internet measurements at complexnetworks fr
play

Internet measurements at complexnetworks.fr Guillaume Valadon - - PowerPoint PPT Presentation

May 27, 2023 •450 likes •899 views

Internet measurements at complexnetworks.fr Guillaume Valadon - http://valadon.complexnetworks.fr LIP6 (CNRS - UPMC) Complex Networks team http://complexnetworks.fr The team http://complexnetworks.fr : plots & videos 4 permanent

  1. Internet measurements at complexnetworks.fr Guillaume Valadon - http://valadon.complexnetworks.fr LIP6 (CNRS - UPMC) Complex Networks team http://complexnetworks.fr

  2. The team  http://complexnetworks.fr : plots & videos – 4 permanent members : Jean-Loup Guillaume, Matthieu Latapy, Bénédicte Le Grand, Clémence Magnien – 2 postdocs, 9 Ph.D. students  Focus & interests: – Internet topology, P2P networks, social networks – measurements – analysis 2

  3. Outline 1. Internet topology measurements Frédéric Ouedraogo, Clémence Magnien, Matthieu Latapy 2. eDonkey measurements: server side 3. eDonkey measurements: honeypot 3

  4. Context  IP topology of the Internet : using traceroute-like tools  few sources, high numbers of destinations  measures : – long & high cost, – bias : fake links & missed links 4

  5. Traceroute measurements 5

  6. Traceroute measurements 5

  7. Traceroute measurements 5

  8. Traceroute measurements 5

  9. Traceroute measurements 5

  10. Traceroute measurements 5

  11. Traceroute measurements * 5

  12. Traceroute measurements * 5

  13. Traceroute: unbalanced load 3000 2500 # times probed many probes on links closest 2000 1500 1000 500 0 0 5 10 15 20 25 30 Distance from the monitor 6

  14. Traceroute: unbalanced load 3000 2500 # times probed many probes on links closest 2000 1500 1000 500 0 0 5 10 15 20 25 30 Distance from the monitor Traceroute limitations: unbalanced load, information redundancy, obtained view is not a tree 6

  15. Ego-centered view  tracetree http://data.complexnetworks.fr/Radar/ – one source – fixed set of destinations – the result is a tree – fast measurement (~100 round per day) – 7

  16. Tracetree measurements 8

  17. Tracetree measurements 8

  18. Tracetree measurements * 8

  19. Tracetree measurements * * 8

  20. Tracetree measurements * * * 8

  21. Parameters  Many parameters: – number of destinations – delay between rounds – maximum TTL ? – ...  We want: 1. high frequency 2. large ego-centered view 3. low network load 9

  22. Parameters : frequency +,1--- +,,0-- +,,/-- +,,.-- # IP +,,1-- &#'!%(#&#)* +,,--- !"##$ ! %" +,-0-- +,-/-- +,-.-- - ,- 1- 2- .- 3- /- 4- 0- # Hours Test monitor Control monitor 10

  23. Parameters : frequency +,1--- +,,0-- +,,/-- +,,.-- # IP +,,1-- &#'!%(#&#)* +,,--- !"##$ ! %" +,-0-- +,-/-- +,-.-- - ,- 1- 2- .- 3- /- 4- 0- # Hours Test monitor frequency has no impact on discovered addresses Control monitor 10

  24. Parameters : destination number 30000 10000 d. 25000 20000 # IP 15000 3000 d. 3000 d. 3000 d. (sim) 10000 1000 d. (sim) 1000 d. 5000 0 0 10 20 30 40 50 60 70 80 90 # Hours Test monitor Control monitor 11

  25. Parameters : destination number 30000 10000 d. 25000 20000 # IP 15000 3000 d. 3000 d. 3000 d. (sim) 10000 1000 d. (sim) 1000 d. 5000 0 0 10 20 30 40 50 60 70 80 90 # Hours Test monitor too many destinations == loss of efficiency Control monitor 11

  26. Available data [ADN’08, ICIMP’09]  Two parameter sets: – normal: 3000 destinations, max TTL 30, 10 minutes delay (~100 rounds / day) – fast: 1000 destinations, max TTL 15, 1 minute delay (~ 800 rounds / day)  Available data at http://data.complexnetworks.fr/Radar/ – several sets of random destinations – 150 monitors – several months of uninterrupted measures 12

  27. Outline 1. Internet topology measurements 2. eDonkey measurements: server side Frédéric Aidouni, Matthieu Latapy, Clémence Magnien 3. eDonkey measurements: honeypot 13

  28. Context  study exchanges in P2P networks – files diffusion – communities of interests – popularity  some motivations – understand users behaviour – develop new P2P protocols – blind content detection – detect pedophile activities – protocol and exchange simulations 14

