MeshTrust: A CDN-Centric Trust Model for Reputation Management on Video Traffic

  • Xiang Tian
  • Yujia ZhuEmail author
  • Zhao Li
  • Chao Zheng
  • Qingyun Liu
  • Yong Sun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11537)


Video applications today are more often deploying content delivery networks (CDNs) for content delivery. However, by decoupling the owner of the content and the organization serving it, CDNs could be abused by attackers to commit network crimes. Traditional flow-level measurements for generating reputation of IPs and domain names for video applications are insufficient. In this paper, we present MeshTrust, a novel approach that assessing reputation of service providers on video traffic automatically. We tackle the challenge from two aspects: the multi-tenancy structure representation and CDN-centric trust model. First, by mining behavioral and semantic characteristics, a Mesh Graph consisting of video websites, CDN nodes and their relations is constructed. Second, we introduce a novel CDN-centric trust model which transforms Mesh Graph into Trust Graph based on extended network embedding methods. Based on the labeled nodes in Trust Graph, a reputation score can be easily calculated and applied to real-time reputation management on video traffic. Our experiments show that MeshTrust can differentiate normal and illegal video websites with accuracy approximately 95% in a real cloud environment.


CDN Reputation management Network embedding DNS Trust model Video traffic analysis 



We would like to thank hard work of MESA TEAM ( This work was supported by National Key R&D Program 2016 (Grant No. 2016YFB0801300); the Strategic Priority Research Program of the Chinese Academy of Sciences (Grant No. XDC02030600). The corresponding author is Yujia Zhu.


  1. 1.
    Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: USENIX Security Symposium, pp. 273–290 (2010)Google Scholar
  2. 2.
    Berger, A., D’Alconzo, A., Gansterer, W.N., Pescapé, A.: Mining agile DNS traffic using graph analysis for cybercrime detection. Comput. Netw. 100, 28–44 (2016)CrossRefGoogle Scholar
  3. 3.
    Bermudez, I.N., Mellia, M., Munafo, M.M., Keralapura, R., Nucci, A.: DNS to the rescue: discerning content and services in a tangled web. In: Proceedings of the 2012 Internet Measurement Conference, pp. 413–426. ACM (2012)Google Scholar
  4. 4.
    Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: Ndss (2011)Google Scholar
  5. 5.
    Cai, H., Zheng, V.W., Chang, K.: A comprehensive survey of graph embedding: problems, techniques and applications. IEEE Trans. Knowl. Data Eng. 30, 1616–1637 (2018)CrossRefGoogle Scholar
  6. 6.
    Canali, D., Cova, M., Vigna, G., Kruegel, C.: Prophiler: a fast filter for the large-scale detection of malicious web pages. In: Proceedings of the 20th International Conference on World Wide Web, pp. 197–206. ACM (2011)Google Scholar
  7. 7.
    Chiba, D., et al.: DomainProfiler: discovering domain names abused in future. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 491–502. IEEE (2016)Google Scholar
  8. 8.
    Hohlfeld, O., Rüth, J., Wolsing, K., Zimmermann, T.: Characterizing a meta-CDN. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds.) PAM 2018. LNCS, vol. 10771, pp. 114–128. Springer, Cham (2018). Scholar
  9. 9.
    Khalil, I., Yu, T., Guan, B.: Discovering malicious domains through passive DNS data graph analysis. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 663–674. ACM (2016)Google Scholar
  10. 10.
    Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)
  11. 11.
    Le, A., Markopoulou, A., Faloutsos, M.: PhishDef: URL names say it all. In: 2011 Proceedings IEEE INFOCOM, pp. 191–195. IEEE (2011)Google Scholar
  12. 12.
    Leung, L.: Predicting internet risks: a longitudinal panel study of gratifications-sought, internet addiction symptoms, and social media use among children and adolescents. Health Psychol. Behav. Med. Open Access J. 2(1), 424–439 (2014)CrossRefGoogle Scholar
  13. 13.
    Li, Z., Alrwais, S., Xie, Y., Yu, F., Wang, X.: Finding the linchpins of the dark web: a study on topologically dedicated hosts on malicious web infrastructures. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 112–126. IEEE (2013)Google Scholar
  14. 14.
    McDonald, A., et al.: 403 forbidden: a global view of CDN geoblocking. In: Proceedings of the Internet Measurement Conference 2018, pp. 218–230. ACM (2018)Google Scholar
  15. 15.
    Scott, W., Anderson, T.E., Kohno, T., Krishnamurthy, A.: Satellite: joint analysis of CDNS and network-level interference. In: USENIX Annual Technical Conference, pp. 195–208 (2016)Google Scholar
  16. 16.
    Singh, R., Dunna, A., Gill, P.: Characterizing the deployment and performance of multi-CDNS. In: Proceedings of the Internet Measurement Conference 2018, pp. 168–174. ACM (2018)Google Scholar
  17. 17.
    Tang, J., Qu, M., Wang, M., Zhang, M., Yan, J., Mei, Q.: Line: large-scale information network embedding. In: Proceedings of the 24th International Conference on World Wide Web, pp. 1067–1077. International World Wide Web Conferences Steering Committee (2015)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Xiang Tian
    • 1
    • 2
    • 3
  • Yujia Zhu
    • 2
    • 3
    Email author
  • Zhao Li
    • 1
    • 2
    • 3
  • Chao Zheng
    • 2
    • 3
  • Qingyun Liu
    • 2
    • 3
  • Yong Sun
    • 2
    • 3
  1. 1.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  2. 2.National Engineering Laboratory for Information Security TechnologiesBeijingChina
  3. 3.Institute of Information EngineeringChinese Academy of SciencesBeijingChina

Personalised recommendations