Computer Communication Review: Papers

Find a CCR issue:
  • Jiaqiang Liu, Yong Li, Depeng Jin
  • David Koll, Jun Li, Xiaoming Fu

    With increasing frequency, users raise concerns about data privacy and protection in centralized Online Social Networks (OSNs), in which providers have the unprecedented privilege to access and exploit every user’s private data at will. To mitigate these concerns, researchers have suggested to decentralize OSNs and thereby enable users to control and manage access to their data themselves. However, previously proposed decentralization approaches suffer from several drawbacks. To tackle their deficiencies, we introduce the Self-Organized Universe of People (SOUP). In this demonstration, we present a prototype of SOUP and share our experiences from a real-world deployment.

  • Hyunwoo Nam, Kyung-Hwa Kim, Doru Calin, Henning Schulzrinne

    Adaptive bitrate (ABR) technologies are being widely used in today’s popular HTTP-based video streaming such as YouTube and Netflix. Such a rate-switching algorithm embedded in a video player is designed to improve video qualityof-experience (QoE) by selecting an appropriate resolution based on the analysis of network conditions while the video is playing. However, a bad viewing experience is often caused by the video player having difficulty estimating transit or client-side network conditions accurately. In order to analyze the ABR streaming performance, we developed YouSlow, a web browser plug-in that can detect and report live buffer stalling events to our analysis tool. Currently, YouSlow has collected more than 20,000 of YouTube video stalling events over 40 countries.

  • Zhenlong Yuan, Yongqiang Lu, Zhaoguo Wang, Yibo Xue

    As smartphones and mobile devices are rapidly becoming indispensable for many network users, mobile malware has become a serious threat in the network security and privacy. Especially on the popular Android platform, many malicious apps are hiding in a large number of normal apps, which makes the malware detection more challenging. In this paper, we propose a ML-based method that utilizes more than 200 features extracted from both static analysis and dynamic analysis of Android app for malware detection. The comparison of modeling results demonstrates that the deep learning technique is especially suitable for Android malware detection and can achieve a high level of 96% accuracy with real-world Android application sets.

  • Aanchal Malhotra, Sharon Goldberg

    BGP, the Internet’s interdomain routing protocol, is highly vulnerable to routing failures that result from unintentional misconfigurations or deliberate attacks. To defend against these failures, recent years have seen the adoption of the Resource Public Key Infrastructure (RPKI), which currently authorizes 4% of the Internet’s routes. The RPKI is a completely new security infrastructure (requiring new servers, caches, and the design of new protocols), a fact that has given rise to some controversy [1]. Thus, an alternative proposal has emerged: Route Origin Verification (ROVER) [4, 7], which leverages the existing reverse DNS (rDNS) and DNSSEC to secure the interdomain routing system. Both RPKI and ROVER rely on a hierarchy of authorities to provide trusted information about the routing system. Recently, however, [2] argued that the misconfigured, faulty or compromised RPKI authorities introduce new vulnerabilities in the routing system, which can take IP prefixes offline. Meanwhile, the designers of ROVER claim that it operates in a “fail-safe” mode, where “[o]ne could completely unplug a router verification application at any time and Internet routing would continue to work just as it does today”. There has been debate in Internet community mailing lists [1] about the pros and cons of both approaches. This poster therefore compares the impact of ROVER failures to those of the RPKI, in a threat model that covers misconfigurations, faults or compromises of their trusted authorities.

  • Payman Samadi, Varun Gupta, Berk Birand, Howard Wang, Gil Zussman, Keren Bergman

    We present a control plane architecture to accelerate multicast and incast traffic delivery for data-intensive applications in cluster-computing interconnection networks. The architecture is experimentally examined by enabling physical layer optical multicasting on-demand for the application layer to achieve non-blocking performance.

  • Arjuna Sathiaseelan, M. Said Seddiki, Stoyan Stoyanov, Dirk Trossen
  • Baobao Zhang, Jun Bi, Jianping Wu, Fred Baker
  • Masoud Moshref, Apoorv Bhargava, Adhip Gupta, Minlan Yu, Ramesh Govindan
  • Srikanth Sundaresan, Nick Feamster, Renata Teixeira

    We present a demonstration of WTF (Where’s The Fault?), a system that localizes performance problems in home and access networks. We implement WTF as custom firmware that runs in an off-the-shelf home router. WTF uses timing and buffering information from passively monitored traffic at home routers to detect both access link and wireless network bottlenecks.

  • Sajad Shirali-Shahreza, Yashar Ganjali

    One of the limitations of wildcard rules in Software Defined Networks, such as OpenFlow, is losing visibility. FleXam is a flexible sampling extension for OpenFlow that allows the controller to define which packets should be sampled, what parts of each packet should be selected, and where they should be sent. Here, we present an interactive demo showing how FleXam enables the controller to dynamically adjust sampling rates and change the sampling scheme to optimally keep up with a sampling budget in the context of a traffic statistics collection application.

  • Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin, Nikita Somaiya
  • Oliver Michel, Michael Coughlin, Eric Keller

    Given that Software-Defined Networking is highly successful in solving many of today’s manageability, flexibility, and scalability issues in large-scale networks, in this paper we argue that the concept of SDN can be extended even further. Many applications (esp. stream processing and big-data applications) rely on graph-based inter-process communication patterns that are very similar to those in computer networks. To our mind, this network abstraction spanning over different types of entities is highly suitable for and would benefit from central (SDN-inspired) control for the same reasons classical networks do. In this work, we investigate the commonalities between such intra-host networks and classical computer networking. Based on this, we study the feasibility of a central network controller that manages both network traffic and intra-host communication over a custom bus system.

  • Matthew K. Mukerjee, JungAh Hong, Junchen Jiang, David Naylor, Dongsu Han, Srinivasan Seshan, Hui Zhang
  • Arash Molavi Kakhki, Abbas Razaghpanah, Rajesh Golani, David Choffnes, Phillipa Gill, Alan Mislove
  • Rui Miao, Minlan Yu, Navendu Jain
  • Ricky K.P. Mok, Weichao Li, Rocky K.C. Chang

    Crowdtesting is increasingly popular among researchers to carry out subjective assessments of different services. Experimenters can easily assess to a huge pool of human subjects through crowdsourcing platforms. The workers are usually anonymous, and they participate in the experiments independently. Therefore, a fundamental problem threatening the integrity of these platforms is to detect various types of cheating from the workers. In this poster, we propose cheat-detection mechanism based on an analysis of the workers’ mouse cursor trajectories. It provides a jQuery-based library to record browser events. We compute a set of metrics from the cursor traces to identify cheaters. We deploy our mechanism to the survey pages for our video quality assessment tasks published on Amazon Mechanical Turk. Our results show that cheaters’ cursor movement is usually more direct and contains less pauses.

  • Attila Csoma, Balázs Sonkoly, Levente Csikor, Felicián Németh, Andràs Gulyas, Wouter Tavernier, Sahel Sahhaf

    Mininet is a great prototyping tool which combines existing SDN-related software components (e.g., Open vSwitch, OpenFlow controllers, network namespaces, cgroups) into a framework, which can automatically set up and configure customized OpenFlow testbeds scaling up to hundreds of nodes. Standing on the shoulders of Mininet, we implement a similar prototyping system called ESCAPE, which can be used to develop and test various components of the service chaining architecture. Our framework incorporates Click for implementing Virtual Network Functions (VNF), NETCONF for managing Click-based VNFs and POX for taking care of traffic steering. We also add our extensible Orchestrator module, which can accommodate mapping algorithms from abstract service descriptions to deployed and running service chains.

  • Filipe Manco, Joao Martins, Felipe Huici

    More recently, work towards VMs based on minimalistic or specialized OSes (e.g., OSv [10], ClickOS [8], Mirage [7], Erlang on Xen [3], HalVM [6], etc.) has started pushing the envelope of how reactive or fluid the cloud can be. These VMs’ small CPU and memory footprints (as little as a few megabytes) enable a number of scenarios that are not possible with traditional VMs. First, such VMs have the potential be instantiated and suspended in tens of milliseconds. This means that they can be deployed on-the-fly, even as new flows arrive in a network, and can be used to effectively cope with flash crowds. Second, the ability to quickly migrate the VM and its state would allow operators to run their servers at "hotter" load levels without fear of overload, since processing could be near instantaneously moved to a less loaded server. Finally, these VMs’ small memory footprints could potentially allow thousands or even more such VMs to run on a single, inexpensive server; this would lead to important investment and operating savings, and would allow for fine granularity, virtualized network processing (e.g., per-customer firewalls or CPEs, to name a couple). Realizing such a super fluid cloud, however, poses a number of important challenges, since the virtualization technologies that these VMs run on (e.g., Xen or KVM) were never designed to run this large number of concurrent VMs. In the case of Xen [2], the system that this demo is based on, attempts to tackle some of the issues such as limited number of event channels or memory grants are under way, but these are still in their infancy and are not necessarily aiming to run the huge number of VMs we are envisioning. In this demo we will demonstrate how to concurrently execute thousands of MiniOS-based guests 1 on a single inexpensive server. We will also show instantiation and migration of such VMs in tens of milliseconds, and transparent, wide area migration of virtualized middleboxes by combining such VMs with the multi-path TCP (MPTCP) protocol.

