Data Scientist, Reshaping Retail.
ALDI SÜD, International Data & Analytics.
PDF
DOI
slides
video
[ Related · Ingmar at RIPE ]
Detecting where traffic enters a network can enhance network operation, but poses a complex measurement problem that requires analyzing a continuous traffic stream from all border routers—an infeasible task for most ISPs in the absence of a scalable inference approach. To enable ISPs to perform Ingress Point Detection (IPD), we propose an efficient approach that accurately identifies traffic ingress points in ISPs of any size using flow-level traffic traces. IPD identifies the specific router and interface through which a particular segment of the Internet address space enters a network. IPD splits the address space into fine-grained ranges to identify the specific router and interface through which segments of the address space enter the network.We have deployed IPD for six years at a major tier-1 ISP with an international network that handles multi-digit Tbit/s traffic levels, and our experience shows that IPD can accurately identify ingress points and scale to high traffic loads on a single commodity server. IPD enabled the ISP to improve network operations by identifying performance issues and realizing advanced traffic engineering practices.
PDF
Poster
DOI
[ Related · see our earlier pre-print version ]
During the first days of the 2022 Russian invasion of Ukraine, Russia’s media regulator blocked access to many global social media platforms and news sites, including Twitter, Facebook, and the BBC. To bypass the information controls set by Russian authorities, pro-Ukrainian groups explored unconventional ways to reach out to the Russian population, such as posting war-related content in the user reviews of Russian businesses available on Google Maps or Tripadvisor. This paper provides a first analysis of this new phenomenon by analyzing the unconventional strategies used to avoid state censorship in the Russian Federation during the conflict. Specifically, we analyze reviews posted on these platforms from the beginning of the war to September 2022. We measure the channeling of war-related messages through user reviews on Tripadvisor and Google Maps. Our analysis of the content posted on these services reveals that users leveraged these platforms to seek and exchange humanitarian and travel advice, but also to disseminate disinformation and polarized messages. Finally, we analyze the response of platforms in terms of content moderation and their impact.
Nowadays day-to-day digital communication and social life has only fortified with the ongoing pandemic. People enjoy communication and information across various (direct) messaging platforms and accepted its ever-increasing impact on public discourse, and thus society. While most traditional platforms implement user profiles enabling social credit, the new landscape now also includes anonymity. Yet, a new type of applications combining anonymity with a strong spatial focus, hyperlocality, emerged over recent years. To this point, platform implications of both uniquely combined design properties largely remain unknown. In this thesis (with minor exceptions) we provide a first data-driven holistic view on Jodel that combines both properties. We leverage unbiased and complete ground truth information to dissect a plethora of communities across two different countries: Germany & the Kingdom of Saudi Arabia. This work follows a platform perspective identifying four major essentially important areas revolving around the individual. That is, we begin with a broad analysis of three User Adoption processes along three different applications. After discussing our measurements of the start and user base adoption of the German COVID-19 digital contact tracing application, we provide evidence of well-established platforms being re-purposed as a side channel to evade censorship in the ongoing Russo-Ukrainian hybrid war. We further showcase that even the very same platform ingredients may yield vastly different outcomes on the messaging app Jodel. While any online platform builds upon user User Interactions, we structurally characterize Jodel behavior across both countries. We discuss structural disparities and detail platform implications - solely induced by local user behavior. An in-depth look into the Saudi community landscape closes a research gap to platform usage in non-Western societies, identifying fundamental differences. Further, we discuss User Content analyzing information diffusion. Taking content to the next level, we developed a multidimensional classification scheme for intents (why) and topics (what) of social media messages and provide details of a crowdsourced campaign for Saudi Arabian contents. With neural word embeddings as a tool for making text tangible and the prevalence of emoji in social media communication, we discuss quantitative & qualitative insights to word-emoji embeddings reflecting semantics. Additionally, we make such embeddings interpretable and provide evidence that our method is well in line with human judgement. In terms of User Management, we detail insights to distributed moderation processes and model the threat of abusive content. In the long term, platforms need to establish a sustainable, preferably growing, environment. That is, we next discuss user lifetime and possibly early churn factors, while modeling user lifetime from metadata. We finish with a blueprint of data-driven long term quality of experience analyzes in a controlled massively multiplayer online game (MMOG) environment.
