首页 > 最新文献

Proceedings of the Internet Measurement Conference 2018最新文献

英文 中文
q-MAX: A Unified Scheme for Improving Network Measurement Throughput q-MAX:一种提高网络测量吞吐量的统一方案
Pub Date : 2019-10-21 DOI: 10.1145/3355369.3355569
Ran Ben Basat, Gil Einziger, Junzhi Gong, Jalil Moraney, D. Raz
Network measurement is an essential building block for a variety of network applications such as traffic engineering, quality of service, load-balancing and intrusion detection. Maintaining a per-flow state is often impractical due to the large number of flows, and thus modern systems use complex data structures that are updated with each incoming packet. Therefore, designing measurement applications that operate at line speed is a significant challenge in this domain. In this work, we address this challenge by providing a unified mechanism that improves the update time of a variety of network algorithms. We do so by identifying, studying, and optimizing a common algorithmic pattern that we call q-MAX. The goal is to maintain the largest q values in a stream of packets. We formally analyze the problem and introduce interval and sliding window algorithms that have a worst-case constant update time. We show that our algorithms perform up to X20 faster than library algorithms, and using these new algorithms for several popular measurement applications yields a throughput improvement of up to X12 on real network traces. Finally, we implemented the scheme within Open vSwitch, a state of the art virtual switch. We show that q-MAX based monitoring runs in line speed while current monitoring techniques are significantly slower.
网络测量是流量工程、服务质量、负载平衡和入侵检测等各种网络应用的重要组成部分。由于大量的流,维护每流状态通常是不切实际的,因此现代系统使用复杂的数据结构,随着每个传入数据包的更新而更新。因此,设计以线速运行的测量应用是该领域的重大挑战。在这项工作中,我们通过提供一种统一的机制来解决这一挑战,该机制可以改善各种网络算法的更新时间。我们通过识别、研究和优化我们称之为q-MAX的通用算法模式来做到这一点。目标是在数据包流中保持最大的q值。我们正式分析了这个问题,并引入了具有最坏情况常数更新时间的区间和滑动窗口算法。我们表明,我们的算法执行速度比库算法快20倍,并且在几个流行的测量应用中使用这些新算法,在实际网络跟踪中产生的吞吐量提高高达12倍。最后,我们在Open vSwitch中实现了该方案,Open vSwitch是最先进的虚拟交换机。我们表明,基于q-MAX的监测以线速度运行,而当前的监测技术明显较慢。
{"title":"q-MAX: A Unified Scheme for Improving Network Measurement Throughput","authors":"Ran Ben Basat, Gil Einziger, Junzhi Gong, Jalil Moraney, D. Raz","doi":"10.1145/3355369.3355569","DOIUrl":"https://doi.org/10.1145/3355369.3355569","url":null,"abstract":"Network measurement is an essential building block for a variety of network applications such as traffic engineering, quality of service, load-balancing and intrusion detection. Maintaining a per-flow state is often impractical due to the large number of flows, and thus modern systems use complex data structures that are updated with each incoming packet. Therefore, designing measurement applications that operate at line speed is a significant challenge in this domain. In this work, we address this challenge by providing a unified mechanism that improves the update time of a variety of network algorithms. We do so by identifying, studying, and optimizing a common algorithmic pattern that we call q-MAX. The goal is to maintain the largest q values in a stream of packets. We formally analyze the problem and introduce interval and sliding window algorithms that have a worst-case constant update time. We show that our algorithms perform up to X20 faster than library algorithms, and using these new algorithms for several popular measurement applications yields a throughput improvement of up to X12 on real network traces. Finally, we implemented the scheme within Open vSwitch, a state of the art virtual switch. We show that q-MAX based monitoring runs in line speed while current monitoring techniques are significantly slower.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"18 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85278249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Packet-level Overload Estimation in LTE Networks using Passive Measurements 基于被动测量的LTE网络包级过载估计
Pub Date : 2019-10-21 DOI: 10.1145/3355369.3355574
V. Adarsh, Michael Nekrasov, E. Zegura, E. Belding-Royer
Over 87% of US mobile wireless subscriptions are currently held by LTE-capable devices [34]. However, prior work has demonstrated that connectivity may not equate to usable service. Even in well-provisioned urban networks, unusually high usage (such as during a public event or after a natural disaster) can lead to overload that makes the LTE service difficult, if not impossible to use, even if the user is solidly within the coverage area. A typical approach to detect and quantify overload on LTE networks is to secure the cooperation of the network provider for access to internal metrics. An alternative approach is to deploy multiple mobile devices with active subscriptions to each mobile network operator (MNO). Both approaches are resource and time intensive. In this work, we propose a novel method to estimate overload in LTE networks using only passive measurements, and without requiring provider cooperation. We use this method to analyze packet-level traces for three commercial LTE service providers, T-Mobile, Verizon and AT&T, from several locations during both typical levels of usage and during public events that yield large, dense crowds. This study presents the first look at overload estimation through the analysis of unencrypted broadcast messages. We show that an upsurge in broadcast reject and cell barring messages can accurately detect an increase in network overload.
