Zihui Ge

• phd
• LMTS at AT&T

Configuration tuning is one of the top network operational tasks for Cellular Service Providers (CSPs), and is typically done to either restore performance during degraded network conditions such as congestion, failure, planned upgrades, or optimize service performance through change trials. A long-standing challenge in tuning has been to associate...

Traffic migration is a common procedure performed by operators during planned maintenance and unexpected incidents to prevent/reduce service disruptions. However, current practices of traffic migration often couple operators' intentions (e.g. device upgrades) with network setups (e.g. load-balancers), resulting in poor re-usability and substantial...

Backhaul transport network design and optimization for cellular service providers involve a unique challenge stemming from the fact that an end-user's equipment (UE) is within the radio reach of multiple cellular towers: It is hard to evaluate the impact of the failure of the UE's primary serving tower on the UE, because the UE may simply switch to...

Recent deployments of Network Function Virtualization (NFV) architectures have gained tremendous traction. While virtualization introduces benefits such as lower costs and easier deployment of network functions, it adds additional layers that reduce transparency into faults at lower layers. To improve fault analysis and prediction for virtualized n...

Backhaul transport network design and optimization for cellular service providers involve a unique challenge stemming from the fact that an end-user's equipment (UE) is within the radio reach of multiple cellular towers: It is hard to evaluate the impact of the failure of the UE's primary serving tower on the UE, because the UE may simply switch to...

Backhaul transport network design and optimization for cellular service providers involve a unique challenge stemming from the fact that an end-user's equipment (UE) is within the radio reach of multiple cellular towers: It is hard to evaluate the impact of the failure of the UE's primary serving tower on the UE, because the UE may simply switch to...

Backhaul transport network design and optimization for cellular service providers involve a unique challenge stemming from the fact that an end-user's equipment (UE) is within the radio reach of multiple cellular towers: It is hard to evaluate the impact of the failure of the UE's primary serving tower on the UE, because the UE may simply switch to...

Providing high end-to-end (E2E) performance experienced by users is critical for cellular service providers to best serve their customers. This paper focuses on the detection and localization of E2E performance degradation (such as slow webpage page loading and unsmooth video playing) at cellular service providers. Detecting and localizing E2E perf...

Efficient management and control of modern and next-gen networks is of paramount importance as networks have to maintain highly reliable service quality whilst supporting rapid growth in traffic demand and new application services. Rapid mitigation of network service degradations is a key factor in delivering high service quality. Automation is vit...

Firewalls are critical security devices handling all traffic in and out of a network. Firewalls, like other software and hardware network devices, have vulnerabilities, which can be exploited by motivated attackers. However, just like any other networking and computing devices, firewalls often have vulnerabilities that can be exploited by attackers...

Cellular networks are constantly evolving due to frequent changes in radio access and end user equipment technologies, applications, and traffic. Network upgrades should be performed with extreme caution since millions of users heavily depend on the cellular networks. Before upgrading the entire network, it is important to conduct field evaluation...

Cellular networks are constantly evolving due to frequent changes in radio access and end user equipment technologies, applications, and traffic. Network upgrades should be performed with extreme caution since millions of users heavily depend on the cellular networks. Before upgrading the entire network, it is important to conduct field evaluation...

Planned upgrades in cellular networks occur every day, may often need to be performed on weekdays, and can potentially degrade service for customers. In this paper, we explore the problem of tuning network configurations in order to mitigate any potential impact due to a planned upgrade which takes the base station off-air. The objective is to reco...

We present our proposed ABSENCE system which detects service disruptions in mobile networks using aggregated customer usage data. ABSENCE monitors aggregated customer usage to detect when aggregated usage is lower than expected in a given geographic region (e.g., zip code), across a given customer device type, or for a given service. Such a drop in...

Nowadays mobile device (e.g., smartphone) users not only have a high expectation on the availability of the cellular data service, but also increasingly depend on the high end-to-end (E2E) performance of their applications. Since the E2E performance of individual application sessions may vary greatly, depending on factors such as the cellular netwo...

