under Attack?". Article cites my analysis of Facebook outage. September, 24, 2010.
Forbes. "World Cup Means Validation, Not Cash". Article reference my blog and traffic analysis research. June 28, 2010.
BBC. "The World Cup: The Internet gets through". Article based on World Cup traffic blog post. June 2010.
Financial Times. "Backlash as data traffic explodes". Interview and articles cites my research on security and traffic trends. April 9, 2010.
Slashdot. "YouTube's Bandwidth Bill May be Zero". March 4, 2010.
BBC Radio. "Where next for the web?". Fifteen minute national radio interview exploring the evolution of Internet security and traffic patterns. March 3, 2010.
New York Times. "Scientists Strive to Map the Shape-Shifting Net". Interview and article references Internet Observatory research. February 2010.
IEEE Internet Computing. "New Internet Economics Might Not Make It to the Edge". Extensive interviews and discussion based on Observatory research. January/February 2010 (vol. 14 no. 1)
The Guardian. "The Dark Side of the Internet". Interview on Internet security trends. November 11, 2009.
Wired. "Peer-to-Peer Passe". Article references my SIGCOMM paper and traffic research. October 21, 2009.
Wired. "YouTube's Bandwidth Bill Is Zero. Welcome to the New Net", October 17, 2009.
Slashdot. "Technology: Internet Traffic Shifting Away From Tier-1 Carriers". October 16, 2009.
Forbes. "The Mega Sites: Bigger Than Facebook". Article references my Internet Inter-domain traffic research. October 5, 2009.
New York Times. "Breakfast Can Wait. The Day's First Stop Is Online". Story based on interview and my analysis of US traffic patterns. August 2009.
BBC Television. "Iranian Government Crackdown". Prime time national news interview with Rory Cellan-Jones on the Iranian government's Internet crackdown. June 23, 2009.
Wall Street Journal. "Iran Cracks Down on Internet Use, Foreign Media". Interview and article extensively references my blog posts. June 17, 2009

Patents

System and Method for Correlating Traffic and Routing Information
Craig H. Labovitz. United States patent 7,529,192. Issued May 13, 2010.
Patent describes core technology behind Arbor's traffic engineering product and topology based DDoS detection.

Method and System for Annotating Network Flow Information
Craig Labovitz, Joseph Eggleston, and Scott Iekel-Johnson. June, 2008. (pending)
Patent describes key distributed communication protocol used by Arbor products to synchronize large volumes of traffic and security data between appliances.

Method and System for Monitoring Control Signal Traffic over a Computer Network
Craig Labovitz. United States Patent 7,844,696. Issued November 30, 2010.
Patent describes Arbor technology for detecting infrastructure attacks through the analysis of router telemetry (routing and flow statistics).

System and Method for Decreasing Convergence Time in Routing Information
Craig Labovitz. (Microsoft, pending) June 8, 2001.

Selected Blog Posts

"The Internet Goes to War"
Detailed statistics on Wikileaks and 5,000 confirmed DDoS attacks over the last year. December 14. 2010.
"Wikileaks Cablegate Attack"
Analysis confirming Wikileaks "Cablegate" DDoS attack at modest 2-4 Gbps and likely from a small set of sources. November 29, 2010.
"China Hijacks 15% of Internet Traffic?"
Analysis of the April 8, 2010 China Telecom BGP hijack and critical examination of inaccuracies in press coverage. November 19, 2010.
"DDoS Disrupts Burma Internet"
Large 15Gbps DDoS severs Burma Internet traffic. Analysis of the attack and discussion. November 2, 2010.
"Takedown"
Analysis of FBI takedown of video streaming sites. July 2, 2010.
"How Big is Google?"
Estimates of Google's global Internet traffic impact and analysis of peering policies. March 16, 2010.
"The Battle Of The Hyper Giants (Part I)"
Analysis of Microsoft, Google and Facebook cloud strategies. April, 2010. (forbes.com link)
"Iranian Traffic Engineering"
Analysis of the Iranian government's efforts to censor Internet traffic following the contested 2009 elections. June 17, 2009.
"A Deeper Look at The Iranian Firewall"
In-depth research on Iran firewall behavior / operations. June 18, 2009.
"The Great GoogleLapse"
Google goes down. May 14, 2009.
"The End is Near, but is IPv6?"
The IPv6 deployment effort has failed. The Internet is in trouble. August 2008.

Recent Students / Interns

Kelsey Harris (Dartmouth undergraduate, summer 2010)
Haakon Ringberg (Princeton PhD student, summer 2009)

Community Service

NANOG:
Conference Chair 1998-2001
Program Committee: 1998-2005.

IETF:
Contributor to IDR, RPSL, GROW and CIDR working groups
Co-author of MRT RFC
Contributor to FlowSpec RFC

Internet2:
Routing and Security Research Working Groups

Open Source Code:
MRT: One of the first open source routing libraries (BGP, OSPF, RIP, etc).
IRRd: Internet routing registry daemon used in production by a number of the registries.

Academic Program Committees:
ACM CoNEXT 2011 (conference site)
SIGCOMM, INFOCOM, IMC, FTCS, PAM
IEEE / ACM Transactions on Networking

Industry and Government Panels:
FCC Open Internet Challenge 2011 Judge (FCC Challenge Web Site )
Various NSF review panels / grant proposals
Various textbook reviews (Interconnections, Routing in the Internet, etc.)

Tutorials

Backbone Attack Detection and Mitigation Methodologies
Danny McPherson, Craig Labovitz, and Farnam Jahanian
Tutorial at the ACM SIGCOMM 2005 Conference in Philadelphia, PA.

Various security seminars and training for carriers and government organizations.

Awards

1997 University of Michigan Teaching Excellence Award
1998 ACM SIGCOMM Best Paper Award
2008 ACM Test of Time Award (press release and panel discussion)

More than 20 company and innovation awards granted to Arbor Networks since 2001 including Techworld Award for Security Product Of The Year, Information Security Product Award, and Inc 500 Award.