skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 10:00 PM ET on Friday, February 6 until 10:00 AM ET on Saturday, February 7 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Internet Service Usage and Delivery As Seen From a Residential Network
Given the increasing residential Internet use, a thorough understanding of what services are used and how they are delivered to residential networks is crucial. However, access to residential traces is limited due to their proprietary nature. Most prior work used campus datasets from academic buildings and undergraduate dorms, and the few studies with residential traces are often outdated or use data unavailable to other researchers. We provide access to a new residential dataset-we have been collecting traffic from ~1000 off-campus residences that house faculty, postdocs, graduate students, and their families. Although our residents are university affiliates, our dataset captures their activity at home, and we show that this dataset offers a distinct perspective from the campus and dorm traffic. We investigate the serving infrastructures and services accessed by the residences, revealing several interesting findings: peer-to-peer activity is notable, comprising 47% of the total flow duration; third-party CDNs host many services but serve much less traffic (e.g., Cloudflare hosts 19% of domains but only 2% of traffic); and 11 of the top 100 services that have nearby servers often serve users from at least 1,000km farther away. This broad analysis, as well as our data sharing, pushes toward a more thorough understanding of Internet service usage and delivery, motivating and supporting future research.  more » « less
Award ID(s):
2212479
PAR ID:
10661995
Author(s) / Creator(s):
; ; ; ; ;
Publisher / Repository:
ACM
Date Published:
Journal Name:
Proceedings of the ACM on Measurement and Analysis of Computing Systems
Volume:
9
Issue:
2
ISSN:
2476-1249
Page Range / eLocation ID:
1 to 30
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, IFIP Networking Conference (IFIP Networking) and Workshops)
    Understanding the nature and characteristics of Internet events such as route changes and outages can serve as the starting point for improvements in network configurations, management and monitoring practices. However, the scale, diversity, and dynamics of network infrastructure makes event detection and analysis challenging. In this paper, we describe a new approach to Internet event measurement, identification and analysis that provides a broad and detailed perspective without the need for new or dedicated infrastructure or additional network traffic. Our approach is based on analyzing data that is readily available from Network Time Protocol (NTP) servers. NTP is one of the few on-by-default services on clients, thus NTP servers have a broad perspective on Internet behavior. We develop a tool for analyzing NTP traces called Tezzeract, which applies Robust Principal Components Analysis to detect Internet events. We demonstrate Tezzeract’s efficacy by conducting controlled experiments and by applying it to data collected over a period of 3 months from 19 NTP servers. We also compare and contrast Tezzeract’s perspective with reported outages and events identified through active probing. We find that while there is commonality across methods, NTP-based monitoring provides a unique perspective that complements prior methods. 
    more » « less
  2. ; ; ; ; (, IFIP Networking Conference)
    —Understanding the nature and characteristics of Internet events such as route changes and outages can serve as the starting point for improvements in network configurations, management and monitoring practices. However, the scale, diversity, and dynamics of network infrastructure makes event detection and analysis challenging. In this paper, we describe a new approach to Internet event measurement, identification and analysis that provides a broad and detailed perspective without the need for new or dedicated infrastructure or additional network traffic. Our approach is based on analyzing data that is readily available from Network Time Protocol (NTP) servers. NTP is one of the few on-by-default services on clients, thus NTP servers have a broad perspective on Internet behavior. We develop a tool for analyzing NTP traces called Tezzeract, which applies Robust Principal Components Analysis to detect Internet events. We demonstrate Tezzeract’s efficacy by conducting controlled experiments and by applying it to data collected over a period of 3 months from 19 NTP servers. We also compare and contrast Tezzeract’s perspective with reported outages and events identified through active probing. We find that while there is commonality across methods, NTP-based monitoring provides a unique perspective that complements prior methods. 
    more » « less
  3. ; ; (, International Conference on Network of the Future (NoF))
    The security of Internet-of-Things (IoT) devices in the residential environment is important due to their widespread presence in homes and their sensing and actuation capabilities. However, securing IoT devices is challenging due to their varied designs, deployment longevity, multiple manufacturers, and potentially limited availability of long-term firmware updates. Attackers have exploited this complexity by specifically targeting IoT devices, with some recent high-profile cases affecting millions of devices. In this work, we explore access control mechanisms that tightly constrain access to devices at the residential router, with the goal of precluding access that is inconsistent with legitimate users' goals. Since many residential IoT devices are controlled via applications on smartphones, we combine application sensors on phones with sensors at residential routers to analyze workflows. We construct stateful filters at residential routers that can require user actions within a registered smartphone to enable network access to an IoT device. In doing so, we constrain network packets only to those that are consistent with the user's actions. In our experiments, we successfully identified 100% of malicious traffic while correctly allowing more than 98% of legitimate network traffic. The approach works across device types and manufacturers with straightforward API and state machine construction for each new device workflow. 
    more » « less
  4. ; ; ; (, ACM Transactions on Internet Technology)
    Internet of Things (IoT) devices have been increasingly deployed in smart homes to automatically monitor and control their environments. Unfortunately, extensive recent research has shown that on-path external adversaries can infer and further fingerprint people’s sensitive private information by analyzing IoT network traffic traces. In addition, most recent approaches that aim to defend against these malicious IoT traffic analytics cannot adequately protect user privacy with reasonable traffic overhead. In particular, these approaches often did not consider practical traffic reshaping limitations, user daily routine permitting, and user privacy protection preference in their design. To address these issues, we design a new low-cost, open source user-centric defense system—PrivacyGuard—that enables people to regain the privacy leakage control of their IoT devices while still permitting sophisticated IoT data analytics that is necessary for smart home automation. In essence, our approach employs intelligent deep convolutional generative adversarial network assisted IoT device traffic signature learning, long short-term memory based artificial traffic signature injection, and partial traffic reshaping to obfuscate private information that can be observed in IoT device traffic traces. We evaluate PrivacyGuard using IoT network traffic traces of 31 IoT devices from five smart homes and buildings. We find that PrivacyGuard can effectively prevent a wide range of state-of-the-art adversarial machine learning and deep learning based user in-home activity inference and fingerprinting attacks and help users achieve the balance between their IoT data utility and privacy preserving. 
    more » « less
  5. ; ; (, 2020 29th International Conference on Computer Communications and Networks (ICCCN))
    null (Ed.)
    Network traffic modeling plays an important role in the generation of realistic network traffic in test environments. Especially in cases where researchers carry out experiments with real production-like traffic, as seen in specific home, enterprise, campus, LAN, or WAN networks. We present our ongoing work on a new framework that enables the methodical creation of application-agnostic traffic models from given network traces of a known network topology. The framework then uses these models to generate realistic traffic on a given network topology. We share a preliminary evaluation of the framework based on repeatable experiments where we model a typical web application traffic and then regenerate the traffic based on the model in a test network on our VTS (Virtual Topology Services) testbed. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email