Note the new location for the seminar.

Thursday, March 4th 2004.
Room Packard 202

 (1) Modeling multimedia file-sharing traffic, and

(2) Quantifying the spread of spyware


Prof. Steven Gribble

University of Washington

About the talk:
I will present two measurement and analysis "mini-talks" on separate (but related) topics: modeling P2P file-sharing workloads, and quantifying the spread and impact of spyware at the University of Washington.  In both talks, my results are based on passive network monitoring infrastructure that has allowed us to examine (post-anonymization) all ingoing and outgoing University of Washington network traffic.  This infrastructure is a "telescope" that allows us to examine the Internet from the perspective of UW's 60,000 faculty, staff, and students.

In the first mini-talk, I will probe deeply into modern P2P file sharing systems and the forces that drive them.  Based on a 200-day long trace of Kazaa traffic, we develop a model of multimedia workloads that lets us isolate, vary, and explore the impact of key system parameters and the potential impact of locality-awareness in Kazaa.  Our results reveal dramatic differences between P2P file sharing and Web traffic.  For example, we show how the immutability of Kazaa's multimedia objects leads clients to fetch objects at most once.  This behavior and object immutability has significant implications for the performance of multimedia file-sharing systems.  Unlike the Web, whose workload is driven by document change, we demonstrate that clients' fetch-at-most-once behavior, the creation of new objects, and the addition of new clients to the system are the primary forces that drive multimedia workloads such as Kazaa.

In the second mini-talk, I present a recent measurement student of a new Internet security threat: the spread of spyware. We examine four spyware programs (Gator, Cydoor, SaveNow and eZula) for which we derived signatures that can be used to detect their presence on remote computers through passive network monitoring. Using these signatures, we quantify the spread of spyware within the University of Washington.  In addition, we demonstrate correlations between certain measurable behavior and the rate of spyware infections within populations.  Finally, we demonstrate a specific vulnerability within two of these spyware programs, from which we derive implications about the impact of spyware on the security of the Internet as a whole.

About the speaker:
Steven D. Gribble joined the Computer Science and Engineering Department of the University of Washington as an Assistant Professor in November of 2000, after receiving his Ph.D. from UC Berkeley under Professor Eric Brewer.  Steve's research interests include the design and operation of robust, scalable Internet infrastructure and services, mobile computing, operating systems, virtual machine monitors, and networks. He received his B.Sc. in Computer Science and Physics from the University of British Columbia, and his M.S. in Computer Science from UC Berkeley. He is an ACM and USENIX member, and was a co-founder of ProxiNet, Inc. (now a division of PumaTech). Steve originally hails from Vancouver, Canada. Steve is a recipient of the Alfred P. Sloan Research Fellowship, as well as the National Science Foundation CAREER Award. When not in front of a computer, he loves to play the piano, or to spend his time outdoors with sports such as triathlon and adventure racing.