首页 > 最新文献

Proceedings of the Internet Measurement Conference 2018最新文献

英文 中文
When the Dike Breaks: Dissecting DNS Defenses During DDoS 当堤防破裂:剖析DDoS期间的DNS防御
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278534
G. Moura, J. Heidemann, M. Müller, R. Schmidt, Marco Davids
The Internet's Domain Name System (DNS) is a frequent target of Distributed Denial-of-Service (DDoS) attacks, but such attacks have had very different outcomes---some attacks have disabled major public websites, while the external effects of other attacks have been minimal. While on one hand the DNS protocol is relatively simple, the system has many moving parts, with multiple levels of caching and retries and replicated servers. This paper uses controlled experiments to examine how these mechanisms affect DNS resilience and latency, exploring both the client side's DNS user experience, and server-side traffic. We find that, for about 30% of clients, caching is not effective. However, when caches are full they allow about half of clients to ride out server outages that last less than cache lifetimes, caching and retries together allow up to half of the clients to tolerate DDoS attacks longer than cache lifetimes, with 90% query loss, and almost all clients to tolerate attacks resulting in 50% packet loss. While clients may get service during an attack, tail-latency increases for clients. For servers, retries during DDoS attacks increase normal traffic up to 8x. Our findings about caching and retries help explain why users see service outages from some real-world DDoS events, but minimal visible effects from others.
互联网的域名系统(DNS)是分布式拒绝服务(DDoS)攻击的常见目标,但这种攻击的结果却截然不同——一些攻击使主要的公共网站瘫痪,而其他攻击的外部影响则微乎其微。一方面,DNS协议相对简单,但该系统有许多可移动的部分,具有多级缓存、重试和复制服务器。本文使用受控实验来研究这些机制如何影响DNS弹性和延迟,探索客户端DNS用户体验和服务器端流量。我们发现,对于大约30%的客户机,缓存是无效的。然而,当缓存满时,它们允许大约一半的客户端度过持续时间少于缓存生命周期的服务器中断,缓存和重试一起允许多达一半的客户端容忍超过缓存生命周期的DDoS攻击,有90%的查询丢失,几乎所有的客户端都容忍导致50%数据包丢失的攻击。虽然客户机可能在攻击期间获得服务,但客户机的尾部延迟会增加。对于服务器来说,DDoS攻击时的重试次数会使正常流量增加8倍。我们关于缓存和重试的发现有助于解释为什么用户会在一些真实的DDoS事件中看到服务中断,而在其他事件中却看不到明显的影响。
{"title":"When the Dike Breaks: Dissecting DNS Defenses During DDoS","authors":"G. Moura, J. Heidemann, M. Müller, R. Schmidt, Marco Davids","doi":"10.1145/3278532.3278534","DOIUrl":"https://doi.org/10.1145/3278532.3278534","url":null,"abstract":"The Internet's Domain Name System (DNS) is a frequent target of Distributed Denial-of-Service (DDoS) attacks, but such attacks have had very different outcomes---some attacks have disabled major public websites, while the external effects of other attacks have been minimal. While on one hand the DNS protocol is relatively simple, the system has many moving parts, with multiple levels of caching and retries and replicated servers. This paper uses controlled experiments to examine how these mechanisms affect DNS resilience and latency, exploring both the client side's DNS user experience, and server-side traffic. We find that, for about 30% of clients, caching is not effective. However, when caches are full they allow about half of clients to ride out server outages that last less than cache lifetimes, caching and retries together allow up to half of the clients to tolerate DDoS attacks longer than cache lifetimes, with 90% query loss, and almost all clients to tolerate attacks resulting in 50% packet loss. While clients may get service during an attack, tail-latency increases for clients. For servers, retries during DDoS attacks increase normal traffic up to 8x. Our findings about caching and retries help explain why users see service outages from some real-world DDoS events, but minimal visible effects from others.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"74 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90388721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 54
Predictive Analysis in Network Function Virtualization 网络功能虚拟化中的预测分析
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278547
Zhijing Li, Zihui Ge, A. Mahimkar, Jia Wang, Ben Y. Zhao, Haitao Zheng, Joanne Emmons, L. Ogden
Recent deployments of Network Function Virtualization (NFV) architectures have gained tremendous traction. While virtualization introduces benefits such as lower costs and easier deployment of network functions, it adds additional layers that reduce transparency into faults at lower layers. To improve fault analysis and prediction for virtualized network functions (VNF), we envision a runtime predictive analysis system that runs in parallel with existing reactive monitoring systems to provide network operators timely warnings against faulty conditions. In this paper, we propose a deep learning based approach to reliably identify anomaly events from NFV system logs, and perform an empirical study using 18 consecutive months in 2016--2018 of real-world deployment data on virtualized provider edge routers. Our deep learning models, combined with customization and adaptation mechanisms, can successfully identify anomalous conditions that correlate with network trouble tickets. Analyzing these anomalies can help operators to optimize trouble ticket generation and processing rules in order to enable fast, or even proactive actions against faulty conditions.
