IEEE/ACM Transactions on Networking (TON)
IEEE Security and Privacy
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
BGP eye: a new visualization tool for real-time detection and analysis of BGP anomalies
Proceedings of the 3rd international workshop on Visualization for computer security
ConceptDoppler: a weather tracker for internet censorship
Proceedings of the 14th ACM conference on Computer and communications security
Studying black holes in the internet with Hubble
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
BGPmon: A Real-Time, Scalable, Extensible Monitoring System
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
An Online Mechanism for BGP Instability Detection and Analysis
IEEE Transactions on Computers
Internet optometry: assessing the broken glasses in internet reachability
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Analysis of BGP prefix origins during google's may 2005 outage
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Online Organization of an Offline Protest: From Social to Traditional Media and Back
HICSS '11 Proceedings of the 2011 44th Hawaii International Conference on System Sciences
IP geolocation databases: unreliable?
ACM SIGCOMM Computer Communication Review
Internet censorship in china: where does the filtering occur?
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Ignoring the great firewall of china
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Distributed systems and natural disasters: BitTorrent as a global witness
Proceedings of the Special Workshop on Internet and Disasters
ACM SIGCOMM Computer Communication Review
ACM SIGMETRICS Performance Evaluation Review
A hands-on look at active probing using the IP prespecified timestamp option
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Communications of the ACM
Characterizing inter-domain rerouting after japan earthquake
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
A tool for the generation of realistic network workload for emerging networking scenarios
Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of internet-wide probing using darknets
Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security
Analysis of a "/0" stealth scan from a botnet
Proceedings of the 2012 ACM conference on Internet measurement conference
Gaining insight into AS-level outages through analysis of internet background radiation
Proceedings of the 2012 ACM conference on CoNEXT student workshop
Trinocular: understanding internet reliability through adaptive probing
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Understanding IPv6 internet background radiation
Proceedings of the 2013 conference on Internet measurement conference
On the benefits of using a large IXP as an internet vantage point
Proceedings of the 2013 conference on Internet measurement conference
ScrambleSuit: a polymorphic network protocol to circumvent censorship
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
RiskRoute: a framework for mitigating network outage threats
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
| Hi-index | 0.02 |
In the first months of 2011, Internet communications were disrupted in several North African countries in response to civilian protests and threats of civil war. In this paper we analyze episodes of these disruptions in two countries: Egypt and Libya. Our analysis relies on multiple sources of large-scale data already available to academic researchers: BGP interdomain routing control plane data; unsolicited data plane traffic to unassigned address space; active macroscopic traceroute measurements; RIR delegation files; and MaxMind's geolocation database. We used the latter two data sets to determine which IP address ranges were allocated to entities within each country, and then mapped these IP addresses of interest to BGP-announced address ranges (prefixes) and origin ASes using publicly available BGP data repositories in the U.S. and Europe. We then analyzed observable activity related to these sets of prefixes and ASes throughout the censorship episodes. Using both control plane and data plane data sets in combination allowed us to narrow down which forms of Internet access disruption were implemented in a given region over time. Among other insights, we detected what we believe were Libya's attempts to test firewall-based blocking before they executed more aggressive BGP-based disconnection. Our methodology could be used, and automated, to detect outages or similar macroscopically disruptive events in other geographic or topological regions.