发布求助
文献互助 智能选刊 最新文献

2017 Network Traffic Measurement and Analysis Conference (TMA)最新文献

筛选
英文 中文
How HTTP/2 is changing web traffic and how to detect it HTTP/2如何改变网络流量以及如何检测它
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-21 DOI: 10.23919/TMA.2017.8002899
Jawad Manzoor, I. Drago, R. Sadre
{"title":"How HTTP/2 is changing web traffic and how to detect it","authors":"Jawad Manzoor, I. Drago, R. Sadre","doi":"10.23919/TMA.2017.8002899","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002899","url":null,"abstract":"HTTP constitutes a dominant part of the Internet traffic. Today's web traffic mostly consists of HTTP/1 and the much younger HTTP/2. As the traffic of both protocols is increasingly exchanged over encryption, discerning which flows in the network belong to each protocol is getting harder. Identifying flows per protocol is however very important, e.g., for building traffic models for simulations and benchmarking, and enabling operators and researchers to track the adoption of HTTP/2. This paper makes two contributions. First, using datasets of passive measurements collected in operational networks and Deep Packet Inspection (DPI), we characterize differences in HTTP/1 and HTTP/2 traffic. We show that the adoption of HTTP/2 among major providers is high and growing. Moreover, when comparing the same services over HTTP/1 or HTTP/2, we notice that HTTP/2 flows are longer, but formed by smaller packets. This is likely a consequence of new HTTP/2 features and the reorganization of servers and clients to profit from such features. Second, we present a lightweight method for the classification of encrypted web traffic into appropriate HTTP versions. In order to make the method practically feasible, we use machine learning with basic information commonly available in aggregated flow traces (e.g., NetFlow records). We show that a small labeled dataset is sufficient for training the system, and it accurately classifies traffic for several months, potentially from different measurement locations, without the need for retraining. Therefore, the method is simple, scalable, and applicable to scenarios where DPI is not possible.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124070789","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A measurement study of congestion in an InfiniBand network InfiniBand网络拥塞的测量研究
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-21 DOI: 10.23919/TMA.2017.8002911
Fatma Alali, Fabrice Mizero, M. Veeraraghavan, J. Dennis
{"title":"A measurement study of congestion in an InfiniBand network","authors":"Fatma Alali, Fabrice Mizero, M. Veeraraghavan, J. Dennis","doi":"10.23919/TMA.2017.8002911","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002911","url":null,"abstract":"This paper presents a measurement study of congestion on a production, highly utilized, 72K-core InfiniBand cluster called Yellowstone. The measurement study consists of a 23-day data collection phase in which port counters of the Yellowstone switches were read multiple times every hour to check for stalls during which the port is unable to send data due to a lack of flow-control credits. A total of 30M data records were obtained and analyzed. Results showed that a significant number of the 100-ms intervals over which a port counter was observed, there were transmission stalls. For example, out of 6M observations of Top-of-Rack (ToR) switch uplink ports, we found that the port was forced to wait for credits in 60% of these 100-ms intervals. Such transmission stalls could increase application execution time, and also decrease cluster utilization. The latter will occur when Message Passing Interface (MPI) Barrier calls are issued for synchronization and communication delays cause one or more MPI ranks to be slower than others.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131103909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Push away your privacy: Precise user tracking based on TLS client certificate authentication 抛开您的隐私:基于TLS客户端证书认证的精确用户跟踪
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-21 DOI: 10.1145/3232755.3232763
M. Wachs, Quirin Scheitle, G. Carle
{"title":"Push away your privacy: Precise user tracking based on TLS client certificate authentication","authors":"M. Wachs, Quirin Scheitle, G. Carle","doi":"10.1145/3232755.3232763","DOIUrl":"https://doi.org/10.1145/3232755.3232763","url":null,"abstract":"The design and implementation of cryptographic systems offer many subtle pitfalls. One such pitfall is that cryptography may create unique identifiers potentially usable to repeatedly and precisely re-identify and hence track users. This work investigates TLS Client Certificate Authentication (CCA), which currently transmits certificates in plain text. We demonstrate CCA's impact on client traceability using Apple's Apple Push Notification service (APNs) as an example. APNs is used by all Apple products, employs plain-text CCA, and aims to be constantly connected to its backend. Its novel combination of large device count, constant connections, device proximity to users and unique client certificates provides for precise client traceability. We show that passive eavesdropping allows to precisely re-identify and track users and that only ten interception points are required to track more than 80 percent of APNs users due to global routing characteristics. We conduct our work under strong ethical guidelines, responsibly disclose our findings, and can confirm a working patch by Apple for the highlighted issue. We aim for this work to provide the necessary factual and quantified evidence about negative implications of plain-text CCA to boost deployment of encrypted CCA as in TLS 1.3.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124792643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Threats and surprises behind IPv6 extension headers IPv6扩展报头背后的威胁和惊喜