  • Florian Wamser, Thomas Zinner, Lukas Iffländer, Phuoc Tran-Gia
  • Sean Donovan, Nick Feamster

    Home and business network operators have limited network statistics available over which management decisions can be made. Similarly, there are few triggered behaviors, such as usage or bandwidths cap for individual users, that are available. By looking at sources of traffic, based on Domain Name System (DNS) cues for content of particular web addresses or source Autonomous System (AS) of the traffic, network operators could create new and interesting rules for their network. NetAssay is a Software-Defined Networking (SDN)-based, network-wide monitoring and reaction framework. By integrating information from Border Gateway Protocol (BGP) and the Domain Name System, NetAssay is able to integrate formerly disparate sources of control information, and use it to provide better monitoring, more useful triggered events, and security benefits for network operators.

  • Maksym Gabielkov, Ashwin Rao, Arnaud Legout

    Online social networks (OSNs) are an important source of information for scientists in different fields such as computer science, sociology, economics, etc. However, it is hard to study OSNs as they are very large. For instance, Facebook has 1.28 billion active users in March 2014 and Twitter claims 255 million active users in April 2014. Also, companies take measures to prevent crawls of their OSNs and refrain from sharing their data with the research community. For these reasons, we argue that sampling techniques will be the best technique to study OSNs in the future. In this work, we take an experimental approach to study the characteristics of well-known sampling techniques on a full social graph of Twitter crawled in 2012 [2]. Our contribution is to evaluate the behavior of these techniques on a real directed graph by considering two sampling scenarios: (a) obtaining most popular users (b) obtaining an unbiased sample of users, and to find the most suitable sampling techniques for each scenario.

  • Benjamin Hesmans, Olivier Bonaventure
  • Jinzhen Bao, Baokang Zhao, Wanrong Yu, Zhenqian Feng, Chunqing Wu, Zhenghu Gong

    In recent years, with the rapid development of satellite technology including On Board Processing (OBP) and Inter Satellite Link (ISL), satellite network devices such as space IP routers have been experimentally carried in space. However, there are many difficulties to build a future satellite network with current terrestrial Internet technologies due to the distinguished space features, such as the severely limited resources, remote hardware/software upgrade in space. In this paper, we propose OpenSAN, a novel architecture of software-defined satellite network. By decoupling the data plane and control plane, OpenSAN provides satellite network with high efficiency, finegrained control, as well as flexibility to support future advanced network technology. Furthermore, we also discuss some practical challenges in the deployment of OpenSAN.

  • Ravi Netravali, Anirudh Sivaraman, Keith Winstein, Somak Das, Ameesh Goyal, Hari Balakrishnan

    This demo presents a measurement toolkit, Mahimahi, that records websites and replays them under emulated network conditions. Mahimahi is structured as a set of arbitrarily composable UNIX shells. It includes two shells to record and replay Web pages, RecordShell and ReplayShell, as well as two shells for network emulation, DelayShell and LinkShell. In addition, Mahimahi includes a corpus of recorded websites along with benchmark results and link traces ( Mahimahi improves on prior record-and-replay frameworks in three ways. First, it preserves the multi-origin nature of Web pages, present in approximately 98% of the Alexa U.S. Top 500, when replaying. Second, Mahimahi isolates its own network traffic, allowing multiple instances to run concurrently with no impact on the host machine and collected measurements. Finally, Mahimahi is not inherently tied to browsers and can be used to evaluate many different applications. A demo of Mahimahi recording and replaying a Web page over an emulated link can be found at The source code and instructions to use Mahimahi are available at

  • Mo Dong, Qingxi Li, Doron Zarchy, Brighten Godfrey, Michael Schapira

    After more than two decades of evolution, TCP and its end host based modifications can still suffer from severely degraded performance under real-world challenging network conditions. The reason, as we observe, is due to TCP family’s fundamental architectural deficiency, which hardwires packet-level events to control responses and ignores emprical performance. Jumping out of TCP lineage’s architectural deficiency, we propose Performanceoriented Congestion Control (PCC), a new congestion control architecture in which each sender controls its sending strategy based on empirically observed performance metrics. We show through preliminary experimental results that PCC achieves consistently high performance under various challenging network conditions.

  • Arup Raton Roy, Md. Faizul Bari, Mohamed Faten Zhani, Reaz Ahmed, Raouf Boutaba
  • Adrian Gämperli, Vasileios Kotronis, Xenofontas Dimitropoulos
  • Abdulla Alwabel, Minlan Yu, Ying Zhang, Jelena Mirkovic

    We propose a new software-defined security service – SENSS – that enables a victim network to request services from remote ISPs for traffic that carries source IPs or destination IPs from this network’s address space. These services range from statistics gathering, to filtering or quality of service guarantees, to route reports or modifications. The SENSS service has very simple, yet powerful, interfaces. This enables it to handle a variety of data plane and control plane attacks, while being easily implementable in today’s ISP. Through extensive evaluations on realistic traffic traces and Internet topology, we show how SENSS can be used to quickly, safely and effectively mitigate a variety of large-scale attacks that are largely unhandled today.

