{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:30:57Z","timestamp":1750307457398,"version":"3.41.0"},"reference-count":40,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2010,10,1]],"date-time":"2010-10-01T00:00:00Z","timestamp":1285891200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2010,10]]},"abstract":"<jats:p>Reliable network demographics are quickly becoming a much sought-after digital commodity. However, as the need for more refined Internet demographics has grown, so too has the tension between privacy and utility. Unfortunately, current techniques lean too much in favor of functional requirements over protecting the privacy of users. For example, the most prominent proposals for measuring the relative popularity of a Web site depend on the deployment of client-side measurement agents that are generally perceived as infringing on users\u2019 privacy, thereby limiting their wide-scale adoption. Moreover, the client-side nature of these techniques also makes them susceptible to various manipulation tactics that undermine the integrity of their results. In this article, we propose a new estimation technique that uses DNS cache probing to infer the density of clients accessing a given service. Compared to earlier techniques, our scheme is less invasive as it does not reveal user-specific traits, and is more robust against manipulation. We demonstrate the flexibility of our approach through two important security applications. First, we illustrate how our scheme can be used as a lightweight technique for measuring and verifying the relative popularity rank of different Web sites. Second, using data from several hundred botnets, we apply our technique to indirectly measure the infected population of this increasing Internet phenomenon.<\/jats:p>","DOI":"10.1145\/1852096.1852097","type":"journal-article","created":{"date-parts":[[2010,10,26]],"date-time":"2010-10-26T12:36:02Z","timestamp":1288096562000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Peeking Through the Cloud"],"prefix":"10.1145","volume":"10","author":[{"given":"Moheeb Abu","family":"Rajab","sequence":"first","affiliation":[{"name":"Google Inc."}]},{"given":"Fabian","family":"Monrose","sequence":"additional","affiliation":[{"name":"University of North Carolina, Chapel Hill"}]},{"given":"Niels","family":"Provos","sequence":"additional","affiliation":[{"name":"Google Inc."}]}],"member":"320","published-online":{"date-parts":[[2010,10]]},"reference":[{"volume-title":"Proceeding of the 8th International Conference on World Wide Web (WWW\u201999)","author":"Anupam V.","key":"e_1_2_1_1_1"},{"volume-title":"Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS).","author":"Bailey M.","key":"e_1_2_1_2_1"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637243"},{"volume-title":"Proceedings of the 14th USENIX Security Symposium. 193--212","author":"Bethencourt J.","key":"e_1_2_1_4_1"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/568760.568871"},{"volume-title":"Proceedings of 4th USENIX Symposium on Networked Systems Design and Implementation (NDSI).","author":"Casado M.","key":"e_1_2_1_6_1"},{"volume-title":"Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV).","author":"Casado M.","key":"e_1_2_1_7_1"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1103626.1103632"},{"volume-title":"Proceedings of the 1st Workshop on Steps to Reducing Unwanted Traffic on the Internet.","year":"2005","author":"Cooke E.","key":"e_1_2_1_9_1"},{"volume-title":"Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS\u201908)","author":"Dagon D.","key":"e_1_2_1_10_1"},{"volume-title":"Proceedings of the 13th Network and Distributed System Security Symposium (NDSS).","author":"Dagon D.","key":"e_1_2_1_11_1"},{"volume-title":"Proceedings of the 1st USENIX Workshop on Hot Topics in Botnets (HotBots\u201907)","author":"Daswani N.","key":"e_1_2_1_12_1"},{"key":"e_1_2_1_13_1","unstructured":"DNS-snoop. DNS Cache Snooping or Snooping the Cache for Fun and Profit. http:\/\/www.sysvalue.com\/papers\/DNS-Cache-Snooping\/files\/DNS_Cache_Snooping_1.1.pdf.  DNS-snoop. DNS Cache Snooping or Snooping the Cache for Fun and Profit. http:\/\/www.sysvalue.com\/papers\/DNS-Cache-Snooping\/files\/DNS_Cache_Snooping_1.1.pdf."},{"key":"e_1_2_1_14_1","unstructured":"FBI. 2006. FBI computer crime survey. http:\/\/www.fbi.gov\/page2\/jan06\/computer_crime_survey011806.htm. FBI . 2006. FBI computer crime survey. http:\/\/www.fbi.gov\/page2\/jan06\/computer_crime_survey011806.htm."},{"key":"e_1_2_1_15_1","unstructured":"FBI. 2007. FBI botnet cyber crime report. http:\/\/www.fbi.gov\/pressrel\/pressrel07\/botnet061307.htm. FBI . 2007. FBI botnet cyber crime report. http:\/\/www.fbi.gov\/pressrel\/pressrel07\/botnet061307.htm."