Full Chapter Security and Privacy in Communication Networks 16Th Eai International Conference Securecomm 2020 Washington DC Usa October 21 23 2020 Proceedings Part Ii Noseong Park PDF
Full Chapter Security and Privacy in Communication Networks 16Th Eai International Conference Securecomm 2020 Washington DC Usa October 21 23 2020 Proceedings Part Ii Noseong Park PDF
Full Chapter Security and Privacy in Communication Networks 16Th Eai International Conference Securecomm 2020 Washington DC Usa October 21 23 2020 Proceedings Part Ii Noseong Park PDF
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-16th-eai-international-conference-
securecomm-2020-washington-dc-usa-october-21-23-2020-proceedings-
part-i-noseong-park/
https://textbookfull.com/product/security-and-privacy-in-
communication-networks-15th-eai-international-conference-
securecomm-2019-orlando-fl-usa-october-23-25-2019-proceedings-
part-ii-songqing-chen/
https://textbookfull.com/product/social-cultural-and-behavioral-
modeling-13th-international-conference-sbp-brims-2020-washington-
dc-usa-october-18-21-2020-proceedings-robert-thomson/
https://textbookfull.com/product/computer-vision-eccv-2020-16th-
european-conference-glasgow-uk-august-23-28-2020-proceedings-
part-ii-andrea-vedaldi/
https://textbookfull.com/product/e-learning-e-education-and-
online-training-6th-eai-international-conference-
eleot-2020-changsha-china-june-20-21-2020-proceedings-part-ii-
shuai-liu/
https://textbookfull.com/product/computer-aided-
verification-32nd-international-conference-cav-2020-los-angeles-
ca-usa-july-21-24-2020-proceedings-part-ii-shuvendu-k-lahiri/
Noseong Park · Kun Sun ·
Sara Foresti · Kevin Butler ·
Nitesh Saxena (Eds.)
336
Part 2
Lecture Notes of the Institute
for Computer Sciences, Social Informatics
and Telecommunications Engineering 336
123
Editors
Noseong Park Kun Sun
Yonsei University George Mason University
Seoul, Korea (Republic of) Fairfax, VA, USA
Sara Foresti Kevin Butler
Dipartimento di Informatica University of Florida
Universita degli Studi Gainesville, FL, USA
Milan, Milano, Italy
Nitesh Saxena
Division of Nephrology
University of Alabama
Birmingham, AL, USA
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, expressed or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.
This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
We are delighted to introduce the proceedings of the 16th EAI International Conference
on Security and Privacy in Communication Networks (SecureComm 2020). This
conference has brought together researchers, developers, and practitioners from around
the world who are leveraging and developing security and privacy technology for a safe
and robust system or network.
These proceedings contain 60 papers, which were selected from 120 submissions
(an acceptance rate of 50%) from universities, national laboratories, and the private
sector from across the USA as well as other countries in Europe and Asia. All the
submissions went through an extensive review process by internationally-recognized
experts in cybersecurity.
Any successful conference requires the contributions of different stakeholder groups
and individuals, who have selflessly volunteered their time and energy in disseminating
the call for papers, submitting their research findings, participating in the peer reviews
and discussions, etc. First and foremost, we would like to offer our gratitude to the
entire Organizing Committee for guiding the entire process of the conference. We are
also deeply grateful to all the Technical Program Committee members for their time
and effort in reading, commenting, debating, and finally selecting the papers. We also
thank all the external reviewers for assisting the Technical Program Committee in their
particular areas of expertise as well as all the authors, participants, and session chairs
for their valuable contributions. Support from the Steering Committee and EAI staff
members was also crucial in ensuring the success of the conference. It was a great
privilege to work with such a large group of dedicated and talented individuals.
We hope that you found the discussions and interactions at SecureComm 2020,
which was held online, enjoyable and that the proceedings will simulate further
research.
