Jiamei Lv,Yi Gao,Wei Dong

DOI: https://doi.org/10.1109/PADSW.2018.8644951

2018-01-01

Abstract:For network operators, knowing the problems in their networks before users complain can help improve their Quality-of-Experience (QoE) and bring great commercial value. However, accurate measurement of the internal performance of a network generally requires the deployment of additional dedicated instrumentation in the network. Another possible approach is to use network tomography technique to infer these internal states from measurements obtained from the edge of the network. However, network tomography usually requires that the network topology and the path of each probe are known. In this paper, using a sparse crowdsourced measurement dataset from mobile users to varies types of network resources, we build a BRAS (broadband remote access server)-level QoE model to help the network operator locate network problems quickly. By reasonably mining the intrinsic correlation among the measurement data, the proposed scheme is able to model the user QoE accurately and achieve an accuracy of 97%.

Shuying Zhuang,Jessie Hui Wang,Jilong Wang,Zujiang Pan,Tianhao Wu,Fenghua Li,Zhiyong Zhang

DOI: https://doi.org/10.1145/3485983.3494857

2021-01-01

Abstract:Despite researchers have noticed that Looking Glass (LG) vantage points (VPs) are valuable for Internet measurement researches, they can only exploit VPs from well-known LG sites published on several LG portal pages. There should be a lot of LG sites that are not published in these portal pages, namely obscure LG sites, which are not easy to be found and exploited by researchers. In this paper, we design an efficient focused crawler to discover as many LG sites as possible which can avoid unnecessary resource consumption on analyzing irrelevant pages. Our designed focused crawler takes a similarity-guided search that exploits the well-developed search engines and comprehensively mines the common features shared by known LG sites to discover more LG pages. Moreover, the focused crawler takes a two-step PU learning classifier based on carefully selected LG features to efficiently discard irrelevant URLs, thus avoiding a lot of unnecessary resource consumption. As far as we know, we are the first to develop a method to discover obscure LG sites on the web. Experimental results show the effectiveness of our focused crawler. To facilitate practical applications, we further develop an automation tool, which can successfully retrieve 910 obscure automatable LG VPs from relevant pages obtained through our focused crawler. The 910 LG VPs significantly increase the geographic and network coverage of available VPs and we show their potential values in improving the completeness of AS-level Internet topology by a simple case study. Our method and the final VP list are beneficial to the measurement community.

Sam Burnett,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1410.1211

2015-07-20

Abstract:Despite the pervasiveness of Internet censorship, we have scant data on its extent, mechanisms, and evolution. Measuring censorship is challenging: it requires continual measurement of reachability to many target sites from diverse vantage points. Amassing suitable vantage points for longitudinal measurement is difficult; existing systems have achieved only small, short-lived deployments. We observe, however, that most Internet users access content via Web browsers, and the very nature of Web site design allows browsers to make requests to domains with different origins than the main Web page. We present Encore, a system that harnesses cross-origin requests to measure Web filtering from a diverse set of vantage points without requiring users to install custom software, enabling longitudinal measurements from many vantage points. We explain how Encore induces Web clients to perform cross-origin requests that measure Web filtering, design a distributed platform for scheduling and collecting these measurements, show the feasibility of a global-scale deployment with a pilot study and an analysis of potentially censored Web content, identify several cases of filtering in six months of measurements, and discuss ethical concerns that would arise with widespread deployment.

