Our research group has had three long papers accepted at the ACM SIGCOMM Internet Measurement Conference this October in Berlin, Germany.  Two of the papers are on studying the performance and usage of home networks.  A third paper is on the security of the Internet’s domain name system.  The draft abstracts of the papers are below.  We are very well represented (seven students, and one alum, Nazanin, who is now at Cisco).

There were only 25 long papers accepted at IMC, so we are very well-represented in the program.

Congrats to Sarthak, Srikanth, Shuang, Mi Seon, Sam, Joon, Bharath, and Nazanin!

Peeking Behind the NAT: An Empirical Study of Home Networks
Sarthak Grover (Georgia Institute of Technology)
Mi Seon Park (Georgia Institute of Technology)
Srikanth Sundaresan (Georgia Institute of Technology)
Sam Burnett (Georgia Institute of Technology)
Hyojoon Kim (Georgia Institute of Technology)
Bharath Ravi (Georgia Institute of Technology)
Nick Feamster (Georgia Institute of Technology)

We present the first empirical study of home network availability, infrastructure, and usage, using data collected from home networks around the world. In each home, we deploy a router with custom firmware to collect information about the availability of home broadband network connectivity, the home network infrastructure (including the wireless connectivity in each home network and the number of devices connected to the network), and how people in each home network use the network. Outages are more frequent and longer in developing countries—sometimes due to the network, and in other cases because they simply turn their home router off. We also find that some portions of the wireless spectrum are extremely crowded, that diurnal patterns are more pronounced during the week, and that most traffic in home networks is exchanged over a few connections to a small number of domains. Our study is both a preliminary view into many home networks and an illustration of how measurements from a home router can yield significant information about home networks.

Measuring and Mitigating Web Performance Bottlenecks in Broadband Access Networks
Srikanth Sundaresan (Georgia Institute of Technology)
Nick Feamster (Georgia Institute of Technology)
Renata Teixeira (CNRS/UPMC Sorbonne Universites)
Nazanin Magharei (Cisco Systems)

We measure Web performance bottlenecks in home broadband access networks and evaluate ways to mitigate these bottlenecks with caching in home networks. We first measure Web performance bottlenecks to nine popular Web sites from more than 5,000 broadband access networks and demonstrate that when the downstream throughput of the access link exceeds about 16 Mbits/s, latency is the main bottleneck for Web page load time. Next, we use a router-based Web measurement tool, Mirage, to deconstruct Web page load time into its constituent components (DNS lookup, TCP connection setup, object download) and show that simple latency optimizations can yield significant improvements in overall page load times. We then present a case for placing a cache in the home network and deploy three common optimizations: DNS caching, TCP connection caching, and content caching. We show that just caching DNS and TCP connections can can yield significant improvements in page load time, and even user’s browser is already performing similar independent optimizations. Finally, we use traces from real homes to demonstrate how popularity-based prefetching of DNS and TCP connections in a home-router cache can achieve faster page load times in home networks.

Understanding the Domain Registration Behavior of Spammers
Shuang Hao (Georgia Institute of Technology)
Matthew Thomas (Verisign, Inc.)
Vern Paxson (ICSI & UC Berkeley)
Nick Feamster (Georgia Institute of Technology)
Christian Kreibich (ICSI)
Chris Grier (ICSI)
Scott Hollenbeck (Verisign, Inc.)

Spammers register tremendous number of domains to evade blacklisting and takedown efforts. Current techniques to detect such domains rely on crawling spam URLs or monitoring lookup traffic. Such detection triggers after the spammers have already launched their campaigns, and thus these countermeasures may only come into play after the spammer has already reaped significant benefits from the dissemination of large volumes of spam. In this paper we examine the registration process of such domains, with a particular eye towards features that might indicate directly at registration time that a given domain likely has a malicious purpose. Our assessment includes exploring the characteristics of registrars, domain life cycles, registration bursts, and naming patterns. By investigating zone changes from the .com TLD over a 5-month period, we discover that spammers employ bulk registration, often re-use domains previously registered by others, and tend to register and host their domains over a small set of registrars. Our findings suggest a number of steps that registries and/or registrars could employ to crimp the ease with which miscreants acquire domains in bulk, thus potentially increasing their costs and reducing their agility for large-scale attacks.