Steering Committee
Imrich Chlamtac University of Trento, Italy
Guofei Gu Texas A&M University, USA
Peng Liu Penn State University, USA
Sencun Zhu Penn State University, USA
Organizing Committee
General Co-chairs
Kun Sun George Mason University, USA
Sara Foresti Università degli Studi di Milano, Italy
Local Chair
Hemant Purohit George Mason University, USA
Workshops Chair
Qi Li Tsinghua University, China
Publications Chair
Noseong Park Yonsei University, South Korea
Web Chair
Pengbin Feng George Mason University, USA
Panels Chair
Massimiliano Albanese George Mason University, USA
viii Organization
Tutorials Chair
Fabio Scotti Università degli Studi di Milano, Italy
POQ: A Consensus Protocol for Private Blockchains Using Intel SGX . . . . . . 141
Golam Dastoger Bashar, Alejandro Anzola Avila, and Gaby G. Dagher
A Machine Learning Based Smartphone App for GPS Spoofing Detection . . . 235
Javier Campos, Kristen Johnson, Jonathan Neeley, Staci Roesch,
Farha Jahan, Quamar Niyaz, and Khair Al Shamaileh
The Bitcoin Hunter: Detecting Bitcoin Traffic over Encrypted Channels . . . . 152
Fatemeh Rezaei, Shahrzad Naseri, Ittay Eyal, and Amir Houmansadr
Ruming Tang1,2 , Cheng Huang3 , Yanti Zhou4 , Haoxian Wu3 , Xianglin Lu1,2 ,
Yongqian Sun5 , Qi Li1,2(B) , Jinjin Li4 , Weiyao Huang4 , Siyuan Sun4 ,
and Dan Pei1,2
1
Tsinghua University, Beijing, China
[email protected], {peidan,qli01}@tsinghua.edu.cn
2
Beijing National Research Center for Information Science and Technology
(BNRist), Beijing, China
[email protected]
3
BizSeer Technologies Co., Ltd., Beijing, China
[email protected], [email protected]
4
Bank of Communications, Shanghai, China
{zhouyt,lijj,huangweiyao,sunsiyuan}@bankcomm.com
5
Nankai University, Tianjin, China
[email protected]
1 Introduction
As a core infrastructure on the Internet, the Domain Name System (DNS)
is commonly used in all kinds of Internet applications, to translate easy-to-
c ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020
Published by Springer Nature Switzerland AG 2020. All Rights Reserved
N. Park et al. (Eds.): SecureComm 2020, LNICST 336, pp. 1–21, 2020.
https://doi.org/10.1007/978-3-030-63095-9_1
2 R. Tang et al.
Fig. 1. Examples of (a) normal DNS lookups, (b) DNS-based data exfiltration, and (c)
DNS-based C&C.
recognize domain names into IP addresses. Unfortunately, the DNS system suf-
fers from known vulnerabilities, such as DDoS [27], spoofing [24] and other
exploits [8,30,36]. To defend against these attacks, approaches such as [10,18,24]
have been proposed. Unlike those traditional attacks which target DNS system
itself, DNS covert communication is leveraged to transmit messages cross the
boundary between an enterprise’s LAN (i.e., office network and datacenter) and
the Internet, through DNS messages in a stealthy and unauthorized manner.
However, the defense against DNS covert communication in enterprises is still
not well-studied, and is the focus of this paper.
In enterprises, security tools are commonly deployed to closely monitor the
traffic between the enterprise’s LAN and the Internet to detect serious security
attacks such as data exfiltration (which transmits valuable internal data to the
Internet), command-and-control (C&C) of internal hosts by external attackers,
and so on. However, those data exfiltration and C&C using covert communication
via the DNS traffic [7,8,22,23,28] are still hard to detect.
Figure 1 shows examples of normal DNS lookup and DNS covert communi-
cation. In the normal DNS lookup in Fig. 1(a), a normal host queries its local
DNS server about google.com, and the local DNS server then iteratively queries
DNS root server and .com top-level domain server (both are omitted in the
figure) and relays the response (which indicates the corresponding IP address is
172.217.164.100 ) from the authoritative name server for google.com to the host.
Figure 1(b) shows an example of real point of sale (POS) malware, in which POS
A Practical Machine Learning-Based Framework 3
malware exfiltrated credit card information in the domain names of the DNS
queries [20]. Such exfiltration incidents (e.g., MULTIGRAIN [20], UDPoS [28])
caused many loss to the users and providers. The compromised host encodes the
stolen credit card information as subdomains in the domain name to be queried,
and when the query arrives at the authoritative name server controlled by the
attacker, the attacker can then easily decode the credit card information from
the queried domain name. Figure 1(c) shows an example of DNS C&C [22] where
a malware-infected host talks to and receives command from its C&C server by
sending a DNS query message to and receiving corresponding DNS response from
the compromised authoritative name server, which is the C&C server. In this
example, the seemingly-random domain name (rohgoruhgsorhugih.nl) queried
are actually dynamically generated by Domain-Generation-Algorithms (DGAs)
and automatically synchronized between the compromised host and the C&C
server [9,13,29,30,35,36].
Therefore, new detection methods are needed to detect these DNS covert
communication because traditional security tools based on blacklists, rules,
signatures cannot enumerate or capture the dynamically changing subdomain
names in the DNS covert communications exemplified in Fig. 1 (b)(c).