最近网络功能虚拟化(NFV)架构的部署获得了巨大的吸引力。虽然虚拟化带来了诸如降低成本和更容易部署网络功能等好处,但它增加了额外的层,从而减少了对较低层故障的透明度。为了改进虚拟网络功能(VNF)的故障分析和预测,我们设想了一个运行时预测分析系统,该系统与现有的被动监测系统并行运行,为网络运营商提供故障情况的及时警告。在本文中,我们提出了一种基于深度学习的方法来从NFV系统日志中可靠地识别异常事件,并使用2016年至2018年虚拟化提供商边缘路由器上连续18个月的实际部署数据进行了实证研究。我们的深度学习模型,结合定制和适应机制,可以成功识别与网络故障单相关的异常情况。分析这些异常可以帮助作业者优化故障单的生成和处理规则,以便针对故障情况采取快速甚至主动的措施。
{"title":"Predictive Analysis in Network Function Virtualization","authors":"Zhijing Li, Zihui Ge, A. Mahimkar, Jia Wang, Ben Y. Zhao, Haitao Zheng, Joanne Emmons, L. Ogden","doi":"10.1145/3278532.3278547","DOIUrl":"https://doi.org/10.1145/3278532.3278547","url":null,"abstract":"Recent deployments of Network Function Virtualization (NFV) architectures have gained tremendous traction. While virtualization introduces benefits such as lower costs and easier deployment of network functions, it adds additional layers that reduce transparency into faults at lower layers. To improve fault analysis and prediction for virtualized network functions (VNF), we envision a runtime predictive analysis system that runs in parallel with existing reactive monitoring systems to provide network operators timely warnings against faulty conditions. In this paper, we propose a deep learning based approach to reliably identify anomaly events from NFV system logs, and perform an empirical study using 18 consecutive months in 2016--2018 of real-world deployment data on virtualized provider edge routers. Our deep learning models, combined with customization and adaptation mechanisms, can successfully identify anomalous conditions that correlate with network trouble tickets. Analyzing these anomalies can help operators to optimize trouble ticket generation and processing rules in order to enable fast, or even proactive actions against faulty conditions.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"76 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74184977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Mobility Support in Cellular Networks: A Measurement Study on Its Configurations and Implications 蜂窝网络中的移动性支持:对其配置和影响的测量研究
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278546
Haotian Deng, Chunyi Peng, Ans Fida, Jiayi Meng, Y. C. Hu
In this paper, we conduct the first global-scale measurement study to unveil how 30 mobile operators manage mobility support in their carrier networks. Using a novel, device-centric tool, MMLab, we are able to crawl runtime configurations without the assistance from operators. Using handoff configurations from 32,000+ cells and > 18,700 handoff instances, we uncover how policy-based handoffs work in practice. We further study how the configuration parameters affect the handoff performance and user data access. Our study exhibits three main points regarding handoff configurations. 1) Operators deploy extremely complex and diverse configurations to control how handoff is performed. 2) The setting of handoff configuration values affect data performance in a rational way. 3) While giving better control granularity over handoff procedures, such diverse configurations also lead to unexpected negative compound effects to performance and efficiency. Moreover, our study of mobility support through a device-side approach gives valuable insights to network operators, mobile users and the research community.