  29. eDonkey exchanges 1. inter-clients: file downloads 2. inter-servers: statistical data 3. clients-servers: files & sources search K e y w o r ds s ea r c h F il e s li s t S e r v e u r C li e n t Sou r ce s s ea r c h Sou r ce s li s t 15

  30. Capturing traffic on a real server eDonkey server Capture client P CA P du m p P CA P d ec od i ng U D P t r a ffi c P CA P fl o w e Don ke y e x c h a ng e s i nsp ec t i on e Don ke y t r a ffi c A nony m i s a t i on a nd f o r m a tt i ng X M L e n c od i ng <opcode dir="received" TS="2786402.373146" IP=" 0045125351 " type="high" port="02029"><OP_GLOBSEARCHREQ> <tags count="1"><anon-string> 3108886 </anon-string></tags> </OP_GLOBSEARCHREQ></opcode> 16

  31. Basic analysis : files sizes 2.5e+09 small files 2e+09 # of files 1.5e+09 700 MB 350 MB 1 GB 1e+09 230 MB 175 MB 1.4 GB 5e+08 0 1 10 100 1000 10000 Size (in MB)  obtained from the server answers  CD-ROM size and fractions (1/2, 1/3, and 1/4) ➡ related to classical sizes of storage support 17

  32. Basic analysis : time between queries # of peers Time (in seconds) 18

  33. Basic analysis : time between queries # of peers Time (in seconds) regularities of queries 18

  34. Resulting data set in numbers [HotP2P’09]  10 weeks measurements  ~500 GB of compressed XML  ~ 10 billions messages  ~ 90 millions clients  ~ 280 millions of distinct files ➡ anonymized data available online at http://antipaedo.lip6.fr 19

  35. Outline 1. Internet topology measurements 2. eDonkey measurements: server side 3. eDonkey measurements: honeypot Oussama Allali, Matthieu Latapy, Clémence Magnien 20

  36. Honeypot based measurements  eDonkey honeypot: – customized eDonkey client – announce files to a server (filename, hash, size) – log queries made by regular clients  Manager: – control distributed honeypots – send commands to honeypots: server to connect, files to exchange, ... 21

  37. eDonkey exchanges 22

  38. eDonkey exchanges Send nothing Send random content 22

  39. Methodology  24 PlanetLab nodes, running distributed honeypots: – 12 sending no content – 12 sending random content  1 greedy honeypot: – learn files during the first day – afterwards, announce these files distributed greedy Honeypots 24 1 Duration in days 32 15 Shared files 4 3 175 Distinct peers 110 049 871 445 Distinct files 28 007 267 047 23

  40. Parameters : distributed or greedy 120000 6000 900000 80000 800000 70000 100000 5000 700000 60000 80000 4000 600000 Total number of peers Number of new peers Total number of peers Number of new peers 50000 500000 60000 3000 40000 400000 30000 300000 40000 2000 20000 200000 20000 1000 Distributed Greedy 10000 100000 total peer total peer new peers new peers 0 0 0 0 0 2 4 6 8 10 12 14 16 18 0 5 10 15 20 25 30 35 Days Days  long measurements are relevant  effects of blacklisting and file popularity 24

  41. Parameters : no-content & random-content 90000 2e+06 random content random content no content no content 1.8e+06 80000 1.6e+06 70000 Number of REQUEST-PART queries 1.4e+06 60000 Number of peers 1.2e+06 50000 1e+06 40000 800000 30000 600000 20000 400000 HELLO messages REQUEST -part messages 10000 200000 0 0 0 5 10 15 20 25 30 35 0 5 10 15 20 25 30 35 Days Days  advantage of sending random content  global and local blacklisting 25

  42. Parameters : number of honeypots 120000 100000 80000 Number of peers 60000 40000 20000 lower bound of 100 samples avreage of 100 samples upper bound of 100 samples 0 0 5 10 15 20 25 Number of honeypots  important benefit in using several honeypots 26

  43. Conclusion  several data sets available – IP topology – eDonkey measurement: • server side • client side • honeypot  Ongoing works – understand topology dynamics – community of interests in eDonkey – anomaly detection in the IP topology – ... 27

  44. Questions ? 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DipZoom: A Marketplace for Internet Measurements Michael Rabinovich, Sipat Tiukose, Zhihua Wen

DipZoom: A Marketplace for Internet Measurements Michael Rabinovich, Sipat Tiukose, Zhihua Wen

DipZoom: A Marketplace for Internet Measurements Michael Rabinovich, Sipat Tiukose, Zhihua Wen Limin Wang EECS Department Case Western Reserve University Internet Measurements A-priori measurement platforms (e.g. IDMaps) - Great for

