首页 > 最新文献

Proceedings of the Internet Measurement Conference 2018最新文献

英文 中文
Measuring Ethereum Network Peers 测量以太坊网络节点
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278542
S. K. Kim, Zane Ma, Siddharth Murali, Joshua Mason, Andrew K. Miller, Michael Bailey
Ethereum, the second-largest cryptocurrency valued at a peak of $138 billion in 2018, is a decentralized, Turing-complete computing platform. Although the stability and security of Ethereum---and blockchain systems in general---have been widely-studied, most analysis has focused on application level features of these systems such as cryptographic mining challenges, smart contract semantics, or block mining operators. Little attention has been paid to the underlying peer-to-peer (P2P) networks that are responsible for information propagation and that enable blockchain consensus. In this work, we develop NodeFinder to measure this previously opaque network at scale and illuminate the properties of its nodes. We analyze the Ethereum network from two vantage points: a three-month long view of nodes on the P2P network, and a single day snapshot of the Ethereum Mainnet peers. We uncover a noisy DEVp2p ecosystem in which fewer than half of all nodes contribute to the Ethereum Mainnet. Through a comparison with other previously studied P2P networks including BitTorrent, Gnutella, and Bitcoin, we find that Ethereum differs in both network size and geographical distribution.
以太坊是2018年价值1380亿美元的第二大加密货币,是一个去中心化的图灵完备计算平台。尽管以太坊和区块链系统的稳定性和安全性已经得到了广泛的研究,但大多数分析都集中在这些系统的应用层特征上,如加密挖掘挑战、智能合约语义或区块挖掘运营商。很少有人关注底层的点对点(P2P)网络,这些网络负责信息传播并实现区块链共识。在这项工作中,我们开发了NodeFinder来大规模测量这个以前不透明的网络,并阐明其节点的属性。我们从两个有利的角度分析以太坊网络:P2P网络上节点的三个月长期视图,以及以太坊主网对等节点的一天快照。我们发现了一个嘈杂的DEVp2p生态系统,其中不到一半的节点为以太坊主网做出了贡献。通过与之前研究的其他P2P网络(包括BitTorrent, Gnutella和Bitcoin)的比较,我们发现以太坊在网络规模和地理分布上都有所不同。
{"title":"Measuring Ethereum Network Peers","authors":"S. K. Kim, Zane Ma, Siddharth Murali, Joshua Mason, Andrew K. Miller, Michael Bailey","doi":"10.1145/3278532.3278542","DOIUrl":"https://doi.org/10.1145/3278532.3278542","url":null,"abstract":"Ethereum, the second-largest cryptocurrency valued at a peak of $138 billion in 2018, is a decentralized, Turing-complete computing platform. Although the stability and security of Ethereum---and blockchain systems in general---have been widely-studied, most analysis has focused on application level features of these systems such as cryptographic mining challenges, smart contract semantics, or block mining operators. Little attention has been paid to the underlying peer-to-peer (P2P) networks that are responsible for information propagation and that enable blockchain consensus. In this work, we develop NodeFinder to measure this previously opaque network at scale and illuminate the properties of its nodes. We analyze the Ethereum network from two vantage points: a three-month long view of nodes on the P2P network, and a single day snapshot of the Ethereum Mainnet peers. We uncover a noisy DEVp2p ecosystem in which fewer than half of all nodes contribute to the Ethereum Mainnet. Through a comparison with other previously studied P2P networks including BitTorrent, Gnutella, and Bitcoin, we find that Ethereum differs in both network size and geographical distribution.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"74 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74567505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 124
Analyzing Ethereum's Contract Topology 分析以太坊的合约拓扑
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278575
Lucianna Kiffer, Dave Levin, A. Mislove
Ethereum is the second most valuable cryptocurrency today, with a current market cap of over $68B. What sets Ethereum apart from other cryptocurrencies is that it uses the blockchain to not only store a record of transactions, but also smart contracts and a history of calls made to those contracts. Thus, Ethereum represents a new form of distributed system: one where users can implement contracts that can provide functionality such as voting protocols, crowdfunding projects, betting agreements, and many more. However, despite the massive investment, little is known about how contracts in Ethereum are actually created and used. In this paper, we examine how contracts in Ethereum are created, and how users and contracts interact with one another. We modify the geth client to log all such interactions, and find that contracts today are three times more likely to be created by other contracts than they are by users, and that over 60% of contracts have never been interacted with. Additionally, we obtain the bytecode of all contracts and look for similarity; we find that less than 10% of user-created contracts are unique, and less than 1% of contract-created contracts are so. Clustering the contracts based on code similarity reveals even further similarity. These results indicate that there is substantial code re-use in Ethereum, suggesting that bugs in such contracts could have wide-spread impact on the Ethereum user population.