在本文中,我们进行了首次全球规模的测量研究,揭示了30家移动运营商如何在其运营商网络中管理移动性支持。使用一种新颖的、以设备为中心的工具MMLab,我们能够在没有运营商帮助的情况下抓取运行时配置。使用来自32,000多个单元和超过18,700个切换实例的切换配置,我们揭示了基于策略的切换在实践中是如何工作的。我们进一步研究了配置参数如何影响切换性能和用户数据访问。我们的研究展示了关于交接配置的三个要点。1)运营商部署极其复杂和多样化的配置来控制如何执行切换。2)切换配置值的设置合理影响数据性能。3)在为切换过程提供更好的控制粒度的同时,这种多样化的配置也会对性能和效率产生意想不到的负面复合效应。此外,我们通过设备端方法对移动支持的研究为网络运营商、移动用户和研究社区提供了有价值的见解。
{"title":"Mobility Support in Cellular Networks: A Measurement Study on Its Configurations and Implications","authors":"Haotian Deng, Chunyi Peng, Ans Fida, Jiayi Meng, Y. C. Hu","doi":"10.1145/3278532.3278546","DOIUrl":"https://doi.org/10.1145/3278532.3278546","url":null,"abstract":"In this paper, we conduct the first global-scale measurement study to unveil how 30 mobile operators manage mobility support in their carrier networks. Using a novel, device-centric tool, MMLab, we are able to crawl runtime configurations without the assistance from operators. Using handoff configurations from 32,000+ cells and > 18,700 handoff instances, we uncover how policy-based handoffs work in practice. We further study how the configuration parameters affect the handoff performance and user data access. Our study exhibits three main points regarding handoff configurations. 1) Operators deploy extremely complex and diverse configurations to control how handoff is performed. 2) The setting of handoff configuration values affect data performance in a rational way. 3) While giving better control granularity over handoff procedures, such diverse configurations also lead to unexpected negative compound effects to performance and efficiency. Moreover, our study of mobility support through a device-side approach gives valuable insights to network operators, mobile users and the research community.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"31 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86201404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Proceedings of the Internet Measurement Conference 2018 2018年互联网测量大会论文集
Pub Date : 2018-10-31 DOI: 10.1145/3278532
{"title":"Proceedings of the Internet Measurement Conference 2018","authors":"","doi":"10.1145/3278532","DOIUrl":"https://doi.org/10.1145/3278532","url":null,"abstract":"","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"17 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88871886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Impact of Device Performance on Mobile Internet QoE 设备性能对移动互联网QoE的影响
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278533
Mallesham Dasari, Santiago Vargas, A. Bhattacharya, A. Balasubramanian, Samir R Das, M. Ferdman
A large fraction of users in developing regions use relatively inexpensive, low-end smartphones. However, the impact of device capabilities on the performance of mobile Internet applications has not been explored. To bridge this gap, we study the QoE of three popular applications -- Web browsing, video streaming, and video telephony -- for different device parameters. Our results demonstrate that the performance of Web browsing is much more sensitive to low-end hardware than that of video applications, especially video streaming. This is because the video applications exploit specialized coprocessors/accelerators and thread-level parallelism on multi-core mobile devices. Even low-end devices are equipped with needed coprocessors and multiple cores. In contrast, Web browsing is largely influenced by clock frequency, but it uses no more than two cores. This makes the performance of Web browsing more vulnerable on low-end smartphones. Based on the lessons learned from studying video applications, we explore offloading Web computation to a coprocessor. Specifically, we explore the offloading of regular expression computation to a DSP coprocessor and show an improvement of 18% in page load time while saving energy by a factor of four.