Networking and Internet Architecture,Computers and Society

Matteo Varvello,Jeremy Blackburn,David Naylor,Kostantina Papagiannaki

DOI: https://doi.org/10.48550/arXiv.1902.02865

2019-02-07

Networking and Internet Architecture

Abstract:Tremendous effort has gone into the ongoing battle to make webpages load faster. This effort has culminated in new protocols (QUIC, SPDY, and HTTP/2) as well as novel content delivery mechanisms. In addition, companies like Google and SpeedCurve investigated how to measure "page load time" (PLT) in a way that captures human perception. In this paper we present Eyeorg, a platform for crowdsourcing web quality of experience measurements. Eyeorg overcomes the scaling and automation challenges of recruiting users and collecting consistent user-perceived quality measurements. We validate Eyeorg's capabilities via a set of 100 trusted participants. Next, we showcase its functionalities via three measurement campaigns, each involving 1,000 paid participants, to 1) study the quality of several PLT metrics, 2) compare HTTP/1.1 and HTTP/2 performance, and 3) assess the impact of online advertisements and ad blockers on user experience. We find that commonly used, and even novel and sophisticated PLT metrics fail to represent actual human perception of PLT, that the performance gains from HTTP/2 are imperceivable in some circumstances, and that not all ad blockers are created equal.

Yunpeng Xing,Chaoyi Lu,Baojun Liu,Haixin Duan,Junzhe Sun,Zhou Li

DOI: https://doi.org/10.1145/3646547.3689023

2024-01-01

Abstract:We present a global, large-scale measurement of Internet traffic shadowing, a less-studied yet covert format of on-path manipulation. As part of pervasive monitoring, data within packets is silently observed, retained, and then leveraged to produce additional, unsolicited requests. To depict the landscape of such behaviors, we generate a collection of decoy traffic that lures on-path exhibitors, spread them via 4,364 vantage points recruited from commercial VPN providers, and capture unsolicited requests triggered by them. We find traffic shadowing against DNS, HTTP, and TLS protocols; DNS queries to several public resolvers are most susceptible, by being observed on a wide range of Internet paths. Through hop-by-hop tracerouting, we find observers of DNS queries associated with destinations, while HTTP messages are mostly observed on the wire. User data can be retained for long, e.g., over 10 days, and can be leveraged for more than once. While a notable portion of unsolicited requests originate from addresses labeled by blocklists, we find most of them are performing reconnaissance, and we see no evidence of exploits attempted in the collected traffic.

Antoine Saverimoutou,Bertrand Mathieu,Sandrine Vaton

DOI: https://doi.org/10.1109/MCOM.001.1900178

2020-07-10

Abstract:Web browsing is the main Internet Service and every customer wants the minimum web page loading times. To satisfy this perpetual need, web browsers offer new processing engines and increased functionalities. Web developers make use of new programming languages and paradigms, new transport protocols have been introduced, network operators offer increased bandwidth and Content Delivery Networks (CDN) providers deploy web servers closest to end-users. To assess the efficiency of these evolutions, delivered performance is often evaluated into a standalone manner, without considering the whole chain of web browsing. We propose Web View, a measurement platform, which performs automated web browsing sessions on popular websites in a user-representative environment. Through different configurable parameters, Web View measures a wide set of information in order to evaluate the impact of the different parameters (transport protocols, web browsers, CDN, access networks, etc.). Based on those measurements, to ease the understanding of web browsing and the corresponding evolutions, Web View offers a public visualization website (<a class="link-external link-https" href="https://webview.orange.com" rel="external noopener nofollow">this https URL</a>). For instance, with Web View, we were able to detect that the use of different CDNs at different times of the day can decrease loading times up to 400% and that the delivery of content through different transport protocols can decrease loading times up to 79%. This paper presents the Web View measurement platform as well as remarkable events we noticed during more than one year of measurements.