超过87%的美国移动无线用户目前由支持lte的设备持有[34]。然而,先前的工作已经证明,连接性可能不等于可用的服务。即使在配置良好的城市网络中,异常高的使用量(例如在公共活动期间或自然灾害之后)也可能导致过载,使LTE服务难以使用,甚至无法使用,即使用户在覆盖区域内也是如此。检测和量化LTE网络过载的典型方法是确保网络提供商的合作以访问内部指标。另一种方法是为每个移动网络运营商(MNO)部署具有活动订阅的多个移动设备。这两种方法都是资源和时间密集型的。在这项工作中,我们提出了一种新的方法,仅使用被动测量来估计LTE网络中的过载,而不需要提供商的合作。我们使用这种方法分析了三个商用LTE服务提供商(T-Mobile, Verizon和AT&T)在典型使用水平和产生大量密集人群的公共活动期间从几个地点进行的分组级跟踪。本研究通过对未加密广播消息的分析首次介绍了过载估计。我们表明,广播拒绝和小区禁止消息的激增可以准确地检测到网络过载的增加。
{"title":"Packet-level Overload Estimation in LTE Networks using Passive Measurements","authors":"V. Adarsh, Michael Nekrasov, E. Zegura, E. Belding-Royer","doi":"10.1145/3355369.3355574","DOIUrl":"https://doi.org/10.1145/3355369.3355574","url":null,"abstract":"Over 87% of US mobile wireless subscriptions are currently held by LTE-capable devices [34]. However, prior work has demonstrated that connectivity may not equate to usable service. Even in well-provisioned urban networks, unusually high usage (such as during a public event or after a natural disaster) can lead to overload that makes the LTE service difficult, if not impossible to use, even if the user is solidly within the coverage area. A typical approach to detect and quantify overload on LTE networks is to secure the cooperation of the network provider for access to internal metrics. An alternative approach is to deploy multiple mobile devices with active subscriptions to each mobile network operator (MNO). Both approaches are resource and time intensive. In this work, we propose a novel method to estimate overload in LTE networks using only passive measurements, and without requiring provider cooperation. We use this method to analyze packet-level traces for three commercial LTE service providers, T-Mobile, Verizon and AT&T, from several locations during both typical levels of usage and during public events that yield large, dense crowds. This study presents the first look at overload estimation through the analysis of unencrypted broadcast messages. We show that an upsurge in broadcast reject and cell barring messages can accurately detect an increase in network overload.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"61 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82999115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Taming Anycast in the Wild Internet 在狂野的互联网中驯服任意广播
Pub Date : 2019-10-21 DOI: 10.1145/3355369.3355573
Stephen McQuistin, Sree Priyanka Uppu, Marcel Flores
Anycast is a popular tool for deploying global, widely available systems, including DNS infrastructure and content delivery networks (CDNs). The optimization of these networks often focuses on the deployment and management of anycast sites. However, such approaches fail to consider one of the primary configurations of a large anycast network: the set of networks that receive anycast announcements at each site (i.e., an announcement configuration). Altering these configurations, even without the deployment of additional sites, can have profound impacts on both anycast site selection and round-trip times. In this study, we explore the operation and optimization of any-cast networks through the lens of deployments that have a large number of upstream service providers. We demonstrate that these many-provider anycast networks exhibit fundamentally different properties when interacting with the Internet, having a greater number of single AS hop paths and reduced dependency on each provider, compared with few-provider networks. We further examine the impact of announcement configuration changes, demonstrating that in nearly 30% of vantage point groups, round-trip time performance can be improved by more than 25%, solely by manipulating which providers receive anycast announcements. Finally, we propose DailyCatch, an empirical measurement methodology for testing and validating announcement configuration changes, and demonstrate its ability to influence user-experienced performance on a global anycast CDN.
