Papers by Mirko Schiavone
2015 International Wireless Communications and Mobile Computing Conference (IWCMC), 2015
2015 International Wireless Communications and Mobile Computing Conference (IWCMC), 2015
ABSTRACT The DNS protocol has proved to be a valuable means for identifying and dissecting large-... more ABSTRACT The DNS protocol has proved to be a valuable means for identifying and dissecting large-scale anomalies in omnipresent Over The Top (OTT) Internet services. In this paper, we present and evaluate a framework for detecting and diagnosing traffic anomalies via DNS traffic analysis. Detection of such anomalies is achieved by monitoring different DNS-related symptomatic features, flagging a warning as soon as one or more of them show a significant change. The investigation of the root causes for such deviations is done by looking at significant changes in a number of diagnostic features (i.e., device manufacturer and OS, requested host name, error codes, etc.), which convey information directly linked to the potential origins of the detected anomalies. For the purpose of detecting significant changes in the time-series of diagnostic features, we propose a scheme based on change point detection applied to the entropy of the considered features. The proposed solution is tested using both real and synthetic data from a nationwide mobile ISP, the latter generated from real traffic statistics to resemble the real mobile network traffic. To show the operational value of the proposed framework, we report the results of the diagnosis in two prototypical cases.
2015 27th International Teletraffic Congress, 2015
ABSTRACT The DNS protocol has proved to be a valuable means for identifying and dissecting large-... more ABSTRACT The DNS protocol has proved to be a valuable means for identifying and dissecting large-scale anomalies in omnipresent Over The Top (OTT) Internet services. In this paper, we present and evaluate a framework for detecting and diagnosing traffic anomalies via DNS traffic analysis. Detection of such anomalies is achieved by monitoring different DNS-related symptomatic features, flagging a warning as soon as one or more of them show a significant change. The investigation of the root causes for such deviations is done by looking at significant changes in a number of diagnostic features (i.e., device manufacturer and OS, requested host name, error codes, etc.), which convey information directly linked to the potential origins of the detected anomalies. For the purpose of detecting significant changes in the time-series of diagnostic features, we propose two different schemes: the first is based of change point detection applied to the entropy of the considered features, the second considers the full statistical distribution of the traffic features. The proposed solutions are tested and compared using both real and synthetic data from a nationwide mobile ISP, the latter generated from real traffic statistics to resemble the real mobile network traffic. To show the operational value of the proposed framework, we report the results of the diagnosis in two prototypical cases.
2015 IEEE 31st International Conference on Data Engineering, 2015
ABSTRACT Shared workload optimization is feasible if the set of tasks to be executed is known in ... more ABSTRACT Shared workload optimization is feasible if the set of tasks to be executed is known in advance, as is the case in updating a set of materialized views or executing an extract-transform-load workflow. In this paper, we consider dataintensive workloads with precedence constraints arising from data dependencies. While there has been previous work on identifying common subexpressions and task re-ordering to enable shared scans, in this paper we solve the problem of scheduling shared data-intensive workloads in a cache-oblivious way. Our solution relies on a novel formulation of precedence constrained scheduling with the additional constraint that once a data item is in the cache, all tasks that require this item should execute as soon as possible thereafter. We give an optimal algorithm using A* search over the space of possible orderings, and we propose efficient and effective heuristics that obtain nearly-optimal schedules in much less time. We present experimental results on real-life data warehouse workloads and the TCP-DS benchmark to validate our claims.
Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication - SIGCOMM '15, 2015
ABSTRACT In this paper we challenge the applicability and performance of entropy-based approaches... more ABSTRACT In this paper we challenge the applicability and performance of entropy-based approaches for detecting and diagnosis network traffic anomalies, and claim that full statistics (i.e., empirical probability distributions) should be applied to improve the change-detection capabilities. We support our claim by detecting and diagnosing large-scale traffic anomalies in a real cellular network, caused by specific OTT (Over The Top) services and smartphone devices. Our results clearly suggest that anomaly detection and diagnosis based on entropy analysis is prone to errors and misses typical characteristics of traffic anomalies, particularly in the studied cellular networks’ scenario.