以太坊是当今第二大最有价值的加密货币,目前的市值超过680亿美元。以太坊与其他加密货币的区别在于,它不仅使用区块链存储交易记录,还使用智能合约和对这些合约的调用历史。因此,以太坊代表了一种新的分布式系统形式:用户可以实现可以提供投票协议、众筹项目、投注协议等功能的合同。然而,尽管投入了大量资金,但人们对以太坊中的合约实际上是如何创建和使用的知之甚少。在本文中,我们研究了以太坊中的合约是如何创建的,以及用户和合约如何相互交互。我们修改geth客户端以记录所有此类交互,并发现今天的合约由其他合约创建的可能性是由用户创建的可能性的三倍,并且超过60%的合约从未与之交互。此外,我们获得所有合约的字节码并寻找相似性;我们发现,只有不到10%的用户创建的合同是唯一的,而只有不到1%的合同创建的合同是唯一的。基于代码相似度对契约进行聚类可以揭示更多的相似度。这些结果表明,以太坊中存在大量代码重用,这表明此类合约中的漏洞可能会对以太坊用户群体产生广泛的影响。
{"title":"Analyzing Ethereum's Contract Topology","authors":"Lucianna Kiffer, Dave Levin, A. Mislove","doi":"10.1145/3278532.3278575","DOIUrl":"https://doi.org/10.1145/3278532.3278575","url":null,"abstract":"Ethereum is the second most valuable cryptocurrency today, with a current market cap of over $68B. What sets Ethereum apart from other cryptocurrencies is that it uses the blockchain to not only store a record of transactions, but also smart contracts and a history of calls made to those contracts. Thus, Ethereum represents a new form of distributed system: one where users can implement contracts that can provide functionality such as voting protocols, crowdfunding projects, betting agreements, and many more. However, despite the massive investment, little is known about how contracts in Ethereum are actually created and used. In this paper, we examine how contracts in Ethereum are created, and how users and contracts interact with one another. We modify the geth client to log all such interactions, and find that contracts today are three times more likely to be created by other contracts than they are by users, and that over 60% of contracts have never been interacted with. Additionally, we obtain the bytecode of all contracts and look for similarity; we find that less than 10% of user-created contracts are unique, and less than 1% of contract-created contracts are so. Clustering the contracts based on code similarity reveals even further similarity. These results indicate that there is substantial code re-use in Ethereum, suggesting that bugs in such contracts could have wide-spread impact on the Ethereum user population.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"52 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80832351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
An Empirical Analysis of the Commercial VPN Ecosystem 商业VPN生态系统的实证分析
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278570
Mohammad Taha Khan, Joe DeBlasio, G. Voelker, A. Snoeren, Chris Kanich, N. Vallina-Rodriguez
Global Internet users increasingly rely on virtual private network (VPN) services to preserve their privacy, circumvent censorship, and access geo-filtered content. Due to their own lack of technical sophistication and the opaque nature of VPN clients, however, the vast majority of users have limited means to verify a given VPN service's claims along any of these dimensions. We design an active measurement system to test various infrastructural and privacy aspects of VPN services and evaluate 62 commercial providers. Our results suggest that while commercial VPN services seem, on the whole, less likely to intercept or tamper with user traffic than other, previously studied forms of traffic proxying, many VPNs do leak user traffic---perhaps inadvertently---through a variety of means. We also find that a non-trivial fraction of VPN providers transparently proxy traffic, and many misrepresent the physical location of their vantage points: 5--30% of the vantage points, associated with 10% of the providers we study, appear to be hosted on servers located in countries other than those advertised to users.
