mobileinsight
play

MobileInsight Extracting and Analyzing Cellular Network Information - PowerPoint PPT Presentation

Aug 16, 2022 •339 likes •757 views

MobileInsight Extracting and Analyzing Cellular Network Information on Smartphones Yuanjie Li 1 , Chunyi Peng 2 , Zengwen Yuan 1 , Jiayao Li 1 , Haotian Deng 2 , Tao Wang 3 1 University of California, Los Angeles 2 The Ohio State University 3

  1. MobileInsight Extracting and Analyzing Cellular Network Information on Smartphones Yuanjie Li 1 , Chunyi Peng 2 , Zengwen Yuan 1 , Jiayao Li 1 , Haotian Deng 2 , Tao Wang 3 1 University of California, Los Angeles 2 The Ohio State University 3 Peking University

  2. “Anytime, Anywhere” Cellular Network Service 2

  3. Critical Cellular Operations to Users/Apps Session Management (SM) … Mobility Management (MM) Radio Resource Control (RRC) Software Link Layer (MAC/RLC/PDCP) Hardware Physical Layer (PHY) 3

  4. But They are Closed… Session Management (SM) Mobility Management (MM) ? Radio Resource Control (RRC) Software Link Layer (MAC/RLC/PDCP) ? Hardware Physical Layer (PHY) ? ? ? 4

  5. Can We Have Open Access to Runtime Cellular Network Operations? Why my 4G phone switches to slow 2G? … 4 signal bars, but why no data service? Why my phone drains ? ? ? battery quickly? 5

  6. It’s Not That Simple • No approaches cover all necessary features Full Fine Analysis At scale In-phone coverage grained ✘ ✘ ✘ ✔ ✔ Android APIs External Tools ✔ ✔ ✘ ✘ ✘ (e.g., QXDM) Operator-side ✔ ✔ ✔ ✘ ✘ cellular analytics 6

  7. Our Solution: MobileInsight • A software tool for commodity phones • A community tool that can be built and shared together Full Fine Analysis At scale In-phone coverage grained ✔ ✔ ✔ ✔ ✔ MobileInsight ✘ ✘ ✘ ✔ ✔ Android APIs External Tools ✔ ✔ ✘ ✘ ✘ (e.g., QXDM) Operator-side ✔ ✔ ✔ ✘ ✘ cellular analytics 7

  8. MobileInsight Overview Monitor Software SM Hardware MM RRC MAC/RLC/PDCP 01101 PHY 8

  9. MobileInsight Overview Monitor Analyzers API … State 2 State 2 State 2 State 1 State 1 State 1 State 3 State 3 State 3 Software Hardware 9

  10. In-device Runtime Monitor How to expose runtime cellular messages to user space? 10 Monitor Analyzers API

  11. Challenge: No Ordinary In-device Schemes … Android APIs Software Radio Interface Layer Hardware Coarse-grained cellular info 11 Monitor Analyzers API

  12. Solution: Side-Channel Across SW-HW Boundary Parsers … Proxy via USB Raw cellular messages Android APIs Software /dev/diag Radio Interface Layer Hardware Coarse-grained cellular info 12 Monitor Analyzers API

  13. Cellular Protocol Analytics How to unveil runtime cellular protocol behaviors? 13 Monitor Analyzers API

  14. Two Dimensions for Each Protocol • State dynamics extraction • Operation logic inference • Network side • Device side • Non-standardized, operator-specific • Regulated by cellular standards Hando ff decision logic Monitor Analyzers API

  15. Protocol Analytics: Tracking State Dynamics • Current protocol state, transition events and causes • RRC : Radio connectivity status and power-saving mode • MM : Device registration status • SM : Data session activity and QoS status 15 Monitor Analyzers API

  16. Protocol Analytics: Tracking State Dynamics • Observation : regulated by the cellular standards • Reference state machine + runtime message RRC conn. setup request RRC conn. setup accept RRC conn. reconfiguration Data Data T 1 T 1 T 1 T 2 Parameters: T 1 =100ms, Data T shortDRX =20ms T 2 =2 T shortDRX Conn. release Conn. setup Conn. setup Downlink data …… 16 Monitor Analyzers API

  17. Protocol Analytics: Inferring Operation Logic • Algorithm to determine protocol configurations and actions • Example: handoff decision logic BS 3 (3G) BS 1’s hando ff decision logic: • Switch to BS 2 (4G) if RSS 2(4G) > RSS 1(4G) + 3 dBm • Otherwise, switch to BS 3 (3G) if RSS 1(4G) < − 110 dBm and RSS 3(3G) > − 90 dBm BS 2 (4G) BS 1 (4G) 17 Monitor Analyzers API