Anycast是一种流行的工具,用于部署全球广泛可用的系统,包括DNS基础设施和内容交付网络(cdn)。这些网络的优化通常集中在任意播站点的部署和管理上。然而,这些方法没有考虑大型任意播网络的主要配置之一:在每个站点接收任意播公告的网络集(即,公告配置)。改变这些配置,即使没有部署额外的站点,也会对任意播送站点的选择和往返时间产生深远的影响。在本研究中,我们通过具有大量上游服务提供商的部署镜头来探索任意播网络的运营和优化。我们证明了这些多提供者任播网络在与Internet交互时表现出根本不同的属性,与少数提供者网络相比,它们具有更多的单个AS跳路径,并且减少了对每个提供者的依赖。我们进一步研究了公告配置更改的影响,表明在近30%的有利位置组中,仅通过操纵哪些提供商接收任意广播公告,往返时间性能就可以提高25%以上。最后,我们提出了DailyCatch,这是一种用于测试和验证公告配置更改的实证测量方法,并展示了它在全球任播CDN上影响用户体验性能的能力。
{"title":"Taming Anycast in the Wild Internet","authors":"Stephen McQuistin, Sree Priyanka Uppu, Marcel Flores","doi":"10.1145/3355369.3355573","DOIUrl":"https://doi.org/10.1145/3355369.3355573","url":null,"abstract":"Anycast is a popular tool for deploying global, widely available systems, including DNS infrastructure and content delivery networks (CDNs). The optimization of these networks often focuses on the deployment and management of anycast sites. However, such approaches fail to consider one of the primary configurations of a large anycast network: the set of networks that receive anycast announcements at each site (i.e., an announcement configuration). Altering these configurations, even without the deployment of additional sites, can have profound impacts on both anycast site selection and round-trip times. In this study, we explore the operation and optimization of any-cast networks through the lens of deployments that have a large number of upstream service providers. We demonstrate that these many-provider anycast networks exhibit fundamentally different properties when interacting with the Internet, having a greater number of single AS hop paths and reduced dependency on each provider, compared with few-provider networks. We further examine the impact of announcement configuration changes, demonstrating that in nearly 30% of vantage point groups, round-trip time performance can be improved by more than 25%, solely by manipulating which providers receive anycast announcements. Finally, we propose DailyCatch, an empirical measurement methodology for testing and validating announcement configuration changes, and demonstrate its ability to influence user-experienced performance on a global anycast CDN.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88472104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
ShamFinder: An Automated Framework for Detecting IDN Homographs ShamFinder:用于检测IDN同音异义词的自动框架
Pub Date : 2019-09-17 DOI: 10.1145/3355369.3355587
Hiroaki Suzuki, Daiki Chiba, Yoshiro Yoneya, Tatsuya Mori, Shigeki Goto
The internationalized domain name (IDN) is a mechanism that enables us to use Unicode characters in domain names. The set of Unicode characters contains several pairs of characters that are visually identical with each other; e.g., the Latin character 'a' (U+0061) and Cyrillic character 'a' (U+0430). Visually identical characters such as these are generally known as homoglyphs. IDN homograph attacks, which are widely known, abuse Unicode homoglyphs to create lookalike URLs. Although the threat posed by IDN homograph attacks is not new, the recent rise of IDN adoption in both domain name registries and web browsers has resulted in the threat of these attacks becoming increasingly widespread, leading to large-scale phishing attacks such as those targeting cryptocurrency exchange companies. In this work, we developed a framework named "ShamFinder," which is an automated scheme to detect IDN homographs. Our key contribution is the automatic construction of a homoglyph database, which can be used for direct countermeasures against the attack and to inform users about the context of an IDN homograph. Using the ShamFinder framework, we perform a large-scale measurement study that aims to understand the IDN homographs that exist in the wild. On the basis of our approach, we provide insights into an effective countermeasure against the threats caused by the IDN homograph attack.
