دانلود کتاب Passive and Active Measurement: 23rd International Conference, PAM 2022, Virtual Event, March 28–30, 2022, Proceedings

فهرست مطالب :

Preface
Organization
Contents
Security
LogoMotive: Detecting Logos on Websites to Identify Online Scams - A TLD Case Study
1 Introduction
2 LogoMotive
2.1 LogoMotive Modules
2.2 Model Training
2.3 Model Tuning
2.4 Model Evaluation
3 Government Impersonation Case Study
3.1 Full Zone Evaluation
3.2 Live Registration Monitoring
4 Trustmark Abuse Case Study
5 Related Work
6 Legal, Ethical, and Privacy Considerations
7 Conclusions and Future Work
A Appendix: LogoMotive Dashboard
References
Early Detection of Spam Domains with Passive DNS and SPF
1 Introduction
2 Background
2.1 Sender Policy Framework (SPF)
2.2 Life Cycle of a Spam Campaign
3 Scheme for Early Detection of Spam
3.1 Data Source: Passive DNS
3.2 Features Based on SPF Rules
3.3 Graph Analysis of SPF Rules
3.4 Time Analysis of Traffic to DNS TXT Records
4 Classifiers
4.1 Ground Truth
4.2 Classifier
5 Classification Results
5.1 Performance Evaluation
5.2 Detection Time
5.3 Feature Importance
6 Related Work
7 Conclusion
A Density Computation
B Classifier Metrics and Algorithms
C Dataset Statistics
D Classification Results
References
Changing of the Guards: Certificate and Public Key Management on the Internet
1 Introduction
2 Analysis Methodology
3 Certificate Replacement Analysis
3.1 Certificate Selection Characterization
3.2 Analysis Using Mismanagement Indicators
3.3 Overlap Analysis
4 Reuse of Keys
4.1 High-Level SKCR Analysis
4.2 SKCR-Chain Analysis
5 Towards Short-Lived Certificates
5.1 Motivation
5.2 Parent-Child Certs: Limiting the Cost of Short-Lived Certificates
5.3 Data-Driven Overhead Analysis
6 Related Work
7 Conclusion
References
Web
Design and Implementation of Web-Based Speed Test Analysis Tool Kit
1 Introduction
2 Related Work
3 Web-Based Speed Test Platforms
4 Design of WebTestKit
4.1 Design Objectives
4.2 Components of WebTestKit
4.3 Implementation
5 Testbed Evaluation
5.1 Resource Overhead of WebTestKit
5.2 Accuracy of Analysis Module
6 Use Cases
6.1 Characterizing Speed Tests with HTTP Transactions
6.2 Variances in RTT Measurements
6.3 Accuracy of RTT Measurements
7 Conclusion
References
BatteryLab: A Collaborative Platform for Power Monitoring
1 Introduction
2 BATTERYLAB Architecture
2.1 Access Server
2.2 Vantage Point
3 Using BatteryLab
3.1 API Usage
3.2 Android/iOS Automation Library
3.3 Action Replay
3.4 How to Join?
4 Benchmarking
4.1 Accuracy
4.2 System Performance
4.3 Devices and Locations
4.4 Usability Testing
5 The Web Power Monitor
5.1 Design and Implementation
5.2 Results
6 Related Work
7 Conclusion
References
GPS-Based Geolocation of Consumer IP Addresses
1 Introduction
2 Related Work
3 The Data
3.1 Unacast GPS Smartphone Locations
3.2 Geolocated Ookla Speedtest Data
3.3 Geolocation Databases and Distances
4 Evaluating Data Quality
4.1 Are GPS Data a Credible Ground Truth of IP Address Locations?
4.2 Which Database Provides the Lowest Error in Location?
5 The Geography of Consumer Subnets
5.1 Under What Circumstances are IP Geolocation Databases Accurate?
5.2 What is the Geographic Scale of /24 Subnets?