PDF
arXiv
DOI
[ Related · see our updated paper at ICWSM'24 ]
During the first days of the 2022 Russian invasion of Ukraine, Russia’s media regulator blocked access to many global social media platforms and news sites, including Twitter, Facebook, and the BBC. To bypass the information controls set by Russian authorities, pro-Ukrainian groups explored unconventional ways to reach out to the Russian population, such as posting war-related content in the user reviews of Russian business available on Google Maps or Tripadvisor. This paper provides a first analysis of this new phenomenon by analyzing the creative strategies to avoid state censorship. Specifically, we analyze reviews posted on these platforms from the beginning of the conflict to September 2022. We measure the channeling of war messages through user reviews in Tripadvisor and Google Maps, as well as in VK, a popular Russian social network. Our analysis of the content posted on these services reveals that users leveraged these platforms to seek and exchange humanitarian and travel advice, but also to disseminate disinformation and polarized messages. Finally, we analyze the response of platforms in terms of content moderation and their impact.
A subset of massively multiplayer online games (MMOG) feature long-term game rounds in which players interact for months or even years. The player experience of such long-term games cannot be entirely captured by current study methods, in particular not at scale assessing large player populations. To address this challenge, we posit that long-term, round based games such as Tribal Wars (browser-based) enable a data-driven perspective on long-term game dynamics and experience. In a preliminary study, we monitor and characterize the entire longitudinal game state of a Tribal Wars round that was played by 16k players for 1.5 years, enabling us to investigate behavioral patterns of all active players. We identify features that capture the in-game success and relate to the player experience. We show that only successful players keep up playing. We open source our dataset enabling reproducibility & future research.
We study the extent to which emoji can be used to add interpretability to embeddings of text and emoji. To do so, we extend the POLAR-framework that transforms word embeddings to interpretable counterparts and apply it to word-emoji embeddings trained on four years of messaging data from the Jodel social network. We devise crowdsourced human judgement experiment to study six use-cases, evaluating against words only, what role emoji can play in adding interpretability to word embeddings. That is, we use a revised POLAR approach interpreting words and emoji with words, emoji or both according to human judgement. We find statistically significant trends demonstrating that emoji can be used to interpret other emoji very well.
Social media is subject to constant growth and evolution, yet little is known about their early phases of adoption. To shed light on this aspect, this paper empirically characterizes the initial and country-wide adoption of a new type of social media in Saudi Arabia that happened in 2017. Unlike established social media, the studied network Jodel is anonymous and location-based to form hundreds of independent communities country-wide whose adoption pattern we compare. We take a detailed and full view from the operators perspective on the temporal and geographical dimension on the evolution of these different communities—from their very first the first months of establishment to saturation. This way, we make the early adoption of a new type of social media visible, a process that is often invisible due to the lack of data covering the first days of a new network.
In this paper, we study what users talk about in a plethora of independent hyperlocal and anonymous online communities in a single country: Saudi Arabia (KSA). We base this perspective on performing a content classification of the Jodel network in the KSA. To do so, we first contribute a content classification schema that assesses both the intent (why) and the topic (what) of posts. We use the schema to label 15k randomly sampled posts and further classify the top 1k hashtags. We observe a rich set of benign (yet at times controversial in conservative regimes) intents and topics that dominantly address information requests, entertainment, or dating/flirting. By comparing two large cities (Riyadh and Jeddah), we further show that hyperlocality leads to shifts in topic popularity between local communities. By evaluating votes (content appreciation) and replies (reactions), we show that the communities react differently to different topics; e.g. entertaining posts are much appreciated through votes, receiving the least replies, while beliefs & politics receive similarly few replies but are controversially voted.