国际化域名(IDN)是一种使我们能够在域名中使用Unicode字符的机制。Unicode字符集包含几对在视觉上彼此相同的字符;例如,拉丁字符“a”(U+0061)和西里尔字符“a”(U+0430)。视觉上相同的字符,如这些通常被称为同形文字。众所周知的IDN同形图攻击会滥用Unicode同形图来创建相似的url。虽然IDN同义词攻击构成的威胁并不新鲜,但最近域名注册机构和web浏览器中IDN采用的增加导致这些攻击的威胁变得越来越普遍,导致大规模网络钓鱼攻击,例如针对加密货币交换公司的攻击。在这项工作中,我们开发了一个名为“ShamFinder”的框架,这是一个自动检测IDN同音异义词的方案。我们的主要贡献是自动构建一个同形词数据库,该数据库可用于直接对抗攻击并告知用户有关IDN同形词的上下文。使用ShamFinder框架,我们进行了一项大规模的测量研究,旨在了解存在于野外的IDN同音异义词。在此基础上,提出了针对IDN同形词攻击的有效对策。
{"title":"ShamFinder: An Automated Framework for Detecting IDN Homographs","authors":"Hiroaki Suzuki, Daiki Chiba, Yoshiro Yoneya, Tatsuya Mori, Shigeki Goto","doi":"10.1145/3355369.3355587","DOIUrl":"https://doi.org/10.1145/3355369.3355587","url":null,"abstract":"The internationalized domain name (IDN) is a mechanism that enables us to use Unicode characters in domain names. The set of Unicode characters contains several pairs of characters that are visually identical with each other; e.g., the Latin character 'a' (U+0061) and Cyrillic character 'a' (U+0430). Visually identical characters such as these are generally known as homoglyphs. IDN homograph attacks, which are widely known, abuse Unicode homoglyphs to create lookalike URLs. Although the threat posed by IDN homograph attacks is not new, the recent rise of IDN adoption in both domain name registries and web browsers has resulted in the threat of these attacks becoming increasingly widespread, leading to large-scale phishing attacks such as those targeting cryptocurrency exchange companies. In this work, we developed a framework named \"ShamFinder,\" which is an automated scheme to detect IDN homographs. Our key contribution is the automatic construction of a homoglyph database, which can be used for direct countermeasures against the attack and to inform users about the context of an IDN homograph. Using the ShamFinder framework, we perform a large-scale measurement study that aims to understand the IDN homographs that exist in the wild. On the basis of our approach, we provide insights into an effective countermeasure against the threats caused by the IDN homograph attack.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"45 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82215333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown DDoS隐藏&寻找:关于启动服务关闭的有效性
Pub Date : 2019-09-16 DOI: 10.1145/3355369.3355590
Daniel Kopp, M. Wichtlhuber, Ingmar Poese, Jair Santanna, O. Hohlfeld, C. Dietzel
Booter services continue to provide popular DDoS-as-a-service platforms and enable anyone irrespective of their technical ability, to execute DDoS attacks with devastating impact. Since booters are a serious threat to Internet operations and can cause significant financial and reputational damage, they also draw the attention of law enforcement agencies and related counter activities. In this paper, we investigate booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting 15 booter websites in December 2018 from the perspective of a major IXP and two ISPs. We study and compare attack properties of multiple booter services by launching Gbps-level attacks against our own infrastructure. To understand spatial and temporal trends of the DDoS traffic originating from booters we scrutinize 5 months, worth of inter-domain traffic. We observe that the takedown only leads to a temporary reduction in attack traffic. Additionally, one booter was found to quickly continue operation by using a new domain for its website.
