Efficient discovery of router interfaces on the IPv6 Internet is critical for network measurement and cybersecurity. However, existing solutions commonly suffer from inefficiencies due to a lack of initial probing targets (seeds), ultimately imposing limitations on large-scale IPv6 networks. Therefore, it is imperative to develop a methodology that enables the efficient collection of IPv6 router interfaces with limited resources, considering the impracticality of conducting a brute-force exploration across the extensive IPv6 address space.
In this paper, we introduce Treestrace, an innovative asynchronous prober specifically designed for this purpose. Without prior knowledge of the networks, this tool incrementally adjusts search directions, automatically prioritizing the survey of IPv6 address spaces with a higher concentration of IPv6 router interfaces. Furthermore, we have developed a carefully crafted architecture optimized for probing performance, allowing the tool to probe at the highest theoretically possible rate without requiring excessive computational resources.
Real-world tests show that Treestrace outperforms state-of-the-art works on both seed-based and seedless tasks, achieving at least a 5.57-fold efficiency improvement on large-scale IPv6 router interface discovery. With Treestrace, we discovered approximately 8 million IPv6 router interface addresses from a single vantage point within several hours.

The domain name system (DNS) is indispensable to nearly every Internet service. It has been extensively utilized for network activity characterization in passive and active approaches. Compared to the passive approach, active DNS cache probing is privacy-preserving and low-cost, enabling worldwide characterization of remote network activities in different networks. Unfortunately, existing probing-based methods are too coarse-grained to characterize the time-varying features of network activities, substantially limiting their applications in time-sensitive tasks. In this paper, we advance DNSScope, a fine-grained DNS cache probing framework by tackling three challenges: sample sparsity, observational distortion, and cache entanglement. DNSScope synthesizes statistical learning and self-supervised transfer learning to achieve time-varying characterization. Extensive evaluations demonstrate that it can accurately estimate the time-varying DNS query arrival rates on recursive DNS resolvers. Its average mean absolute error is 0.124, as low as one-sixth that of the baseline methods.

The Domain Name System (DNS) is a critical piece of Internet infrastructure with remarkably complex properties and uses, and accordingly has been extensively studied. In this study we contribute to that body of work by organizing and analyzing records maintained within the DNS as a bipartite graph. We find that relating names and addresses in this way uncovers a surprisingly rich structure. In order to characterize that structure, we introduce a new graph decomposition for DNS name-to-IP mappings, which we term elemental decomposition. In particular, we argue that (approximately) decomposing this graph into bicliques - maximally connected components - exposes this rich structure. We utilize large-scale censuses of the DNS to investigate the characteristics of the resulting decomposition, and illustrate how the exposed structure sheds new light on a number of questions about how the DNS is used in practice and suggests several new directions for future research.

Transparent proxies are widely deployed on the Internet, bridging the communications between clients and servers and providing desirable benefits to both sides, such as load balancing, security monitoring, and privacy enhancement. Meanwhile, they work in a silent way as clients and servers may know their existence. However, due to their invisibility and stealthiness, transparent proxies remain understudied for their behaviors, suspicious activities, and potential vulnerabilities that could be exploited by attackers. To better understand transparent proxies, we design and develop a framework to systematically investigate them in the wild. We identify two major types of transparent proxies, named FDR and CPV, respectively. FDR is a type of transparent proxy that independently performs Forced DNS Resolution during interception. CPV is a type of transparent proxy that presents Cache Poisoning Vulnerability. We perform a large-scale measurement to detect each type of transparent proxy and examine their security implications. In total, we identify 32,246 FDR and 11,286 CPV transparent proxies. We confirm that these two types of transparent proxies are distributed globally --- FDRs are observed in 98 countries and CPVs are observed in 51 countries. Our work highlights the issues of vulnerable transparent proxies and provides insights for mitigating such problems.