5.3 How Persistent are the Physical Locations of /24 Subnets?
5.4 How Long Does a Consumer Connection Retain an IP Address?
6 Can IP Geolocation Databases be Used to Study Internet Access?
7 Conclusion
A Additional Plots and Tables
References
Performance
Jitterbug: A New Framework for Jitter-Based Congestion Inference
1 Introduction
2 Background on RTT and Jitter Signatures
2.1 Latency Model
2.2 Analyzing RTT and Jitter Signatures in Congested Links
3 Jitterbug: Jitter-Based Congestion Inference
3.1 Signal Filtering
3.2 Detection of Period of Elevated Latency
3.3 Examination of Jitter Signals
3.4 Latency Jump Detection
3.5 Combine Changes in Jitter and Minimum Time Series
4 Dataset
5 Results
5.1 Scenario 1: Recurrent Period of Elevated Latency with Large Amplitude Signals
5.2 Scenario 2: Recurrent Period of Elevated Latency with Small Amplitude Signals
5.3 Scenario 3: One-Off Period of Elevated Latency with No Congestion
5.4 Scenario 4: One-Off Period of Elevated Latency with Congestion
5.5 Scenario 5: One-Off Event During Recurrent Periods of Elevated Latency
5.6 Scenario 6: Change Point Detection Over-Detects Change Points
5.7 Scenario 7: Adjusting JD Threshold to Minimize False Positives
5.8 Scenario 8: False Negatives in Change Point Detection
6 Comparative Evaluation of Jitterbug
6.1 Comparing Inferences of KS-Test and JD Methods
6.2 Comparing Inferences with Cross-Validation Data
7 Lessons Learned
8 Related Work
9 Open Challenges
10 Conclusions and Future work
References
Can 5G mmWave Support Multi-user AR?
1 Introduction
2 Background and Related Work
2.1 Multi-user AR
2.2 Related Work
3 Methodology
4 Performance of Multi-user AR
4.1 End to End Performance
4.2 Latency 2x: Resolver Notification
4.3 Latency 1a and 2a: Connection Handshakes
4.4 Latency 1c and 2c: Cloud Processing
4.5 Latency 1b and 2b: Uplink Data Communication
4.6 AR Design Optimizations
5 Energy Consumption
5.1 Methodology
5.2 Results
6 Conclusion
References
Routing
A First Measurement with BGP Egress Peer Engineering
1 Introduction
2 Methodology
2.1 Segment Routing and BGP Egress Peer Engineering
2.2 Experimental Environment
2.3 Ethical Considerations
3 Data
4 Analysis
4.1 How Best are the Best Paths
4.2 Peering Versus Transit
4.3 Detouring
5 Related Work
6 Conclusion
A Other Metrics for Representative RTTs
References
RouteInfer: Inferring Interdomain Paths by Capturing ISP Routing Behavior Diversity and Generality
1 Introduction
2 Related Work
3 Limitation of Standard Routing Policy
4 Design of RouteInfer
4.1 Overview
4.2 Bootstrap AS-Routing Map
4.3 Extract and Aggregate Policies
4.4 Route Decision Model Based on Learning to Rank Algorithm
5 Evaluation and Analysis
5.1 Datasets
5.2 Overall Accuracy
5.3 Improvement of 3-Layer Policy Model
5.4 Improvement of Route Decision Model
5.5 Analysis of 3-Layer Policies
5.6 Analysis of Route Decision Model
6 Conclusion and Future Work
A The Influence of Bias
B Convergence Time
C The Intuition of Choosing Routes from High Tier ASes
D The Pseudocode of Route Decision Model
References
DNS and Routing
Measuring the Practical Effect of DNS Root Server Instances: A China-Wide Case Study