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-21 DOI: 10.23919/TMA.2017.8002912
Luuk Hendriks, P. Velan, R. Schmidt, P. Boer, A. Pras
{"title":"Threats and surprises behind IPv6 extension headers","authors":"Luuk Hendriks, P. Velan, R. Schmidt, P. Boer, A. Pras","doi":"10.23919/TMA.2017.8002912","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002912","url":null,"abstract":"The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header — a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121695328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Middleboxes in the Internet: A HTTP perspective Internet中的中间件:一个HTTP视角
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-21 DOI: 10.23919/TMA.2017.8002906
Shan Huang, F. Cuadrado, S. Uhlig
{"title":"Middleboxes in the Internet: A HTTP perspective","authors":"Shan Huang, F. Cuadrado, S. Uhlig","doi":"10.23919/TMA.2017.8002906","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002906","url":null,"abstract":"Middleboxes are widely used in today's Internet, especially for security and performance. Middleboxes classify, filter and shape traffic, therefore interfering with application performance and performing new network functions for end hosts. Recent studies have uncovered and studied middleboxes in different types of networks. In this paper, we exploit a large-scale proxy infrastructure, provided by Laminati, to detect HTTP-interacting middleboxes across the Internet. Our methodology relies on a client and server side, to be able to observe both directions of the middlebox interaction. Our results provide evidence for middleboxes deployed across more than 1000 ASes. We observe various middlebox interference in both directions of traffic flows, and across a wide range networks, including mobile operators and data center networks.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"8 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116795602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
HLOC: Hints-based geolocation leveraging multiple measurement frameworks HLOC:利用多个测量框架的基于提示的地理定位
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-21 DOI: 10.23919/TMA.2017.8002903
Quirin Scheitle, Oliver Gasser, Patrick Sattler, G. Carle
{"title":"HLOC: Hints-based geolocation leveraging multiple measurement frameworks","authors":"Quirin Scheitle, Oliver Gasser, Patrick Sattler, G. Carle","doi":"10.23919/TMA.2017.8002903","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002903","url":null,"abstract":"Geographically locating an IP address is of interest for many purposes. There are two major ways to obtain the location of an IP address: querying commercial databases or conducting latency measurements. For structural Internet nodes, such as routers, commercial databases are limited by low accuracy, while current measurement-based approaches overwhelm users with setup overhead and scalability issues. In this work we present our system HLOC, aiming to combine the ease of database use with the accuracy of latency measurements. We evaluate HLOC on a comprehensive router data set of 1.4M IPv4 and 183k IPv6 routers. HLOC first extracts location hints from rDNS names, and then conducts multi-tier latency measurements. Configuration complexity is minimized by using publicly available large-scale measurement frameworks such as RIPE Atlas. Using this measurement, we can confirm or disprove the location hints found in domain names. We publicly release HLOC's ready-to-use source code, enabling researchers to easily increase geolocation accuracy with minimum overhead.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114248018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
SOMETIME: Software defined network-basec Available Bandwidth measurement in MONROE 有时:软件定义的基于MONROE的可用带宽测量
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-21 DOI: 10.23919/TMA.2017.8002918
Giuseppe Aceto, V. Persico, A. Pescapé, G. Ventre
{"title":"SOMETIME: Software defined network-basec Available Bandwidth measurement in MONROE","authors":"Giuseppe Aceto, V. Persico, A. Pescapé, G. Ventre","doi":"10.23919/TMA.2017.8002918","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002918","url":null,"abstract":"Mobile Broadband (MBB) access networks are becoming more and more used worldwide, and the devices adopted to access them are increasing in number and complexity (smartphones, mobile hotspots, vehicular infotainment systems). The highly dynamic nature of such scenarios calls for continuous monitoring and measurement of the network, and possibly cross-layer management of network applications. A recent shift in network management, Software-Defined Networking (SDN), is a promising tool to manage such evolved scenario, characterized by constraints due to HW, virtualization, and data plans. In this paper, we present the fundamental ideas and the first findings that underpin the SOMETIME research project, that aims at implementing active measurements leveraging the features provided by SDN technologies. Several platforms and tools are being presented to investigate separately MBB and SDN: we consider as a reference testbed the MONROE platform, a system offering in-the-field MBB experimenting facilities. We adopt MONROE as an use case to highlight the main issues and challenges raised by the SOMETIME vision, investigating the feasibility of SDN-based active measurements for MBB. In more details, we assess the impact of SDN on performance of active measurements, namely Available Bandwidth (ABw) estimation, an end-to-end network metric characterizing the spare capacity on a path. We also report preliminary results on achievable throughput as a first root-cause analysis for poor performance in estimating ABw in MBB scenarios. The preliminary results confirm the expected difficulties in ABw estimation over MBB but also validate the feasibility of SDN-based approaches and suggest future directions for SDN-based enhancement of ABw estimation.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122510584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Exploring DSCP modification pathologies in mobile edge networks 探索移动边缘网络中的DSCP修改病理
