Making Content Caching Policies ‘Smart’ using the DeepCache Framework

Arvind Narayanan, Saurabh Verma, Eman Ramadan, Pariya Babaie, Zhi-Li Zhang

Abstract

In this paper, we present DeepCache a novel framework for content caching, which can significantly boost cache performance. Our framework is based on powerful deep recurrent neural network models. It comprises of two main components: i) Object Characteristics Predictor, which builds upon deep LSTM Encoder-Decoder model to predict the future characteristics of an object (such as object popularity) — to the best of our knowledge, we are the first to propose LSTM Encoder-Decoder model for content caching; ii) a caching policy component, which accounts for predicted information of objects to make smart caching decisions. In our thorough experiments, we show that applying DeepCache Framework to existing cache policies, such as LRU and k-LRU, significantly boosts the number of cache hits.

Download the full article

Measuring the Impact of a Successful DDoS Attack on the Customer Behaviour of Managed DNS Service Providers

Abhishta Abhishta, Roland van Rijswijk-Deij
and Lambert J. M. Nieuwenhuis
Abstract

Distributed Denial-of-Service (DDoS) attacks continue to pose a serious threat to the availability of Internet services. The Domain Name System (DNS) is part of the core of the Internet and a crucial factor in the successful delivery of Internet services. Because of the importance of DNS, specialist service providers have sprung up in the market, that provide managed DNS services. One of their key selling points is that they protect DNS for a domain against DDoS attacks. But what if such a service becomes the target of a DDoS attack, and that attack succeeds?

In this paper we analyse two such events, an attack on NS1 in May 2016, and an attack on Dyn in October 2016. We do this by analysing the change in the behaviour of the service’s customers. For our analysis we leverage data from the OpenINTEL active DNS measurement system, which covers large parts of the global DNS over time. Our results show an almost immediate and statistically significant change in the behaviour of domains that use NS1 or Dyn as a DNS service provider. We observe a decline in the number of domains that exclusively use NS1 or Dyn as a managed DNS service provider, and see a shift toward risk spreading by using multiple providers. While a large managed DNS provider may be better equipped to protect against attacks, these two case studies show they are not impervious to them. This calls into question the wisdom of using a single provider for managed DNS. Our results show that spreading risk by using multiple providers is an effective countermeasure, albeit probably at a higher cost.

Download the full article

A Formally Verified NAT Stack

Solal Pirelli, Arseniy Zaostrovnykh, George Candea
Abstract

Prior work proved a stateful NAT network function to be semantically correct, crash-free, and memory safe. Their toolchain verifies the network function code while assuming the underlying kernel-bypass framework, drivers, operating system, and hardware to be correct. We extend the toolchain to verify the kernel-bypass framework and a NIC driver in the context of the NAT. We uncover bugs in both the framework and the driver. Our code is publicly available.

Download the full article

The July 2018 issue

In May, the CCR Editorial board selects the two best papers that were published in the four previous issues (i.e. July 2017, October 2017, January 2018 and April 2018). For 2018, two measurement papers were chosen:

These two papers will be presented during the CCR session at SIGCOMM’18. Both papers have proposed a methodology, collected measurements and released artifacts to allow other researchers to reproduce and extend the paper results. CCR continues to encourage papers to release their artifacts by allowing them to be longer than six pages. SIGCOMM will do one further step to encourage the release of paper artifacts by the creation of an Artifacts Evaluation Committe that will organise the evaluation of the artifacts associated with papers accepted in CCR and the SIGCOMM sponsored conferences in 2018. The final details are still being discussed. They will be announced during SIGCOMM’18 and posted on https://www.sigcomm.org.

This issue starts with three technical articles. In Accelerating Network Measurement in Software, Y. Zhou, O. Alipourfard, M. Yu and T. Yang propose a new technique that leverages caching to improve network measurement software. They release the software
developed for the paper at https://github.com/zhouyangpkuer/Agg-Evict.

Our second technical paper looks at the BGP peerings and more precisely those maintained by the so called Hypergiants, i.e. the larget content providers and CDNs. T. Bottger, F. Cuadrado and S. Uhlig analyse in Looking for Hypergiants in PeeringDB the interconnections of those networks from IXP data. The authors also release the code and the dataset used to write their paper.

The third technical paper of this issue fo- cuses on the Domain Name System. R. AlDalky, M. Rabinovich and M. Allman propose and evaluate in Practical Challenge-Response for DNS a new technique that relies on challenge-responses to validate the authenticity of DNS requests.

In addition to the technical papers, this issue also contains three editorial notes. In Mosaic5G: Agile and Flexible Service Platforms for 5G Research, N. Nikaein, C. Chang and K. Alexandris describe Mosaic5G, an open-source software platform that can be used to create 5G networks. Given the buzz around 5G networks, I expect that many researchers will be interested by this platform. In NDN Host Model, H. Zhang, Y. Li, Z. Zhang, A. Afanasyev and L. Zhang discuss how the traditionnal host model must be reconsidered with Named Data Networking (NDN). Finally, KC Claffy, G. Huston and D. Clark summarise in Workshop on Internet Economics (WIE2017) Final Report the conclusions of a recent workshop that they organised.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online  or by email at ccr-editor at sigcomm.org.