2015 IFIP Networking Conference (IFIP Networking), 2015
ABSTRACT Online Social Networks (OSNs) have rapidly become an integral part of our daily lives, a... more ABSTRACT Online Social Networks (OSNs) have rapidly become an integral part of our daily lives, and hundreds of millions of people are nowadays remotely connected through popular OSNs such as Facebook, Google+, Twitter and WhatsApp. While much has been said and studied about the social aspects of OSNs, little is known about the network side of OSNs, specially regarding their network and traffic footprints, as well as their content delivery infrastructures. In this paper we study these networking aspects of OSNs, vivisecting the most popular OSNs in western countries: Facebook and WhatsApp. By analyzing two large-scale traffic traces collected at the cellular network of a major European ISP, we characterize and compare the networking behavior of Facebook and WhatsApp, considering not only the traffic flows but also the network infrastructures hosting them. Our study serves the main purpose of better understanding how major OSNs are provisioned in today’s Internet, paying special attention to the temporal dynamics of the service delivery. To the best of our knowledge, this is the first paper providing such an analysis using large-scale measurements in cellular networks.
Lecture Notes in Computer Science, 2015
ABSTRACT Nowadays mobile devices are highly heterogeneous both in terms of terminal types (e.g., ... more ABSTRACT Nowadays mobile devices are highly heterogeneous both in terms of terminal types (e.g., smartphones versus data modems) and usage scenarios (e.g., mobile browsing versus machine-to-machine applications). Additionally, the complexity of mobile terminals is continuously growing due to increases in computational power and advances in mobile operating systems. In this scenario novel traffic patterns may arise in mobile networks, and it is highly desirable for operators to understand their impact on the network performance. We address this problem by characterizing the traffic of different device types and Operating systems, analyzing real traces from a large scale mobile operator. We find the presence of highly time synchronized spikes in both data and signaling plane traffic generated by different types of devices. Additionally, by investigating a real case, we show that a device-specific view on traffic can efficiently support the root cause analysis of some type of network anomalies. Our analysis confirms that large traffic peaks, potentially leading to large-scale anomalies, can be induced by the misbehavior of a specific device type. Accordingly, we advocate the need for novel analysis methodologies for automatic detection and possibly mitigation of such device-triggered network anomalies.
Proceedings of the 2014 CoNEXT on Student Workshop - CoNEXT Student Workshop '14, 2014
Proceedings of the 2014 ACM conference on SIGCOMM - SIGCOMM '14, 2014
ABSTRACT WhatsApp, the new giant in instant multimedia messaging in mobile networks is rapidly in... more ABSTRACT WhatsApp, the new giant in instant multimedia messaging in mobile networks is rapidly increasing its popularity, taking over the traditional SMS/MMS messaging. In this paper we present the first large-scale characterization of WhatsApp, useful among others to ISPs willing to understand the impacts of this and similar applications on their networks. Through the combined analysis of passive measurements at the core of a national mobile network, worldwide geo-distributed active measurements, and traffic analysis at end devices, we show that: (i) the WhatsApp hosting architecture is highly centralized and exclusively located in the US; (ii) video sharing covers almost 40% of the total WhatsApp traffic volume; (iii) flow characteristics depend on the OS of the end device; (iv) despite the big latencies to US servers, download throughputs are as high as 1.5 Mbps; (v) users react immediately and negatively to service outages through social networks feedbacks.
Lecture Notes in Computer Science, 2014
The bandwidth demand of today's mobile applications is permanently increasing. This requires more... more The bandwidth demand of today's mobile applications is permanently increasing. This requires more frequent upgrades of the mobile network capacity in the radio access as well as in the backhaul section. In such quickly evolving scenario, the risk of capacity bottleneck is increased, therefore network operators need tools to promptly detect capacity bottlenecks or, conversely, validate the current network state. To this end, we propose to exploit the passive observation of individual TCP connections. Being a closed loop protocol, the performances of every TCP connection depend on the status of the whole end-to-end path. Leveraging on this property, we propose a method to infer the presence of a capacity bottleneck along the path of an individual TCP connection by passively monitoring the DATA and ACK packets at a single monitoring point. We validate our approach with test traffic in a real 3G/4G operational network. The realized monitoring algorithm offers a powerful tool to network operators for on-line performance assessment and network troubleshooting.
Uploads
Papers by Mirko Schiavone