全球互联网用户越来越依赖虚拟专用网(VPN)服务来保护他们的隐私,规避审查,并访问地理过滤的内容。然而,由于他们自己缺乏技术复杂性和VPN客户端的不透明性质,绝大多数用户在这些方面验证给定VPN服务声明的手段有限。我们设计了一个主动测量系统来测试VPN服务的各种基础设施和隐私方面,并评估了62个商业提供商。我们的研究结果表明,虽然商业VPN服务似乎总体上比其他先前研究的流量代理形式更不可能拦截或篡改用户流量,但许多VPN确实通过各种方式泄漏用户流量-可能是无意的。我们还发现,相当一部分VPN提供商透明地代理流量,并且许多人歪曲了其优势点的物理位置:我们研究的5% -30%的优势点与10%的提供商相关,似乎托管在位于国家/地区的服务器上,而不是那些向用户宣传的服务器。
{"title":"An Empirical Analysis of the Commercial VPN Ecosystem","authors":"Mohammad Taha Khan, Joe DeBlasio, G. Voelker, A. Snoeren, Chris Kanich, N. Vallina-Rodriguez","doi":"10.1145/3278532.3278570","DOIUrl":"https://doi.org/10.1145/3278532.3278570","url":null,"abstract":"Global Internet users increasingly rely on virtual private network (VPN) services to preserve their privacy, circumvent censorship, and access geo-filtered content. Due to their own lack of technical sophistication and the opaque nature of VPN clients, however, the vast majority of users have limited means to verify a given VPN service's claims along any of these dimensions. We design an active measurement system to test various infrastructural and privacy aspects of VPN services and evaluate 62 commercial providers. Our results suggest that while commercial VPN services seem, on the whole, less likely to intercept or tamper with user traffic than other, previously studied forms of traffic proxying, many VPNs do leak user traffic---perhaps inadvertently---through a variety of means. We also find that a non-trivial fraction of VPN providers transparently proxy traffic, and many misrepresent the physical location of their vantage points: 5--30% of the vantage points, associated with 10% of the providers we study, appear to be hosted on servers located in countries other than those advertised to users.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"8 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91348976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 69
Who Knocks at the IPv6 Door?: Detecting IPv6 Scanning 谁敲IPv6的门?:检测IPv6扫描
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278553
K. Fukuda, J. Heidemann
DNS backscatter detects internet-wide activity by looking for common reverse DNS lookups at authoritative DNS servers that are high in the DNS hierarchy. Both DNS backscatter and monitoring unused address space (darknets or network telescopes) can detect scanning in IPv4, but with IPv6's vastly larger address space, darknets become much less effective. This paper shows how to adapt DNS backscatter to IPv6. IPv6 requires new classification rules, but these reveal large network services, from cloud providers and CDNs to specific services such as NTP and mail. DNS backscatter also identifies router interfaces suggesting traceroute-based topology studies. We identify 16 scanners per week from DNS backscatter using observations from the B-root DNS server, with confirmation from backbone traffic observations or blacklists. After eliminating benign services, we classify another 95 originators in DNS backscatter as potential abuse. Our work also confirms that IPv6 appears to be less carefully monitored than IPv4.
DNS反向散射通过在DNS层次结构中较高的权威DNS服务器上查找常见的反向DNS查找来检测整个互联网的活动。DNS反向散射和监控未使用的地址空间(暗网或网络望远镜)都可以在IPv4中检测到扫描,但在IPv6的大得多的地址空间中,暗网变得不那么有效。本文介绍了如何使DNS反向散射适应IPv6。IPv6需要新的分类规则,但这些规则揭示了大型网络服务,从云提供商和cdn到NTP和邮件等特定服务。DNS反向散射还可以识别路由器接口,建议进行基于tracerroute的拓扑研究。通过对b根DNS服务器的观察,我们每周从DNS反向散射中识别出16个扫描仪,并从骨干流量观察或黑名单中进行确认。在排除良性服务后,我们将DNS反向散射中的另外95个发起者归类为潜在滥用。我们的工作还证实,IPv6似乎比IPv4更不小心监控。
{"title":"Who Knocks at the IPv6 Door?: Detecting IPv6 Scanning","authors":"K. Fukuda, J. Heidemann","doi":"10.1145/3278532.3278553","DOIUrl":"https://doi.org/10.1145/3278532.3278553","url":null,"abstract":"DNS backscatter detects internet-wide activity by looking for common reverse DNS lookups at authoritative DNS servers that are high in the DNS hierarchy. Both DNS backscatter and monitoring unused address space (darknets or network telescopes) can detect scanning in IPv4, but with IPv6's vastly larger address space, darknets become much less effective. This paper shows how to adapt DNS backscatter to IPv6. IPv6 requires new classification rules, but these reveal large network services, from cloud providers and CDNs to specific services such as NTP and mail. DNS backscatter also identifies router interfaces suggesting traceroute-based topology studies. We identify 16 scanners per week from DNS backscatter using observations from the B-root DNS server, with confirmation from backbone traffic observations or blacklists. After eliminating benign services, we classify another 95 originators in DNS backscatter as potential abuse. Our work also confirms that IPv6 appears to be less carefully monitored than IPv4.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87381979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Cloud Datacenter SDN Monitoring: Experiences and Challenges 云数据中心SDN监控:经验与挑战