In this paper, we empirically analyze two examples of a Western (DE) versus Middle-East (SA) Online Social Messaging App. By focusing on the system interactions over time in comparison, we identify inherent differences in user engagement. We take a deep dive and shed light onto differences in user attention shifts and showcase their structural implications to the user experience. Our main findings show that in comparison to the German counterparts, the Saudi communities prefer creating content in longer conversations, while voting more conservative.
In this work, we predict the user lifetime within the anonymous and location-based social network Jodel in the Kingdom of Saudi Arabia. Jodel’s location-based nature yields to the establishment of disjoint communities country-wide and enables for the first time the study of user lifetime in the case of a large set of disjoint communities. A user’s lifetime is an important measurement for evaluating and steering customer bases as it can be leveraged to predict churn and possibly apply suitable methods to circumvent potential user losses. We train and test off the shelf machine learning techniques with 5-fold crossvalidation to predict user lifetime as a regression and classification problem; identifying the Random Forest to provide very strong results. Discussing model complexity and quality tradeoffs, we also dive deep into a time-dependent feature subset analysis, which does not work very well; Easing up the classification problem into a binary decision (lifetime longer than timespan 𝑥) enables a practical lifetime predictor with very good performance.We identify implicit similarities across community models according to strong correlations in feature importance. A single countrywide model generalizes the problem and works equally well for any tested community; the overall model internally works similar to others also indicated by its feature importances.
On June 16, 2020, Germany launched an open-source smartphone contact tracing app (“Corona-Warn-App”) to help tracing SARSCoV- 2 (coronavirus) infection chains. It uses a decentralized, privacy preserving design based on the Exposure Notification APIs in which a centralized server is only used to distribute a list of keys of SARSCoV-2 infected users that is fetched by the app once per day. Its success, however, depends on its adoption. In this poster, we characterize the early adoption of the app using Netflow traces captured directly at its hosting infrastructure. We show that the app generated traffic from allover Germany—already on the first day. We further observe that local COVID-19 outbreaks do not result in noticeable traffic increases.
We train word-emoji embeddings on large scale messaging data obtained from the Jodel online social network. Our data set contains more than 40 million sentences, of which 11 million sentences are annotated with a subset of the Unicode 13.0 standard Emoji list. We explore semantic emoji associations contained in this embedding by analyzing associations between emojis, between emojis and text, and between text and emojis. Our investigations demonstrate anecdotally that word-emoji embeddings trained on large scale messaging data can reflect real-world semantic associations. To enable further research we release the Jodel Emoji Embedding Dataset (JEED1488) containing 1488 emojis and their embeddings along 300 dimensions.
PDF
[ Venue in Liguistics ]
In recent years the study of social media communities has come into the focus of research. One open but central question is which properties stimulate user interaction within communities and thus contribute to community building. In this paper, we provide a first step towards answering this question by identifying features in the Jodel microblogging app that trigger user responses as one form of attention. Jodel is a geographically restricted app that allows users to post threads and comments anonymously. The absence of displayed user information on Jodel makes the posted content the only trigger for user interaction, making the language the one and only means for users to gather contextual implications about their discourse partners. This enhanced function of language promises a revealing baseline investigation into linguistic behavior on social media.
To approach this issue, we conducted a sequence of lexico-grammatical analyses and subjected the quantitative results to various statistical tests. While a Principal Component Analysis did not show a significant difference between the grammatical structure of original posts with and without answers, a negative binomial regression model focusing on the interpersonal meta-function yielded significant results. A further analysis of these features correlated to shorter or longer response times showed significant results for the interrogative mood. Additionally, keyword analyses revealed significant differences between posts with answers and without answers. Our study provides a promising first step towards understanding textual features triggering user interaction and thereby community building – an unresolved problem of practical relevance to social network operation.
