Passive and Active Measurement
19th International Conference, PAM 2018, Berlin, Germany, March 26-27, 2018, Proceedings
Published on 1. March 2018
XI, 282 pages
978-3-319-76481-8 (ISBN)
Description
This book constitutes the proceedings of the 19th International Conference on Passive and Active Measurement, PAM 2018, held in Berlin, Germany, in March 2018.
The 20 full papers presented in this volume were carefully reviewed and selected from 50 submissions. The papers demonstrate the import and extent to which measurements pervade systems - from protocols to performance to security. They are organized in the following topical sections: models and inference; security and privacy; CDNs; DNS; certificates; interdomain routing; and analyzing protocols.
The 20 full papers presented in this volume were carefully reviewed and selected from 50 submissions. The papers demonstrate the import and extent to which measurements pervade systems - from protocols to performance to security. They are organized in the following topical sections: models and inference; security and privacy; CDNs; DNS; certificates; interdomain routing; and analyzing protocols.
More details
Other editions
Additional editions
Robert Beverly | Georgios Smaragdakis | Anja Feldmann
Passive and Active Measurement
19th International Conference, PAM 2018, Berlin, Germany, March 26-27, 2018, Proceedings
Book
03/2018
Springer
€53.49
Shipment within 10-15 days
Content
- Intro
- Preface
- Organization
- Contents
- Models and Inference
- Detecting ICMP Rate Limiting in the Internet
- 1 Introduction
- 2 Modeling Rate Limited Blocks
- 2.1 Rate Limit Implementations in Commercial Routers
- 2.2 Modeling Availability
- 2.3 Modeling Response Rate
- 2.4 Modeling Alternation Count
- 3 Detecting Rate Limited Blocks
- 3.1 Input for Detection
- 3.2 Four Phases of ICMP Rate Limiting
- 3.3 Detecting Rate Limited Blocks
- 4 Results: Rate Limiting in the Wild
- 4.1 How Many Blocks Are Rate Limited in the Internet?
- 4.2 Verifying Results Hold over Time
- 4.3 Is Faster Probing Rate Limited?
- 4.4 Rate Limiting of Response Errors at Nearby Routers
- 5 Validation
- 5.1 Does the Model Match Real-World Implementations?
- 5.2 Correctness in Noise-Free Testbed
- 5.3 Correctness in the Face of Packet Loss
- 5.4 Correctness with Partially Responsive Blocks
- 6 Related Work
- 7 Conclusion
- References
- On the Characteristics of Language Tags on the Web
- 1 Introduction
- 2 Background and Related Work
- 3 Methodology
- 4 Results
- 5 Summary and Conclusions
- References
- Narrowing the Gap Between QoS Metrics and Web QoE Using Above-the-fold Metrics
- 1 Introduction
- 2 Background and Related Work
- 2.1 Web QoS Metrics
- 2.2 Web QoE Models
- 3 Approximating the ATF time
- 4 Modeling WebQoE
- 4.1 Dataset
- 4.2 Expert Models
- 4.3 Machine Learning
- 4.4 Discussion
- 5 Conclusions
- References