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278572
Arjun Roy, D. Bansal, David Brumley, H. Chandrappa, Parag Sharma, Rishabh Tewari, Behnaz Arzani, A. Snoeren
Cloud customers require highly reliable and performant leased datacenter infrastructure to deliver quality service for their users. It is thus critical for cloud providers to quickly detect and mitigate infrastructure faults. While much is known about managing faults that arise in the datacenter physical infrastructure (i.e., network and server equipment), comparatively little has been published regarding management of the logical overlay networks frequently employed to provide strong isolation in multi-tenant datacenters. We present a first look into the nuances of monitoring these "virtualized" networks through the lens of a large cloud provider. We describe challenges to building cloud-based fault monitoring systems, and use the output of a production system to illuminate how virtualization impacts multi-tenant datacenter fault management. We show that interactions between the virtualization, tenant software, and lower layers of the network fabric both simplify and complicate different aspects of fault detection and diagnosis efforts.
云客户需要高度可靠和高性能的租用数据中心基础设施来为其用户提供高质量的服务。因此,云提供商快速检测和减轻基础设施故障至关重要。虽然对数据中心物理基础设施(即网络和服务器设备)中出现的故障的管理了解很多,但关于经常用于在多租户数据中心中提供强隔离的逻辑覆盖网络的管理,发表的文章相对较少。我们首先从一个大型云提供商的角度来观察监控这些“虚拟化”网络的细微差别。我们描述了构建基于云的故障监控系统所面临的挑战,并使用生产系统的输出说明虚拟化如何影响多租户数据中心故障管理。我们展示了虚拟化、租户软件和网络结构的较低层之间的交互既简化了故障检测和诊断工作的不同方面,又使其复杂化。
{"title":"Cloud Datacenter SDN Monitoring: Experiences and Challenges","authors":"Arjun Roy, D. Bansal, David Brumley, H. Chandrappa, Parag Sharma, Rishabh Tewari, Behnaz Arzani, A. Snoeren","doi":"10.1145/3278532.3278572","DOIUrl":"https://doi.org/10.1145/3278532.3278572","url":null,"abstract":"Cloud customers require highly reliable and performant leased datacenter infrastructure to deliver quality service for their users. It is thus critical for cloud providers to quickly detect and mitigate infrastructure faults. While much is known about managing faults that arise in the datacenter physical infrastructure (i.e., network and server equipment), comparatively little has been published regarding management of the logical overlay networks frequently employed to provide strong isolation in multi-tenant datacenters. We present a first look into the nuances of monitoring these \"virtualized\" networks through the lens of a large cloud provider. We describe challenges to building cloud-based fault monitoring systems, and use the output of a production system to illuminate how virtualization impacts multi-tenant datacenter fault management. We show that interactions between the virtualization, tenant software, and lower layers of the network fabric both simplify and complicate different aspects of fault detection and diagnosis efforts.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"1 3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78294896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
From Deletion to Re-Registration in Zero Seconds: Domain Registrar Behaviour During the Drop 零秒内从删除到重新注册:域名注册商在删除过程中的行为
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278560
Tobias Lauinger, A. S. Buyukkayhan, A. Chaabane, William K. Robertson, E. Kirda
When desirable Internet domain names expire, they are often re-registered in the very moment the old registration is deleted, in a highly competitive and resource-intensive practice called domain drop-catching. To date, there has been little insight into the daily time period when expired domain names are deleted, and the race to re-registration that takes place. In this paper, we show that .com domains are deleted in a predictable order, and propose a model to infer the earliest possible time a domain could have been re-registered. We leverage this model to characterise at a precision of seconds how fast certain types of domain names are re-registered. We show that 9.5 % of deleted domains are re-registered with a delay of zero seconds. Domains not taken immediately by the drop-catch services are often re-registered later, with different behaviours over the following seconds, minutes and hours. Since these behaviours imply different effort and price points, our methodology can be useful for future work to explain the uses of re-registered domains.