  18. Inferring Operation Logic is Not Simple • Challenge #1: Non-standardized, carrier-specific operations • Challenge #2: Internal logic, not visible by end device BS 3 (3G) BS 1’s hando ff decision logic: ? • Switch to BS 2 (4G) if RSS 2(4G) > RSS 1(4G) + 3 dBm • Otherwise, switch to BS 3 (3G) if RSS 1(4G) < − 110 dBm and RSS 3(3G) > − 90 dBm BS 2 (4G) BS 1 (4G) 18 Monitor Analyzers API

  19. Observation: Operation Logic is Not Arbitrary • Many network-side operations are stateful BS 3 (3G) BS 1’s hando ff decision logic: • Switch to BS 2 (4G) if RSS 2(4G) > RSS 1(4G) + 3 dBm • Otherwise, switch to BS 3 (3G) if RSS 1(4G) < − 110 dBm and RSS 3(3G) > − 90 dBm BS 2 (4G) BS 1 (4G) RSS 1 < -110dBm Monitor 4G Monitor 3G&4G RSS 1 > -110dBm RSS 1 < -110dBm RSS 2 > RSS 1 + 3dBm RSS 3 > -90dBm Hando ff to 4G Hando ff to 3G 19 Monitor Analyzers API

  20. Observation: Operation Logic is Not Arbitrary • Many network-side operations are stateful and interactive Solution : Online state machine inference BS 3 (3G) BS 1 (4G) Meas Control: Monitor 4G Meas Report: RSS 2 > RSS 1 +3 Handoff command: to BS2 BS 2 (4G) BS 1 (4G) RSS 1 < -110dBm Monitor 4G Monitor 3G&4G RSS 1 > -110dBm RSS 1 < -110dBm RSS 2 > RSS 1 + 3dBm RSS 3 > -90dBm Hando ff to 4G Hando ff to 3G 20 Monitor Analyzers API

  21. State Machine Inference: Partial Recovery • Runtime sample sequence 1 BS 1 (4G) Meas Control: Monitor 4G BS 3 (3G) Meas Report: RSS 2 > RSS 1 +3 Handoff command: to BS2 BS 2 (4G) BS 1 (4G) RSS 1 < -110dBm RSS 1 < -110dBm Monitor 4G Monitor 3G&4G Monitor 4G Monitor 3G&4G RSS 1 > -110dBm RSS 1 > -110dBm RSS 1 < -110dBm RSS 1 < -110dBm RSS 2 > RSS 1 + 3dBm RSS 2 > RSS 1 + 3dBm RSS 3 > -90dBm RSS 3 > -90dBm Hando ff to 4G Hando ff to 4G Hando ff to 3G Hando ff to 3G 21 Monitor Analyzers API

  22. State Machine Inference: Partial Recovery • Runtime sample sequence 2 BS 1 (4G) Meas Control: Monitor 4G BS 3 (3G) Meas Report: RSS 1 <-110 Meas Control: Monitor 3G&4G Meas Report: RSS 2 >-90 Handoff command: to BS3 BS 2 (4G) BS 1 (4G) RSS RSS 1 < -110dBm RSS 1 < -110dBm RSS 1 < -110dBm Monitor 4G Monitor 4G Monitor 4G Monitor 4G Monitor 3G&4G Monitor 3G&4G Monitor 3G&4G RSS RSS 1 > -110dBm RSS 1 > -110dBm RSS 1 > -110dBm RSS 1 < -110dBm RSS 1 < -110dBm RSS 1 < -110dBm RSS 2 > RSS 1 + 3dBm RSS 2 > RSS 1 + 3dBm RSS 2 > RSS 1 + 3dBm RSS 2 > RSS 1 + 3dBm RSS 3 > -90dBm RSS 3 > -90dBm RSS 3 > -90dBm Hando ff to 4G Hando ff to 4G Hando ff to 4G Hando ff to 3G Hando ff to 3G Hando ff to 4G Hando ff to 3G 22 Monitor Analyzers API

  23. State Machine Inference: Aggregation a BS 1 (4G) Meas Control: Monitor 4G BS 3 (3G) Meas Report: RSS 1 <-110 Meas Control: Monitor 3G&4G Meas Report: RSS 2 >-90 Handoff command: to BS3 BS 2 (4G) BS 1 (4G) RSS RSS 1 < -110dBm Monitor 4G Monitor 4G Monitor 3G&4G RSS RSS 1 > -110dBm RSS 1 < -110dBm RSS 2 > RSS 1 + 3dBm RSS 2 > RSS 1 + 3dBm RSS 3 > -90dBm Hando ff to 4G Hando ff to 4G Hando ff to 3G 23 Monitor Analyzers API