High packet rates at ≥ 10 GBit/s challenge the packet processing performance of network stacks. A common solution is to offload (parts of) the user-space packet processing to other execution environments, e.g., into the device driver (kernel-space), the NIC or even from virtual machines into the host operating system (OS), or any combination of those. While common wisdom states that offloading optimizes performance, neither benefits nor negative effects are comprehensively studied. In this paper, we aim to shed light on the benefits and shortcomings of eBPF/XDP-based offloading from the user-space to i) the kernel-space or ii) a smart NIC-including VM virtualization. We show that offloading can indeed optimize packet processing, but only if the task is small and optimized for the target environment. Otherwise, offloading can even lead to detrimental performance.
This paper studies for the first time the usage and propagation of hashtags in a new and fundamentally different type of social media that is i) without profiles and ii) location-based to only show nearby posted content. Our study is based on analyzing the mobile-only Jodel microblogging app, which has an established user base in several European countries and Saudi Arabia. All posts are user to user anonymous (i.e., no displayed user handles) and are only displayed in the proximity of the user’s location (up to 20 km). It thereby forms local communities and opens the question of how information propagates within and between these communities. We tackle this question by applying established metrics for Twitter hashtags to a ground-truth data set of Jodel posts within Germany that spans three years. We find the usage of hashtags in Jodel to differ from Twitter; despite embracing local communication in its design, Jodel hashtags are mostly used country-wide.
PDF
arXiv
[ Related · see our paper at ITC'18 ]
As network speed increases, servers struggle to serve all requests directed at them. This challenge is rooted in a partitioned data path where the split between the kernel space networking stack and user space applications induces overheads. To address this challenge, we propose Santa, a new architecture to optimize the data path by enabling server applications to partially offload packet processing to a generic rule processor. We exemplify Santa by showing how it can drastically accelerate kernel-based packet processing - a currently neglected domain. Our evaluation of a broad class of applications, namely DNS, Memcached, and HTTP, highlights that Santa can substantially improve the server performance by a factor of 5.5, 2.1, and 2.5, respectively.
PDF
slides
[ Related · see our full tech report ]
As network speed increases, servers struggle to serve all requests directed at them. This challenge is rooted in a partitioned data path where the split between the kernel space networking stack and user space applications induces overheads. To address this challenge, we propose Santa, an architecture to optimize the data path by enabling server applications to (partially) offload packet processing to a generic rule processor. We exemplify Santa by showing how it can drastically accelerate UDP packet processing in the Linux kernel—a currently neglected domain. Our evaluation focuses on accelerating DNS traffic for which we find a performance increase by a factor of 5.5 on realworld request pattern.
The Internet of Things (IoT) permeates our everyday life, e.g., in the area of health monitoring, wearables, industry, and home automation. It comprises devices that provide only limited resources, operate in challenging network conditions, and are often battery-powered. To embed these devices into the Internet, they are envisioned to operate standard protocols. Yet, these protocols occupy the majority of limited program memory resources. Thus, devices can neither add application logic nor apply security updates or adopt optimizations for efficiency. This problem will further exacerbate in the future as the further ongoing permeation of smart devices in our environment demands for more and more functionality.
To overcome limited functionality due to resource constraints, we show that not all functionality is required in parallel, and thus can be SPLIT in a feasible manner. This enables on-demand loading of functionality outsourced as (multiple) modules to the significantly lesser constrained flash storage of devices. We exemplify efficient modularization of DTLS and show that SPLIT enables operation of large protocol stacks while it incurs reasonable, tunable performance trade-offs. Our use case specific results show an initial runtime overhead of 23.34 % and 4.9 % for subsequent protocol executions.
Social networks have become a popular Internet service and exist in various flavors. These flavors can be categorized by i) infrastructure (e.g., centralized vs. decentralized / P2P), ii) user profile (e.g., real names, pseudonyms, or anonymity), iii) geographic coverage (e.g., global vs. regional), or iv) functionality (e.g., microblogging on Twitter or questions on Stackoverflow). Most prominent networks are centralized, provide global coverage and usually do not permit anonymous use (e.g., Facebook). A large body of research has focused on understanding these networks and user behavior by analyzing underlying friendship/connection graphs, content, or usage pattern. Besides these well-known and well-studied networks, there exists a rising demand for both i) location-based/regional (e.g., Nextdoor) and ii) anonymous (e.g., Whisper) networks. Anonymous networks and location-based network have yet, however, not received much attention in scientific literature.