A technique for monitoring performance in a network uses passively monitored traffic data at the server access routers. The technique aggregates performance metrics into clusters according to a spatial hierarchy in the network, and then aggregates performance metrics within spatial clusters to form time series of temporal bins. Representative value...

The explosive increase in cellular network traffic, users, and applications, as well as the corresponding shifts in user expectations, has created heavy needs and demands on cellular data providers. In this paper we address one such need: mining the logs of cellular voice and data traffic to rapidly detect network performance anomalies and other ev...

Systems and methods to model user activity information associated with a network system are provided. A particular method includes receiving, at a computing device, a request for user activity information associated with selected channels of a television access network that provides multimedia content to users. The method includes executing a model...

A system that incorporates teachings of the present disclosure may include, for example, obtaining regression coefficients that quantify a relationship between premises feedback and first network and premises performance indicators, obtaining second network performance indicators for the network elements, obtaining second premises performance indic...

In order to ensure the service quality, modern Internet Service Providers (ISPs) invest tremendously on their network monitoring and measurement infrastructure. Vast amount of network data, including device logs, alarms, and active/passive performance measurement across different network protocols and layers, are collected and stored for analysis....

Cellular network service providers often have to conduct small scale testing in the operational network before a change (e.g., a new feature) is fully rolled out across the entire network. This is referred to as the First Field Application (FFA). However, assessing the effectiveness of FFA changes is challenging because of overlapping external fact...

The rapid advancement of smartphones has instigated tremendous data applications for cell phones. Supporting simultaneous voice and data services in a cellular network is not only desirable but also becoming indispensable. However, if the voice and data are serviced through the same antenna (like the 3G UMTS network), a voice call with data session...

User mobility prediction can enable a mobile service provider to optimize the use of its network resources, e.g., through coordinated selection of base stations and intelligent content prefetching. In this paper, we study how to perform mobility prediction by leveraging the base station level location information readily available to a service prov...

The security of the networking infrastructure (e.g., routers and switches) in large scale enterprise or Internet service provider (ISP) networks is mainly achieved through mechanisms such as access control lists (ACLs) at the edge of the network and deployment of centralized AAA (authentication, authorization and accounting) systems governing all a...

Firewalls are critical security devices handling all traffic in and out of a network. Firewalls, like other software and hardware network devices, have vulnerabilities, which can be exploited by motivated attackers. However, because firewalls are usually placed in the network such that they are transparent to the end users, it is very hard to ident...

We study the problem of scalable monitoring of operational 3G wireless networks. Threshold-based performance monitoring in large 3G networks is very challenging for two main factors: large network scale and dynamics in both time and spatial domains. A fine-grained threshold setting (e.g., perlocation hourly) incurs prohibitively high management com...

Recent trends in the networked services industry (e.g., CDN, VPN, VoIP, IPTV) see Internet Service Providers (ISPs) leveraging their existing network connectivity to provide an end-to-end solution. Consequently, new opportunities are available to monitor and improve the end-to-end service quality by leveraging the information from inside the networ...

Service quality in operational IP networks can be impacted due to planned or unplanned maintenance. During any maintenance activity, the responsibility of the operations team is to complete the work order and perform a check-up to ensure there are no unexpected service disruptions. Once the maintenance is complete, it is crucial to continuously mon...

In large-scale IPTV systems, it is essential to maintain high service quality while providing a wider variety of service features than typical traditional TV. Thus service quality assessment systems are of paramount importance as they monitor the user-perceived service quality and alert when issues occurs. For IPTV systems, however, there is no sim...

Recent advances in residential broadband access technologies have led to a wave of commercial IPTV deployments. As IPTV services are rolled out at scale, it is essential for IPTV systems to maintain ultra-high reliability and performance. A major issue that disrupts IPTV service is the crash of the set-top box (STB) software. The STB directly resid...

Threshold-based performance monitoring in large 3G networks is very challenging for two main factors: large network scale and dynamics in both time and spatial domains. There exists a fundamental tradeoff between the size of threshold settings and the alarm quality. In this paper, we propose a scalable monitoring solution, called threshold-compress...