- Security and Privacy
- Internet Protocol Cameras with No Password Protection: An Empirical Investigation
- 1 Introduction
- 2 Background
- 3 Measurement Methodology and Dataset
- 4 Dynamics of insecam
- 4.1 Daily Active IP Cameras Listed on Insecam
- 4.2 Daily New Cameras Added on Insecam
- 4.3 Top Timezone with Most Cameras Collected on Insecam
- 4.4 Usage Habit of IP Cameras Within a Day
- 5 Characterization of Insecam IP Cameras
- 5.1 Top Countries and ISPs Contributing Insecam IP Cameras
- 5.2 Installation Locations of Insecam IP Cameras
- 5.3 Manufacturers of Insecam Cameras
- 5.4 TCP/UDP Ports Used by Insecam Cameras
- 5.5 Exhaust Historical IP Cameras Ever Posted on Insecam
- 6 Vulnerability Analysis of Internal Network of IP Cameras
- 6.1 Open Ports
- 6.2 Web Servers
- 7 Related Work
- 8 Conclusion
- References
- RARE: A Systematic Augmented Router Emulation for Malware Analysis
- 1 Introduction
- 2 System Design and Implementation
- 3 Evaluation
- 4 Related Work
- 5 Conclusion
- References
- Revisiting the Privacy Implications of Two-Way Internet Latency Data
- 1 Introduction
- 2 Components of End-to-End Latency
- 3 Latency and Geoprivacy
- 3.1 Measurements with Atlas and MONROE
- 4 Load Telemetry
- 5 Conclusions and Recommendations
- References
- CDNs
- Fury Route: Leveraging CDNs to Remotely Measure Network Distance
- 1 Introduction
- 2 Background and Measurement
- 2.1 Provider Granularity
- 3 Fury Route
- 4 Implementation
- 4.1 Provider Selection
- 5 Evaluation
- 5.1 Completion Rate
- 5.2 Comparison to iPlane
- 5.3 Rank Performance
- 5.4 Overhead Analysis
- 6 Related Work
- 7 Conclusions
- References
- Mobile Content Hosting Infrastructure in China: A View from a Cellular ISP
- 1 Introduction
- 2 Data and Metrics
- 2.1 Data: Passive DNS Replies
- 2.2 Content-Related Metrics
- 3 On Hosting Infrastructure
- 3.1 Content Potential of ASes
- 3.2 Content Hosting Provider Analysis
- 3.3 Summary and Discussion
- 4 Tracker Hosting Infrastructure
- 4.1 Top Trackers
- 4.2 Tracker Hosting Infrastructure
- 4.3 Summary and Discussion
- 5 Conclusion
- References
- Characterizing a Meta-CDN
- 1 Introduction
- 2 Background and Related Work
- 3 Characterizing a Meta-CDN
- 3.1 Operation Principles
- 3.2 Customers
- 4 A Global View on Cedexis
- 4.1 Infrastructure
- 4.2 How Customers Utilize Cedexis
- 4.3 Latency Perspective
- 5 Conclusion
- References
- DNS
- In rDNS We Trust: Revisiting a Common Data-Source's Reliability
- 1 Introduction
- 2 Related Work
- 3 Passive Traces on rDNS: What Can We See?
- 3.1 Biases in the Passive Traces
- 3.2 Dataset Overview
- 3.3 DNS Response Codes in in-addr.arpa
- 3.4 DNS Response Codes in ip6.arpa
- 4 Passive Traces: What are rDNS Use-Cases?
- 4.1 RRtypes in Successful Answers
- 4.2 rDNS SMTP Forward Confirmation
- 4.3 Churn in Queried Reverse Names
- 5 Active rDNS Measurements: What Can We Really See?