1 Introduction
2 Background and Related Work
3 Vantage Points and Methodology
3.1 Vantage point (VP) Selection and Validation
3.2 Methodology
4 Catchment Area of Domestic Root Instances
4.1 Which Networks Are Served by Domestic Root Instances?
4.2 Why Are Some Networks Not Served By Domestic Instances?
5 Impact of Domestic Instances on Root Server Selection
5.1 Do Domestic Instances Serve Root Queries with Lower Delay?
5.2 How Do Domestic Instances Affect Root Server Selection?
6 Discussion
7 Conclusion
A Success Rate of DNS Censorship
B Removed VPs that Perceive DNS Hijacking Accidents
References
Old but Gold: Prospecting TCP to Engineer and Live Monitor DNS Anycast
1 Introduction
2 DNS/TCP for RTT?
2.1 Does TCP Provide Enough Coverage?
2.2 DNS/UDP vs. DNS/TCP RTT
3 Prioritizing Analysis
4 Problems and Solutions
4.1 Distant Lands
4.2 Prefer-Customer to Another Continent
4.3 Polarization with Google and Microsoft
4.4 Detecting BGP Misconfiguration in Near Real-Time
5 Anycast Latency and Traffic
6 Related Work
7 Conclusions
A Extra Graphs on Temporal Coverage
B Anycast Extra Data
C Anycast A and B Top ASes
D Depolarizing Google: IPv6 Graphs
References
A Matter of Degree: Characterizing the Amplification Power of Open DNS Resolvers
1 Introduction
2 Related Work
3 Factors that Determine Attack Potential
3.1 Support for DNS Protocol Features
3.2 Handling of ANY Queries
3.3 Caching
3.4 TCP Support
4 Data Collection Methodology
4.1 Scanning and Testing Open Resolvers
4.2 Ethical Considerations
5 Results
5.1 Open Resolvers over Time
5.2 IP Address Churn
5.3 DNSSEC Support and Supported EDNS0 Buffer Sizes
5.4 ANY Query Handling
5.5 TXT Query Handling
5.6 TCP Fallback
5.7 Caching
5.8 Feature Overlaps and Common Resolver Configurations
5.9 Ranking Open DNS Resolvers
6 Conclusion
References
Routing II
IRR Hygiene in the RPKI Era
1 Introduction
2 Background and Related Work
2.1 Internet Routing Registry
2.2 Resource Public Key Infrastructure
3 Datasets
4 Methodology
4.1 Classification of IRR Records
4.2 Classification of ASes Registered in IRR
5 Prefix Origin Pair Consistency
5.1 IPv4 vs. IPv6
5.2 Causes of Prefix Length Inconsistency
5.3 Analysis of ASN Inconsistency
6 ASes Behind IRR Inconsistency
7 Limitations
8 Summary
References
Peering Only? Analyzing the Reachability Benefits of Joining Large IXPs Today
1 Introduction
2 Background
3 Preface: Data Sets
3.1 Main Data Sets
3.2 Orthogonal Data Sets
4 Multilateral Peering
5 Inferring Peering Relationships
5.1 Bilateral Peering
5.2 Private Peering
6 Route Importance
6.1 Prefix Rankings
6.2 Reachability of the Top-10K
6.3 Missing Routes
6.4 Limitations
7 Discussion
8 Conclusion
References
On the Latency Impact of Remote Peering
1 Introduction
2 Measurement Architecture
2.1 Peering Infrastructure Selection
2.2 Datasets
2.3 Data Plane Measurements
3 Challenges in Inferring Remote Peering
4 Remote Peering at IXPs
4.1 Remotely Connected Members
4.2 Remotely Announced Prefixes and Routes
5 Choosing Between Remote and Local Peering
5.1 Which Route had the Shortest AS Path?
5.2 Are Shorter AS Path Remote Routes Chosen?
5.3 Is There a Latency Penalty Using a Remote Route?
5.4 Do Remote Routes Have More Latency Variability than Local Routes?
6 Does Remote Peering have Lower Latency than Transit?
6.1 Does Transit Offer Lower Latency than Remote Peering?
6.2 RTT Variability of Remote Prefixes