Our intuitive idea in detecting DNS covert communication is to apply
machine learning (ML) to capture a suspicious domain based on its features
(see the feature list in Table 2, e.g., the length of the domain). Although this
idea is promising, previous ML-based approaches along this direction have not
been deployed in the real-world enterprises yet, to the best of our knowledge,
due to the following the three challenges.
First, the performance of different ML algorithms might be different for dif-
ferent enterprises because the DNS traffic data distribution might be different.
Furthermore, the machine learning algorithms used in previous works, super-
vised models perform better and are preferred for some kinds of known threat
types, while unsupervised models are more preferred for some unknown but rare
threats. Thus, the algorithms used should be generic and flexible (as opposed to
being fixed) in the detection system. Second, different DNS covert communica-
tion threats might have different patterns, thus previous machine-leaning based
approaches, to the best of our knowledge, so far only focuses on specific types
of such attacks, e.g., [7,8] only detect data exfiltration, and [30] only detects
DGA domains. However, enterprises in the real-world are interested in detect-
ing various attacks, thus are reluctant to deploy the aforementioned piece-meal
approaches that can detect only one type of DNS covert communication. Third,
a practical ML-based detection system needs to have feedback mechanisms to
either add labeled data for re-training in the supervised approaches and/or tune
the parameters in the unsupervised approaches, and also fully utilize (as opposed
to replacing) the traditional DNS security tools such as the domain blacklist.
To tackle the above challenges, in this paper we propose a practical, flexi-
ble and end-to-end ML-based framework, called D 2 C2 (Detecting DNS Covert
Communication), to effectively detect various DNS covert communications in
enterprises by leveraging supervised and unsupervised classifiers trained by var-
4 R. Tang et al.
2 Background
A DNS log contains several important fields: NAME (the queried domain name),
TYPE (A for IPv4 address, CNAME for canonical names, TXT for text records
and etc.), and RDATA (the resource) [21]. For example, the query in Fig. 1(a)
contains the queried name (www.google.com), class (IN ), type (A). The response
log contains the response: RCODE (Response Code), TTL (Time to Live) and
the answer, and the corresponding query. The answer is the IPv4 address(es) for
the queried name. RCODE indicates the condition of the answer, NOERROR
(in this example) means a normal answer, and NXDomain indicates that the
queried name does not exist.
A Practical Machine Learning-Based Framework 5
Although DNS is a fundamental system that many services rely on, some
enterprise operators treat DNS as a “set and forget” infrastructure, and do not
update them from time to time with the latest security mechanisms [17]. For
example, DNSSEC [12] is one security extension of DNS proposed early, but its
adoption is quite slow till recently [10,15]. Some operators may be interested in
the availability of DNS only when DNS servers go wrong.
Figure 2 shows some typical exploits against DNS [17]. Attacks against DNS
infrastructure itself (i.e., DDoS and spoofing) are much easier to be noticed
because it leads to the failures or errors in DNS servers. DDoS (Distributed
Denial of Service) attacks compromise the availability of DNS, and spoofing (to
redirect users to attackers) leads to wrong or unreachable destinations. Besides
these, some attackers take advantage of the lack of monitoring on DNS traffic,
and choose DNS as a channel for covert communication (in bold in Fig. 2), which
is more difficult to notice.
name directly tells where the host is looking for, and it also can be used to carry
messages. Besides domain name in NAME field, RDATA field in response also
provides a good payload for attackers. RDATA fields in TYPE CNAME or TXT
packets allow more characters to be sent, which means larger “bandwidth” for
attackers [17,23]. However, TYPE A (and AAAA) logs account for the vast
majority of all DNS logs (see data trace statistics in Sect. 5), therefore in this
paper we consider anomalies in domain names as our primary threats
to be detected in this paper.
In this paper, we only focus on domains that are related to covert communi-
cation threats (mainly data exfiltration and C&C threats). However, not all mali-
cious domains are related to covert communication. Some malicious domains are
disguised for phishing, e.g., Domain Shadowing (hijack normal domains and cre-
ate new subdomains to redirect users [19]) and Typo-Squatting (register domain
names which are similar to popular websites and leverage typos of users [34]),
which are not considered as covert communication.
Fig. 3. The framework overview of D 2 C2 . Figure (a) shows the overview of three stages
in D 2 C2 . Figure (b) shows the detailed workflow of the Threats Detection module.