Networking and Internet Architecture

Tobias Urban,Martin Degeling,Thorsten Holz,Norbert Pohlmann

DOI: https://doi.org/10.1145/3366423.3380203

2020-02-03

Abstract:In the modern Web, service providers often rely heavily on third parties to run their services. For example, they make use of ad networks to finance their services, externally hosted libraries to develop features quickly, and analytics providers to gain insights into visitor behavior. For security and privacy, website owners need to be aware of the content they provide their users. However, in reality, they often do not know which third parties are embedded, for example, when these third parties request additional content as it is common in real-time ad auctions. In this paper, we present a large-scale measurement study to analyze the magnitude of these new challenges. To better reflect the connectedness of third parties, we measured their relations in a model we call third party trees, which reflects an approximation of the loading dependencies of all third parties embedded into a given website. Using this concept, we show that including a single third party can lead to subsequent requests from up to eight additional services. Furthermore, our findings indicate that the third parties embedded on a page load are not always deterministic, as 50% of the branches in the third party trees change between repeated visits. In addition, we found that 93% of the analyzed websites embedded third parties that are located in regions that might not be in line with the current legal framework. Our study also replicates previous work that mostly focused on landing pages of websites. We show that this method is only able to measure a lower bound as subsites show a significant increase of privacy-invasive techniques. For example, our results show an increase of used cookies by about 36% when crawling websites more deeply.

Cryptography and Security

Reuben Binns,Jun Zhao,Max Van Kleek,Nigel Shadbolt

DOI: https://doi.org/10.48550/arXiv.1802.02507

2018-02-08

Abstract:Third-party networks collect vast amounts of data about users via web sites and mobile applications. Consolidations among tracker companies can significantly increase their individual tracking capabilities, prompting scrutiny by competition regulators. Traditional measures of market share, based on revenue or sales, fail to represent the tracking capability of a tracker, especially if it spans both web and mobile. This paper proposes a new approach to measure the concentration of tracking capability, based on the reach of a tracker on popular websites and apps. Our results reveal that tracker prominence and parent-subsidiary relationships have significant impact on accurately measuring concentration.

Computers and Society

Audrey Randall,Peter Snyder,Alisha Ukani,Alex Snoeren,Geoff Voelker,Stefan Savage,Aaron Schulman

DOI: https://doi.org/10.48550/arXiv.2203.10188

2022-07-13

Abstract:This work presents a systematic study of navigational tracking, the latest development in the cat-and-mouse game between browsers and online trackers. Navigational tracking allows trackers to 'aggregate users' activities and behaviors across sites by modifying their navigation requests. This technique is particularly important because it circumvents the increasing efforts by browsers to partition or block third-party storage, which was previously necessary for most cross-website tracking. While previous work has studied specific navigational tracking techniques (i.e. "bounce tracking"), our work is the first effort to systematically study and measure the entire category of navigational tracking techniques. We describe and measure the frequency of two different navigational tracking techniques on the Web, and find that navigational tracking is present on slightly more than ten percent of all navigations that we made. Our contributions include identifying 214 domains belonging to at least 104 organizations tracking users across sites through link decoration techniques using direct or indirect navigation flows. We identify a further 23 domains belonging to at least 16 organizations tracking users through bounce tracking (i.e. bouncing users through unrelated third parties to generate user profiles). We also improve on prior techniques for differenting user identifiers from non-sensitive information, which is necessary to detect one class of navigational tracking. We discuss how our findings can used to protect users from navigational tracking, and commit to releasing both our complete dataset and our measurement pipeline

Cryptography and Security

Katherine Izhikevich,Ben Du,Sumanth Rao,Alisha Ukani,Liz Izhikevich

2024-10-09

Abstract:Geolocation plays a critical role in understanding the Internet. In this work, we provide an in-depth analysis of operator-misreported geolocation. Using a bandwidth-efficient methodology, we find in May 2024 that only a small percentage (1.5%) of vantage points in the largest community-vantage point collection, RIPE Atlas, do not respond from their operator-reported geolocation. However, misreported geolocations disproportionately affect areas with limited coverage and cause entire countries to be left with no vantage points. Furthermore, the problem is escalating: within the past five years, the number of probes reporting the wrong location has increased ten-fold. To increase the accuracy of future methodologies and studies that rely upon operator-reported geolocation, we open source our methodology and release a continually updated dataset of RIPE Atlas vantage points that misreport geolocation.