发展中地区的很大一部分用户使用相对便宜的低端智能手机。然而,设备性能对移动互联网应用性能的影响尚未得到探讨。为了弥合这一差距,我们研究了三个流行应用程序的QoE——Web浏览、视频流和视频电话——用于不同的设备参数。我们的研究结果表明,Web浏览的性能对低端硬件的敏感性远高于视频应用,尤其是视频流。这是因为视频应用程序在多核移动设备上利用了专门的协处理器/加速器和线程级并行性。即使是低端设备也配备了所需的协处理器和多核。相比之下,Web浏览在很大程度上受时钟频率的影响,但它使用的内核不超过两个。这使得低端智能手机的网页浏览性能更加脆弱。基于研究视频应用程序的经验教训,我们探索将Web计算卸载到协处理器上。具体来说,我们探索了将正则表达式计算卸载到DSP协处理器上,并显示页面加载时间提高了18%,同时节省了四倍的能量。
{"title":"Impact of Device Performance on Mobile Internet QoE","authors":"Mallesham Dasari, Santiago Vargas, A. Bhattacharya, A. Balasubramanian, Samir R Das, M. Ferdman","doi":"10.1145/3278532.3278533","DOIUrl":"https://doi.org/10.1145/3278532.3278533","url":null,"abstract":"A large fraction of users in developing regions use relatively inexpensive, low-end smartphones. However, the impact of device capabilities on the performance of mobile Internet applications has not been explored. To bridge this gap, we study the QoE of three popular applications -- Web browsing, video streaming, and video telephony -- for different device parameters. Our results demonstrate that the performance of Web browsing is much more sensitive to low-end hardware than that of video applications, especially video streaming. This is because the video applications exploit specialized coprocessors/accelerators and thread-level parallelism on multi-core mobile devices. Even low-end devices are equipped with needed coprocessors and multiple cores. In contrast, Web browsing is largely influenced by clock frequency, but it uses no more than two cores. This makes the performance of Web browsing more vulnerable on low-end smartphones. Based on the lessons learned from studying video applications, we explore offloading Web computation to a coprocessor. Specifically, we explore the offloading of regular expression computation to a DSP coprocessor and show an improvement of 18% in page load time while saving energy by a factor of four.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"13 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88872744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild 大海捞针:在野外追踪精英网络钓鱼域名
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278569
K. Tian, Steve T. K. Jan, Hang Hu, D. Yao, G. Wang
Today's phishing websites are constantly evolving to deceive users and evade the detection. In this paper, we perform a measurement study on squatting phishing domains where the websites impersonate trusted entities not only at the page content level but also at the web domain level. To search for squatting phishing pages, we scanned five types of squatting domains over 224 million DNS records and identified 657K domains that are likely impersonating 702 popular brands. Then we build a novel machine learning classifier to detect phishing pages from both the web and mobile pages under the squatting domains. A key novelty is that our classifier is built on a careful measurement of evasive behaviors of phishing pages in practice. We introduce new features from visual analysis and optical character recognition (OCR) to overcome the heavy content obfuscation from attackers. In total, we discovered and verified 1,175 squatting phishing pages. We show that these phishing pages are used for various targeted scams, and are highly effective to evade detection. More than 90% of them successfully evaded popular blacklists for at least a month.