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-20 DOI: 10.23919/TMA.2017.8002923
A. Custura, A. Venne, G. Fairhurst
{"title":"Exploring DSCP modification pathologies in mobile edge networks","authors":"A. Custura, A. Venne, G. Fairhurst","doi":"10.23919/TMA.2017.8002923","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002923","url":null,"abstract":"Differentiated Services (DiffServ) provides a means for applications to classify traffic into Quality of Service (QoS) classes by reading the Differentiated Services Code Point (DSCP) field in the IP header and then mapping traffic to a specific QoS forwarding treatment. This paper provides new measurement data that examines how the DSCP is altered as packets traverse mobile broadband access networks. Results are presented for entire paths, differentiating between the access network behaviour and the rest of the path. Observing the DSCP seen at each router can be used to infer whether a packet is likely to receive an appropriate QoS treatment, and hence the level of support for DiffServ QoS. Our results identify two remarking pathologies, one for the mobile networks and the other for the Internet path.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127448930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Examining cellular access systems on trains: Measurements and change detection 检查列车上的蜂窝接入系统:测量和变化检测
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-01 DOI: 10.23919/TMA.2017.8002916
Johan Garcia, Stefan Alfredsson, A. Brunström
{"title":"Examining cellular access systems on trains: Measurements and change detection","authors":"Johan Garcia, Stefan Alfredsson, A. Brunström","doi":"10.23919/TMA.2017.8002916","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002916","url":null,"abstract":"Access to reliable high-quality communication services on trains is important for today's mobile users. Train-mounted aggregation routers that provide WiFi access to train passengers and bundle external communication over multiple cellular modems/links is an efficient way of providing such services. Still, the characteristics of such systems have received limited attention in the literature. In this paper we examine the communication characteristics of such systems based on a large data set gathered over six months from an operational Swedish railway system. We characterize the conditions in terms of usage load, train velocity profiles, and observed throughput and delay as well as the relation between these parameters. Furthermore, we examine the data from an anomaly detection perspective. Based on a changepoint detection method, we examine how the collected metrics varies over the six months. Being able to detect shifts in the metrics over time can help detect anomalous changes in the hardware or environment, and also further helps explain the factors affecting the observed behaviors.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"330 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133027139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Path transparency measurements from the mobile edge with PATHspider 路径透明度测量从移动边缘与PATHspider
2017 Network Traffic Measurement and Analysis Conference (TMA) Pub Date : 2017-06-01 DOI: 10.23919/TMA.2017.8002922
Iain R. Learmonth, Andra Lutu, G. Fairhurst, David Ros, Özgü Alay
{"title":"Path transparency measurements from the mobile edge with PATHspider","authors":"Iain R. Learmonth, Andra Lutu, G. Fairhurst, David Ros, Özgü Alay","doi":"10.23919/TMA.2017.8002922","DOIUrl":"https://doi.org/10.23919/TMA.2017.8002922","url":null,"abstract":"Network operators and equipment vendors can hesitate to deploy network protocol innovations in fear of breaking connectivity for end users. To assess the potential for evolution of the protocol stack, it is important to know the existing network impairments and opportunities to work around the impairments. While classical network measurement tools often focus on absolute performance values, PATHspider is an extensible framework for performing and analyzing A/B testing between two different protocols or different protocol extensions. It thus enables controlled experiments in search of protocol-dependent connectivity problems, and to identify differential treatment. This paper presents how PATHspider can be instrumented to assess path transparency over commercial mobile networks, using the MONROE platform. We provide here proof-of-concept results from measurements in a UK commercial mobile network, and lay out our future measurement plans for PATHspider using the MONROE testbed in Europe.","PeriodicalId":118082,"journal":{"name":"2017 Network Traffic Measurement and Analysis Conference (TMA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126847677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信