Networking and Internet Architecture

Simon Bauer,Patrick Sattler,Johannes Zirngibl,Christoph Schwarzenberg,Georg Carle

DOI: https://doi.org/10.1145/3606464.3606474

2023-09-19

Abstract:To keep up with increasing demands on quality of experience, assessing and understanding the performance of network connections is crucial for web service providers. While different measures, like TCP options, alternative transport layer protocols like QUIC, or the hosting of services in CDNs, are expected to improve connection performance, no studies are quantifying such impacts on connections on the Internet. This paper introduces an active Internet measurement approach to assess the impacts of mentioned measures on connection performance. We conduct downloads from public web servers considering different vantage points, extract performance indicators like throughput, RTT, and retransmission rate, and survey speed-ups due to TCP option usage. Further, we compare the performance of QUIC-based downloads to TCP-based downloads considering different option configurations. Next to significant throughput improvements due to TCP option usage, in particular TCP window scaling, and QUIC, our study shows significantly increased performance for connections to domains hosted by different giant CDNs.

Networking and Internet Architecture

Long Pan,Jiahai Yang,Lin He,Zhiliang Wang,Leyao Nie,Guanglei Song,Yaozhong Liu

DOI: https://doi.org/10.48550/arxiv.2210.13088

2022-01-01

Abstract:Active Internet measurements face challenges when some measurements require many remote vantage points. In this paper, we propose a novel technique for measuring remote IPv6 networks via side channels in ICMP rate limiting, a required function for IPv6 nodes to limit the rate at which ICMP error messages are generated. This technique, iVantage, can to some extent use 1.1M remote routers distributed in 9.5k autonomous systems and 182 countries as our"vantage points". We apply iVantage to two different, but both challenging measurement tasks: 1) measuring the deployment of inbound source address validation (ISAV) and 2) measuring reachability between arbitrary Internet nodes. We accomplish these two tasks from only one local vantage point without controlling the targets or relying on other services within the target networks. Our large-scale ISAV measurements cover ~50% of all IPv6 autonomous systems and find ~79% of them are vulnerable to spoofing, which is the most large-scale measurement study of IPv6 ISAV to date. Our method for reachability measurements achieves over 80% precision and recall in our evaluation. Finally, we perform an Internet-wide measurement of the ICMP rate limiting implementations, present a detailed discussion on ICMP rate limiting, particularly the potential security and privacy risks in the mechanism of ICMP rate limiting, and provide possible mitigation measures. We make our code available to the community.

Yingtai Xiao,Jian Du,Shikun Zhang,Qiang Yan,Danfeng Zhang,Daniel Kifer

2024-06-05

Abstract:Online advertising is a cornerstone of the Internet ecosystem, with advertising measurement playing a crucial role in optimizing efficiency. Ad measurement entails attributing desired behaviors, such as purchases, to ad exposures across various platforms, necessitating the collection of user activities across these platforms. As this practice faces increasing restrictions due to rising privacy concerns, safeguarding user privacy in this context is imperative. Our work is the first to formulate the real-world challenge of advertising measurement systems with real-time reporting of streaming data in advertising campaigns. We introduce Ads-BPC, a novel user-level differential privacy protection scheme for advertising measurement results. This approach optimizes global noise power and results in a non-identically distributed noise distribution that preserves differential privacy while enhancing measurement accuracy. Through experiments on both real-world advertising campaigns and synthetic datasets, Ads-BPC achieves a 25% to 50% increase in accuracy over existing streaming DP mechanisms applied to advertising measurement. This highlights our method's effectiveness in achieving superior accuracy alongside a formal privacy guarantee, thereby advancing the state-of-the-art in privacy-preserving advertising measurement.