  24. MobileInsight APIs src = OnlineMonitor() lte_rrc_analyzer = LteRrcAnalyzer() wcdma_rrc_analyzer = WcdmaRrcAnalyzer() lte_rrc_analyzer.set_source(src) wcdma_rrc_analyzer.set_source(src) src.run() More tutorials: 24 Monitor Analyzers API http://metro.cs.ucla.edu/mobile_insight/tutorials.html

  25. Showcase Examples How can MobileInsight stimulate new apps and research? 25

  26. Example 1: Fix Our Phone’s Network Failures • How : Track protocol state dynamics • Root cause : device-side misconfiguration • Fix : disable VoLTE when device is in 3G Data service setup request Session_Active Session_Active Session_Active QoS class = 1 (voice) Software Data service setup reject Active_Pending Active_Pending Active_Pending Inactive_Pending Inactive_Pending Inactive_Pending Hardware ? Cause: QoS unsupported Data service setup request Session_Inactive Session_Inactive Session_Inactive QoS class = 1 (voice) 4 signal bars, but Data service setup reject why no data service? Cause: QoS unsupported 26 ……

  27. Example 2: Boost Our Phone’s Data Speed • How : Analyze inferred handoff decision logic • Root cause : suboptimal FCFS strategy • Advice : disable 2G when 4G is available 2G Meas Control Monitor 2G & 4G Monitor 2G & 4G Monitor 2G & 4G Monitor 2G & 4G Software 2G Meas Report 2G Meas Report 2G Meas Report 4G Meas Report 4G Meas Report 4G Meas Report Meas Report: 2G available Hardware ? Hando ff to 2G Hando ff to 2G Hando ff to 2G Hando ff to 4G Hando ff to 4G Hando ff to 4G Meas Report: 4G available (ignored by base station) Why switch to slow 2G Handoff command: to 2G despite good 4G coverage? 27

  28. Research Empowered by MobileInsight • Security loophole detection, failure resolution, handoff advisor, etc. • iCellular [NSDI’16] : Device-customized multi-carrier roaming • MMDiag [SIGMETRICS’16] : mobility misconfiguration detection 28

  29. Evaluation Coverage, performance, accuracy and system overhead 29

  30. Wide Coverage of Phone Models • Current version : rooted Android with Qualcomm chipset • MTK/Intel and iOS support : under development Mobile Mobile Chipset Chipset Feasibility Feasibility Current Version OS OS (2.1.1) Qualcomm Qualcomm ✔ ✔ ✔ MediaTek MediaTek ✔ ✔ ✘ Android Android Intel XMM Intel XMM ✔ ✔ ✘ iOS iOS All All ✔ ✔ ✘ 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Report of the Ad-Hoc Committee on Common T ools Committee Members R. De Vita (Chair) D.

Report of the Ad-Hoc Committee on Common T ools Committee Members R. De Vita (Chair) D.

Report of the Ad-Hoc Committee on Common T ools Committee Members R. De Vita (Chair) D. Glazier S. Kuhn C. Smith V. Ziegler This report addresses the questions posed in the charge, based on information the committee members already had

293 views • 13 slides
Transforming Clinical Practice Initiative: A Service Delivery Innovation Model Better Health.

Transforming Clinical Practice Initiative: A Service Delivery Innovation Model Better Health.

Transforming Clinical Practice Initiative: A Service Delivery Innovation Model Better Health. Better Care. Lower Cost. 1 Questions Please type your questions into the chat box For those live-streaming via YouTube, email your

379 views • 35 slides
Simple Linear Regression Suppose we observe bivariate data ( X, Y ), but we do not know the

Simple Linear Regression Suppose we observe bivariate data ( X, Y ), but we do not know the

Simple Linear Regression Suppose we observe bivariate data ( X, Y ), but we do not know the regression function E ( Y | X = x ). In many cases it is reason- able to assume that the function is linear: E ( Y | X = x ) = + x. In addition,

1.05k views • 87 slides
S ECURITY M ODEL OF DAA 2 A B LUEPRINT FOR DAA 3 B UILDING B LOCKS 4 O UR C ONSTRUCTIONS 5 E

S ECURITY M ODEL OF DAA 2 A B LUEPRINT FOR DAA 3 B UILDING B LOCKS 4 O UR C ONSTRUCTIONS 5 E

E FFICIENT S IGNATURES OF K NOWLEDGE AND DAA IN THE S TANDARD M ODEL David Bernhard Georg Fuchsbauer Essam Ghadafi ghadafi@cs.bris.ac.uk Department of Computer Science, University of Bristol ACNS 2013 E FFICIENT S IGNATURES OF K NOWLEDGE AND