引导服务继续提供流行的DDoS即服务平台,使任何人无论其技术能力如何,都可以执行具有破坏性影响的DDoS攻击。由于booters对互联网运营构成严重威胁,并可能造成重大的财务和声誉损失,因此它们也引起了执法机构和相关反活动的注意。在本文中,我们从一个主要IXP和两个isp的角度研究了2018年12月FBI针对15个启动器网站的DDoS攻击和影响。我们通过对我们自己的基础设施发起gbps级攻击来研究和比较多个引导服务的攻击属性。为了了解来自引导器的DDoS流量的时空趋势,我们仔细检查了5个月的域间流量。我们观察到,关闭只会导致攻击流量暂时减少。此外,发现一个引导程序通过为其网站使用新域名来快速继续运行。
{"title":"DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown","authors":"Daniel Kopp, M. Wichtlhuber, Ingmar Poese, Jair Santanna, O. Hohlfeld, C. Dietzel","doi":"10.1145/3355369.3355590","DOIUrl":"https://doi.org/10.1145/3355369.3355590","url":null,"abstract":"Booter services continue to provide popular DDoS-as-a-service platforms and enable anyone irrespective of their technical ability, to execute DDoS attacks with devastating impact. Since booters are a serious threat to Internet operations and can cause significant financial and reputational damage, they also draw the attention of law enforcement agencies and related counter activities. In this paper, we investigate booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting 15 booter websites in December 2018 from the perspective of a major IXP and two ISPs. We study and compare attack properties of multiple booter services by launching Gbps-level attacks against our own infrastructure. To understand spatial and temporal trends of the DDoS traffic originating from booters we scrutinize 5 months, worth of inter-domain traffic. We observe that the takedown only leads to a temporary reduction in attack traffic. Additionally, one booter was found to quickly continue operation by using a new domain for its website.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88822314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
An Empirical Study of the Cost of DNS-over-HTTPS DNS-over-HTTPS成本的实证研究
Pub Date : 2019-09-13 DOI: 10.1145/3355369.3355575
T. Böttger, F. Cuadrado, G. Antichi, E. L. Fernandes, Gareth Tyson, Ignacio Castro, S. Uhlig
DNS is a vital component for almost every networked application. Originally it was designed as an unencrypted protocol, making user security a concern. DNS-over-HTTPS (DoH) is the latest proposal to make name resolution more secure. In this paper we study the current DNS-over-HTTPS ecosystem, especially the cost of the additional security. We start by surveying the current DoH landscape by assessing standard compliance and supported features of public DoH servers. We then compare different transports for secure DNS, to highlight the improvements DoH makes over its predecessor, DNS-over-TLS (DoT). These improvements explain in part the significantly larger take-up of DoH in comparison to DoT. Finally, we quantify the overhead incurred by the additional layers of the DoH transport and their impact on web page load times. We find that these overheads only have limited impact on page load times, suggesting that it is possible to obtain the improved security of DoH with only marginal performance impact.