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315292"},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Franklin M. K. and Malkhi D. 1997. Auditable metering with lightweight security. In Financial Cryptography. 151--160. Franklin M. K. and Malkhi D. 1997. Auditable metering with lightweight security. In Financial Cryptography . 151--160.","DOI":"10.1007\/3-540-63594-7_75"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/11555827_19"},{"key":"e_1_2_1_19_1","unstructured":"GreyMagic. 2002. Exploiting the Google toolbar. http:\/\/www.greymagic.com\/security\/advisories\/gm001-mc\/. GreyMagic . 2002. Exploiting the Google toolbar. http:\/\/www.greymagic.com\/security\/advisories\/gm001-mc\/."},{"volume-title":"Proceedings of the 16th USENIX Security Symposium. 167--182","author":"Gu G.","key":"e_1_2_1_20_1"},{"key":"e_1_2_1_21_1","unstructured":"Honeynet. 2005. Know your enemy: Tracking botnets. http:\/\/www.honeynet.org\/papers\/bots\/. Honeynet . 2005. Know your enemy: Tracking botnets. http:\/\/www.honeynet.org\/papers\/bots\/."},{"key":"e_1_2_1_22_1","unstructured":"IP2Location. Bringing geography to the Internet. http:\/\/www.ip2location.com\/. IP2Location . Bringing geography to the Internet. http:\/\/www.ip2location.com\/."},{"volume-title":"Proceedings of the IEEE INFOCOMM.","author":"Jung J.","key":"e_1_2_1_23_1"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455774"},{"key":"e_1_2_1_25_1","unstructured":"Measurement Factory 2009. The Measurement Factory DNS Survey. http:\/\/dns.measurement-factory.com\/surveys\/200910.html.  Measurement Factory 2009. The Measurement Factory DNS Survey. http:\/\/dns.measurement-factory.com\/surveys\/200910.html."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2007.124"},{"volume-title":"Proceedings of the 11th USENIX Security Symposium.","year":"2002","author":"Moore D.","key":"e_1_2_1_27_1"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0054155"},{"key":"e_1_2_1_29_1","unstructured":"Naraine R. 2007. Unpatched Google toolbar flaw presents ID theft risk. http:\/\/www.eweek.com\/c\/a\/Security\/Unpatched-Google-Toolbar-Flaw-Presents-ID-Theft-Risk\/. Naraine R. 2007. Unpatched Google toolbar flaw presents ID theft risk. http:\/\/www.eweek.com\/c\/a\/Security\/Unpatched-Google-Toolbar-Flaw-Presents-ID-Theft-Risk\/."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988674"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.392383"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_11"},{"volume-title":"Proceedings of the 6th Applied Cryptography and Network Security Conference.","author":"Rajab M. A.","key":"e_1_2_1_33_1"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177086"},{"volume-title":"Proceedings of the 1st USENIX Workshop on Hot Topics in Botnets (HotBots\u201907)","author":"Rajab M. A.","key":"e_1_2_1_35_1"},{"volume-title":"Introduction to Probability Models","author":"Ross S. M.","key":"e_1_2_1_36_1"},{"key":"e_1_2_1_37_1","first-page":"1801","article-title":"On the effectiveness of DNS-based server selection","volume":"3","author":"Shaikh A.","year":"2001","journal-title":"Proceedings of the IEEE INFOCOM."},{"volume-title":"Proceedings of the 14th USENIX Security Symposium. 209--224","author":"Shinoda Y.","key":"e_1_2_1_38_1"},{"key":"e_1_2_1_39_1","unstructured":"Story L. 2007. How many site hits? depends on who\u2019s counting. New York Times article. http:\/\/www.nytimes.com\/2007\/10\/22\/technology\/22click.html?_r=3&amp;pagewanted=1&amp;ref= technology&amp;oref=slogin. Story L. 2007. How many site hits? depends on who\u2019s counting. New York Times article. http:\/\/www.nytimes.com\/2007\/10\/22\/technology\/22click.html?_r=3&amp;pagewanted=1&amp;ref= technology&amp;oref=slogin."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/948205.948216"}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1852096.1852097","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1852096.1852097","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:08:17Z","timestamp":1750248497000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1852096.1852097"}},"subtitle":["Client Density Estimation via DNS Cache Probing"],"short-title":[],"issued":{"date-parts":[[2010,10]]},"references-count":40,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2010,10]]}},"alternative-id":["10.1145\/1852096.1852097"],"URL":"https:\/\/doi.org\/10.1145\/1852096.1852097","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"type":"print","value":"1533-5399"},{"type":"electronic","value":"1557-6051"}],"subject":[],"published":{"date-parts":[[2010,10]]},"assertion":[{"value":"2008-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-03-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-10-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}