263 views • 15 slides
Speed Measurements for Residential Internet Access Oana Goga, Renata Teixeira CNRS and UPMC

Speed Measurements for Residential Internet Access Oana Goga, Renata Teixeira CNRS and UPMC

Speed Measurements for Residential Internet Access Oana Goga, Renata Teixeira CNRS and UPMC Sorbonne Universites Workshop on Active Internet Measurements CAIDA, February 10th, 2011 Do residential Internet customers get what they pay for? July

708 views • 33 slides
Informational Slides Internet Measurements Seminar

Informational Slides Internet Measurements Seminar

Technische Universitt Mnchen Informational Slides Internet Measurements Seminar http://www.cm.in.tum.de/teaching/2019-seminar-internet-measurements/ Vaibhav Bajpai, Trinh Viet Doan January, 2019 1 Technische Universitt Mnchen Outline

164 views • 5 slides
INTERNET MEASUREMENTS ESNOG 10/4/2018 Barcelona (Janusz Jezowicz, Speedchecker Ltd)

INTERNET MEASUREMENTS ESNOG 10/4/2018 Barcelona (Janusz Jezowicz, Speedchecker Ltd)

MULTIPLATFORM INTERNET MEASUREMENTS ESNOG 10/4/2018 Barcelona (Janusz Jezowicz, Speedchecker Ltd) www.speedchecker.xyz Outline Introduction Choices of measurement platforms Coverage How to run measurements Sample

326 views • 17 slides
Workshop on Active Internet Measurements CAIDA February 8-9, 2010 Julio Ibarra Center for

Workshop on Active Internet Measurements CAIDA February 8-9, 2010 Julio Ibarra Center for

Measurement Activities at AMPATH and Latin America Workshop on Active Internet Measurements CAIDA February 8-9, 2010 Julio Ibarra Center for Internet Augmented Research and Assessment Florida International University Outline About CIARA

183 views • 15 slides
Residential Internet Performance Measurements: The Future is Passive Renata Teixeira Director of

Residential Internet Performance Measurements: The Future is Passive Renata Teixeira Director of

Residential Internet Performance Measurements: The Future is Passive Renata Teixeira Director of Research at Inria, Paris Visiting Scholar at Stanford Univers ity Measuring residential Internet performance is crucial Home users

570 views • 43 slides
CS 557 Routing Measurements End to End Routing Behavior in the Internet Vern Paxson, 1996

CS 557 Routing Measurements End to End Routing Behavior in the Internet Vern Paxson, 1996

CS 557 Routing Measurements End to End Routing Behavior in the Internet Vern Paxson, 1996 Internet Routing Instability Labovitz, Malan, Jahanian, 1997 Spring 2013 End to End Routing Behavior Objective: Understand the actual behavior of

595 views • 22 slides
Distributed Measurements for Attack Detection Distributed Measurements for Attack Detection Prof.

Distributed Measurements for Attack Detection Distributed Measurements for Attack Detection Prof.

Universitt Tbingen Computer Networks and Internet Distributed Measurements for Attack Detection Distributed Measurements for Attack Detection Prof. Dr. Georg Carle Chair for Computer Networks and Internet University of Tbingen Germany

291 views • 8 slides
Research and Applications of Internet Measurements (RAIM) in Cooperation with ACM SIGCOMM

Research and Applications of Internet Measurements (RAIM) in Cooperation with ACM SIGCOMM

IRTF &amp; ISOC Workshop on Research and Applications of Internet Measurements (RAIM) in Cooperation with ACM SIGCOMM Yokohama, Japan October 31, 2015 Lars Eggert (lars@netapp.com) Genesis EC looking for opportunities to bring SIG closer

543 views • 19 slides
NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with Francesco Bronzino, Sara Ayoubi, Israel Salinas (Inria) Paul Schmitt, Guilherme Martins,Joon Kim, Nick Feamster (Princeton) Who cares about

477 views • 24 slides
NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with

NetMicroscope: Passive Measurements of Residential Internet Performance Renata Teixeira with Francesco Bronzino, Sara Ayoubi, Israel Salinas (Inria) Paul Schmitt, Guilherme Martins, Joon Kim, Nick Feamster (Princeton) Who cares about

492 views • 9 slides
PingER End to End Internet measurements: what we learn Les Cottrell SLAC , Presented at the

PingER End to End Internet measurements: what we learn Les Cottrell SLAC , Presented at the

PingER End to End Internet measurements: what we learn Les Cottrell SLAC , Presented at the OARC/TechDay for the ICANN San Francisco March 7 th , 2011 1 Outline How do we measure? Coverage What do we find? Measure: Losses, RTT,

