On the Power and Limitations of Detecting Network Filtering via Passive Observation

Matthew Sargent, Jakub Czyz, Mark Allman, Michael Bailey

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Network operators often apply policy-based traffic filtering at the egress of edge networks. These policies can be detected by performing active measurements; however, doing so involves instrumenting every network one wishes to study. We investigate a methodology for detecting policy-based service-level traffic filtering from passive observation of traffic markers within darknets. Such markers represent traffic we expect to arrive and, therefore, whose absence is suggestive of network filtering. We study the approach with data from five large darknets over the course of one week. While we show the approach has utility to expose filtering in some cases, there are also limits to the methodology.

Original languageEnglish (US)
Title of host publicationPassive and Active Measurement - 16th International Conference, PAM 2015, Proceedings
EditorsYong Liu, Jelena Mirkovic
PublisherSpringer
Pages165-178
Number of pages14
ISBN (Electronic)9783319155081
DOIs
StatePublished - 2015
Event16th International Conference on Passive and Active Measurement, PAM 2015 - New York, United States
Duration: Mar 19 2015Mar 20 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8995
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other16th International Conference on Passive and Active Measurement, PAM 2015
Country/TerritoryUnited States
CityNew York
Period3/19/153/20/15

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'On the Power and Limitations of Detecting Network Filtering via Passive Observation'. Together they form a unique fingerprint.

Cite this