Dashed lines denote malicious samples detected and dotted denote benign ones.
extract features from domain names and other registration information and use
X-Means algorithm to detect AGDs related to Fast-flux [36].
Summary: Each of the aforementioned prior studies focus on just one specific
type of anomalous domain names. However, in enterprises, operators have to
face threats of all kinds, thus would need lots of efforts to assemble and tune the
above “piecemeal” solutions. Therefore, we hope to design a generic framework
that is directly deployable, detecting multiple types of covert communication
threats with high flexibility.
3 Framework Overview
In this section, we present the core idea for our design and the overview of D 2 C2 .
when new APIs deployed), the re-training or model tuning can be done indi-
vidually, without the need to adjust the overall system workflow. Such updates
can be triggered periodically or manually based on the feedback. As a result,
the workflow of D 2 C2 stays the same, making it easy to be deployed in practice.
Meanwhile, our detection models are very flexible for modification to achieve
better performance in real-world detection.
The manual investigation is very necessary for a security system to confirm,
analyze and mitigate reported threats. We hope that D 2 C2 is able to learn
from these manual investigations. Thus we design D 2 C2 as a human-in-the-loop
(HITL) one with feedback from security engineers. All investigation results can
be further utilized for threshold adjusting, model tuning or re-training.
3.2 Overview
types of threats using Threats Detection module. The threats detection mod-
ule contains multiple chosen classifiers (detectors), each of which focuses on one
or more specific types of threats. Detectors can be modified according to the
change of data. Results combined from all detectors will be aggregated and then
sent for further investigation.
A more detailed architecture of Threats Detection is shown in Fig. 3(b), with
three detectors in series. Simply, a sample detected as malicious by one detector
will be stored, and a benign sample will be moved to the next detector. After
all detectors are done, the results will be aggregated and sent to the investiga-
tion module. For each detector, different models can be applied based on their
performance in practice. Table 1 lists the algorithms we used for these detectors
during deployment. The detector workflow will be described in Sect. 4.
Investigation Stage: The investigation stage is divided into three modules:
Whitelist, Manual Investigation and Visualization. When receiving the detection
results, Whitelist module is used to flag some certain samples before them
reaching the operators. This is because some queries generated by certain trusted
applications (usually security products from different vendors) whose behavior
is similar to that of the attackers, e.g., sending data through DNS channel,
10 R. Tang et al.
which may result in unnecessary alerts. Similar to the blacklist module, the
whitelist is created and updated based on enterprise operators. The remaining
results are further reported to Manual Investigation module, where operators
and security engineers are involved. Operators and security engineers check the
detection results. The false alerts are used as feedback to our detectors, which
may trigger alterations of thresholds, feature weights or even re-training of the
machine learning algorithms. True threats confirmed are reported and visualized
for analysis and display in Visualization module.
In this section, we first present the features we extract from domain names.
Then we explain the detailed implementation workflow of threat detectors and
alternative algorithms used in these detectors.
Most features are self-explanatory, and we discuss the rest. Alphabet size is the
number of unique characters in the domain name. Ratio of repeat characters
(#14) is defined as the number of unique characters (each of which is repeated)
divided by alphabet size. Ratio of consecutive consonants (#15) is defined as
the sum of all lengths of consequent consonants (which larger than 1), divided
by the domain name length. Ratio of consecutive digits (#16) is similar to #15.
Statistics Features: We choose three statistics features commonly used in
determining the information in a sequence, Shannon Entropy (#17), Gibberish
Score (#18) and N-Gram. The Gibberish Score we implemented is based on
Hidden Markov Chain [6,26]. It is used to determine the “meaningful” contents
from domains, and a string with more meaningful words will get a higher score.
Furthermore, we use bigram (#19) in feature extraction. We calculated the top-
200 bigrams on historical benign domains and Majestic Top Websites [5]. Then
we checked the presences of these 200 bigrams in each domain name to form a
N × 200 matrix (N denotes the number of all domains for feature extraction).
While not all of the bigrams have high feature importance, to lower the overhead,
we use Principal Component Analysis (PCA) to reduce the 200 dimensions to
15. Thus for each domain name, we get a 1 × 15 vector as its feature.
Different features are used for different detectors, based on feature impor-
tance. The features used for Data Exfiltration Detector (D-Exfil ) and DGA
Detector (D-DGA) are marked in Table 2. As Outlier Detector aims to catch
any threats missed by the two previous detectors, it uses all features in the list.
an outlier; 2) if the average of all samples in the same cluster is larger than
the threshold, then the whole cluster is marked as an outlier cluster. The other
algorithms are all binary classifiers and we directly use their predicted labels as
classified results. All these methods use features described in Sect. 4.1.