当理想的互联网域名到期时,它们往往在旧注册被删除的那一刻被重新注册,这是一种高度竞争和资源密集型的做法,称为域名抢注。迄今为止,人们对每天过期域名被删除的时间周期以及重新注册的竞争情况知之甚少。在本文中,我们展示了。com域名以可预测的顺序被删除,并提出了一个模型来推断域名可能被重新注册的最早时间。我们利用这个模型以秒级的精度描述某些类型的域名被重新注册的速度。我们发现,9.5%的已删除域以零秒的延迟重新注册。没有被drop-catch服务立即获取的域名通常会在稍后重新注册,在接下来的几秒钟、几分钟和几小时内会有不同的行为。由于这些行为意味着不同的努力和价格点,我们的方法可以用于未来的工作来解释重新注册域名的用途。
{"title":"From Deletion to Re-Registration in Zero Seconds: Domain Registrar Behaviour During the Drop","authors":"Tobias Lauinger, A. S. Buyukkayhan, A. Chaabane, William K. Robertson, E. Kirda","doi":"10.1145/3278532.3278560","DOIUrl":"https://doi.org/10.1145/3278532.3278560","url":null,"abstract":"When desirable Internet domain names expire, they are often re-registered in the very moment the old registration is deleted, in a highly competitive and resource-intensive practice called domain drop-catching. To date, there has been little insight into the daily time period when expired domain names are deleted, and the race to re-registration that takes place. In this paper, we show that .com domains are deleted in a predictable order, and propose a model to infer the earliest possible time a domain could have been re-registered. We leverage this model to characterise at a precision of seconds how fast certain types of domain names are re-registered. We show that 9.5 % of deleted domains are re-registered with a delay of zero seconds. Domains not taken immediately by the drop-catch services are often re-registered later, with different behaviours over the following seconds, minutes and hours. Since these behaviours imply different effort and price points, our methodology can be useful for future work to explain the uses of re-registered domains.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"123 1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76293542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Characterizing the Deployment and Performance of Multi-CDNs 描述多cdn的部署和性能
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278548
Rachee Singh, Arun Dunna, Phillipa Gill
Pushing software updates to millions of geographically diverse clients is an important technical challenge for software providers. In this paper, we characterize how content delivery networks (CDNs) are used to deliver software updates of two prominent operating systems (Windows and iOS), over a span of 3 years. We leverage a data set of DNS and ping measurements from 9,000 RIPE Atlas clients, distributed across 206 countries, to understand regional and temporal trends in the use of multiple CDNs for delivering OS updates. We contrast two competing methodologies for distributing OS updates employed by Microsoft and Apple, where the majority of Microsoft clients download Windows updates from their local ISP. But, 90% of Apple clients access iOS updates from Apple's own network. We find an approximate improvement of 70 ms in the latency observed by clients in Asia and Africa when accessing content from edge caches in local ISPs. Additionally, Microsoft provides lower latencies to its clients in developing regions by directing them to Akamai's rich network of edge caches. We also observe that clients in developing regions accessing Windows updates from Level 3 get poor latencies arising from the absence of Level 3's footprint in those regions.