Olivier Bonaventure

CCR Editor

Accelerating Network Measurement in Software

Yang ZhouOmid Alipourfard, Minlan YuTong Yang
Abstract

Network measurement plays an important role for many network functions such as detecting network anomalies and identifying big flows. However, most existing measurement solutions fail to achieve high performance in software as they often incorporate heavy computations and a large number of random memory accesses. We present Agg-Evict, a generic framework for accelerating network measurement in software. Agg-Evict aggregates the incoming packets on the same flows and sends them as a batch, reducing the number of computations and random memory accesses in the subsequent measurement solutions. We perform extensive experiments on top of DPDK with 10G NIC and observe that almost all the tested measurement solutions under Agg-Evict can achieve 14.88 Mpps throughput and see up to 5.7× lower average processing latency per packet.

Download the full article

Looking for Hypergiants in PeeringDB

Timm Böttger, Felix Cuadrado, Steve Uhlig
Abstract

Hypergiants, such as Google or Netflix, are important organisations in the Internet ecosystem, due to their sheer impact in terms of traffic volume exchanged. However, the research community still lacks a sufficiently crisp definition for them, beyond naming specific instances of them. In this paper we analyse PeeringDB data and identify features that differentiate hypergiants from the other organisations. To this end, we first characterise the organisations present in PeeringDB, allowing us to identify discriminating properties of these organisations. We then use these properties to separate the data in two clusters, differentiating hypergiants from other organisations. We conclude this paper by investigating how hypergiants and other organisations exploit the IXP ecosystem to reach the global IPv4 space.

Download the full article

 

Practical Challenge-Response for DNS

Rami Al-Dalky, Michael RabinovichMark Allman
Abstract

Authoritative DNS servers are susceptible to being leveraged in denial of service attacks in which the attacker sends DNS queries while masquerading as a victim—and hence causing the DNS server to send the responses to the victim. This reflection off innocent DNS servers hides the attackers identity and often allows the attackers to amplify their traffic by employing small requests to elicit large responses. Several challenge-response techniques have been proposed to establish a requester’s identity before sending a full answer. However, none of these are practical in that they do not work in the face of “resolver pools”—or groups of DNS resolvers that work in concert to lookup records in the DNS. In these cases a challenge transmitted to some resolver R1 may be handled by a resolver R2, hence leaving an authoritative DNS server wondering whether R2 is in fact another resolver in the pool or a victim. We offer a practical challenge-response mechanism that uses challenge chains to establish identity in the face of resolver pools. We illustrate that the practical cost of our scheme in terms of added delay is small.

Download the full article

Mosaic5G: Agile and Flexible Service Platforms for 5G Research

Navid NikaeinChia-Yu Chang, Konstantinos Alexandris
Abstract

Network slicing is one of the key enablers to provide the required flexibility and to realize the service-oriented vision toward fifth generation (5G) mobile networks. In that sense, virtualization, softwarization, and disaggregation are core concepts to accommodate the requirements of an end-to-end (E2E) service to be either isolated, shared, or customized. They lay the foundation for a multi-service and multi-tenant architecture, and are realized by applying the principles of software-defined networking (SDN), network function virtualization (NFV), and cloud computing to the mobile networks. Research on these principles requires agile and flexible platforms that offer a wide range of real-world experimentations over different domains to open up innovations in 5G. To this end, we present Mosaic5G, a community-led consortium for sharing platforms, providing a number of software components, namely FlexRAN, LL-MEC, JOX and Store, spanning application, management, control and user plane on top of OpenAirInterface (OAI) platform. Finally, we show several use cases of Mosaic5G corresponding to widely-mentioned 5G research directions.

Download the full article

NDN Host Model

Haitao ZhangYanbiao Li , Zhiyi Zhang, Alexander Afanasyev, Lixia Zhang
Abstract

As a proposed Internet architecture, Named Data Networking (NDN) changes the network communication model from delivering packets to destinations identified by IP addresses to fetching data packets by names. This architectural change leads to changes of host functions and initial configurations. In this paper we present an overview of the host functions in an NDN network, together with necessary operations to configure an NDN host.We also compare and contrast the functionality and configuration between an NDN host and an IP host, to help readers see the differences in between clearly.

Download the full article

Workshop on Internet Economics (WIE2017) Final Report

KC Claffy, Geoff Huston  David Clark,
Abstract

On December 13-14 2017, CAIDA hosted the 8th interdisciplinary
Workshop on Internet Economics (WIE) at the UC San Diego’s Supercomputer Center. This workshop series provides a forum for researchers, Internet facilities and service providers, technologists, economists, theorists, policy makers, and other stakeholders to exchange views on current and emerging regulatory and policy debates. The FCC’s expected decision (released during the workshop, on 14 December 2017) — to repeal the 2015 classification of broadband Internet access service as a telecommunications
(common carrier) service — set the stage for vigorous discussion on what type of data can inform debate, development, and empirical evaluation of public policies we will need for Internet services in the future.

Download the full article DOI: