Spelling suggestions: "subject:" selfsimilarity"" "subject:" ofsimilarity""
1 |
DDoS detection based on traffic self-similarityBrignoli, Delio January 2008 (has links)
Distributed denial of service attacks (or DDoS) are a common occurrence on the internet and are becoming more intense as
the bot-nets, used to launch them, grow bigger. Preventing or stopping DDoS is not possible without radically changing the
internet infrastructure; various DDoS mitigation techniques have been devised with different degrees of success. All mitigation
techniques share the need for a DDoS detection mechanism.
DDoS detection based on traffic self-similarity estimation is a relatively new approach which is built on the notion that undis-
turbed network traffic displays fractal like properties. These fractal like properties are known to degrade in presence of abnormal
traffic conditions like DDoS. Detection is possible by observing the changes in the level of self-similarity in the traffic flow at the
target of the attack.
Existing literature assumes that DDoS traffic lacks the self-similar properties of undisturbed traffic. We show how existing bot-
nets could be used to generate a self-similar traffic flow and thus break such assumptions. We then study the implications of
self-similar attack traffic on DDoS detection.
We find that, even when DDoS traffic is self-similar, detection is still possible. We also find that the traffic flow resulting from the
superimposition of DDoS flow and legitimate traffic flow possesses a level of self-similarity that depends non-linearly on both
relative traffic intensity and on the difference in self-similarity between the two incoming flows.
|
2 |
DDoS detection based on traffic self-similarityBrignoli, Delio January 2008 (has links)
Distributed denial of service attacks (or DDoS) are a common occurrence on the internet and are becoming more intense as the bot-nets, used to launch them, grow bigger. Preventing or stopping DDoS is not possible without radically changing the internet infrastructure; various DDoS mitigation techniques have been devised with different degrees of success. All mitigation techniques share the need for a DDoS detection mechanism. DDoS detection based on traffic self-similarity estimation is a relatively new approach which is built on the notion that undis- turbed network traffic displays fractal like properties. These fractal like properties are known to degrade in presence of abnormal traffic conditions like DDoS. Detection is possible by observing the changes in the level of self-similarity in the traffic flow at the target of the attack. Existing literature assumes that DDoS traffic lacks the self-similar properties of undisturbed traffic. We show how existing bot- nets could be used to generate a self-similar traffic flow and thus break such assumptions. We then study the implications of self-similar attack traffic on DDoS detection. We find that, even when DDoS traffic is self-similar, detection is still possible. We also find that the traffic flow resulting from the superimposition of DDoS flow and legitimate traffic flow possesses a level of self-similarity that depends non-linearly on both relative traffic intensity and on the difference in self-similarity between the two incoming flows.
|
3 |
Geometry of Self-Similar SetsRoinestad, Kristine A. 22 May 2007 (has links)
This paper examines self-similar sets and some of their properties, including the natural equivalence relation found in bilipschitz equivalence. Both dimension and preservation of paths are determined to be invariant under this equivalence. Also, sophisticated techniques, one involving the use of directed graphs, show the equivalence of two spaces. / Master of Science
|
4 |
Contribuições à modelagem de teletráfego fractal. / Contribution to the modeling of fractal teletrfficLima, Alexandre Barbosa de 28 February 2008 (has links)
Estudos empíricos [1],[2] demonstraram que o trafego das redes Internet Protocol (IP) possui propriedades fractais tais como impulsividade, auto-similaridade e dependência de longa duração em diversas escalas de agregação temporal, na faixa de milissegundos a minutos. Essas características tem motivado o desenvolvimento de novos modelos fractais de teletráfego e de novos algoritmos de controle de trafego em redes convergentes. Este trabalho propõe um novo modelo de trafego no espaço de estados baseado numa aproximação finito-dimensional do processo AutoRegressive Fractionally Integrated Moving Average (ARFIMA). A modelagem por meio de processos auto-regressivos (AR) também é investigada. A analise estatística de series simuladas e de series reais de trafego mostra que a aplicação de modelos AR de ordem alta em esquemas de previsão de teletráfego é fortemente prejudicada pelo problema da identificação da ordem do modelo. Também demonstra-se que a modelagem da memória longa pode ser obtida as custas do posicionamento de um ou mais pólos nas proximidades do circulo de raio unitário. Portanto, a implementação do modelo AR ajustado pode ser instável devido a efeitos de quantização dos coeficientes do filtro digital. O modelo de memória longa proposto oferece as seguintes vantagens: a) possibilidade de implementação pratica, pois não requer memória infinita, b) modelagem (explícita) da região das baixas freqüências do espectro e c) viabilização da utilização do filtro de Kalman. O estudo de caso apresentado demonstra que é possível aplicar o modelo de memória longa proposto em trechos estacionários de sinais de teletráfego fractal. Os resultados obtidos mostram que a dinâmica do parâmetro de Hurst de sinais de teletráfego pode ser bastante lenta na pratica. Sendo assim, o novo modelo proposto é adequado para esquemas de previsão de trafego, tais como Controle de Admissão de Conexões (CAC) e alocação dinâmica de banda, dado que o parâmetro de Hurst pode ser estimado em tempo real por meio da aplicação da transformada wavelet discreta (Discrete Wavelet Transform (DWT)). / Empirical studies [1],[2] demonstrated that heterogeneous IP traffic has fractal properties such as impulsiveness, self-similarity, and long-range dependence over several time scales, from miliseconds to minutes. These features have motivated the development of new traffic models and traffic control algorithms. This work presents a new state-space model for teletraffic which is based on a finite-dimensional representation of the ARFIMA random process. The modeling via AutoRegressive (AR) processes is also investigated. The statistical analysis of simulated time series and real traffic traces show that the application of high-order AR models in schemes of teletraffic prediction can be highly impaired by the model identification problem. It is also demonstrated that the modeling of the long memory can be obtained at the cost of positioning one or more poles near the unit circle. Therefore, the implementation of the adjusted AR model can be unstable due to the quantization of the digital filter coefficients. The proposed long memory model has the following advantages: a) possibility of practical implementation, inasmuch it does not require infinite memory, b) explicit modeling of the low frequency region of the power spectrum, and c) forecasts can be performed via the Kalman predictor. The presented case study suggests one can apply the proposed model in periods where stationarity can be safely assumed. The results indicate that the dynamics of the Hurst parameter can be very slow in practice. Hence, the new proposed model is suitable for teletraffic prediction schemes, such as CAC and dynamic bandwidth allocation, given that the Hurst parameter can be estimated on-line via DWT.
|
5 |
Estudo e implementação de um gerador de tráfego com dependência de longa duração. / Study and implementation of a network traffic generator with long range dependency.Mello, Fernando Lemos de 10 November 2006 (has links)
Medidas mostraram que o tráfego das redes multisserviço possui propriedades fractais tais como auto-similaridade e memória longa ou dependência de longa duração (LRD). A memória longa é caracterizada pela existência de um pólo na origem da função densidade espectral de potência (formato 1/f). Também foi constatado que o tráfego pode apresentar dependência de curta duração (SRD) em algumas escalas temporais. A utilização de um gerador de tráfego agregado ?realista?, que sintetize séries temporais fractais, é fundamental para a validação de algoritmos de controle de tráfego. Neste trabalho, a síntese de realizações aproximadas de dois tipos de processos aleatórios auto-similares é efetuada via transformada wavelet. O primeiro deles é denominado Ruído Gaussiano Fracionário (fGN) e o segundo Modelo Wavelet Multifractal (MWM). O método proposto também é capaz de sintetizar séries Gaussianas (fGN) e não-Gaussianas (MWM) com espectros mais genéricos do que 1/f, ou seja, séries que também apresentam dependência de curta duração. A geração é feita em dois estágios. O primeiro gera uma realização aproximada do fGN ou do MWM via Transformada Wavelet Discreta (DWT). O segundo estágio introduz SRD através de uma filtragem IIR da saída do primeiro estágio. Efetuou-se uma caracterização detalhada das séries resultantes, utilizando-se nas análises momentos estatísticos de 2ª., 3ª. e 4ª. ordens, além de testes estatísticos específicos para séries auto-similares. Adicionalmente, duas alternativas de conversão são apresentadas para que as séries temporais geradas sejam transformadas em séries de pacotes, que é o formato adequado para transmissão por um módulo gerador de pacotes. As séries de pacotes são novamente analisadas a fim de identificar se o método de conversão introduz distorção nas características auto-similares das séries sintetizadas. Mostra-se que as séries de pacotes auto-similares podem ser utilizadas em softwares simuladores de rede ou, alternativamente, serem utilizadas para injetar pacotes em redes de teste. Utilizando-se recursos do simulador NS-2, as séries de pacotes sintetizadas foram introduzidas em cenários de simulação adequados. Os resultados (medidas de atraso médio, perda de pacotes para o tráfego de interesse e tamanho da fila) dos cenários com tráfego interferente correspondente às séries de pacotes baseadas em modelos fGN e MWM foram comparados com resultados obtidos em cenários cujo tráfego interferente foi gerado com modelo Poisson. / Measurements have shown that multiservice network traffic has fractal properties such as self-similarity and long memory or long-range dependence (LRD). Long memory is characterized by the existence of a pole at the origin of the power spectrum density function (1/f shape). It was also noticed that traffic may present short-range dependence (SRD) at some time scales. The use of a ?realistic? aggregated network traffic generator, one that synthesizes fractal time series, is fundamental to the validation of traffic control algorithms. In this document, the synthesis of approximate realizations of two kinds of self-similar random process is done via wavelet transform. The first one is named Fractional Gaussian Noise (fGN) and the second Multifractal Wavelet Model (MWM). The proposed method is also capable of synthesizing Gaussian (fGN) and non-Gaussian (MWM) time series with more generic spectra than 1/f, that is, time series that also have short-range dependence. The generation is done in two stages. The first one generates an approximate realization of fGN or MWM via Discrete Wavelet Transform (DWT). The second one introduces SRD through Infinite Impulse Response (IIR) filtering at the output of the first stage. A detailed characterization of the resulting series was done, using statistical moments of first, second, third and forth orders, as well as specific statistical tests for self-similar series. Additionally, two alternatives for conversion are introduced in order to generate packet series, which is the suitable format for transmission by a packet generator module, from the original synthesized time series. Packet series are also analyzed to find if the conversion method has introduced distortion in the self-similar characteristics of the synthesized series. It is shown that the self-similar packet series can be used in network simulator software or, alternatively, be used to inject packets in a testbed network. Using resources from the NS-2 simulator, the synthesized packet series were introduced in appropriate network simulator scenarios. The results (average delay measurements, packet loss for interest traffic and queue length) from scenarios with interfering traffic corresponding to the packet series based on fGN and MWM models were compared to results from scenarios with interfering traffic generated by Poisson model.
|
6 |
Blow-up and global similarity solutions for semilinear third-order dispersive PDEsKoçak, Hüseyin January 2015 (has links)
No description available.
|
7 |
Direct Demonstration of Self-Similarity in a Hydrodynamic Treatment of Polymer Self-DiffusionMerriam, Susan Carol 01 May 2002 (has links)
The self-diffusion coefficient of a polymer in solution may be expanded in the concentration of the polymer, as seen in equation 1. The linear term would represent a perturbation due to the presence of another polymer; the c^{2} term would represent a perturbation due to interactions of trios of polymers. Phillies determined the c^{2} term of a virial expansion of the self-diffusion coefficient for trios of polymers interacting via a ring. Here I determine a correction to the c^{2} term due to trios of polymers interacting via a figure-eight scattering diagram: the equivalent of four polymers interacting in a ring where the second polymer and the fourth polymer are the same. D_{s}(c) = D_{0}(1+ alpha D_{0} c + beta D_{0}^{2}c^{2}+...) 1 or, D_{s}(c) = D_{0}(1+ alpha D_{s}(c)c). 2 A D_{0} may be replaced by D_{s}(c) in equation 1 to arrive at equation 2. The left-hand-side of equation 2 is the final self-diffusion coefficient, and the D_{s}(c) on the right-hand-side of this equation is that due to the question of self-similarity. If the D_{s}(c) on the right-hand-side is given by equation 1, resulting in beta=alpha^{2}, it may be said that the system exhibits self-similarity. I demonstrate self-similarity quantitatively for a polymer solution using a generalized Kirkwood-Riseman model of polymer dynamics. The major physical assumption of the model I utilize to derive equation 2 is that, in solution, polymer motions are dominantly governed by hydrodynamic interactions between the chains. First, I review the Kirkwood-Riseman model for intrachain hydrodynamic interactions. I then discuss Phillies' extension of this model to interchain interactions for duos or trios of polymers in a ring. I analytically calculate the hydrodynamic interaction tensor from a multiple scattering picture T_{54321}, for five polymers in solution and verify this tensor by numerical differentiation. Finally, I perform the ensemble average of the self-interaction tensor b_{1232} appropriate to the figure-eight scattering diagram both analytically and with a Monte Carlo routine, thereby verifying equation 2 to second order in concentration.
|
8 |
Estudo e implementação de um gerador de tráfego com dependência de longa duração. / Study and implementation of a network traffic generator with long range dependency.Fernando Lemos de Mello 10 November 2006 (has links)
Medidas mostraram que o tráfego das redes multisserviço possui propriedades fractais tais como auto-similaridade e memória longa ou dependência de longa duração (LRD). A memória longa é caracterizada pela existência de um pólo na origem da função densidade espectral de potência (formato 1/f). Também foi constatado que o tráfego pode apresentar dependência de curta duração (SRD) em algumas escalas temporais. A utilização de um gerador de tráfego agregado ?realista?, que sintetize séries temporais fractais, é fundamental para a validação de algoritmos de controle de tráfego. Neste trabalho, a síntese de realizações aproximadas de dois tipos de processos aleatórios auto-similares é efetuada via transformada wavelet. O primeiro deles é denominado Ruído Gaussiano Fracionário (fGN) e o segundo Modelo Wavelet Multifractal (MWM). O método proposto também é capaz de sintetizar séries Gaussianas (fGN) e não-Gaussianas (MWM) com espectros mais genéricos do que 1/f, ou seja, séries que também apresentam dependência de curta duração. A geração é feita em dois estágios. O primeiro gera uma realização aproximada do fGN ou do MWM via Transformada Wavelet Discreta (DWT). O segundo estágio introduz SRD através de uma filtragem IIR da saída do primeiro estágio. Efetuou-se uma caracterização detalhada das séries resultantes, utilizando-se nas análises momentos estatísticos de 2ª., 3ª. e 4ª. ordens, além de testes estatísticos específicos para séries auto-similares. Adicionalmente, duas alternativas de conversão são apresentadas para que as séries temporais geradas sejam transformadas em séries de pacotes, que é o formato adequado para transmissão por um módulo gerador de pacotes. As séries de pacotes são novamente analisadas a fim de identificar se o método de conversão introduz distorção nas características auto-similares das séries sintetizadas. Mostra-se que as séries de pacotes auto-similares podem ser utilizadas em softwares simuladores de rede ou, alternativamente, serem utilizadas para injetar pacotes em redes de teste. Utilizando-se recursos do simulador NS-2, as séries de pacotes sintetizadas foram introduzidas em cenários de simulação adequados. Os resultados (medidas de atraso médio, perda de pacotes para o tráfego de interesse e tamanho da fila) dos cenários com tráfego interferente correspondente às séries de pacotes baseadas