当今的网络钓鱼网站不断发展,欺骗用户,逃避检测。在本文中,我们对蹲式钓鱼域名进行了测量研究,其中网站不仅在页面内容级别而且在web域名级别冒充可信实体。为了搜索抢注网络钓鱼页面,我们扫描了五种类型的抢注域名,超过2.24亿个DNS记录,并确定了657K个可能冒充702个流行品牌的域名。然后,我们构建了一种新的机器学习分类器来检测来自网页和移动页面的钓鱼页面。一个关键的新颖之处在于,我们的分类器是建立在对网络钓鱼页面规避行为的仔细测量之上的。我们引入了视觉分析和光学字符识别(OCR)的新特性来克服攻击者对内容的严重混淆。我们总共发现并验证了1175个钓鱼页面。我们表明,这些网络钓鱼页面用于各种有针对性的诈骗,并且非常有效地逃避检测。超过90%的人成功地躲过了流行黑名单至少一个月。
{"title":"Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild","authors":"K. Tian, Steve T. K. Jan, Hang Hu, D. Yao, G. Wang","doi":"10.1145/3278532.3278569","DOIUrl":"https://doi.org/10.1145/3278532.3278569","url":null,"abstract":"Today's phishing websites are constantly evolving to deceive users and evade the detection. In this paper, we perform a measurement study on squatting phishing domains where the websites impersonate trusted entities not only at the page content level but also at the web domain level. To search for squatting phishing pages, we scanned five types of squatting domains over 224 million DNS records and identified 657K domains that are likely impersonating 702 popular brands. Then we build a novel machine learning classifier to detect phishing pages from both the web and mobile pages under the squatting domains. A key novelty is that our classifier is built on a careful measurement of evasive behaviors of phishing pages in practice. We introduce new features from visual analysis and optical character recognition (OCR) to overcome the heavy content obfuscation from attackers. In total, we discovered and verified 1,175 squatting phishing pages. We show that these phishing pages are used for various targeted scams, and are highly effective to evade detection. More than 90% of them successfully evaded popular blacklists for at least a month.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"18 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88833883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 104
Understanding Video Management Planes 了解视频管理平面
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278554
Zahaib Akhtar, Yun Seong Nam, Jessica Chen, R. Govindan, Ethan Katz-Bassett, Sanjay G. Rao, Jibin Zhan, Hui Zhang
While Internet video control and data planes have received much research attention, little is known about the video management plane. In this paper, using data from more than a hundred video publishers spanning two years, we characterize the video management plane and its evolution. The management plane shows significant diversity with respect to video packaging, playback device support, and CDN use, and current trends suggest increasing diversity in some of these dimensions. This diversity adds complexity to management, and we show that the complexity of many management tasks is sub-linearly correlated with the number of hours a publisher's content is viewed. Moreover, today each publisher runs an independent management plane, and this practice can lead to sub-optimal outcomes for syndicated content, such as redundancies in CDN storage and loss of control for content owners over delivery quality.
虽然网络视频控制和数据平面受到了广泛的关注,但对视频管理平面的研究却很少。本文利用两年来一百多家视频出版商的数据,对视频管理平面及其演变进行了表征。管理平面在视频封装、播放设备支持和CDN使用方面显示出显著的多样性,目前的趋势表明这些方面的多样性正在增加。这种多样性增加了管理的复杂性,我们表明,许多管理任务的复杂性与出版商的内容被浏览的小时数呈次线性相关。此外,如今每个发布者都运行一个独立的管理平面,这种做法可能会导致联合内容的次优结果,例如CDN存储的冗余以及内容所有者对交付质量的控制丧失。
{"title":"Understanding Video Management Planes","authors":"Zahaib Akhtar, Yun Seong Nam, Jessica Chen, R. Govindan, Ethan Katz-Bassett, Sanjay G. Rao, Jibin Zhan, Hui Zhang","doi":"10.1145/3278532.3278554","DOIUrl":"https://doi.org/10.1145/3278532.3278554","url":null,"abstract":"While Internet video control and data planes have received much research attention, little is known about the video management plane. In this paper, using data from more than a hundred video publishers spanning two years, we characterize the video management plane and its evolution. The management plane shows significant diversity with respect to video packaging, playback device support, and CDN use, and current trends suggest increasing diversity in some of these dimensions. This diversity adds complexity to management, and we show that the complexity of many management tasks is sub-linearly correlated with the number of hours a publisher's content is viewed. Moreover, today each publisher runs an independent management plane, and this practice can lead to sub-optimal outcomes for syndicated content, such as redundancies in CDN storage and loss of control for content owners over delivery quality.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82162463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Following Their Footsteps: Characterizing Account Automation Abuse and Defenses 跟随他们的脚步:描述帐户自动化滥用和防御