DNS是几乎所有网络应用程序的重要组件。最初,它被设计为一个未加密的协议,使用户安全成为一个问题。DNS-over-HTTPS (DoH)是使名称解析更安全的最新建议。在本文中,我们研究了当前的DNS-over-HTTPS生态系统,特别是额外安全性的成本。我们首先通过评估公共DoH服务器的标准遵从性和受支持的特性来调查当前的DoH情况。然后,我们比较了安全DNS的不同传输,以突出DoH对其前身DNS-over- tls (DoT)的改进。这些改进在一定程度上解释了为什么DoH的使用率明显高于DoT。最后,我们量化了DoH传输的附加层所产生的开销以及它们对网页加载时间的影响。我们发现这些开销对页面加载时间的影响是有限的,这表明在仅对性能产生微小影响的情况下获得DoH的改进安全性是可能的。
{"title":"An Empirical Study of the Cost of DNS-over-HTTPS","authors":"T. Böttger, F. Cuadrado, G. Antichi, E. L. Fernandes, Gareth Tyson, Ignacio Castro, S. Uhlig","doi":"10.1145/3355369.3355575","DOIUrl":"https://doi.org/10.1145/3355369.3355575","url":null,"abstract":"DNS is a vital component for almost every networked application. Originally it was designed as an unencrypted protocol, making user security a concern. DNS-over-HTTPS (DoH) is the latest proposal to make name resolution more secure. In this paper we study the current DNS-over-HTTPS ecosystem, especially the cost of the additional security. We start by surveying the current DoH landscape by assessing standard compliance and supported features of public DoH servers. We then compare different transports for secure DNS, to highlight the improvements DoH makes over its predecessor, DNS-over-TLS (DoT). These improvements explain in part the significantly larger take-up of DoH in comparison to DoT. Finally, we quantify the overhead incurred by the additional layers of the DoH transport and their impact on web page load times. We find that these overheads only have limited impact on page load times, suggesting that it is possible to obtain the improved security of DoH with only marginal performance impact.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"45 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79023806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 70
Challenges in the Decentralised Web: The Mastodon Case 去中心化网络的挑战:乳齿象的案例
Pub Date : 2019-09-12 DOI: 10.1145/3355369.3355572
Aravindh Raman, Sagar Joglekar, Emiliano De Cristofaro, Nishanth R. Sastry, Gareth Tyson
The Decentralised Web (DW) has recently seen a renewed momentum, with a number of DW platforms like Mastodon, PeerTube, and Hubzilla gaining increasing traction. These offer alternatives to traditional social networks like Twitter, YouTube, and Facebook, by enabling the operation of web infrastructure and services without centralised ownership or control. Although their services differ greatly, modern DW platforms mostly rely on two key innovations: first, their open source software allows anybody to setup independent servers ("instances") that people can sign-up to and use within a local community; and second, they build on top of federation protocols so that instances can mesh together, in a peer-to-peer fashion, to offer a globally integrated platform. In this paper, we present a measurement-driven exploration of these two innovations, using a popular DW microblogging platform (Mastodon) as a case study. We focus on identifying key challenges that might disrupt continuing efforts to decentralise the web, and empirically highlight a number of properties that are creating natural pressures towards re-centralisation. Finally, our measurements shed light on the behaviour of both administrators (i.e., people setting up instances) and regular users who sign-up to the platforms, also discussing a few techniques that may address some of the issues observed.
去中心化Web (DW)最近出现了新的势头,许多DW平台,如Mastodon、PeerTube和Hubzilla获得了越来越多的关注。它们提供了传统社交网络(如Twitter、YouTube和Facebook)的替代方案,使网络基础设施和服务的运营无需集中所有权或控制权。尽管它们的服务差异很大,但现代DW平台主要依赖于两个关键的创新:首先,它们的开源软件允许任何人设置独立的服务器(“实例”),人们可以在本地社区中注册和使用;其次,它们建立在联邦协议之上,以便实例可以以点对点的方式啮合在一起,以提供一个全局集成的平台。在本文中,我们以流行的DW微博平台(Mastodon)为例,对这两种创新进行了测量驱动的探索。我们专注于识别可能破坏网络去中心化持续努力的关键挑战,并从经验上强调了一些正在对重新中心化产生自然压力的属性。最后,我们的测量揭示了管理员(即设置实例的人)和注册到平台的普通用户的行为,还讨论了一些可能解决所观察到的一些问题的技术。
{"title":"Challenges in the Decentralised Web: The Mastodon Case","authors":"Aravindh Raman, Sagar Joglekar, Emiliano De Cristofaro, Nishanth R. Sastry, Gareth Tyson","doi":"10.1145/3355369.3355572","DOIUrl":"https://doi.org/10.1145/3355369.3355572","url":null,"abstract":"The Decentralised Web (DW) has recently seen a renewed momentum, with a number of DW platforms like Mastodon, PeerTube, and Hubzilla gaining increasing traction. These offer alternatives to traditional social networks like Twitter, YouTube, and Facebook, by enabling the operation of web infrastructure and services without centralised ownership or control. Although their services differ greatly, modern DW platforms mostly rely on two key innovations: first, their open source software allows anybody to setup independent servers (\"instances\") that people can sign-up to and use within a local community; and second, they build on top of federation protocols so that instances can mesh together, in a peer-to-peer fashion, to offer a globally integrated platform. In this paper, we present a measurement-driven exploration of these two innovations, using a popular DW microblogging platform (Mastodon) as a case study. We focus on identifying key challenges that might disrupt continuing efforts to decentralise the web, and empirically highlight a number of properties that are creating natural pressures towards re-centralisation. Finally, our measurements shed light on the behaviour of both administrators (i.e., people setting up instances) and regular users who sign-up to the platforms, also discussing a few techniques that may address some of the issues observed.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"9 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78129329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