对软件供应商来说,向数以百万计的地理位置不同的客户推送软件更新是一个重要的技术挑战。在本文中,我们描述了内容交付网络(cdn)如何在3年的时间里用于交付两种主要操作系统(Windows和iOS)的软件更新。我们利用分布在206个国家的9000个RIPE Atlas客户端的DNS和ping测量数据集,了解使用多个cdn来提供操作系统更新的区域和时间趋势。我们对比了微软和苹果采用的两种相互竞争的发布操作系统更新的方法,其中大多数微软客户从他们当地的ISP下载Windows更新。但是,90%的苹果客户通过苹果自己的网络访问iOS更新。我们发现亚洲和非洲的客户在访问本地isp的边缘缓存内容时观察到的延迟大约改善了70毫秒。此外,微软还通过引导发展中地区的客户使用Akamai丰富的边缘缓存网络,为他们提供更低的延迟。我们还观察到,发展中地区的客户端从Level 3访问Windows更新,由于在这些地区没有Level 3的足迹,导致延迟较差。
{"title":"Characterizing the Deployment and Performance of Multi-CDNs","authors":"Rachee Singh, Arun Dunna, Phillipa Gill","doi":"10.1145/3278532.3278548","DOIUrl":"https://doi.org/10.1145/3278532.3278548","url":null,"abstract":"Pushing software updates to millions of geographically diverse clients is an important technical challenge for software providers. In this paper, we characterize how content delivery networks (CDNs) are used to deliver software updates of two prominent operating systems (Windows and iOS), over a span of 3 years. We leverage a data set of DNS and ping measurements from 9,000 RIPE Atlas clients, distributed across 206 countries, to understand regional and temporal trends in the use of multiple CDNs for delivering OS updates. We contrast two competing methodologies for distributing OS updates employed by Microsoft and Apple, where the majority of Microsoft clients download Windows updates from their local ISP. But, 90% of Apple clients access iOS updates from Apple's own network. We find an approximate improvement of 70 ms in the latency observed by clients in Asia and Africa when accessing content from edge caches in local ISPs. Additionally, Microsoft provides lower latencies to its clients in developing regions by directing them to Akamai's rich network of edge caches. We also observe that clients in developing regions accessing Windows updates from Level 3 get poor latencies arising from the absence of Level 3's footprint in those regions.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"61 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88844870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Characterizing the Internet Host Population Using Deep Learning: A Universal and Lightweight Numerical Embedding 使用深度学习表征互联网主机群体:一种通用的轻量级数值嵌入
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278545
Armin Sarabi, M. Liu
In this paper, we present a framework to characterize Internet hosts using deep learning, using Internet scan data to produce numerical and lightweight (low-dimensional) representations of hosts. To do so we first develop a novel method for extracting binary tags from structured texts, the format of the scan data. We then use a variational autoencoder, an unsupervised neural network model, to construct low-dimensional embeddings of our high-dimensional binary representations. We show that these lightweight embeddings retain most of the information in our binary representations, while drastically reducing memory and computational requirements for large-scale analysis. These embeddings are also universal, in that the process used to generate them is unsupervised and does not rely on specific applications. This universality makes the embeddings broadly applicable to a variety of learning tasks whereby they can be used as input features. We present two such examples, (1) detecting and predicting malicious hosts, and (2) unmasking hidden host attributes, and compare the trained models in their performance, speed, robustness, and interpretability. We show that our embeddings can achieve high accuracy (>95%) for these learning tasks, while being fast enough to enable host-level analysis at scale.
在本文中,我们提出了一个框架,使用深度学习来表征互联网主机,使用互联网扫描数据来生成主机的数字和轻量级(低维)表示。为此,我们首先开发了一种从结构化文本(扫描数据的格式)中提取二进制标记的新方法。然后,我们使用变分自编码器,一种无监督的神经网络模型,来构建高维二进制表示的低维嵌入。我们表明,这些轻量级嵌入保留了我们二进制表示中的大部分信息,同时大大减少了大规模分析的内存和计算需求。这些嵌入也是通用的,因为用于生成它们的过程是无监督的,不依赖于特定的应用程序。这种通用性使得嵌入广泛适用于各种学习任务,因此它们可以用作输入特征。我们提出了两个这样的例子,(1)检测和预测恶意主机,(2)揭开隐藏的主机属性,并比较训练模型的性能、速度、鲁棒性和可解释性。我们表明,我们的嵌入可以达到这些学习任务的高精度(>95%),同时足够快,可以大规模地进行主机级分析。