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278537
Louis F. DeKoven, Trevor Pottinger, S. Savage, G. Voelker, Nektarios Leontiadis
Online social networks routinely attract abuse from for-profit services that offer to artificially manipulate a user's social standing. In this paper, we examine five such services in depth, each advertising the ability to inflate their customer's standing on the Instagram social network. We identify the techniques used by these services to drive social actions, and how they are structured to evade straightforward detection. We characterize the dynamics of their customer base over several months and show that they are able to attract a large clientele and generate over $1M in monthly revenue. Finally, we construct controlled experiments to disrupt these services and analyze how different approaches to intervention (i.e., transparent interventions such as blocking abusive services vs. more opaque approaches such as deferred removal of artificial actions) can drive different reactions and thus provide distinct trade-offs for defenders.
在线社交网络通常会吸引那些提供人为操纵用户社会地位的盈利性服务的滥用。在本文中,我们深入研究了五个这样的服务,每个广告都有能力膨胀他们的客户在Instagram社交网络上的地位。我们确定了这些服务使用的技术来驱动社会行为,以及它们是如何构建以逃避直接检测的。我们对他们的客户群在几个月内的动态特征进行了描述,并表明他们能够吸引大量客户并产生超过100万美元的月收入。最后,我们构建了受控实验来破坏这些服务,并分析了不同的干预方法(即,透明的干预,如阻止滥用服务与更不透明的方法,如延迟删除人工操作)如何驱动不同的反应,从而为防御者提供不同的权衡。
{"title":"Following Their Footsteps: Characterizing Account Automation Abuse and Defenses","authors":"Louis F. DeKoven, Trevor Pottinger, S. Savage, G. Voelker, Nektarios Leontiadis","doi":"10.1145/3278532.3278537","DOIUrl":"https://doi.org/10.1145/3278532.3278537","url":null,"abstract":"Online social networks routinely attract abuse from for-profit services that offer to artificially manipulate a user's social standing. In this paper, we examine five such services in depth, each advertising the ability to inflate their customer's standing on the Instagram social network. We identify the techniques used by these services to drive social actions, and how they are structured to evade straightforward detection. We characterize the dynamics of their customer base over several months and show that they are able to attract a large clientele and generate over $1M in monthly revenue. Finally, we construct controlled experiments to disrupt these services and analyze how different approaches to intervention (i.e., transparent interventions such as blocking abusive services vs. more opaque approaches such as deferred removal of artificial actions) can drive different reactions and thus provide distinct trade-offs for defenders.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"2 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78879182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Advancing the Art of Internet Edge Outage Detection 推进互联网边缘中断检测技术
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278563
P. Richter, Ramakrishna Padmanabhan, N. Spring, A. Berger, D. Clark
Measuring reliability of edge networks in the Internet is difficult due to the size and heterogeneity of networks, the rarity of outages, and the difficulty of finding vantage points that can accurately capture such events at scale. In this paper, we use logs from a major CDN, detailing hourly request counts from address blocks. We discovered that in many edge address blocks, devices, collectively, contact the CDN every hour over weeks and months. We establish that a sudden temporary absence of these requests indicates a loss of Internet connectivity of those address blocks, events we call disruptions. We develop a disruption detection technique and present broad and detailed statistics on 1.5M disruption events over the course of a year. Our approach reveals that disruptions do not necessarily reflect actual service outages, but can be the result of prefix migrations. Major natural disasters are clearly represented in our data as expected; however, a large share of detected disruptions correlate well with planned human intervention during scheduled maintenance intervals, and are thus unlikely to be caused by external factors. Cross-evaluating our results we find that current state-of-the-art active outage detection over-estimates the occurrence of disruptions in some address blocks. Our observations of disruptions, service outages, and different causes for such events yield implications for the design of outage detection systems, as well as for policymakers seeking to establish reporting requirements for Internet services.