Language: English
Credits: Al Haines
BY
A. HUGH FISHER
"The beauty of the world is simple like a looking-glass."
LONDON
T. WERNER LAURIE
CLIFFORD'S INN
TO MY FRIENDS IN ENGLAND
PREFACE
A. HUGH FISHER.
CONTENTS
CHAP.
I. RANGOON
II. HIS HIGHNESS THE SAWBWA OF HSIPAW
III. UP THE IRRAWADDY TO BHAMO
IV. THE DEAD HEART OF A KINGDOM
V. MANDALAY
VI. SOUTHERN INDIA, THE LAND OF HINDOO TEMPLES
VII. CALCUTTA
VIII. MY FIRST SIGHT OF THE HIMALAYAS
IX. BENARES
X. LUCKNOW
XI. CAWNPORE
XII. THE HOUSE OF DREAM
XIII. DELHI
XIV. DEHRA DUN AND LANDOUR
XV. AN EVENING OF GOLD
XVI. "GUARD YOUR SHOES"
XVII. "A GATE OF EMPIRE"
XVIII. THE CAPITAL OF THE PUNJAB
XIX. AT THE COURT OF HIS HIGHNESS THE RAJAH OF NABHA
XX. IN SIGHT OF AFGHANISTAN
XXI. RAJPUTANA
XXII. SIR PRATAP SINGH
XXIII. THE MOHARAM FESTIVAL
XXIV. RAKHYKASH
XXV. POLITICAL
INDEX
ILLUSTRATIONS
RANGOON
Down came the rain, sudden, heavy and terrible, seeming to quell even
the sea's rage and whelming those defenceless hundreds of dark-skinned
voyagers in new and more dreadful misery.
What trouble a Hindoo will take to keep his body from the rain!
Extremely cleanly and fond of unlimited ablutions he yet detests nothing so
much as a wetting from the sky, and now, wholly at the mercy of the
elements, do what they would, no human ingenuity availed to keep these
wretched people dry.
It was the season of the rice harvest, when South India coolies swarm
over to Burmah much as the peasantry of Mayo and Connemara used to
crowd to England every summer.
Somebody said that our ship was an unlucky one—that it ran down the
Mecca on her last trip and killed her third officer; but we got through safely
enough, though that crossing was one of the most disagreeable as well as the
most weird I ever made—disagreeable because of the bad weather, and
weird because of the passengers.
The deck and the lower deck were tanks of live humanity, and when it
began to get rough, as it did the morning after we left Madras, catching the
end of a strayed cyclone, it was worse than a Chinese puzzle to cross from
the saloon to the spar deck, and ten chances to one that even if you did
manage to avoid stepping on a body you slipped and shot into seven sick
Hindoo ladies and a family of children.
There were six first-class passengers, all Europeans, and 1700 deck
passengers, all Asiatics, and the latter paid twelve rupees each for the four
days' passage, bringing with them their own food.
After coffee the man next to me suddenly leapt from his chair with a
yell. He thought he had been bitten by a centipede. The centipede was there
right enough, but as the pain passed off the next day we supposed the brute
had only fastened his legs in and had not really bitten.
The nights were sultry and the ship rolled worse every watch. I think,
however, that I never saw people try harder than those natives did to keep
clean. They had all brought new palm-leaf mats to lie upon, but they could
not lie down without overlapping. I asked the captain what he did about
scrubbing decks, and he said it was always done at the end of the voyage!
Next morning the downpour, already referred to, began and did the business
with cruel effectiveness.
As we neared Burmah the sea grew calm again and the rain abated. The
sun dried sick bodies and cheered despondent hearts. I spoke to a woman
crouching by some sacks and tin cans, with an old yellow cloth round her
head and shoulders, and another cloth swathing her loins. She had very dark
brown eyes, and her fingernails were bright red and also the palms of her
hands from the "maradelli" tied round the nails at night. She was the wife of
a man the other side of fourteen people, some four yards away. I asked his
name, not knowing that a Hindoo woman may not pronounce her husband's
name. She called him "Veetkar," which means uncle or houseman: the man
was of the Palla caste, which is just a little higher than the Pariah, and they
had been married five years but had no children. This was the man's second
marriage, his first wife having died of some liver complaint he said. Like
most of the passengers they were going out for paddy-field work, but unlike
so many others, they were "on their own" not being taken over by a labour
contractor. The man said he should get work at Kisshoor village, about eight
miles from Rangoon. Every year for seven years he had been over.