In this poster, we present initial results obtained by crawling an emerging anonymous and location-based social network for more than one year. This network is predominant in Germany and Scandinavia and is currently expanding across Europe and other continents. It enables users to post text content or images and to comment on posts within threads. It differs from other social networks by two aspects: 1) It is location based and only displays posts sent within close (e.g., 10km) geographic proximity; 2) All communication is anonymous by not displaying user handles. Users are only enumerated by posting order within a single discussion thread, to enable users referencing to each other within a discussion.
To prevent abuse, the network employs a community filtering and moderation system. This community moderation follows a simple filtering scheme which prefers mainstream content: posts may be voted up or down resulting in a cumulative score. When the per-post or answer score exceeds a negative score of -5, it is not being shown anymore. To increase user engagement and voting, the network applies gamification by awarding “Karma” points that users collect by either voting or posting content that is upvoted by others. Further, harmful or non-policy compliant content can be flagged for moderation. Such reported content is reviewed by volunteering community moderators (selected by properties like activity or Karma scores) and is kept or removed according to the moderators' majority vote. For an anonymous social network, community moderation is a key success parameter to prevent harmful or abusive content. The recent downfall of the YikYak anonymous network highlighted that unsuccessfully preventing adverse content can seriously hurt the network.
To study the network, we retrieve posts by performing continuous crawls from about 200 cities for a period of more than one year summing up to about NNN posts. Based on this data, we present preliminary results on the network in terms of activity within different cities and posted content. We further present preliminary results from studying the networks community moderation system. By discussing our first results with the IMC community, we aim to shed light on an emerging and less studied type of social network.
Various Internet of Things and Industry 4.0 use cases such as city-wide monitoring, Smart Grid control, or machine control, require low-latency distributed processing of continuous data streams. This fact has boosted research on making Stream Processing Frameworks (SPFs) IoT-ready, meaning that their cloud and IoT service management mechanisms (e.g., task placement, load balancing, algorithm selection) need to consider new requirements derived from IoT-specific characteristics, i.e., ultra low latency due to physical interactions. Although various extensions have appeared to optimize such SPF-provided mechanisms, they still lack the modules, data models, and algorithms to properly handle algorithm selection in IoT deployments. The algorithm selection problem refers to selecting dynamically which internal logic a deployed streaming task should use in case of various alternatives. To the best of our knowledge, this work is the first solution that adds this capability to SPFs. Our solution is based on i) architectural extensions of typical SPF middleware, ii) a new schema for characterizing algorithmic performance in the targeted context, and iii) a streaming-specific optimization problem formulation. We implemented our solution as an extension to Apache Storm and demonstrate how it can reduce stream processing latency by up to a factor of 2.9 in the tested scenarios.
Database architectures have fundamentally advanced (in-memory, parallelization, distribution) to support faster query execution and to manage higher workloads. Due to these advances, networking overheads have now become a new performance challenge, which is currently only tackled by Remote Direct Memory Access (RDMA). Fortunately, networking has recently made considerable latency and throughput improvements via kernel optimizations or by employing new architectures, e.g., kernel bypassing or specialized hardware.
We show that improved networking architectures indeed offer substantial—and currently unexplored—potential for database performance improvements regarding throughput, CPU-load, end-to-end and tail latency. To prove this potential, we used Santa, a packet processing offloading engine exemplarily implemented in the Linux kernel. Our results clearly remark reduced end-to-end latencies and throughput increases for both Memcached and MySQL by a factor of up to 1.5 and 3.3, respectively.
· Projects · Publications Teaching · Supervision ·
.