The volume of Internet traffic over 3G wireless networks is sharply rising. In contrast to many Internet services utilizing replicated resources, such as Content Distribution Networks (CDN), the current 3G standard architecture employs hierarchical routing, where all user data traffic goes through a small number of aggregation points using logical...

A cardinal prerequisite for the proper and efficient management of a network, especially an ISP network, is to understand the traffic that it carries. Traffic profiling is a means to obtain knowledge of the traffic behavior. Previous work has been focusing on traffic profiling at the link level or the host level. However, network prefix-level traff...

As IP networks have become the mainstay of an increasingly diverse set of applications ranging from Internet games and streaming videos, to e-commerce and online-banking, and even to mission-critical 911, best effort service is no longer acceptable. This requires a transformation in network management from detecting and replacing individual faulty...

Router syslogs are messages that a router logs to describe a wide range of events observed by it. They are considered one of the most valuable data sources for monitoring network health and for trou- bleshooting network faults and performance anomalies. However, router syslog messages are essentially free-form text with only a minimal structure, an...

Social media sites such as Twitter continue to grow at a fast pace. People of all generations use social media to exchange messages and share experiences of their life in a timely fashion. Most of these sites make their data available. An intriguing question is can we exploit this real-time and massive data-flow to improve business in a measurable...

Networks continue to change to support new applications, improve reliability and performance and reduce the operational cost. The changes are made to the network in the form of upgrades such as software or hardware upgrades, new network or service features and network configuration changes. It is crucial to monitor the network when upgrades are mad...

The user experience for networked applications is becoming a key benchmark for customers and network providers. Perceived user experience is largely determined by the frequency, duration and severity of network events that impact a service. While today's networks implement sophisticated infrastructure that issues alarms for most failures, there rem...

This chapter discusses the systems, activities, and challenges associated with daily operation of large IP/MPLS networks. Specifically, this chapter focuses on detecting, troubleshooting, and resolving faults and performance events. It highlights how network performance and health is managed over time, with emphasis on the application and challenge...

An increasingly diverse set of applications, such as Internet games, streaming videos, e-commerce, online banking, and even mission-critical emergency call services, all relies on IP networks. In such an environment, best-effort service is no longer acceptable. This requires a transformation in network management from detecting and replacing indivi...

Internet Protocol Television (IPTV) has emerged as a new deliv- ery method for TV. In contrast with native broadcast in traditional cable and satellite TV system, video streams in IPTV are encoded in IP packets and distributed using IP unicast and multicast. This new architecture has been strategically embraced by ISPs across the globe, recognizing...

IPTV is increasingly being deployed and offered as a commercial service to residential broadband customers. Compared with traditional ISP networks, an IPTV distribution network (i) typically adopts a hierarchical instead of mesh-like structure, (ii) imposes more stringent requirements on both reliability and performance, (iii) has different distrib...

Understanding the channel popularity or content popularity is an important step in the workload characterization for modern infor- mation distribution systems (e.g., World Wide Web, peer-to-peer file-sharing systems, video-on-demand systems). In this paper, we focus on analyzing the channel popularity in the context of Inter- net Protocol Televisio...

Understanding the channel popularity or content popularity is an important step in the workload characterization for modern information distribution systems (e.g., World Wide Web, peer-to-peer file-sharing systems, video-on-demand systems). In this paper, we focus on analyzing the channel popularity in the context of Internet Protocol Television (I...

Chronic network conditions are caused by performance im- pairing events that occur intermittently over an extended pe- riod of time. Such conditions can cause repeated perfor- mance degradation to customers, and sometimes can even turn into serious hard failures. It is therefore critical to trou- bleshoot and repair chronic network conditions in a...

Traditional Internet traffic studies have primarily focused on the temporal characteristics of packet traces as observed on a single link within an ISP’s network. They have contributed to advances in the areas of self-similar stochastic processes, long-range dependence, and heavy-tailed distributions and have demonstrated the benefits of applying a...