  • Zachary S. Bischof, Fabián E. Bustamante
  • Pierdomenico Fiadino, Mirko Schiavone, Pedro Casas

    WhatsApp, the new giant in instant multimedia messaging in mobile networks is rapidly increasing its popularity, taking over the traditional SMS/MMS messaging. In this paper we present the first large-scale characterization of WhatsApp, useful among others to ISPs willing to understand the impacts of this and similar applications on their networks. Through the combined analysis of passive measurements at the core of a national mobile network, worldwide geo-distributed active measurements, and tra c analysis at end devices, we show that: (i) the WhatsApp hosting architecture is highly centralized and exclusively located in the US; (ii) video sharing covers almost 40% of the total WhatsApp tra c volume; (iii) flow characteristics depend on the OS of the end device; (iv) despite the big latencies to US servers, download throughputs are as high as 1.5 Mbps; (v) users react immediately and negatively to service outages through social networks feedbacks.

  • Aisha Mushtaq, Asad Khalid Ismail, Abdul Wasay, Bilal Mahmood, Ihsan Ayyub Qazi, Zartash Afzal Uzmi

    Data center operators face extreme challenges in simultaneously providing low latency for short flows, high throughput for long flows, and high burst tolerance. We propose a buffer management strategy that addresses these challenges by isolating short and long flows into separate buffers, sizing these buffers based on flow requirements, and scheduling packets to meet different flow-level objectives. Our design provides new opportunities for performance improvements that complement transport layer optimizations.

  • Joel Obstfeld, Simon Knight, Ed Kern, Qiang Sheng Wang, Tom Bryan, Dan Bourque

    The increasing demand to provide new network services in a timely and efficient manner is driving the need to design, test and deploy networks quickly and consistently. Testing and verifying at scale is a challenge: network equipment is expensive, requires space, power and cooling, and there is never enough test equipment for everyone who wants to use it! Network virtualization technologies enable a flexible environment for educators, researchers, and operators to create functional models of current, planned, or theoretical networks. This demonstration will show VIRL — the Virtual Internet Routing Lab — a platform that can be used for network change validation, training, education, research, or networkaware applications development. The platform combines network virtualization technologies with virtual machines (VMs) running open-source and commercial operating systems; VM orchestration capabilities; a context-aware configuration engine; and an extensible data-collection framework. The system simplifies the process to create both simple and complex environments, run simulations, and collect measurement data.

  • Wentao Chang, An Wang, Aziz Mohaisen, Songqing Chen
  • John P. Rula, Fabian E. Bustamante
  • Shaofeng Chen, Dingyi Fang, Xiaojiang Chen, Tingting Xia, Meng Jin

    This poster presents GuideLoc, a highly efficient aerial wireless localization system that uses directional antennas mounted on a mini Multirotor Unmanned Aerial Vehicle (UAV) to enable detecting and positioning of targets. Taking advantage of angle and signal strength of frames transmitted from targets, GuideLoc can directly fly towards the targets with the minimum flight route and time. We implement a prototype of GuideLoc and evaluate the performance by simulations and experiments. Experimental results show that GuideLoc achieves an average location accuracy of 2.7 meters and reduces flight distance more than 50% compared with existing localization approaches using UAV.

  • Keunhong Lee, Joongi Kim, Sue Moon
  • Yuliang Li, Guang Yao, Jun Bi
  • Jun Li, Skyler Berg, Mingwei Zhang, Peter Reiher, Tao Wei

    End hosts in today’s Internet have the best knowledge of the type of traffic they should receive, but they play no active role in traffic engineering. Traffic engineering is conducted by ISPs, which unfortunately are blind to specific user needs. End hosts are therefore subject to unwanted traffic, particularly from Distributed Denial of Service (DDoS) attacks. This research proposes a new system called DrawBridge to address this traffic engineering dilemma. By realizing the potential of software-defined networking (SDN), in this research we investigate a solution that enables end hosts to use their knowledge of desired traffic to improve traffic engineering during DDoS attacks.

  • Angela H. Jiang, Zachary S. Bischof, Fabian E. Bustamante

    A social news site presents user-curated content, ranked by popularity. Popular curators like Reddit, or Facebook have become effective way of crowdsourcing news or sharing for personal opinions. Traditionally, these services require a centralized authority to aggregate data and determine what to display. However, the trust issues that arise from a centralized system are particularly damaging to the “Web democracy” that social news sites are meant to provide. In this poster, we present cliq, a decentralized social news curator. cliq is a P2P based social news curator that provides private and unbiased reporting. All users in cliq share responsibility for tracking and providing popular content. Any user data that cliq needs to store is also managed across the network. We first inform our design of cliq through an analysis of Reddit. We design a way to provide content curation without a persistent moderator, or usernames.

Syndicate content