Altogether, this man had saved, according to his own statement, two
hundred rupees in the seven years' work, and had invested this in bullocks
and a little field near his village, which was named Verloocooli. He had left
the son of his first wife to look after the house and the field.
About twenty people round one corner of the open hatch seemed to
belong to one another. They came from the Soutakar district and were
drinking rice-water—that is the water poured off when rice is boiled. A
Mohammedan with two sons was going to sell things. The boys would watch
the goods, he told me. He was returning to Upper Burmah, where he had
lived twenty-four years, and he had only been over to Madras to visit his
mother and father. He has "just a little shop" for the sale of such goods as
dal, chili, salt, onions, coconut oil, sweet oil, tamarind, matches and candles.
Then there was the Mongolian type of Mohammedan. He was very fat
and greasy, and had one of his dog teeth long like a tusk. He was a tin-
worker and made large cans in his shop in Rangoon.
I went down between decks and never saw people packed so closely
before except on Coronation Day. Even "marked" men discarded all clothing
but a small loin cloth: most of them could not move hand or foot without
their neighbours feeling the change of position; and as upon the deck above,
they often lay partly over each other. Yet in spite of the general
overcrowding, I noticed a woman of the Brahmin caste lying at her ease in a
small open space marked out by boxes and tin trunks. There was a large
lamp in a white reflector hanging by the companion-way, and some of those
lying nearest to it held leaf fans over their faces to keep the light from their
eyes.
The next day was brighter. There was a light wind and the whole sunlit
crowd was a babel of excited talk. A little naked Hindoo baby, just able to
walk, was playing mischievously with me. I had been nursing her for a while
and now she was laughing, and with palms up-turned was moving her hands
like a Nautch dancer as her eyes twinkled with merriment. She was called
Mutama, and the poor mite's ears had had a big cut made in them and the
lobes were already pulled out more than two inches by the bunches of metal
rings fastened in for this purpose.
A purple shawl, tied up to dry, bellied out in the wind over the side of the
ship in a patch of vivid colour. It had a border of gold thread and was of
native make. Not that the gold thread itself is made in Madras. It is curious
that English manufacturers have tried in vain to make these shawls so that
their gold thread shall not tarnish, whereas the gold thread obtained from
France does not do so.
The following morning we reached very turbid water, thick and yellow,
with blue reflections of the sky in the ripples. We could just see the coast of
Burmah and about noon caught sight of the pilot brig, and entering the wide
Rangoon river, passed a Chinese junk with all sails spread. Now the mats
began to go overboard and gulls swooped round the ship. We had passed the
obelisk at the mouth of the river when, above a green strip of coast on a little
blue hill, the sun shone upon something golden.
"The Pagoda!" I cried, and a pagoda it was, but only one at Siriam where
there is a garrison detachment. The Golden Pagoda—the Shwe Dagon—
appeared at first grey and more to the north. The water was now as thick and
muddy as the Thames at the Tower Bridge. It was full of undercurrents too,
and there was a poor chance for anyone who fell in.
Over went the mats, scores and scores and scores of them!
There is a bar a little further on called the Hastings, and it was a question
whether we'd get over it that afternoon. A line of yellow sand detached itself
from the green, and then the water became like shot silk, showing a pale
flood of cerulean slowly spreading over its turbid golden brown. On the low
bank were green bushes and undergrowth, and beyond—flat levels of tawny-
yellow and low tree-clad rising ground that reminded me of the Thames
above Godstow.
Beyond the green point of Siriam, just after the Pegu River branches off
to the right, the Rangoon River sweeps round in a great curve, at the far end
of which stretches the city. It was pale violet in the afternoon light, with
smoke streaming from vessels in the harbour, and on the highest point the
Shwe Dagon just showing on one edge that it was gold. Far to the right were
some twenty tall chimney-stacks of the Burmah Oil Works, but their colour,
instead of being sooty and unclean, was all blue and amethyst under a citron
sky.
The Customs Officer came out in a long boat, pulled by four men in red
turbans, and in his launch the medical officer of the port with a lady doctor.
There is a constant but ineffectual struggle to keep plague out of Burmah,
and every one of our 1700 deck passengers had to be thoroughly examined
—stripped to the waist with arms up, while the doctor passed his hands
down each side of the body.
The same night, on shore, I drove to the Shwe Dagon past the race-
ground, where a military tattoo was going on by torchlight.
Between great pillars, faced with plaster, red on the lower portion and
white above, I walked on while more dogs came yelping and snarling
angrily. I heard a low human wail which changed to a louder note and died
away—someone praying perhaps. Then all was quite still except for the
crickets. Now I was in a hall of larger columns and walked under a series of
carved screens—arches of wood set between pairs of them. Half-way up
these columns hung branches of strange temple offerings, things made in
coloured papers with gold sticks hanging from them.
At last I came out upon the upper platform on which stands the Pagoda
itself. Facing the top of the last flight of steps at the back of a large many-
pillared porch, reeking with the odour of burnt wax, I saw a cavernous
hollow, and set within it, behind lighted candles, dimly a golden Buddha in
the dusk. Outside, a strip of matting was laid over the flagged pavement all
round the platform, and in the stones little channels cut transversely for
drainage in the time of the rains lay in wait to trip careless feet.
Some years ago when the great "Hti" was brought down from the summit
of the Pagoda, after an earthquake, to be restored and further embellished,
people of all classes brought offerings of money and jewellery through the
turnstiles on to this platform. What a sight it must have been to see the lines
of Burmese people crowding up through these two turnstiles, one for silver
and one for gold—one woman giving two jewelled bracelets and the next a
bangle; a receipt would be given to each donor and then bangle and bracelets
thrown into the melting-pot after their jewels had been taken out for adding
to the "Hti."
HINDOO GIRL, SHOWING ELABORATE JEWELLERY.
Night had driven unscourged the money-changers from the temple, and
the magic light of the moon weaving silver threads through every garish tint
of paint had changed crude colours to ideal harmonies. Not colour alone but
form also was glorified. The grotesque had become dramatic, confusion had
changed to dignity, all surrounding detraction was subdued and the great
ascending curves of the Pagoda rose in simple, uncontested beauty. Nature
adored, acknowledging conquest, and the sound of those far wind-caught
bells was like that of the voices of angels and fairies singing about the cradle
of a child.
I had seen no building of such emotional appeal nor any that seems so
perfectly designed to wed the air and light that bathe it and caress it. But
imagine the Shwe Dagon transplanted to the cold light of some gargantuan
museum near the Cromwell Road; the nicest taste, the most steadfast
determination, could not unlock its charm. Here, upon easy hinge, the door
swings back at every raising of the eyes, and illumination is for all
beholders.
The following afternoon I was again at the Shwe Dagon, and to watch its
beauty under the glory of the setting sun was a further revelation. It seemed
to show fresh and delicate charm at each part of the day, and after burning at
sunset, like a man filled with impetuous passion, shone in the after-glow
with the diviner loveliness of the woman who gives her heart.
Building proceeds at such a rate that the big city seems to be growing
while you look at it, but there are plenty of open spaces. Government House,
in red brick and white stone, with an old bronze bell hung in front of the
portico between two brass cannon, stands in a goodly park with fine trees
and wide lawns and the Royal Lakes, across which there is a beautiful view
of the Shwe Dagon, are surrounded by large grounds with trim, well-kept
walks and drives. While I was painting by one of the lakes a water-snake
every now and then lifted its head above the surface, sometimes a foot and a
half out of the water like some long-necked bird.
I was driving back towards the hotel along the Calvert Road when I
noticed a temporary wood-framed structure, covered with coloured papers
and painted trellis-work. On inquiry I found it had been erected by a
Buddhist Society of that quarter of the city, and that the same night upon a
stage close to it in the open air a "Pwe" would be given, to which I was
bidden welcome about nine o'clock.
At my hotel two people had been poisoned by tinned food a few weeks
earlier, but whatever the table lacked in quality it made up in
pretentiousness. I quote that day's menu for comparison with the items of
another repast the same evening:—
It was after an early and somewhat abridged version of the above that I
drove in the cheerless discomfort of a "tikka gharry" through Rangoon again
in the moonlight. After twenty minutes I saw once more the paper temple.
There were two long lines of lanterns high in the air in the shape of a
horizontal V, and under them a great crowd of people. The trellised temple
itself was also charmingly decorated with lanterns.
ALTAR TABLE AT A BUDDHIST SOCIETY'S CELEBRATION.
Four silver dishes were now brought to me on a lacquered box, and these
contained Burmah cheroots, betel leaves and areca nut, tobacco leaves and
chunam (lime). Chilis were also brought, which made me long in vain for a
cool drink.
Outside, beyond the walls of pale green trellis, glowed the lanterns, and
faces peered at us between the strips of wood. Cloth of red and white stripes
lined the roof, and countless flags, quite tiny ones, were fastened along the
outer green railing.
In front of the Buddha had now been placed some beautiful gold
chalices. The white alabaster figure of Gautama was half as high as a man,
and a band covered with gems glittered across its breast.