由于网络的规模和异构性、中断的稀缺性以及寻找能够大规模准确捕获此类事件的有利位置的困难,测量互联网中边缘网络的可靠性是困难的。在本文中,我们使用来自主要CDN的日志,详细描述了来自地址块的每小时请求计数。我们发现,在许多边缘地址块中,设备在数周和数月中每小时都会联系CDN。我们确定,这些请求的突然暂时缺失表明这些地址块失去了互联网连接,我们称之为中断事件。我们开发了一种中断检测技术,并提供了一年中150万次中断事件的广泛而详细的统计数据。我们的方法表明,中断并不一定反映实际的服务中断,而可能是前缀迁移的结果。正如预期的那样,我们的数据清楚地反映了重大自然灾害;然而,大部分检测到的中断与计划维护间隔期间计划的人为干预相关,因此不太可能由外部因素引起。交叉评估我们的结果,我们发现当前最先进的主动中断检测高估了某些地址块中中断的发生。我们对中断、服务中断以及此类事件的不同原因的观察,为中断检测系统的设计以及寻求建立互联网服务报告要求的政策制定者提供了启示。
{"title":"Advancing the Art of Internet Edge Outage Detection","authors":"P. Richter, Ramakrishna Padmanabhan, N. Spring, A. Berger, D. Clark","doi":"10.1145/3278532.3278563","DOIUrl":"https://doi.org/10.1145/3278532.3278563","url":null,"abstract":"Measuring reliability of edge networks in the Internet is difficult due to the size and heterogeneity of networks, the rarity of outages, and the difficulty of finding vantage points that can accurately capture such events at scale. In this paper, we use logs from a major CDN, detailing hourly request counts from address blocks. We discovered that in many edge address blocks, devices, collectively, contact the CDN every hour over weeks and months. We establish that a sudden temporary absence of these requests indicates a loss of Internet connectivity of those address blocks, events we call disruptions. We develop a disruption detection technique and present broad and detailed statistics on 1.5M disruption events over the course of a year. Our approach reveals that disruptions do not necessarily reflect actual service outages, but can be the result of prefix migrations. Major natural disasters are clearly represented in our data as expected; however, a large share of detected disruptions correlate well with planned human intervention during scheduled maintenance intervals, and are thus unlikely to be caused by external factors. Cross-evaluating our results we find that current state-of-the-art active outage detection over-estimates the occurrence of disruptions in some address blocks. Our observations of disruptions, service outages, and different causes for such events yield implications for the design of outage detection systems, as well as for policymakers seeking to establish reporting requirements for Internet services.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"18 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78393556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Is the Web Ready for OCSP Must-Staple? 网络准备好成为OCSP必备品了吗?
