On the Power and Limitations of Detecting Network Filtering via Passive Observation

Matthew Sargent; Jakub Czyz; Mark Allman; Michael Bailey

doi:10.1007/978-3-319-15509-8_13

On the Power and Limitations of Detecting Network Filtering via Passive Observation

Matthew Sargent, Jakub Czyz, Mark Allman, Michael Bailey

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Network operators often apply policy-based traffic filtering at the egress of edge networks. These policies can be detected by performing active measurements; however, doing so involves instrumenting every network one wishes to study. We investigate a methodology for detecting policy-based service-level traffic filtering from passive observation of traffic markers within darknets. Such markers represent traffic we expect to arrive and, therefore, whose absence is suggestive of network filtering. We study the approach with data from five large darknets over the course of one week. While we show the approach has utility to expose filtering in some cases, there are also limits to the methodology.

Original language	English (US)
Title of host publication	Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings
Editors	Yong Liu, Jelena Mirkovic
Publisher	Springer
Pages	165-178
Number of pages	14
ISBN (Electronic)	9783319155081
DOIs	https://doi.org/10.1007/978-3-319-15509-8_13
State	Published - 2015
Event	16th International Conference on Passive and Active Measurement, PAM 2015 - New York, United States Duration: Mar 19 2015 → Mar 20 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8995
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	16th International Conference on Passive and Active Measurement, PAM 2015
Country/Territory	United States
City	New York
Period	3/19/15 → 3/20/15

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-319-15509-8_13

Library availability

Discover UIUC Full Text

Cite this

Sargent, M., Czyz, J., Allman, M., & Bailey, M. (2015). On the Power and Limitations of Detecting Network Filtering via Passive Observation. In Y. Liu, & J. Mirkovic (Eds.), Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings (pp. 165-178). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8995). Springer. https://doi.org/10.1007/978-3-319-15509-8_13

On the Power and Limitations of Detecting Network Filtering via Passive Observation. / Sargent, Matthew; Czyz, Jakub; Allman, Mark et al.
Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings. ed. / Yong Liu; Jelena Mirkovic. Springer, 2015. p. 165-178 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8995).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sargent, M, Czyz, J, Allman, M & Bailey, M 2015, On the Power and Limitations of Detecting Network Filtering via Passive Observation. in Y Liu & J Mirkovic (eds), Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8995, Springer, pp. 165-178, 16th International Conference on Passive and Active Measurement, PAM 2015, New York, United States, 3/19/15. https://doi.org/10.1007/978-3-319-15509-8_13

Sargent M, Czyz J, Allman M, Bailey M. On the Power and Limitations of Detecting Network Filtering via Passive Observation. In Liu Y, Mirkovic J, editors, Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings. Springer. 2015. p. 165-178. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-15509-8_13

Sargent, Matthew ; Czyz, Jakub ; Allman, Mark et al. / On the Power and Limitations of Detecting Network Filtering via Passive Observation. Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings. editor / Yong Liu ; Jelena Mirkovic. Springer, 2015. pp. 165-178 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ee15ba4e9ef4411a9336c0ad8daf2b5f,

title = "On the Power and Limitations of Detecting Network Filtering via Passive Observation",

abstract = "Network operators often apply policy-based traffic filtering at the egress of edge networks. These policies can be detected by performing active measurements; however, doing so involves instrumenting every network one wishes to study. We investigate a methodology for detecting policy-based service-level traffic filtering from passive observation of traffic markers within darknets. Such markers represent traffic we expect to arrive and, therefore, whose absence is suggestive of network filtering. We study the approach with data from five large darknets over the course of one week. While we show the approach has utility to expose filtering in some cases, there are also limits to the methodology.",

author = "Matthew Sargent and Jakub Czyz and Mark Allman and Michael Bailey",

note = "Funding Information: We would like to thank Christian Kreibich for the Netalyzr data, Phillip Porras for the Conficker sinkhole data, and Vern Paxson for comments on an earlier draft. This work is sponsored by NSF grants CNS-1213157, CNS-1237265, CNS-1505790 and CNS-1111699. Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 16th International Conference on Passive and Active Measurement, PAM 2015 ; Conference date: 19-03-2015 Through 20-03-2015",

year = "2015",

doi = "10.1007/978-3-319-15509-8_13",

language = "English (US)",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "165--178",

editor = "Yong Liu and Jelena Mirkovic",

booktitle = "Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings",

address = "Germany",

}

TY - GEN

T1 - On the Power and Limitations of Detecting Network Filtering via Passive Observation

AU - Sargent, Matthew

AU - Czyz, Jakub

AU - Allman, Mark

AU - Bailey, Michael

N1 - Funding Information: We would like to thank Christian Kreibich for the Netalyzr data, Phillip Porras for the Conficker sinkhole data, and Vern Paxson for comments on an earlier draft. This work is sponsored by NSF grants CNS-1213157, CNS-1237265, CNS-1505790 and CNS-1111699. Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Network operators often apply policy-based traffic filtering at the egress of edge networks. These policies can be detected by performing active measurements; however, doing so involves instrumenting every network one wishes to study. We investigate a methodology for detecting policy-based service-level traffic filtering from passive observation of traffic markers within darknets. Such markers represent traffic we expect to arrive and, therefore, whose absence is suggestive of network filtering. We study the approach with data from five large darknets over the course of one week. While we show the approach has utility to expose filtering in some cases, there are also limits to the methodology.

AB - Network operators often apply policy-based traffic filtering at the egress of edge networks. These policies can be detected by performing active measurements; however, doing so involves instrumenting every network one wishes to study. We investigate a methodology for detecting policy-based service-level traffic filtering from passive observation of traffic markers within darknets. Such markers represent traffic we expect to arrive and, therefore, whose absence is suggestive of network filtering. We study the approach with data from five large darknets over the course of one week. While we show the approach has utility to expose filtering in some cases, there are also limits to the methodology.

UR - http://www.scopus.com/inward/record.url?scp=84924386414&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84924386414&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-15509-8_13

DO - 10.1007/978-3-319-15509-8_13

M3 - Conference contribution

AN - SCOPUS:84924386414

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 165

EP - 178

BT - Passive and Active Measurement - 16th International Conference, PAM 2015, Proceedings

A2 - Liu, Yong

A2 - Mirkovic, Jelena

PB - Springer

T2 - 16th International Conference on Passive and Active Measurement, PAM 2015

Y2 - 19 March 2015 through 20 March 2015

ER -

On the Power and Limitations of Detecting Network Filtering via Passive Observation

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this