Under device failures and maintenance activities, network resources reduce and congestion may arise inside networks. As a result, users experience degraded performance on packet delays and losses. Traditional approaches focused on rerouting traffic to alleviate network congestion and improve users' performance. However, due to the network capacity...

Traffic application classification is an essential step in the network management process to provide high availability of network ser-vices. However, network management has seen limited use of traf-fic classification because of the significant overheads of existing techniques. In this context we explore the feasibility and perfor-mance of lightweig...

The wide availability of broadband networking technologies such as cable modems and DSL coupled with the growing popularity of the Internet has led to a dramatic increase in the availability and the use of online streaming media. With the ìlast mileî network bandwidth no longer a constraint, the bottleneck for video streaming has been pushed closer...

One of the key infrastructure components in all telecommunication networks, ranging from the telephone network to VC-oriented data networks to the Internet, is its signaling system. Two broad approaches towards signaling can be identified: so-called hard-state and soft-state approaches. Despite the fundamental importance of signaling, our understan...

The overall efficiency, reliability, and availability of a firewall is crucial in enforcing and administrating securit y, especially when the network is under attack. The continuous growth of th e Internet, coupled with the increasing sophistication of th e attacks, is placing stringent demands on firewall performance. These ch allenges require new...

The overall performance of a firewall is crucial in enforcing and administrating security, especially when the network is under attack. The continuous growth of the Internet, coupled with the increasing sophistication of the attacks, is placing stringent demands on firewall performance. In this paper, we describe a traffic-aware optimization framew...

Estimation of trafc matrices, which provide critical input for net- work capacity planning and trafc engineering, has recently been recognized as an important research problem. Most of the previ- ous approaches infer trafc matrix from either SNMP link loads or sampled NetFlow records. In this work, we design novel infer- ence techniques that, by st...

Estimation of traffic matrices, which provide critical input for network capacity planning and traffic engineering, has recently been recognized us an important research problem. Most of the previous approaches infer traffic matrix from either SNMP link loads or sampled NetFlow records. In this work, we design novel inference techniques that, by st...

The overall performance of a firewall is crucial in enforcing and administrating security, especially when the network is under attack. The continuous growth of the Internet, coupled with the increasing sophistication of the attacks, is placing stringent demands on firewall performance. Under such circumstances it becomes very vital to understand t...

The distribution of broadcast TV across large provider networks has become a highly topical subject as satellite distribution capacity exhausts and competitive pressures increase. In a typical IPTV architecture, broadcast TV is distributed from two sources (for redundancy) to multiple destinations. The aim of this paper is to examine how IPTV can b...

Abstract - Routing optimization is used to find a set of routes that minimizes cost (delay, utilization) Previous work has ad - dressed this problem for the case of a known, static end - to - end traffic matrix In the Internet, it is difficult to accurately estimate a traffic matrix, and the constantly changing nature of Internet traffic makes it c...

In the publish/subscribe paradigm, information is disseminated from publishers to subscribers that are interested in receiving the information. In practice, information dissemination is often restricted by policy constraints due to concerns such as security or confidentiality agreement. Meanwhile, to avoid overwhelming subscribers by the vast amoun...

Anomaly detection is a first and important step needed to resp ond to unexpected problems and to assure high performance and se- curity in IP networks. We introduce a framework and a power- ful class of algorithms for network anomography, the problem of inferring network-level anomalies from widely available data ag- gregates. The framework contain...

A traffic matrix represents the amount of traffic between origin and destination in a network. It has tremendous potential utility for many IP network engineering applications, such as network survivability analysis, traffic engineering, and capacity planning. Recent advances in traffic matrix estimation have enabled ISPs to measure traffic matrice...

Subset Difference Revocation (SDR) [7] has been proposed to perform group rekeying in a stateless manner. However, statelessness comes at a cost in terms of key storage and messaging overhead when the number of currently active members is much smaller than the number of potential group members [3]. In this paper, we propose a dynamic SDR scheme to...

The high bandwidth and the relatively long-lived characteristics of digital video are key limiting factors in the wide-spread usage of streaming content over the Internet. The problem is further complicated by the fact that video popularity changes over time. In this paper, we study caching issues for a cluster-based streaming proxy in the face of...