694 views • 54 slides
Variations in Tracking In Relation To Geographic Location Nathaniel Fruchter Hsin Miao Scott

Variations in Tracking In Relation To Geographic Location Nathaniel Fruchter Hsin Miao Scott

Variations in Tracking In Relation To Geographic Location Nathaniel Fruchter Hsin Miao Scott Stevenson Rebecca Balebako W2SP 2015 The short version An empirical, automated method of measuring web tracking across countries Deployed in

742 views • 56 slides
dtalink Faster probabilistic record linking and deduplication methods in Stata for large data

dtalink Faster probabilistic record linking and deduplication methods in Stata for large data

dtalink Faster probabilistic record linking and deduplication methods in Stata for large data files Presentation at the 2018 Stata Conference Columbus, Ohio July 20, 2018 Keith Kranker Abstract Stata users often need to link records from

944 views • 39 slides
The Real- -Time UML Standard: Time UML Standard: The Real The Real-Time UML Standard: Theory

The Real- -Time UML Standard: Time UML Standard: The Real The Real-Time UML Standard: Theory

The Real- -Time UML Standard: Time UML Standard: The Real The Real-Time UML Standard: Theory and Application Theory and Application Theory and Application Bran Selic Ben Watson Bran Selic Ben Watson Rational Software Canada Tri-

2.15k views • 175 slides
PCOR Lessons from the Field: DARTNet David R. West, PhD Colorado Health Outcomes Program School

PCOR Lessons from the Field: DARTNet David R. West, PhD Colorado Health Outcomes Program School

Workshop to Advance the Use of Electronic Data for Conducting PCOR Lessons from the Field: DARTNet David R. West, PhD Colorado Health Outcomes Program School of Medicine University of Colorado Thanks and acknowledgements to: Wilson D.

224 views • 20 slides
Demonstrating impact with standardized national performance measures to elevate school-based

Demonstrating impact with standardized national performance measures to elevate school-based

Demonstrating impact with standardized national performance measures to elevate school-based health and mental health services Erin Ashe, B.S. , School Based Health Alliance Jill Bohnenkamp, Ph.D. , Center for School Mental Health Sabrina

1.47k views • 115 slides
Scale construction Michelle Mazurek (some material from Bilge Mutlu) 1 About scales

Scale construction Michelle Mazurek (some material from Bilge Mutlu) 1 About scales

Scale construction Michelle Mazurek (some material from Bilge Mutlu) 1 About scales Bridging from qual. to quant Using (typically) ordinal questions Sometimes nominal categorical Using them in a repeatable way That is

552 views • 32 slides
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware Dominic Chen 1 , Manuel Egele

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware Dominic Chen 1 , Manuel Egele

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware Dominic Chen 1 , Manuel Egele 2 , Maverick Woo 1 , David Brumley 1 1 Carnegie Mellon University, 2 Boston University {ddchen, pooh, dbrumley}@cmu.edu, megele@bu.edu 2 FIRMADYNE

404 views • 22 slides
Emulation Outline Emulation Interpretation basic, threaded, directed threaded

Emulation Outline Emulation Interpretation basic, threaded, directed threaded

Emulation Outline Emulation Interpretation basic, threaded, directed threaded other issues Binary translation code discovery, code location other issues Control Transfer Optimizations 1 EECS 768 Virtual Machines

660 views • 63 slides
R/exams: A One-for-All Exams Generator Written Exams, Online Tests, and Live Quizzes with R Achim

R/exams: A One-for-All Exams Generator Written Exams, Online Tests, and Live Quizzes with R Achim

R/exams: A One-for-All Exams Generator Written Exams, Online Tests, and Live Quizzes with R Achim Zeileis http://www.R-exams.org/ R/exams: A One-for-All Exams Generator Written Exams, Online Tests, and Live Quizzes with R Achim Zeileis

1.08k views • 74 slides
Dynamic Programming 11.1 Overview Dynamic Programming is a powerful technique that allows one to

Dynamic Programming 11.1 Overview Dynamic Programming is a powerful technique that allows one to

Lecture 11 Dynamic Programming 11.1 Overview Dynamic Programming is a powerful technique that allows one to solve many different types of problems in time O ( n 2 ) or O ( n 3 ) for which a naive approach would take exponential time. In this

259 views • 7 slides
Practical implementation of k-means clustering Karolis Urbonas Head of Data Science, Amazon

