644 research outputs found
Managing community membership information in a small-world grid
As the Grid matures the problem of resource discovery across communities,
where resources now include computational services, is becoming more
critical. The number of resources available on a world-wide grid is set to grow
exponentially in much the same way as the number of static web pages on
the WWW. We observe that the world-wide resource discovery problem can
be modelled as a slowly evolving very-large sparse-matrix where individual
matrix elements represent nodes’ knowledge of one another. Blocks in the
matrix arise where nodes offer more than one service. Blocking effects also
arise in the identification of sub-communities in the Grid. The linear algebra
community has long been aware of suitable representations of large, sparse
matrices. However, matrices the size of the world-wide grid potentially number
in the billions, making dense solutions completely intractable. Distributed
nodes will not necessarily have the storage capacity to store the addresses of
any significant percentage of the available resources. We discuss ways of modelling
this problem in the regime of a slowly changing service base including
phenomena such as percolating networks and small-world network effects
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
Illicit crypto-mining leverages resources stolen from victims to mine
cryptocurrencies on behalf of criminals. While recent works have analyzed one
side of this threat, i.e.: web-browser cryptojacking, only commercial reports
have partially covered binary-based crypto-mining malware. In this paper, we
conduct the largest measurement of crypto-mining malware to date, analyzing
approximately 4.5 million malware samples (1.2 million malicious miners), over
a period of twelve years from 2007 to 2019. Our analysis pipeline applies both
static and dynamic analysis to extract information from the samples, such as
wallet identifiers and mining pools. Together with OSINT data, this information
is used to group samples into campaigns. We then analyze publicly-available
payments sent to the wallets from mining-pools as a reward for mining, and
estimate profits for the different campaigns. All this together is is done in a
fully automated fashion, which enables us to leverage measurement-based
findings of illicit crypto-mining at scale. Our profit analysis reveals
campaigns with multi-million earnings, associating over 4.4% of Monero with
illicit mining. We analyze the infrastructure related with the different
campaigns, showing that a high proportion of this ecosystem is supported by
underground economies such as Pay-Per-Install services. We also uncover novel
techniques that allow criminals to run successful campaigns.Comment: A shorter version of this paper appears in the Proceedings of 19th
ACM Internet Measurement Conference (IMC 2019). This is the full versio
An Internet Heartbeat
Obtaining sound inferences over remote networks via active or passive
measurements is difficult. Active measurement campaigns face challenges of
load, coverage, and visibility. Passive measurements require a privileged
vantage point. Even networks under our own control too often remain poorly
understood and hard to diagnose. As a step toward the democratization of
Internet measurement, we consider the inferential power possible were the
network to include a constant and predictable stream of dedicated lightweight
measurement traffic. We posit an Internet "heartbeat," which nodes periodically
send to random destinations, and show how aggregating heartbeats facilitates
introspection into parts of the network that are today generally obtuse. We
explore the design space of an Internet heartbeat, potential use cases,
incentives, and paths to deployment
Component-aware Orchestration of Cloud-based Enterprise Applications, from TOSCA to Docker and Kubernetes
Enterprise IT is currently facing the challenge of coordinating the
management of complex, multi-component applications across heterogeneous cloud
platforms. Containers and container orchestrators provide a valuable solution
to deploy multi-component applications over cloud platforms, by coupling the
lifecycle of each application component to that of its hosting container. We
hereby propose a solution for going beyond such a coupling, based on the OASIS
standard TOSCA and on Docker. We indeed propose a novel approach for deploying
multi-component applications on top of existing container orchestrators, which
allows to manage each component independently from the container used to run
it. We also present prototype tools implementing our approach, and we show how
we effectively exploited them to carry out a concrete case study
Web Tracking: Mechanisms, Implications, and Defenses
This articles surveys the existing literature on the methods currently used
by web services to track the user online as well as their purposes,
implications, and possible user's defenses. A significant majority of reviewed
articles and web resources are from years 2012-2014. Privacy seems to be the
Achilles' heel of today's web. Web services make continuous efforts to obtain
as much information as they can about the things we search, the sites we visit,
the people with who we contact, and the products we buy. Tracking is usually
performed for commercial purposes. We present 5 main groups of methods used for
user tracking, which are based on sessions, client storage, client cache,
fingerprinting, or yet other approaches. A special focus is placed on
mechanisms that use web caches, operational caches, and fingerprinting, as they
are usually very rich in terms of using various creative methodologies. We also
show how the users can be identified on the web and associated with their real
names, e-mail addresses, phone numbers, or even street addresses. We show why
tracking is being used and its possible implications for the users (price
discrimination, assessing financial credibility, determining insurance
coverage, government surveillance, and identity theft). For each of the
tracking methods, we present possible defenses. Apart from describing the
methods and tools used for keeping the personal data away from being tracked,
we also present several tools that were used for research purposes - their main
goal is to discover how and by which entity the users are being tracked on
their desktop computers or smartphones, provide this information to the users,
and visualize it in an accessible and easy to follow way. Finally, we present
the currently proposed future approaches to track the user and show that they
can potentially pose significant threats to the users' privacy.Comment: 29 pages, 212 reference
Spam on the Internet: can it be eradicated or is it here to stay?
A discussion of the rise in unsolicited bulk e-mail, its effect on tertiary education, and some of the methods being used or developed to combat it. Includes an examination of block listing, protocol change, economic and computational solutions, e-mail aliasing, sender warranted e-mail, collaborative filtering, rule-based and statistical solutions, and legislation
- …