About ten o'clock I moved outside, where another arm-chair had been
placed for me, this time in the midst of a great crowd of people.
My interpreter had now gone to join some ladies, and I was left to make
the best I could of this, my first, Burmese "Pwe."
Two characters were dancing on the stage when I took my seat. Perhaps
they were a prince and princess—at any rate they were dressed in old
Burmese court style, in very narrow skirts similar to the "hobble," and
strange short jackets cut with curled bases like horned moons stretched and
held in shape by bamboo frames. There was much swaying and posturing of
the body, combined with quick, jerky movements, the arms were moved a
great deal with bent elbows and the hands with fingers straight and the palms
bent back sharply at the wrists. When these dancers left the stage two men
entered in long white gowns, with broad white bands tied round the head in
big bows. They turned their backs upon the audience at first, and then
turning round squatted upon the floor. Two more similarly dressed came in
in the same manner, and after they had squatted beside the others two quite
astounding figures came on the scene with long bare swords.
The music all this while kept up an accompaniment of jingle and clapper
and tum, tum, tum—jingle and clapper and tum, tum, tum, with a
particularly squeaky wind instrument going ahead at the same time like a
cork being drawn backward and forward over a pane of wet glass.
I discovered now that on turning their backs to the audience on first
entering, the performers made obeisance to a draped bench at the back of the
stage. Two more sword-bearing figures came in and two lance-bearers in
very lovely bejewelled dresses of old gold. There was a long shrill speech
now—then a loud bang, at which all the actors fell to the ground, and a
figure entered bearing a short-pointed mace and sat at once on the draped
bench.
Every now and then I turned my head to look up at the great V-shaped
line of lanterns hanging high in the air overhead from tall bamboo poles, and
the stars shining over all from the night sky. A number of the children were
sleeping, though their elders made a good deal of noise, laughing heartily at
the comic actor as the play went on and on and on. I should like to have
stayed longer, but an appointment with some elephants at an early hour the
next morning made me reluctantly leave the "Pwe" at midnight and hunt
among the back rows of the audience for the driver of that "tikka gharry."
Everyone has heard of the Burmese elephants piling timber. The largest
of the timber companies employing elephants is the Bombay Burmah
Trading Corporation, Limited. The logs, floated down the river from forest-
lands, eight hundred or a thousand miles upstream, are stranded at high rain-
tides at Poozoondoung, a tract of lowland to which I drove in the early
morning.
I reached there just after sunrise, before the dew of the night was yet
evaporated, and the logs, on which one had to walk to avoid the mud, were
very slippery and more difficult to negotiate with boots than without.
The work of the elephants is to push, drag or pile the teak logs, and on
the morning of my visit there were three of the great quadrupeds at work:—
Hpo Chem, aged fifty, a fine tusker who had been twenty years at the work,
and two female elephants, Mee Cyan, seventy years of age, and Mee Poo,
thirty. The male elephant has, of course, tremendous strength in his tusks and
uses them for carrying, holding the log firmly with his trunk as he gravely
walks up the pile of logs to place his burden on the top. Female elephants
can only pile by a combined lift and drag, and do not raise the log entirely
from the ground. Pushing with the head is called "ounging."
At Poozoondoung, not far from the timber-yards, the chief rice-mills are
situated. They were idle now, but when I saw them again after the harvest
their big chimneys were belching forth black smoke from the burning husk.
The husk obtained from the milled grain is not only sufficient for all fuel
requirements, but much has to be shot into the creek for waste.
Native boats called "Loungoes" brought such of the "paddy" from the
country as did not come by rail.
"Hulling" the rice is the operation of breaking off the husk. There were
rows of pairs of round flat stones, the under ones stationary, the upper ones
revolving, not grinding but merely breaking off the husk. Both grain and
husk fell from these stones together to the floor below, and were carried by
bucket-elevators to a fanning-room, where the husk was blown off. After
leaving the fans the grain had its remaining inner skin taken off in "cones"—
cement-faced stones made to press the grain against an outer jacket of
perforated wire. At the base of the cone a cloth hung round an opening in the
floor, through which the rice dropped, while the white skin fell upon the
floor outside to be called "bran," and shipped to Europe for use in the
manufacture of cattle cakes.
When the rice-mills are in full work the smoke of their chimneys hangs
above Rangoon, but overhead every evening the flying foxes pass as usual,
and the beautiful Pagoda is far enough away to remain untarnished upon its
little hill.
BOY SHOWING TATOOING CUSTOMARY WITH ALL BURMESE
MALES.
CHAPTER II