{"title":"Characterizing the Internet Host Population Using Deep Learning: A Universal and Lightweight Numerical Embedding","authors":"Armin Sarabi, M. Liu","doi":"10.1145/3278532.3278545","DOIUrl":"https://doi.org/10.1145/3278532.3278545","url":null,"abstract":"In this paper, we present a framework to characterize Internet hosts using deep learning, using Internet scan data to produce numerical and lightweight (low-dimensional) representations of hosts. To do so we first develop a novel method for extracting binary tags from structured texts, the format of the scan data. We then use a variational autoencoder, an unsupervised neural network model, to construct low-dimensional embeddings of our high-dimensional binary representations. We show that these lightweight embeddings retain most of the information in our binary representations, while drastically reducing memory and computational requirements for large-scale analysis. These embeddings are also universal, in that the process used to generate them is unsupervised and does not rely on specific applications. This universality makes the embeddings broadly applicable to a variety of learning tasks whereby they can be used as input features. We present two such examples, (1) detecting and predicting malicious hosts, and (2) unmasking hidden host attributes, and compare the trained models in their performance, speed, robustness, and interpretability. We show that our embeddings can achieve high accuracy (>95%) for these learning tasks, while being fast enough to enable host-level analysis at scale.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"339 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77157578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Three Bits Suffice: Explicit Support for Passive Measurement of Internet Latency in QUIC and TCP 三个比特就够了:明确支持QUIC和TCP中互联网延迟的被动测量
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278535
Piet De Vaere, Tobias Bühler, M. Kühlewind, B. Trammell
Passive measurement is a commonly used approach for measuring round trip time (RTT), as it reduces bandwidth overhead compared to large-scale active measurements. However, passive RTT measurement is limited to transport-specific approaches, such as those that utilize Transmission Control Protocol (TCP) timestamps. Furthermore, the continuing deployment of encrypted transport protocols such as QUIC hides the information used for passive RTT measurement from the network. In this work, we introduce the latency spin signal as a lightweight, transport-independent and explicit replacement for TCP timestamps for passive latency measurement. This signal supports per-flow, single-point and single direction passive measurement of end-to-end RTT using just three bits in the transport protocol header, leveraging the existing dynamics of the vast majority of Internet-deployed transports. We show how the signal applies to measurement of both TCP and to QUIC through implementation of the signal in endpoint transport stacks. We also provide a high-performance measurement implementation for the signal using the Vector Packet Processing (VPP) framework. Evaluation on emulated networks and in an Internet testbed demonstrate the viability of the signal, and show that it is resistant to even large amounts of loss or reordering on the measured path.
被动测量是测量往返时间(RTT)的常用方法,因为与大规模主动测量相比,它减少了带宽开销。然而,被动RTT测量仅限于传输特定的方法,例如那些利用传输控制协议(TCP)时间戳的方法。此外,加密传输协议(如QUIC)的持续部署将用于被动RTT测量的信息隐藏在网络中。在这项工作中,我们引入了延迟自旋信号作为一种轻量级的、与传输无关的、明确的替代TCP时间戳的被动延迟测量方法。该信号支持端到端RTT的逐流、单点和单向被动测量,仅使用传输协议头中的三个比特,利用绝大多数互联网部署的传输的现有动态。通过在端点传输栈中实现信号,我们展示了信号如何应用于TCP和QUIC的测量。我们还使用矢量分组处理(VPP)框架提供了信号的高性能测量实现。在仿真网络和互联网测试平台上的评估证明了信号的可行性,并表明它可以抵抗在测量路径上的大量损失或重排序。
{"title":"Three Bits Suffice: Explicit Support for Passive Measurement of Internet Latency in QUIC and TCP","authors":"Piet De Vaere, Tobias Bühler, M. Kühlewind, B. Trammell","doi":"10.1145/3278532.3278535","DOIUrl":"https://doi.org/10.1145/3278532.3278535","url":null,"abstract":"Passive measurement is a commonly used approach for measuring round trip time (RTT), as it reduces bandwidth overhead compared to large-scale active measurements. However, passive RTT measurement is limited to transport-specific approaches, such as those that utilize Transmission Control Protocol (TCP) timestamps. Furthermore, the continuing deployment of encrypted transport protocols such as QUIC hides the information used for passive RTT measurement from the network. In this work, we introduce the latency spin signal as a lightweight, transport-independent and explicit replacement for TCP timestamps for passive latency measurement. This signal supports per-flow, single-point and single direction passive measurement of end-to-end RTT using just three bits in the transport protocol header, leveraging the existing dynamics of the vast majority of Internet-deployed transports. We show how the signal applies to measurement of both TCP and to QUIC through implementation of the signal in endpoint transport stacks. We also provide a high-performance measurement implementation for the signal using the Vector Packet Processing (VPP) framework. Evaluation on emulated networks and in an Internet testbed demonstrate the viability of the signal, and show that it is resistant to even large amounts of loss or reordering on the measured path.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"24 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82195673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
