Passive and Active Measurement: 22nd International Conference, PAM 2021, Virtual Event, March 29 – April 1, 2021, Proceedings (Computer Communication Networks and Telecommunications)
3030725812, 9783030725815
This book constitutes the proceedings of the 22nd Conference on Passive and Active Measurement, PAM 2021, which was plan
126
90
42MB
English
Pages 596
[576]
Year 2021
Report DMCA / Copyright
DOWNLOAD PDF FILE
Table of contents :
Preface
Organization
Contents
COVID-19
Video Conferencing and Flow-Rate Fairness: A First Look at Zoom and the Impact of Flow-Queuing AQM
1 Introduction
2 Background and Related Work
2.1 Congestion Control for Video Conferencing
3 Measurement Design
3.1 Preliminaries
3.2 Testbed Setup
3.3 Fairness Measurement Scenarios and Procedure
4 Zoom Inter-Protocol Fairness Results
4.1 General Observations on Zoom's Behavior
4.2 Competition at Tail-Drop Queues
4.3 Competition at CoDel Queues
4.4 Competition at FQ_CoDel Queues
5 Conclusion
A QoE Impact of Flow-Queuing AQM
A.1 User Study Design
A.2 Results
References
Characterizing Service Provider Response to the COVID-19 Pandemic in the United States
1 Introduction
2 Related Work
3 Data
4 How Did Traffic Demands Change?
5 What Was the Effect on Performance?
5.1 How Performance Changed After Lockdown
5.2 Throughput-Latency Relationship
6 How Did Service Providers Respond?
6.1 Capacity Increases at Interconnect
6.2 Increased Advertised IP Address Space
7 Conclusion
A Longitudinal Latency Evolution for 2018–2019 (Previous Year)
B Throughput-Latency Relationship
References
A First Look at COVID-19 Domain Names: Origin and Implications
1 Introduction
2 Data
2.1 Collecting Cov19doms
2.2 Collecting Active Websites Using Cov19doms
3 Measurement Study
3.1 Number of New Infections and Cov19doms Registrations
3.2 Understanding the Usage of Cov19doms
3.3 Malicious Activities Using Cov19doms
4 Discussion
4.1 Limitations
4.2 Detecting Malicious Cov19doms
4.3 Ethical Considerations
5 Related Work
6 Conclusion
References
Web Security
Clairvoyance: Inferring Blocklist Use on the Internet
1 Introduction
2 Background
3 Methodology
3.1 Technique Overview
3.2 Criteria for Reflectors
3.3 Sampling Blocklist IPs
3.4 Control Group
3.5 Ethical Considerations
4 Pilot Study Implementation
4.1 Reflector Selection
4.2 Choosing Blocklists and Sampling IPs
4.3 Measurement Setup
5 Pilot Study Overall Results
5.1 Reflectors Using Blocklists
5.2 Partial Blocking
6 Conclusion
A Inference Technique Details
A.1 Inference Criteria
A.2 False Positive and False Negative Analysis
References
Our (in)Secure Web: Understanding Update Behavior of Websites and Its Impact on Security
1 Introduction
2 Background
2.1 Preliminaries
2.2 Web Technologies and Updating
2.3 Common Vulnerabilities and Exposures
3 Method
3.1 Dataset Preparation and Enrichment
3.2 Analyzing Updating Behavior and Security Implications
4 Results
4.1 Update Behavior on the Web
4.2 Security Impact of Not Updating
5 Limitations
6 Related Work
7 Discussion and Conclusion
A Overview of the Top Identified CWEs
B Average age of the 20 used software by website-ranking
C Case Studies
References
Winding Path: Characterizing the Malicious Redirection in Squatting Domain Names