The centralization of web services has raised concerns about critical single points of failure, such as content hosting, name resolution, and certification. To address these issues, the "Decentralized Web" movement advocates for decentralized alternatives. Distributed Hash Tables (DHTs) have emerged as a key component facilitating this movement as they offer efficient key/value indexing. The InterPlanetary File System (IPFS) exemplifies this approach by leveraging DHTs for data indexing and distribution. A critical finding of previous studies is that PUT performance for record storage is unacceptably slow, sometimes taking minutes to complete and hindering the adoption of delay-intolerant applications. To address this challenge, this research paper presents three significant contributions. First, we present the design of Optimistic Provide, an approach to accelerate DHT PUT operations in Kademlia-based IPFS networks while maintaining full backward compatibility. Second, we implement and deploy the mechanism and see its usage in the de-facto IPFS deployment, Kubo. Third, we evaluate its effectiveness in the IPFS and Filecoin DHTs. We confirm that we enable sub-second record storage from North America and Europe for 90% of PUT operations while reducing networking overhead by over 40% and maintaining record availability.

To meet stringent performance requirements, communication networks are becoming increasingly programmable and flexible, supporting fast and frequent adjustments. However, reconfiguring networks in a dependable and transiently consistent manner is known to be algorithmically challenging. This paper revisits the fundamental problem of how to update the routes in a network in a (transiently) loop-free manner, considering both the Strong Loop-Freedom (SLF) and the Relaxed Loop-Freedom (RLF) property.

We present two fast algorithms to solve the SLF and RLF problem variants exactly, to optimality. Our algorithms are based on a parameterized integer linear program which would be intractable to solve directly by a classic solver. Our main technical contribution is a lazy cycle breaking strategy which, by adding constraints lazily, improves performance dramatically, and outperforms the state-of-the-art exact algorithms by an order of magnitude on realistic medium-sized networks. We further explore approximate algorithms and show that while a relaxation approach is relatively slow, with a local search approach short update schedules can be found, outperforming the state-of-the-art heuristics.

On the theoretical front, we also provide an approximation lower bound for the update time of the state-of-the-art algorithm in the literature. We made all our code and implementations publicly available.

In this paper, we consider the approximate membership testing problem on skewed data traces, in which some hot or popular items repeat frequently. Previous solutions suffer from either high false positive rates or low lookup throughput. To address this problem, we propose a variant of the cuckoo filter, enhanced with a hotness-aware suffix cache. We note that a false positive item must have a matched fingerprint in the cuckoo filter, and propose to reduce false positives by memorizing them, but with their suffixes only. For each false positive item, we apply a linear-congruential-based hash function and then divide the hash value into three parts: the bucket index to be accessed in the cuckoo filter, the fingerprint to be stored in the cuckoo filter, and the suffix to be cached. Combing the three parts, a hot false positive item can be uniquely identified and can be avoided. Our evaluation results indicate that RCF significantly outperforms non-adaptive filters on skewed data traces. Given the same memory size, it achieves a much lower false positive ratio without sacrificing its lookup throughput. Compared with adaptive filters, RCF provides a competitive false positive ratio while offering a considerably higher (30 − 100×) lookup throughput.

Local clustering aims to find a high-quality cluster near a given vertex. Recently, higher-order units are introduced to local clustering, and the underlying information has been verified to be essential. However, original edges are underestimated in these techniques, leading to the degeneration of network information. Moreover, most of the higher-order models are designed for static networks, whereas real-world networks are generally large and evolve rapidly. Repeatedly conducting a static algorithm at each snapshot is usually computationally impractical, and recent approaches instead track a cluster by updating the cluster sequentially. However, errors would accumulate over lengthy evolutions, and the complete cluster needs to be recalculated periodically to maintain the accuracy, which naturally affects the efficiency. To bridge the two gaps, we design a multi-order hypergraph, and present a hybrid model for dynamic clustering. In particular, we propose an incremental method to track a personalized PageRank vector in the evolving hypergraph, which converges to the exact solution at each snapshot when significantly reducing the complexity. We further develop a dynamic sweep to identify a cut in each vector, whereby a cluster can be incrementally updated with no accumulated errors. We provide rigorous theoretical basis and conduct comprehensive experiments, which demonstrate the effectiveness.