396 views • 24 slides
Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance analysis Anomaly and intrusion detec=on Network engineering Traffic at different granulari=es IP-level packets Capture per-packet

539 views • 40 slides
measurements and signal processing of Internet data // the wonderful thing about science is that

measurements and signal processing of Internet data // the wonderful thing about science is that

measurements and signal processing of Internet data // the wonderful thing about science is that eventually nature tells you when you are fooling yourself. real objects can be measured again and measured by somebody else -- false signals will

169 views • 12 slides
Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High Quality Path- Discover network trends, find paths Building network models oriented Network Measurement Run experiments using models and

209 views • 4 slides
MA Final Talk: Tamper-Evident Publication of Internet Measurements Max Helm Advisors: Oliver

MA Final Talk: Tamper-Evident Publication of Internet Measurements Max Helm Advisors: Oliver

Chair of Network Architectures and Services Department of Informatics Technical University of Munich MA Final Talk: Tamper-Evident Publication of Internet Measurements Max Helm Advisors: Oliver Gasser, Benjamin Hof, Quirin Scheitle July 16,

423 views • 26 slides
DIY Blue Teaming DIY Blue Teaming (Keeping attackers out, with duct tape and chewing gum!) DIY

DIY Blue Teaming DIY Blue Teaming (Keeping attackers out, with duct tape and chewing gum!) DIY

DIY Blue Teaming DIY Blue Teaming (Keeping attackers out, with duct tape and chewing gum!) DIY Blue Teaming DIY Blue Teaming Ways to make malware not work Security by obscurity (because sucker punches work, even though nobody wants to admit

1.11k views • 78 slides
FDM curriculum group moderated by Frank Neven Questions / issues FDM topics for non-DB

FDM curriculum group moderated by Frank Neven Questions / issues FDM topics for non-DB

FDM curriculum group moderated by Frank Neven Questions / issues FDM topics for non-DB courses intro DB course graduate FDM course FDM book educate &amp; attract FDM in non-DB course TCS: from reg exps to RPQs DBs

452 views • 9 slides
Information warfare The term information warfare refers to peace time activities

Information warfare The term information warfare refers to peace time activities

Information warfare The term information warfare refers to peace time activities psychological operations (psyop) cyber war/net war In wartime the term is Command, Control, Communications, Intelligence, Sensors Warfare(C3ISW)

287 views • 13 slides
Project 4 Multi-Core Network Honeypot LL/SC - Important for mutex locking/unlocking - Crucial

Project 4 Multi-Core Network Honeypot LL/SC - Important for mutex locking/unlocking - Crucial

Project 4 Multi-Core Network Honeypot LL/SC - Important for mutex locking/unlocking - Crucial for synchronized data-structures - Up to 32 cores in PA4 LL/SC Syntax LL a, off(b): loads M[b + off] into register a SC c, off(d):

289 views • 18 slides
Empirical Studies in Cybersecurity: Some Challenges Michel Cukier Adding Science to

Empirical Studies in Cybersecurity: Some Challenges Michel Cukier Adding Science to

Empirical Studies in Cybersecurity: Some Challenges Michel Cukier Adding Science to Cybersecurity Empirical studies are needed to add science to cybersecurity Challenges: Security metrics are lacking Security data are not

661 views • 37 slides
Big Data Analytics, Human Data Interaction, and the Databox Richard Mortier Cambridge

Big Data Analytics, Human Data Interaction, and the Databox Richard Mortier Cambridge

Big Data Analytics, Human Data Interaction, and the Databox Richard Mortier Cambridge University Computer Laboratory Networks &amp; Operating Systems SRG, Computer Laboratory Outline Part I Part II We are all data subjects,

1.25k views • 46 slides
1 Models for Translucent Objects Models for Translucent Objects Models for Translucent Objects

1 Models for Translucent Objects Models for Translucent Objects Models for Translucent Objects

Translucent Objects Translucent Objects Realistic Materials Realistic Materials Translucent Materials light is scattered through the object incident illumination smoothed due to diffuse scattering inside media Inhomogeneous

524 views • 5 slides
Dating Patterns Aino Vonge Corry @apaipi Big Disclaimer How many times, have you thought 'Boy,

Dating Patterns Aino Vonge Corry @apaipi Big Disclaimer How many times, have you thought 'Boy,

Dating Patterns Aino Vonge Corry @apaipi Big Disclaimer How many times, have you thought 'Boy, I sure wish there was an easier way to pick up women, like published API with code samples?' What would you say if such documentation was not only

623 views • 24 slides

More recommend