No More Chasing Waterfalls: A Measurement Study of the Header Bidding Ad-Ecosystem 不再追逐瀑布:标题竞价广告生态系统的测量研究
Pub Date : 2019-07-24 DOI: 10.1145/3355369.3355582
Michalis Pachilakis, P. Papadopoulos, E. Markatos, N. Kourtellis
In recent years, Header Bidding (HB) has gained popularity among web publishers, challenging the status quo in the ad ecosystem. Contrary to the traditional waterfall standard, HB aims to give back to publishers control of their ad inventory, increase transparency, fairness and competition among advertisers, resulting in higher ad-slot prices. Although promising, little is known about how this ad protocol works: What are HB's possible implementations, who are the major players, and what is its network and UX overhead? To address these questions, we design and implement HBDetector: a novel methodology to detect HB auctions on a website at realtime. By crawling 35,000 top Alexa websites, we collect and analyze a dataset of 800k auctions. We find that: (i) 14.28% of top websites utilize HB. (ii) Publishers prefer to collaborate with a few Demand Partners who also dominate the waterfall market. (iii) HB latency can be significantly higher (up to 3X in median case) than waterfall.
近年来,标题竞价(HB)在网络出版商中越来越受欢迎,挑战了广告生态系统的现状。与传统的瀑布模式不同,HB旨在将广告库存的控制权交还给发行商,增加透明度、公平性和广告商之间的竞争,从而提高广告位价格。虽然很有前景,但我们对这种广告协议的工作原理知之甚少:HB的可能实现是什么,谁是主要参与者,它的网络和用户体验开销是多少?为了解决这些问题,我们设计并实现了HB检测器:一种实时检测网站上HB拍卖的新方法。通过爬行35,000个顶级Alexa网站,我们收集和分析了80万次拍卖的数据集。我们发现:(1)14.28%的顶级网站使用HB。(2)发行商更愿意与少数主导瀑布游戏市场的Demand Partners合作。(iii) HB潜伏期明显高于瀑布法(中位数可达3倍)。
{"title":"No More Chasing Waterfalls: A Measurement Study of the Header Bidding Ad-Ecosystem","authors":"Michalis Pachilakis, P. Papadopoulos, E. Markatos, N. Kourtellis","doi":"10.1145/3355369.3355582","DOIUrl":"https://doi.org/10.1145/3355369.3355582","url":null,"abstract":"In recent years, Header Bidding (HB) has gained popularity among web publishers, challenging the status quo in the ad ecosystem. Contrary to the traditional waterfall standard, HB aims to give back to publishers control of their ad inventory, increase transparency, fairness and competition among advertisers, resulting in higher ad-slot prices. Although promising, little is known about how this ad protocol works: What are HB's possible implementations, who are the major players, and what is its network and UX overhead? To address these questions, we design and implement HBDetector: a novel methodology to detect HB auctions on a website at realtime. By crawling 35,000 top Alexa websites, we collect and analyze a dataset of 800k auctions. We find that: (i) 14.28% of top websites utilize HB. (ii) Publishers prefer to collaborate with a few Demand Partners who also dominate the waterfall market. (iii) HB latency can be significantly higher (up to 3X in median case) than waterfall.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84456365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth 第一眼加密挖矿恶意软件生态系统:无限制财富的十年
Pub Date : 2019-01-03 DOI: 10.1145/3355369.3355576
S. Pastrana, Guillermo Suarez-Tangil
Illicit crypto-mining leverages resources stolen from victims to mine cryptocurrencies on behalf of criminals. While recent works have analyzed one side of this threat, i.e.: web-browser cryptojacking, only commercial reports have partially covered binary-based crypto-mining malware. In this paper, we conduct the largest measurement of crypto-mining malware to date, analyzing approximately 4.5 million malware samples (1.2 million malicious miners), over a period of twelve years from 2007 to 2019. Our analysis pipeline applies both static and dynamic analysis to extract information from the samples, such as wallet identifiers and mining pools. Together with OSINT data, this information is used to group samples into campaigns. We then analyze publicly-available payments sent to the wallets from mining-pools as a reward for mining, and estimate profits for the different campaigns. All this together is is done in a fully automated fashion, which enables us to leverage measurement-based findings of illicit crypto-mining at scale. Our profit analysis reveals campaigns with multi-million earnings, associating over 4.4% of Monero with illicit mining. We analyze the infrastructure related with the different campaigns, showing that a high proportion of this ecosystem is supported by underground economies such as Pay-Per-Install services. We also uncover novel techniques that allow criminals to run successful campaigns.