Cryptography and Security

Taveesh Sharma,Paul Schmitt,Francesco Bronzino,Nick Feamster,Nicole Marwell

2024-10-26

Abstract:Despite significant investments in access network infrastructure, universal access to high-quality Internet connectivity remains a challenge. Policymakers often rely on large-scale, crowdsourced measurement datasets to assess the distribution of access network performance across geographic areas. These decisions typically rest on the assumption that Internet performance is uniformly distributed within predefined social boundaries. However, this assumption may not be valid for two reasons: crowdsourced measurements often exhibit non-uniform sampling densities within geographic areas; and predefined social boundaries may not align with the actual boundaries of Internet infrastructure. In this paper, we present a spatial analysis on crowdsourced datasets for constructing stable boundaries for sampling Internet performance. We hypothesize that greater stability in sampling boundaries will reflect the true nature of Internet performance disparities than misleading patterns observed as a result of data sampling variations. We apply and evaluate a series of statistical techniques to: aggregate Internet performance over geographic regions; overlay interpolated maps with various sampling unit choices; and spatially cluster boundary units to identify contiguous areas with similar performance characteristics. We assess the effectiveness of the techniques we apply by comparing the similarity of the resulting boundaries for monthly samples drawn from the dataset. Our evaluation shows that the combination of techniques we apply achieves higher similarity compared to directly calculating central measures of network metrics over census tracts or neighborhood boundaries. These findings underscore the important role of spatial modeling in accurately assessing and optimizing the distribution of Internet performance, to inform policy, network operations, and long-term planning decisions.

Networking and Internet Architecture,Computers and Society

Jukka Ruohonen,Joonas Salovaara,Ville Leppänen

DOI: https://doi.org/10.1109/PST.2018.8514163

2021-06-25

Abstract:The loading of resources from third-parties has evoked new security and privacy concerns about the current world wide web. Building on the concepts of forced and implicit trust, this paper examines cross-domain transmission control protocol (TCP) connections that are initiated to domains other than the domain queried with a web browser. The dataset covers nearly ten thousand domains and over three hundred thousand TCP connections initiated by querying popular Finnish websites and globally popular sites. According to the results, (i) cross-domain connections are extremely common in the current Web. (ii) Most of these transmit encrypted content, although mixed content delivery is relatively common; many of the cross-domain connections deliver unencrypted content at the same time. (iii) Many of the cross-domain connections are initiated to known web advertisement domains, but a much larger share traces to social media platforms and cloud infrastructures. Finally, (iv) the results differ slightly between the Finnish web sites sampled and the globally popular sites. With these results, the paper contributes to the ongoing work for better understanding cross-domain connections and dependencies in the world wide web.

Cryptography and Security,Networking and Internet Architecture

Arjaldo Karaj,Sam Macbeth,Rémi Berson,Josep M. Pujol

DOI: https://doi.org/10.48550/arXiv.1804.08959

2019-04-25

Abstract:Online tracking has become of increasing concern in recent years, however our understanding of its extent to date has been limited to snapshots from web crawls. Previous at-tempts to measure the tracking ecosystem, have been done using instrumented measurement platforms, which are not able to accurately capture how people interact with the web. In this work we present a method for the measurement of tracking in the web through a browser extension, as well as a method for the aggregation and collection of this information which protects the privacy of participants. We deployed this extension to more than 5 million users, enabling measurement across multiple countries, ISPs and browser configurations, to give an accurate picture of real-world tracking. The result is the largest and longest measurement of online tracking to date based on real users, covering 1.5 billion page loads gathered over 12 months. The data, detailing tracking behaviour over a year, is made publicly available to help drive transparency around online tracking practices.

Computers and Society

Dongqi Han,Shangdong Wang,Zhize He,Zhiliang Wang,Wenqi Chen,Chenglong Li,Jiahai Yang,Xingang Shi,Xia Yin