1 Introduction
2 Background
2.1 Domain Squatting Abuse
2.2 URL Redirection
3 Measurement Methodology
3.1 Measuring Squatting Domains
3.2 Crawling Strategy
4 Malicious Redirection Analysis
4.1 Benign Redirection vs. Malicious Redirection
4.2 Intermediary Sharing
4.3 Infrastructure Sharing
5 Limitation
6 Conclusion
References
Video Streaming
An Empirical Measurement Study of Free Live Streaming Services
1 Introduction
2 Free Live Streaming
3 Measurement Methodology
3.1 Experimental Setup
3.2 Data Collection
4 Measurement Results
4.1 Network Quality of Service (QoS) Analysis
4.2 Video Quality of Service (QoS) Analysis
4.3 QUIC
4.4 Privacy Analysis
5 Related Work
6 Conclusion
References
A Data-Driven Analysis and Tuning of a Live Hybrid CDN/V2V Video Distribution System
1 Introduction
2 State of the Art
3 Overall Channel Profiling
3.1 Data Set
3.2 Clients Profiling and V2V Efficiency
4 Detailed Analysis of Chunk Loss Rate (CLR)
5 CLR Mitigation Algorithm
6 Evaluation
6.1 Test-Bed Results
6.2 Results in the Wild
7 Conclusion and Future Work
References
Too Late for Playback: Estimation of Video Stream Quality in Rural and Urban Contexts
1 Introduction
2 Methodology and Datasets Overview
2.1 QoS and QoE Metrics
2.2 Measurement Suite
2.3 Description of Datasets
2.4 Video QoE Measurement Scalability Challenges
3 Inferring QoE Metrics for Video
3.1 Learning Problem
3.2 Learning Algorithm
3.3 Results
4 Related Work
5 Conclusion
References
TLS
Measurement and Analysis of Automated Certificate Reissuance
1 Introduction
2 Background
2.1 Certificates
2.2 Let's Encrypt
2.3 Related Work
3 Methodology
3.1 Certificates
3.2 Let's Encrypt CAA Bug List
3.3 Defining Certificate Reissuances
4 Results
4.1 Automated Reissuance
4.2 Manual Reissuance
5 Concluding Discussion
References
Revocation Statuses on the Internet
1 Introduction
2 Revocation Protocols
3 Measurement Methodology
4 Characterization Results
4.1 High-Level Breakdown
4.2 Revocation Status Changes
4.3 Biases in the Revocation Sets
4.4 CRL-Based Analysis
5 Related Work
6 Conclusion
References
Measuring DNS over TLS from the Edge: Adoption, Reliability, and Response Times
1 Introduction
2 DoT Background: Adoption and Traffic Share
3 Methodology
4 Reliability
5 Response Times
6 Related Work and Discussion
7 Limitations and Future Work
8 Conclusion
References
Staying Connected
Long-Lasting Sequences of BGP Updates
1 Introduction
2 Related Work
3 Extracting Sequences from Time Series
4 One Year of BGP Sequences
5 Conclusions
A The Discrete Wavelet Transform
B The Collector Peers and their Locations
References
Inferring Cloud Interconnections: Validation, Geolocation, and Routing Behavior
1 Introduction
2 Background and Previous Work
3 Validating bdrmapIT With Azure Hostnames
3.1 Investigating as Operator Inference Errors
3.2 Fast and Straight Traceroute (FAST) Traceroute Probing
4 Learning About Clouds from Interconnections
4.1 GCP Inflates Traceroute Probe TTLs
4.2 Inferring How Clouds Reach Internet Networks
4.3 Geolocating Cloud Interconnections
5 Limitiations
6 Conclusion
A Recent GCP Traceroute Behavior
References
On the Resilience of Internet Infrastructures in Pacific Northwest to Earthquakes