非法加密挖矿利用从受害者那里窃取的资源来代表罪犯挖掘加密货币。虽然最近的工作已经分析了这种威胁的一个方面,即:web浏览器加密劫持,但只有商业报告部分涵盖了基于二进制的加密挖掘恶意软件。在本文中,我们对迄今为止最大的加密挖矿恶意软件进行了测量,在2007年至2019年的12年间分析了大约450万个恶意软件样本(120万个恶意矿工)。我们的分析管道应用静态和动态分析来从样本中提取信息,例如钱包标识符和矿池。与OSINT数据一起,这些信息用于将样本分组到活动中。然后,我们分析从矿池发送到钱包的公开可用付款作为采矿奖励,并估计不同活动的利润。所有这些都是以完全自动化的方式完成的,这使我们能够大规模利用基于测量的非法加密挖矿结果。我们的利润分析显示,有数百万美元的收入,超过4.4%的门罗币与非法采矿有关。我们分析了与不同活动相关的基础设施,表明这个生态系统的很大一部分是由地下经济(如按安装付费服务)支持的。我们还发现了允许犯罪分子成功开展活动的新技术。
{"title":"A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth","authors":"S. Pastrana, Guillermo Suarez-Tangil","doi":"10.1145/3355369.3355576","DOIUrl":"https://doi.org/10.1145/3355369.3355576","url":null,"abstract":"Illicit crypto-mining leverages resources stolen from victims to mine cryptocurrencies on behalf of criminals. While recent works have analyzed one side of this threat, i.e.: web-browser cryptojacking, only commercial reports have partially covered binary-based crypto-mining malware. In this paper, we conduct the largest measurement of crypto-mining malware to date, analyzing approximately 4.5 million malware samples (1.2 million malicious miners), over a period of twelve years from 2007 to 2019. Our analysis pipeline applies both static and dynamic analysis to extract information from the samples, such as wallet identifiers and mining pools. Together with OSINT data, this information is used to group samples into campaigns. We then analyze publicly-available payments sent to the wallets from mining-pools as a reward for mining, and estimate profits for the different campaigns. All this together is is done in a fully automated fashion, which enables us to leverage measurement-based findings of illicit crypto-mining at scale. Our profit analysis reveals campaigns with multi-million earnings, associating over 4.4% of Monero with illicit mining. We analyze the infrastructure related with the different campaigns, showing that a high proportion of this ecosystem is supported by underground economies such as Pay-Per-Install services. We also uncover novel techniques that allow criminals to run successful campaigns.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"36 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-01-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74164997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 70
Proceedings of the Internet Measurement Conference 互联网测量会议论文集
Pub Date : 2019-01-01 DOI: 10.1145/3355369
{"title":"Proceedings of the Internet Measurement Conference","authors":"","doi":"10.1145/3355369","DOIUrl":"https://doi.org/10.1145/3355369","url":null,"abstract":"","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"26 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77573234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
期刊
Proceedings of the Internet Measurement Conference 2018
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1