- 5.1 Data Collection Infrastructure
- 5.2 Dataset and Toolchain Availability
- 5.3 IPv6 rDNS Dataset Collection
- 5.4 IPv4 rDNS Dataset Collection
- 5.5 Visible IPv4 Space: The Size of the Internet
- 6 Comparing Active and Passive Results
- 6.1 CNAMEs and Delegations
- 7 Conclusion
- References
- Characterization of Collaborative Resolution in Recursive DNS Resolvers
- 1 Introduction
- 2 Related Work
- 3 Dataset & Methodology
- 4 Characterizing Resolver Pools by Network Properties
- 4.1 Initiator Pool Size
- 4.2 IP-Space Distribution
- 4.3 Autonomous System Distribution
- 4.4 Geographic Distance Within Pools
- 5 Classifying Resolver Pools by Behavior
- 5.1 Dual-Stack Resolvers
- 5.2 Load Balancing, Off-Loading and Other Pools
- 6 Conclusion
- References
- The Unintended Consequences of Email Spam Prevention
- 1 Introduction
- 2 SMTP and Sender Policy Framework (SPF)
- 3 Measurement Methodology
- 3.1 Ethical Considerations
- 3.2 Operation
- 3.3 SPF Configurations
- 3.4 Experimental Procedure
- 4 Analysis of Induced DNS Queries
- 4.1 SPF Deployment
- 4.2 Security of DNS Resolvers
- 5 Related Work
- 6 Recommendations
- References
- Certificates
- In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements
- 1 Introduction
- 2 Background
- 3 Related Work
- 4 Methodology
- 5 Baseline Requirements
- 6 Comparing CT Log Data to Active Scans
- 6.1 Certificate Deployment and Validity
- 6.2 Legacy and Non-HTTPS Certificates in CT Logs
- 6.3 CT-Specific HTTP Headers
- 6.4 CT Logs as a Source for IP Address Hitlists
- 7 Gossiping and Inclusion Proofs
- 8 Conclusion
- References
- Server-Side Adoption of Certificate Transparency
- 1 Introduction
- 2 Background
- 3 Methodology
- 4 Dataset and SCT Usage
- 5 Certificate-Based Analysis
- 6 Performance and Overhead Analysis
- 7 Related Work
- 8 Conclusions
- References
- Interdomain Routing
- Leveraging Inter-domain Stability for BGP Dynamics Analysis
- 1 Introduction
- 2 Related Work
- 3 Inter-domain Stability
- 3.1 Primary Paths
- 3.2 Pseudo-events
- 3.3 Practical Primary Path Computation
- 4 BGP Dynamics
- 4.1 First Use Case: Inter-domain Tomography
- 4.2 Second Use Case: Anomaly Detection
- 5 Conclusions and Future Work
- References
- The (Thin) Bridges of AS Connectivity: Measuring Dependency Using AS Hegemony
- 1 Introduction
- 2 Background
- 3 Methodology
- 4 Results
- 4.1 IPv4 and IPv6 Global Graphs
- 4.2 Case Studies: Local Graphs
- 5 Conclusions
- References
- Revealing the Load-Balancing Behavior of YouTube Traffic on Interdomain Links
- 1 Introduction
- 2 Related Work
- 3 Methodology
- 3.1 Identifying Interdomain Links from YouTube Dataset
- 3.2 Descriptive Statistics
- 4 Results
- 4.1 Interconnection Between ISPs and Google
- 4.2 Destination Google AS
- 4.3 Video Cache Assignment
- 5 Conclusion
- References
- Analyzing Protocols
- A Closer Look at IP-ID Behavior in the Wild
- 1 Introduction
- 2 Background and Related Work
- 3 Methodology
- 4 IP-ID Classification
- 5 Internet Measurement Campaign
- 6 Conclusions
- References
- A First Look at QUIC in the Wild
- 1 Introduction
- 2 An Introduction to QUIC's Handshake
- 3 Availability: QUIC Server Infrastructures
- 3.1 Enumerating QUIC IPv4 Hosts
- 3.2 Enumerating QUIC Domain Names
- 4 Usage: QUIC Traffic Share
- 5 Related Work
- 6 Discussion and Conclusion
- References
- TCP CUBIC versus BBR on the Highway
- 1 Introduction
- 2 Related Work
- 3 Methodology
- 3.1 Congestion Control Algorithms
- 3.2 Experiment Setup
- 3.3 Driving Scenario
- 4 Radio Network Characteristics
- 5 CCA Performance
- 5.1 Single Trial
- 5.2 Throughput
- 5.3 Round-Trip Time
- 5.4 Throughput and SINR
- 5.5 Throughput and Handovers
- 5.6 Self-Inflicted Delay
- 5.7 Retransmission
- 5.8 Summary
- 6 Conclusions
- References
- Erratum to: In rDNS We Trust: Revisiting a Common Data-Source's Reliability
- Erratum to: Chapter "In rDNS We Trust: Revisiting a Common Data-Source's Reliability" in: R. Beverly et al. (Eds.): Passive and Active Measurement, LNCS 10771, https://doi.org/10.1007/978-3-319-76481-8_10
- Author Index