We compare four different approaches towards modeling frame-level errors in GSM channels. One of these, the Markov-based Trace Analysis model (MTA), was developed for the purpose of model- ing a GSM channel. The next two, -th-order Markov models and hidden Markov models (HMMs) have been widely used to model loss in wired net- works. All three of th...

channels are established between content publishers and content subscribers based on a matching of interests in the content provided by publishers and that requested by subscribers. We present a distributed pub/sub architecture in which end systems and "interior" network elements (such as active routers or application-level relay nodes) known as "m...

The high bandwidth and the relatively long-lived characteristics of digital video are key limiting factors in the wide-spread usage of streaming content over the Internet. The problem is further complicated by the fact that video popularity changes over time. In this paper, we study caching issues for a cluster-based streaming proxy in the face of...

In this paper, we compare two basic approaches towards providing peer-to-peer file-sharing (or more generally, information search) in mobile ad-hoc networks (MANET). The flooding approach broadcasts a query (e.g., to locate a node holding a given file) to all network nodes. The index-server approach adds additional servers (known as index servers)...

The publish/subscribe (pub/sub) paradigm provides content-oriented data dissemination in which communication channels are established between content publishers and content subscribers based on a matching of subscribers interest in the published content provided - a process we refer to as "matchmaking". Once an interest match has been made, content...

Peer-peer networking has recently emerged as a new paradigm for building distributed networked applications. We develop simple mathematical models to explore and illustrate fundamental performance issues of peer-peer file sharing systems. The modeling framework introduced and the corresponding solution methods are flexible enough to accommodate dif...

We provide an overview of SANDS (Specialized Active Networking for Distributed Simulation), a DARPA-ITO sponsored research project that is using active networking to develop a new approach to real-time, content-based information dissemination. Our approach is based on the use of active interest filtering, a publish/subscribe mechanism that uses act...

The wide availability of broadband networking technologies such as cable modems and DSL coupled with the growing popularity of the Internet has led to a dramatic increase in the availability and the use of online streaming media. With the "last mile" network bandwidth no longer a constraint, the bottleneck for video streaming has been pushed closer...

as cable modems and DSL coupled with the growing popularity of the Internet has led to a dramatic increase in the availability and the use of online streaming media. With the "last mile" network bandwidth no longer a constraint, the bottleneck for video streaming has been pushed closer to the server. Streaming high quality audio and video to a myri...

Recent studies [1] have revealed vulnerabilities in the routing infrastructure of the In-ternet. It has been conjectured that these vulnerabilities could lead to cascading failures. In this paper we develop simple models for the interaction of routers, looking specifically at the clique topology. We construct two related models, and our analysis in...

The publish/subscribe (pub/sub) paradigm provides content-oriented data dissemination, where communication channels between content providers and content consumers are set up on the basis of interest matches between content provided by the publishers and content requested by the subscribers. In this paper, we study a distributed matchmaker system w...

In many large scale data dissemination systems, a large number of information flows must be delivered to a large number of information receivers. However, because of differences in interests among receivers, not all receivers are interested in all of the information flows. Multicasting provides the opportunity to deliver a subset of the information...

The study of the Internet topology has recently received much attention from the research community. In particular, the observation that the network graph has interesting properties, such as power laws, that might be explored in a myriad of ways. Most of the work in characterizing the Internet graph is based on the physical network graph, i.e., the...

The publish/subscribe paradigm provides content-oriented data dissemination, where communication channels between content providers and content consumers are set up on the basis of interest matches between content provided by the publishers and content requested by the the subscribers. In this paper, we present a distributed active matchmaker archi...

During the past decade or two, the Internet has wit- nessed an ever escalating demand for protection against unwanted traffic, including those carrying out malicious attacks. Packet filtering has been universally deployed in firewalls to serve as the first defense frontier against such unwanted traffic. Thus far in practice, packet fil- tering in f...

Typescript. Thesis (Ph. D.)--University of Massachusetts at Amherst, 2003. Includes bibliographical references (leaves 120-125).