1 Introduction
2 Background and Related Work
3 Design and Implementation of ShakeNet Framework
3.1 Overview of ShakeNet Framework
3.2 Datasets Used
3.3 Categorization of Risk Groups
3.4 Assessment of Shaking-Induced Damages to Internet Infrastructure
3.5 Mitigation of Infrastructure Risks
4 Impacts of Earthquake Shaking on Infrastructures in PNW
4.1 How Much Infrastructure is Susceptible to Earthquakes?
4.2 What are the Impacts of Infrastructure Outages on the Society?
4.3 How to Minimize the Impacts of Earthquakes on Internet Infrastructures?
5 Summary and Future Work
A Appendices
A.1 Contour of Expected PGA Values
A.2 Miles of Fiber Affected Per Provider
References
DoS
New Kids on the DRDoS Block: Characterizing Multiprotocol and Carpet Bombing Attacks
1 Introduction
2 Related Work
3 MP-H, a Multiprotocol Honeypot
4 Data Analysis
4.1 Overview
4.2 Attack Intensity
4.3 Per-protocol Analyses
4.4 Victims
4.5 Carpet Bombing Attacks
5 Conclusion
References
DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks
1 Introduction
2 Data Sets and DDoS Classification
3 DDoS in the Wild
3.1 The State of Legacy DDoS Protocols
3.2 New Kids on the Block
3.3 Multi-protocol Attacks
3.4 Attack Packet Rates vs. Volume
4 Infrastructure Perspective
5 View on Targets
6 Honeypot Perspective
7 Conclusions
References
A Peek into the DNS Cookie Jar
1 Introduction
2 Background
3 Support for DNS Cookies
3.1 Server-Side Cookie Support
3.2 Client-Side Cookie Support in Recursive Resolvers
4 Server Cookie Analysis
4.1 Dynamic Cookies
4.2 Static Cookies
5 The State of Cookie Enforcement
5.1 Client Handling of Unexpected Server Behavior
5.2 Server Handling of Unexpected Client Behavior
6 Discussion
6.1 Cookie Benefits Today
6.2 Path Forward for Cookies
7 Ethical Considerations
8 Conclusion
References
Performance
What You Need to Know About (Smart) Network Interface Cards
1 Introduction
2 Measurement Methodology
2.1 Experimental Setup
3 Analysis of Flow Tables
3.1 Hardware Classification Performance
3.2 Rule Operations Analysis
4 Related Work
5 Conclusions
References
Scouting the Path to a Million-Client Server
1 Introduction
2 Measurement Setup
3 Overall Stack Performance
4 Admission Control to the Stack
4.1 Packet Sizing
4.2 Backpressure
4.3 Batching Ingress Packets
5 Per-Packet Overhead
6 Related Work
7 Relevance of Findings to Other Stacks
8 Conclusion
A Linux Stack Overview
B Parameter Configuration
C Overall Stack Performance
D FQ v.s. PFIFO
E Packet Rate with Zero Drops
References
Building Out the Basics with Hoplets
1 Introduction
2 System Design
2.1 Using Traceroute Data
2.2 Hoplet Extraction
2.3 Hoplet Comparison
2.4 Hoplet Aggregator
3 Hoplets at a CDN
4 Global Hoplet Behaviors
4.1 Topological Analysis
5 Other Data Sources
6 Related Work
7 Conclusions
8 Appendix
8.1 Parameter Selection
References
Network Security
NATting Else Matters: Evaluating IPv6 Access Control Policies in Residential Networks
1 Introduction
2 Background
2.1 IPv4 NAT
2.2 IPv6 Reachability
3 Methodology
3.1 Router Selection and Network Configuration
3.2 Evaluation Methodology
4 Results
4.1 Operational Defaults
4.2 Firewall Policies and Pinholing
4.3 Router Scanning
5 Discussion
5.1 Recommendations
5.2 Future Work
6 Conclusion
7 Appendix
References
Plight at the End of the Tunnel
1 Introduction
2 Background
3 Methodology and Data
4 Analysis
4.1 Attacks Against Tunnel Clients
4.2 Attacks Against Tunnel Relays
5 Discussion
6 Related Work
7 Conclusion
References
An Online Method for Estimating the Wireless Device Count via Privacy-Preserving Wi-Fi Fingerprinting
1 Introduction
2 Preliminaries
3 Methods
3.1 Terminology and Definitions
3.2 Mapping Randomized MAC Addresses to a Device Cluster
3.3 Device Counting
4 Experiments and Datasets
4.1 Data Collection
4.2 Datasets
5 Evaluation
5.1 Parameter Tuning
5.2 Method Validation
5.3 Device Counting Evaluation
6 Related Work
7 Conclusion and Future Work
Appendix A Data Exploration for Parameter Tuning
A.1 Analysis of the Algorithm Bootstrap Time
Appendix B Algorithms
References
DNS
Cache Me Outside: A New Look at DNS Cache Probing
1 Introduction
2 Background
2.1 DNS Caching and Recursion
2.2 DNS Cache Probing
3 Revisiting DNS Cache Probing
3.1 Locating DNS Forwarders
3.2 Probing DNS Forwarders
3.3 Ground Truth Validation
3.4 Ethics
4 Case Studies
4.1 Case Study: Netsweeper Device Localization
4.2 Case Study: Tracking the Global Proliferation of Stalkerware
5 Conclusion
A Global Tracking of Stalkerware Apps
References
Can Encrypted DNS Be Fast?
