The Internet, in spite of an overprovisioned core, cannot deliver user-specified on-demand QoS: Mahatma, who has a 100 Mbps access link from his PC at Purdue, cannot make a telephone quality call to Sidharta, with similar access bandwidth, on the west coast; never mind TV quality video conferencing. What are the reasons underlying this limitation? How can they be overcome? What is a realizable solution for the Internet? The project tackles these questions, with the aim of enabling a QoS-enhanced Internet through Q-Bahn, a deployable technology where the "QoS rubber meets the road."

Internet traffic exhibits strong correlation at large time scales, whose cause is intimately tied to the structure of the payload being carried: most transfers are short-lived, but a few very long-lived transfers contribute the bulk of the total traffic. Our studies show that different protocols are suited for each type, predictive control for long-lived flows and optimistic control for short-lived flows. Workload-sensitivity helps mitigate the reactive cost of feedback controls, including TCP, in WAN environments where feedback latency is large.

Securing the Internet against cyber attacks, including DDoS and worm attacks, is a pressing problem. Past approaches to network security have focused on localized solutions, targeted at shielding a single, confined entity from outside influences. The distributed nature of modern cyber attacks limits the effectiveness of localized methods, necessitating distributed solutions that protect the system as a whole through synergistic security actions. Our work in distributed filtering shows that significant protection, proactive and reactive, can be achieved through selective incremental deployment.