7 Related Work
8 Limitations and Future Work
9 Final Remarks
References
Internet Applications
Know Thy Lag: In-Network Game Detection and Latency Measurement
1 Introduction
2 Game Detection
2.1 Anatomy of Multiplayer Games
2.2 Signature Generation
2.3 Game Classifier
2.4 Evaluation
2.5 Field Deployment and Insights
3 Mapping Game Server Locations and Latencies
3.1 Methods and Tools
3.2 Mapping Game Servers from the University
3.3 Comparing Gaming Latencies from Multiple ISPs
4 Related Work
5 Conclusion and Future Work
A Fortnite Services
B Fortnite Game Signature Generation
C Example Game Signatures
References
Differences in Social Media Usage Exist Between Western and Middle-East Countries
1 Introduction
2 The Jodel App
3 Dataset Description and Ethics
4 The Birth of the Jodel Networks in DE and the KSA
4.1 Different Adoption Pattern in Germany and the KSA
4.2 Different Adoption Pattern Require Comparable Time Slices
5 Geographic Differences in Jodel Usage: DE vs. KSA
6 Structural Implications
6.1 Content Voting
6.2 Spinning Faster: Response Time and Volume
7 Related Work
8 Conclusions
References
Measuring the (Over)use of Service Workers for In-Page Push Advertising Purposes
1 Introduction
2 Service Workers
2.1 Web Push Notifications
2.2 In-Page Push Advertising
3 Use Case
4 Data Collection
5 Measurements
6 Related Work
7 Summary and Conclusion
References
Network Properties
ISP Probing Reduction with Anaximander
1 Introduction
2 Related Work
3 Dataset
4 Rocketfuel Limits
4.1 Egress Reduction
4.2 Next-hop AS Reduction
4.3 Ingress Reduction
5 Anaximander
5.1 Initial Pool of Targets
5.2 Best Directed Prefixes
5.3 Overlay Reduction
5.4 Targets Scheduling
5.5 Discovery Phase with Plateau Reduction
6 Evaluation
6.1 Methodology
6.2 Results
6.3 Global Comment
7 Conclusion
A Alternative Schedulings
B Individual Group Contribution
References
Lights on Power Plant Control Networks
1 Introduction
2 ICS 101
3 Power Plant Datasets
4 The Rich Application Mix of Power Plant ICS Networks
4.1 Application Mix of Power Plant 1
4.2 The Application Mix Differs by Power Plant/Vendor
5 Towards Understanding the Proprietary ICS Protocols
5.1 Clustering Communication by Packet Payload Differences
5.2 What if We Don\'t Have Payload?
6 Measuring at a Power Plant Training Facility
7 Conclusion
A Appendix
A.1 Power Plant Training Facility Dataset
A.2 Bin Sizes Used for Protocol Clustering
A.3 Payload Similarity and Clustering Results
References
DNS
Assessing Support for DNS-over-TCP in the Wild
1 Introduction
2 Terminology
3 Related Work
4 TCP Fallback Support by Recursive Resolvers
4.1 Methodology
4.2 Datasets
4.3 Resolver Categorization Algorithm
4.4 DNS Resolution Patterns
4.5 Results
5 DNS-over-TCP Support by Authoritative DNS Servers
6 Race Condition in DNS-over-TCP Connection Reuse
6.1 Deployment of edns-tcp-keepalive
6.2 Addressing the Connection Reuse/Closing Race
7 Ethical Considerations
8 Conclusion
A Matching Algorithm
B CDN Targets Tested
References
Measuring the Accessibility of Domain Name Encryption and Its Impact on Internet Filtering
1 Introduction
2 Background
2.1 Common Internet Filtering Techniques
2.2 Domain Name Encryption Protocols
3 DNEye Design
3.1 Vantage Points
3.2 Test List
3.3 Measurements
4 Results
4.1 DNS-Based Network Interference
4.2 DoTH and ESNI Accessibility
4.3 Network Filtering Circumvention