1 Introduction
2 Method
2.1 Measurement Platform
2.2 Analyses
2.3 Experiment Design
3 Results
3.1 How Much Connection Overhead Does Encrypted DNS Incur?
3.2 How Does Encrypted DNS Perform Compared with Conventional DNS?
3.3 How Does Network Performance Affect Encrypted DNS Performance?
3.4 Does Encrypted DNS Resolver Performance Vary Across ISPs?
4 Related Work
5 Conclusion
References
Fragmentation, Truncation, and Timeouts: Are Large DNS Messages Falling to Bits?
1 Introduction
2 Datasets
3 Dissecting Responses from a ccTLD
3.1 How Common Are Large Responses?
3.2 How Often Does IP Fragmentation Occur for DNS/UDP?
3.3 DNS Truncation: How and When?
3.4 Do Resolvers Fall Back to TCP?
4 Resolver EDNS0 Buffer Sizes
4.1 DNS Flag Day 2020: What Was the Uptake?
5 Related Work
6 Conclusions
A Extra graphs
A.1 Clients and Large DNS/UDP Responses
References
Capacity
On the Accuracy of Tor Bandwidth Estimation
1 Introduction
2 Background and Related Work
3 Analysis of Tor Metrics Data
4 Tor Relay Speed Test Experiment
5 Discussion
6 Conclusion
References
Comparison of TCP Congestion Control Performance over a Satellite Network
1 Introduction
2 Related Work
3 Methodology
3.1 Testbed
3.2 Baseline
3.3 Downloads
4 Analysis
4.1 Network Baseline
4.2 Representative Behavior
4.3 Steady State
4.4 Start-Up
4.5 Power
5 Conclusion
References
Throughput Prediction on 60 GHz Mobile Devices for High-Bandwidth, Latency-Sensitive Applications
1 Introduction
2 Experimental Methodology
3 Results and Analysis
3.1 Impact of the Phased Array Field of View
3.2 Static Scenarios
3.3 Mobile Scenarios
3.4 Applications
3.5 Prediction Time (NN Inference Delay)
4 Related Work
5 Conclusion and Future Directions
References
Exposing Hidden Behaviors
Characterizing the Security of Endogenous and Exogenous Desktop Application Network Flows
1 Introduction
2 Methods
2.1 Data Collection and Characterization
2.2 Data Preparation and Preprocessing
2.3 Enrichment (Phase 4)
2.4 Filtering (Phase 5)
3 Analysis
3.1 How Many of an Application's Connections Are Endogenous?
3.2 What Ports Do Applications Use to Communicate?
3.3 What Applications Are Not Using Secure Ports?
3.4 Are Applications Communicating with Reputable Domains?
3.5 What Is the Attack Surface that Applications Expose Through Open Ports?
3.6 How Is Endogenous Traffic Represented in Browsers?
4 Related Work
A Data Ethics
B RFC 1918
References
Zeroing in on Port 0 Traffic in the Wild
1 Introduction
2 Related Work
3 Datasets Overview
3.1 Ethical Considerations
3.2 Reproducible Research
3.3 Continuous Port 0 Measurements
4 Flow-Level Analysis
5 Packet-Level Analysis
6 Active Measurements
6.1 Responsive Addresses
6.2 Port 0 Traceroutes
7 Conclusion
A Additional Traceroute Analyses
A.1 Last Responsive Hops
A.2 Number of Responsive Hops
A.3 ICMP Types and Codes
B Additional Passive Analysis
References
A Study of the Partnership Between Advertisers and Publishers
1 Introduction
2 Our Dataset
3 Paired Comparison Analysis
3.1 Similarity or Dissimilarity Between Publishers and Advertisers
3.2 Advertisers' Preference on Ad Networks
4 Related Work
5 Conclusion
References
Author Index