Practical implementation of k-means clustering Karolis Urbonas Head of Data Science, Amazon

DataCamp Customer Segmentation in Python CUSTOMER SEGMENTATION IN PYTHON Practical implementation of k-means clustering Karolis Urbonas Head of Data Science, Amazon DataCamp Customer Segmentation in Python Key steps Data pre-processing

862 views • 37 slides
Regulations.gov Overview of the Latest Features and Functionality The Status of Social Media in

Regulations.gov Overview of the Latest Features and Functionality The Status of Social Media in

Regulations.gov Overview of the Latest Features and Functionality The Status of Social Media in Government September 17, 2013 1 Agenda Overview of eRulemaking Program Current Regulations.gov Features and Functionality Use of

297 views • 12 slides
MOL2NET, 2017 , 3, doi:10.3390/mol2net-03-xxxx 2 25923, Pseudomonas aeruginosa ATCC 27853, Proteus

MOL2NET, 2017 , 3, doi:10.3390/mol2net-03-xxxx 2 25923, Pseudomonas aeruginosa ATCC 27853, Proteus

MOL2NET, 2017 , 3, doi:10.3390/mol2net-03-xxxx 1 MOL2NET, International Conference Series on Multidisciplinary Sciences MDPI http://sciforum.net/conference/mol2net-03 Standardization of the Safety Level of the Use of DMSO in Viability Assays in

176 views • 6 slides
Towards More Adequate Natural Idea: Using . . . Linear Dependence . . . Value-Added How to

Towards More Adequate Natural Idea: Using . . . Linear Dependence . . . Value-Added How to

Assessment is Important Need for Value-Added . . . Current Approaches to . . . Towards More Adequate Natural Idea: Using . . . Linear Dependence . . . Value-Added How to Determine the . . . Case of Interval . . . Teacher Assessments:

595 views • 16 slides
The View from AI2 Oren Etzioni, CEO Allen Institute for AI (AI2) Mission: contribute to the world

The View from AI2 Oren Etzioni, CEO Allen Institute for AI (AI2) Mission: contribute to the world

The View from AI2 Oren Etzioni, CEO Allen Institute for AI (AI2) Mission: contribute to the world through high-impact AI research and engineering, with emphasis on reasoning, learning, and reading capabilities. Outline: 1. Overview of AI2

784 views • 37 slides
Multi-Task Minimum Error Rate Training for SMT Patrick Simianer, Katharina W aschle, Stefan

Multi-Task Minimum Error Rate Training for SMT Patrick Simianer, Katharina W aschle, Stefan

Multi-Task MERT Simianer, W aschle, Riezler Multi-Task Minimum Error Rate Training for SMT Patrick Simianer, Katharina W aschle, Stefan Riezler Department of Computational Linguistics University of Heidelberg, Germany Multi-Task

522 views • 17 slides
DATA Act Webinar for Agencies January 5, 2016 Analysis with Structured Data Brought to you

DATA Act Webinar for Agencies January 5, 2016 Analysis with Structured Data Brought to you

DATA Act Webinar for Agencies January 5, 2016 Analysis with Structured Data Brought to you through a partnership between AGA and XBRL US https://www.agacgfm.org/DataActHub Analysis with Structured Data Agenda Introductions Herschel

530 views • 31 slides
Exporting IDA Debug Information Overview Who am I? What's the problem? What does

Exporting IDA Debug Information Overview Who am I? What's the problem? What does

Exporting IDA Debug Information Overview Who am I? What's the problem? What does this tool do? How does it work? Demo about:me Why export information from IDA? An embedded device may have no way to connect IDA remotely

464 views • 23 slides
Anatomy of cross-compilation toolchains Thomas Petazzoni thomas.petazzoni@free-electrons.com

Anatomy of cross-compilation toolchains Thomas Petazzoni thomas.petazzoni@free-electrons.com

Embedded Linux Conference Europe 2016 Anatomy of cross-compilation toolchains Thomas Petazzoni thomas.petazzoni@free-electrons.com Artwork and Photography by Jason Freeny http://free-electrons.com 1/1 free electrons free electrons - Embedded

781 views • 37 slides
Analyzing Parallel Program Performance using HPCToolkit John Mellor-Crummey Department of

Analyzing Parallel Program Performance using HPCToolkit John Mellor-Crummey Department of

Analyzing Parallel Program Performance using HPCToolkit John Mellor-Crummey Department of Computer Science Rice University http://hpctoolkit.org ALCF Many-Core Developer Session 21 February, 2018 1 Acknowledgments Current funding

741 views • 51 slides

More recommend