BGP Communities: Even more Worms in the Routing Can BGP社区:路由中的蠕虫越多越好
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278557
Florian Streibelt, F. Lichtblau, Robert Beverly, A. Feldmann, C. Pelsser, Georgios Smaragdakis, R. Bush
BGP communities are a mechanism widely used by operators to manage policy, mitigate attacks, and engineer traffic; e.g., to drop unwanted traffic, filter announcements, adjust local preference, and prepend paths to influence peer selection. Unfortunately, we show that BGP communities can be exploited by remote parties to influence routing in unintended ways. The BGP community-based vulnerabilities we expose are enabled by a combination of complex policies, error-prone configurations, a lack of cryptographic integrity and authenticity over communities, and the wide extent of community propagation. Due in part to their ill-defined semantics, BGP communities are often propagated far further than a single routing hop, even though their intended scope is typically limited to nearby ASes. Indeed, we find 14% of transit ASes forward received BGP communities onward. Given the rich inter-connectivity of transit ASes, this means that communities effectively propagate globally. As a consequence, remote adversaries can use BGP communities to trigger remote blackholing, steer traffic, and manipulate routes even without prefix hijacking. We highlight examples of these attacks via scenarios that we tested and measured both in the lab as well as in the wild. While we suggest what can be done to mitigate such ill effects, it is up to the Internet operations community whether to take up the suggestions.
BGP社区是一种被运营商广泛用于策略管理、攻击缓解和流量工程的机制;例如,丢弃不需要的流量,过滤公告,调整本地首选项,以及预先添加路径以影响对等体选择。不幸的是,我们表明BGP社区可以被远程各方利用,以意想不到的方式影响路由。我们暴露的基于社区的BGP漏洞是由复杂的策略、容易出错的配置、缺乏社区加密完整性和真实性以及广泛的社区传播的组合造成的。部分由于语义定义不清,BGP团体的传播范围通常远远超过单个路由跳,尽管它们的预期范围通常仅限于附近的as。实际上,我们发现14%的转发的transit as收到了后续的BGP团体。鉴于交通网络的丰富互联性,这意味着社区可以有效地在全球传播。因此,即使没有前缀劫持,远程攻击者也可以使用BGP团体触发远程黑洞,引导流量并操纵路由。我们通过在实验室和野外测试和测量的场景来突出这些攻击的示例。虽然我们建议可以做些什么来减轻这种不良影响,但是否接受这些建议取决于互联网运营社区。
{"title":"BGP Communities: Even more Worms in the Routing Can","authors":"Florian Streibelt, F. Lichtblau, Robert Beverly, A. Feldmann, C. Pelsser, Georgios Smaragdakis, R. Bush","doi":"10.1145/3278532.3278557","DOIUrl":"https://doi.org/10.1145/3278532.3278557","url":null,"abstract":"BGP communities are a mechanism widely used by operators to manage policy, mitigate attacks, and engineer traffic; e.g., to drop unwanted traffic, filter announcements, adjust local preference, and prepend paths to influence peer selection. Unfortunately, we show that BGP communities can be exploited by remote parties to influence routing in unintended ways. The BGP community-based vulnerabilities we expose are enabled by a combination of complex policies, error-prone configurations, a lack of cryptographic integrity and authenticity over communities, and the wide extent of community propagation. Due in part to their ill-defined semantics, BGP communities are often propagated far further than a single routing hop, even though their intended scope is typically limited to nearby ASes. Indeed, we find 14% of transit ASes forward received BGP communities onward. Given the rich inter-connectivity of transit ASes, this means that communities effectively propagate globally. As a consequence, remote adversaries can use BGP communities to trigger remote blackholing, steer traffic, and manipulate routes even without prefix hijacking. We highlight examples of these attacks via scenarios that we tested and measured both in the lab as well as in the wild. While we suggest what can be done to mitigate such ill effects, it is up to the Internet operations community whether to take up the suggestions.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"20 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80691785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
期刊
Proceedings of the Internet Measurement Conference 2018
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1