5 Related Work
6 Discussion
7 Limitations
8 Conclusion
A DoTH Resolvers
B DNS Tampering Detection
C AS-Level DoTH Filtering
D ESNI Prevalence
References
One to Rule Them All? A First Look at DNS over QUIC
1 Introduction
2 Methodology
3 Adoption
4 Response Times
5 Limitations and Future Work
6 Conclusion
References
Application Performance
Zoom Session Quality: A Network-Level View
1 Introduction
2 Related Work
3 Methodology
4 Small-Scale Measurements
4.1 Zoom Session Structure
4.2 Zoom Session Profiles
4.3 Anomalous Zoom Sessions
5 Large-Scale Measurements
5.1 Zoom Usage Patterns
5.2 Session Characteristics
5.3 Session Quality
5.4 Anomalous Zoom Behaviour
6 Discussion
6.1 Performance Implications and Recommendations
6.2 Limitations
7 Conclusion
References
Zoomiversity: A Case Study of Pandemic Effects on Post-secondary Teaching and Learning
1 Introduction
2 Related Work
3 Data Collection and Methodology
3.1 University Environment
3.2 Passive Measurement
3.3 Active Measurement
3.4 Challenges and Limitations
3.5 Ethical Considerations
4 Measurement Results
4.1 Traffic Overview
4.2 Structural Analysis
4.3 Authentication
4.4 Learning Management System (LMS)
4.5 Remote Access
5 Zoom Measurement Results
5.1 Videoconferencing Apps
5.2 Detailed Traffic Analysis
5.3 Zoom Session Management
6 Conclusion
References
SSQoE: Measuring Video QoE from the Server-Side at a Global Multi-tenant CDN
1 Introduction
2 Background
3 Characterizing the CDN Video Workload
4 Server-side Video QoE Measurement Methodology
5 Validation
5.1 Testbed Evaluation
5.2 Comparison with Client Beacon Data
6 Video Performance Monitoring at the CDN
6.1 Using Server-Side Video QoE
6.2 QoE vs Server Metrics
6.3 QoE vs Network Metrics
7 Discussion
8 Related Work
9 Conclusion
References
Security II
Routing Loops as Mega Amplifiers for DNS-Based DDoS Attacks
1 Introduction
2 Background on DDoS Attacks
3 Threat Model
4 Internet-Wide Scans
5 Scan Results
5.1 Internet Scan
5.2 Running Traceroute
5.3 Longitudinal Analysis
6 Ethical Considerations and Disclosure
7 Related Work
8 Conclusions and Future Work
References
Quantifying Nations\' Exposure to Traffic Observation and Selective Tampering
1 Introduction
2 Approach Overview
3 Definitions of Nationality
4 Transit Influence Metric
4.1 CTI Components
4.2 Filtering ASes
5 Country-Level Transit
5.1 CTI Distribution Across Countries
5.2 Submarine Cable Operators
5.3 State-Owned Transit Providers
6 Inferring Transit Dominance
6.1 Constructing a Candidate List
6.2 Active Measurement Campaign
6.3 Country-Level Transit Fraction
6.4 Final Selection
7 Stability and Validation
7.1 Stability
7.2 Operator Validation
7.3 Organization-Level Transit Influence
8 Limitations
9 Related Work
9.1 National Chokepoint Potential and Hegemony
10 Conclusions and Future Work
A BGP Monitor Location and CTI Process Diagram
A.1 BGP Monitor Location
A.2 CTI Process Diagram
References
Longitudinal Study of Internet-Facing OpenSSH Update Patterns
1 Introduction
2 Data Collection Methodology
2.1 Ethical Considerations
3 Measuring Software Outdatedness
3.1 First Cut: Base Software Version
3.2 Second Cut: Integrating Security Patches
3.3 Do Cloud-Hosted Servers Update Faster?
4 How Vulnerable is Outdated Software?
5 Limitations
6 Related Work
7 Concluding Remarks
A Appendix A Plots of Ubuntu IPs Affected by CVEs
References
Author Index