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278543
Taejoong Chung, J. Lok, B. Chandrasekaran, D. Choffnes, Dave Levin, B. Maggs, A. Mislove, John P. Rula, N. Sullivan, Christo Wilson
TLS, the de facto standard protocol for securing communications over the Internet, relies on a hierarchy of certificates that bind names to public keys. Naturally, ensuring that the communicating parties are using only valid certificates is a necessary first step in order to benefit from the security of TLS. To this end, most certificates and clients support OCSP, a protocol for querying a certificate's revocation status and confirming that it is still valid. Unfortunately, however, OCSP has been criticized for its slow performance, unreliability, soft-failures, and privacy issues. To address these issues, the OCSP Must-Staple certificate extension was introduced, which requires web servers to provide OCSP responses to clients during the TLS handshake, making revocation checks low-cost for clients. Whether all of the players in the web's PKI are ready to support OCSP Must-Staple, however, remains still an open question. In this paper, we take a broad look at the web's PKI and determine if all components involved---namely, certificate authorities, web server administrators, and web browsers---are ready to support OCSP Must-Staple. We find that each component does not yet fully support OCSP Must-Staple: OCSP responders are still not fully reliable, and most major web browsers and web server implementations do not fully support OCSP Must-Staple. On the bright side, only a few players need to take action to make it possible for web server administrators to begin relying on certificates with OCSP Must-Staple. Thus, we believe a much wider deployment of OCSP Must-Staple is an realistic and achievable goal.
TLS是确保互联网通信安全的事实上的标准协议,它依赖于将名称绑定到公钥的证书层次结构。当然,为了从TLS的安全性中获益,确保通信各方只使用有效的证书是必要的第一步。为此,大多数证书和客户端都支持OCSP,这是一种用于查询证书的撤销状态并确认其仍然有效的协议。然而,不幸的是,OCSP因其缓慢的性能、不可靠性、软故障和隐私问题而受到批评。为了解决这些问题,引入了OCSP Must-Staple证书扩展,它要求web服务器在TLS握手期间向客户端提供OCSP响应,从而降低客户端的吊销检查成本。然而,是否网络PKI中的所有参与者都准备好支持OCSP Must-Staple,仍然是一个悬而未决的问题。在本文中,我们对网络的PKI进行了广泛的研究,并确定是否所有涉及的组件——即证书颁发机构、web服务器管理员和web浏览器——都准备好支持OCSP Must-Staple。我们发现每个组件还没有完全支持OCSP必须订阅:OCSP响应器仍然不完全可靠,大多数主要的web浏览器和web服务器实现都不完全支持OCSP必须订阅。好的一面是,只有少数玩家需要采取行动,使web服务器管理员能够开始依赖OCSP Must-Staple证书。因此,我们相信更广泛地部署OCSP必备品是一个现实的、可以实现的目标。
{"title":"Is the Web Ready for OCSP Must-Staple?","authors":"Taejoong Chung, J. Lok, B. Chandrasekaran, D. Choffnes, Dave Levin, B. Maggs, A. Mislove, John P. Rula, N. Sullivan, Christo Wilson","doi":"10.1145/3278532.3278543","DOIUrl":"https://doi.org/10.1145/3278532.3278543","url":null,"abstract":"TLS, the de facto standard protocol for securing communications over the Internet, relies on a hierarchy of certificates that bind names to public keys. Naturally, ensuring that the communicating parties are using only valid certificates is a necessary first step in order to benefit from the security of TLS. To this end, most certificates and clients support OCSP, a protocol for querying a certificate's revocation status and confirming that it is still valid. Unfortunately, however, OCSP has been criticized for its slow performance, unreliability, soft-failures, and privacy issues. To address these issues, the OCSP Must-Staple certificate extension was introduced, which requires web servers to provide OCSP responses to clients during the TLS handshake, making revocation checks low-cost for clients. Whether all of the players in the web's PKI are ready to support OCSP Must-Staple, however, remains still an open question. In this paper, we take a broad look at the web's PKI and determine if all components involved---namely, certificate authorities, web server administrators, and web browsers---are ready to support OCSP Must-Staple. We find that each component does not yet fully support OCSP Must-Staple: OCSP responders are still not fully reliable, and most major web browsers and web server implementations do not fully support OCSP Must-Staple. On the bright side, only a few players need to take action to make it possible for web server administrators to begin relying on certificates with OCSP Must-Staple. Thus, we believe a much wider deployment of OCSP Must-Staple is an realistic and achievable goal.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"45 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87348666","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
期刊
Proceedings of the Internet Measurement Conference 2018
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1