DOI: https://doi.org/10.23919/IFIPNetworking57963.2023.10186440

2023-01-01

Abstract:Tor Proxies are principally designed for allowing users to easily access hidden services in Tor network through standard browsers instead of dedicated software (e.g., Tor Browser), which is user-friendly but at the expense of anonymity. At present, Tor proxies are volunteer-run without any central management. As a result, it still remains unclear the scale and usage of Tor proxies in the wild throughout the Internet. In light of this, we perform the first large-scale measurement study of Tor proxies through passively identifying Tor proxies worldwide and then conduct initial analysis based on the identified Tor proxies. We cooperate with one of the most popular public DNS resolvers and collect passive DNS for the last 4 years with hundreds of billions of raw DNS records per day. To analyze the usage of Tor proxies, we also crawl newly observed webpages of hidden services accessed via Tor proxies for two years. We propose several techniques to identify the Tor proxies and find about 700 historically valid and 130 online Tor proxies in over 30 countries. We also provide several insightful findings and promising directions to motivate future work on this topic.

Jan Rüth,Torsten Zimmermann,Oliver Hohlfeld

DOI: https://doi.org/10.48550/arXiv.1901.07265

2019-01-22

Abstract:Internet-wide scans are a common active measurement approach to study the Internet, e.g., studying security properties or protocol adoption. They involve probing large address ranges (IPv4 or parts of IPv6) for specific ports or protocols. Besides their primary use for probing (e.g., studying protocol adoption), we show that - at the same time - they provide valuable insights into the Internet control plane informed by ICMP responses to these probes - a currently unexplored secondary use. We collect one week of ICMP responses (637.50M messages) to several Internet-wide ZMap scans covering multiple TCP and UDP ports as well as DNS-based scans covering > 50% of the domain name space. This perspective enables us to study the Internet's control plane as a by-product of Internet measurements. We receive ICMP messages from ~171M different IPs in roughly 53K different autonomous systems. Additionally, we uncover multiple control plane problems, e.g., we detect a plethora of outdated and misconfigured routers and uncover the presence of large-scale persistent routing loops in IPv4.

Networking and Internet Architecture

Taveesh Sharma,Paul Schmitt,Francesco Bronzino,Nick Feamster,Nicole Marwell

2024-08-12

Abstract:Despite significant investments in access network infrastructure, universal access to high-quality Internet connectivity remains a challenge. Policymakers often rely on large-scale, crowdsourced measurement datasets to assess the distribution of access network performance across geographic areas. These decisions typically rest on the assumption that Internet performance is uniformly distributed within predefined social boundaries. However, this assumption may not be valid for two reasons: crowdsourced measurements often exhibit non-uniform sampling densities within geographic areas; and predefined social boundaries may not align with the actual boundaries of Internet infrastructure. In this paper, we present a spatial analysis on crowdsourced datasets for constructing stable boundaries for sampling Internet performance. We hypothesize that greater stability in sampling boundaries will reflect the true nature of Internet performance disparities than misleading patterns observed as a result of data sampling variations. We apply and evaluate a series of statistical techniques to: aggregate Internet performance over geographic regions; overlay interpolated maps with various sampling unit choices; and spatially cluster boundary units to identify contiguous areas with similar performance characteristics. We assess the effectiveness of the techniques we apply by comparing the similarity of the resulting boundaries for monthly samples drawn from the dataset. Our evaluation shows that the combination of techniques we apply achieves higher similarity compared to directly calculating central measures of network metrics over census tracts or neighborhood boundaries. These findings underscore the important role of spatial modeling in accurately assessing and optimizing the distribution of Internet performance, to inform policy, network operations, and long-term planning decisions.

Networking and Internet Architecture,Computers and Society

Matt Calder

DOI: https://doi.org/10.48550/arXiv.2007.12798

2020-07-25

Abstract:Monitoring performance and availability are critical to operating successful content provider networks. Internet measurements provide data needed for traffic engineering, alerting, and network diagnostics. While there are significant benefits to combining server-side passive measurements with end-user active measurements, these capabilities are limited to a small number of content providers with both network and application control. In this work, we present a solution to a long-standing problem for a method to issue active measurements from clients without application control. Our approach uses features of the W3C Network Error Logging specification that allow a CDN to induce a browser connection to an HTTPS server of the CDN's choosing.

Networking and Internet Architecture