Spectrum prediction is a key enabler for the forthcoming coexistence paradigm where various Radio Access Technologies share overlapping radio spectrum, to substantially improve spectrum efficiency in 5G and beyond systems. Though this fundamental issue has received tremendous research attention, existing algorithms are designed for and validated against spectrum usage data in low time-frequency granularities, which cause inevitable errors when applied to spectrum prediction in realistic resolutions. Therefore, in this paper, we improve three key components along the pipeline of spectrum prediction. First, we achieve raw spectrum data in the same resolutions as scheduling, which reflect the actual dynamics of the subject to be predicted. We improve the Deep Q-Network (DQN) prediction algorithm with enhanced experience replay to reduce the sample complexity, so that the improved DQN is more efficient in terms of sample quantities. New prediction features are extracted from high resolution measurement data to improve prediction accuracy. According to our thorough experiments, the proposed prediction algorithm substantially reduces the sample complexity by 88.9%, and the prediction accuracy improvements are up to 14%, when compared with various state-of-the-art counterparts.

Mobile networks have increased spectral efficiency through advanced multiplexing strategies that are coordinated by base stations (BS) in licensed spectrum. However, external interference on clients, leads to significant performance degradation during dynamic (unlicensed) spectrum access (DSA). We introduce the notion of network tomography for DSA, whereby clients are transformed into spectrum sensors, whose joint access statistics are measured and used to account for interfering sources. Albeit promising, performing such tomography naively incurs an impractical overhead that scales exponentially with the multiplexing order of the strategies deployed -- which will only continue to grow with 5G/6G technologies.

To this end, we propose a novel, scalable network tomography framework called NeTo-X that estimates joint client access statistics with just linear overhead, and forms a blue-print of the interference, thus enabling efficient DSA for future networks. NeTo-X's design incorporates intelligent algorithms that leverage multi-channel diversity and the spatial locality of interference impact on clients to accurately estimate the desired interference statistics from just pair-wise measurements of its clients. The merits of its framework are showcased in the context of resource management and jammer localization applications, where its performance significantly outperforms baseline approaches and closely approximates optimal performance at a scalable overhead.

Spectrum sensing becomes fundamental to enable the coexistence of different wireless technologies in shared spectrum bands. We propose a completely novel approach based on semantic spectrum segmentation, where multiple signals are simultaneously classified and localized in both time and frequency at the I/Q level and by using unprocessed I/Q samples. Conversely from the state-of-the-art computer vision algorithm, we add non-local blocks to combine the spatial features of signals, and thus achieve better performance. In addition, we propose a novel data generation approach where a limited set of easy-to-collect real-world wireless signals are ``stitched together'' to generate large-scale, wideband, and diverse datasets. Experimental results obtained on multiple testbeds over the course of 3 days show that our approach classifies and localizes signals with a mean intersection over union (IOU) of 96.70% across 5 wireless protocols while performing in real-time with a latency of 2.6 ms. Moreover, we demonstrate that our approach based on non-local blocks achieves 7% more accuracy when segmenting the most challenging signals with respect to the state-of-the-art U-Net algorithm.

Automated spectrum analysis has become an important capability of dynamic spectrum access networks. Outcomes from spectrum analytics will feed into critical decisions such as (i) how to allocate network resources to clients, (ii) when to enforce penalties due to malicious or disruptive activity, and (iii) how to chart policies for future regulations. The insights gleaned from a spectrum trace, however, are as objective as the trace itself, and artifacts that might have been introduced from sensor imperfections or configuration will inevitably propagate as (potentially false) analysis insights. Yet, spectrum analytics have been largely developed in isolation from the underlying data collection and are oblivious to sensor-induced artifacts.

To address this challenge we develop VIA a framework that quantifies spectrum data fidelity based on sensor properties and configuration. VIA takes as an input a spectrum trace and the sensor configuration, and benchmarks data quality along three vectors: (i) Veracity, or how truthfully a scan captures spectrum activity, (ii) Intermittency, characterizing the temporal persistence of spectrum scans and (iii) Ambiguity, encompassing the likelihood of false occupancy detection. We showcase VIA by studying the data fidelity of five common sensor platforms.