em modelos fGN e MWM foram comparados com resultados obtidos em cenários cujo tráfego interferente foi gerado com modelo Poisson. / Measurements have shown that multiservice network traffic has fractal properties such as self-similarity and long memory or long-range dependence (LRD). Long memory is characterized by the existence of a pole at the origin of the power spectrum density function (1/f shape). It was also noticed that traffic may present short-range dependence (SRD) at some time scales. The use of a ?realistic? aggregated network traffic generator, one that synthesizes fractal time series, is fundamental to the validation of traffic control algorithms. In this document, the synthesis of approximate realizations of two kinds of self-similar random process is done via wavelet transform. The first one is named Fractional Gaussian Noise (fGN) and the second Multifractal Wavelet Model (MWM). The proposed method is also capable of synthesizing Gaussian (fGN) and non-Gaussian (MWM) time series with more generic spectra than 1/f, that is, time series that also have short-range dependence. The generation is done in two stages. The first one generates an approximate realization of fGN or MWM via Discrete Wavelet Transform (DWT). The second one introduces SRD through Infinite Impulse Response (IIR) filtering at the output of the first stage. A detailed characterization of the resulting series was done, using statistical moments of first, second, third and forth orders, as well as specific statistical tests for self-similar series. Additionally, two alternatives for conversion are introduced in order to generate packet series, which is the suitable format for transmission by a packet generator module, from the original synthesized time series. Packet series are also analyzed to find if the conversion method has introduced distortion in the self-similar characteristics of the synthesized series. It is shown that the self-similar packet series can be used in network simulator software or, alternatively, be used to inject packets in a testbed network. Using resources from the NS-2 simulator, the synthesized packet series were introduced in appropriate network simulator scenarios. The results (average delay measurements, packet loss for interest traffic and queue length) from scenarios with interfering traffic corresponding to the packet series based on fGN and MWM models were compared to results from scenarios with interfering traffic generated by Poisson model.
|
9 |
Fractal Network Traffic Analysis with ApplicationsLiu, Jian 19 May 2006 (has links)
Today, the Internet is growing exponentially, with traffic statistics that mathematically exhibit fractal characteristics: self-similarity and long-range dependence. With these properties, data traffic shows high peak-to-average bandwidth ratios and causes networks inefficient. These problems make it difficult to predict, quantify, and control data traffic. In this thesis, two analytical methods are used to study fractal network traffic. They are second-order self-similarity analysis and multifractal analysis.
First, self-similarity is an adaptability of traffic in networks. Many factors are involved in creating this characteristic. A new view of this self-similar traffic structure related to multi-layer network protocols is provided. This view is an improvement over the theory used in most current literature.
Second, the scaling region for traffic self-similarity is divided into two timescale regimes: short-range dependence (SRD) and long-range dependence (LRD). Experimental results show that the network transmission delay separates the two scaling regions. This gives us a physical source of the periodicity in the observed traffic. Also, bandwidth, TCP window size, and packet size have impacts on SRD. The statistical heavy-tailedness (Pareto shape parameter) affects the structure of LRD. In addition, a formula to estimate traffic burstiness is derived from the self-similarity property.
Furthermore, studies with multifractal analysis have shown the following results. At large timescales, increasing bandwidth does not improve throughput. The two factors affecting traffic throughput are network delay and TCP window size. On the other hand, more simultaneous connections smooth traffic, which could result in an improvement of network efficiency. At small timescales, in order to improve network efficiency, we need to control bandwidth, TCP window size, and network delay to reduce traffic burstiness. In general, network traffic processes have a Hlder exponent a ranging between 0.7 and 1.3. Their statistics differ from Poisson processes.
From traffic analysis, a notion of the efficient bandwidth, EB, is derived. Above that bandwidth, traffic appears bursty and cannot be reduced by multiplexing. But, below it, traffic is congested. An important finding is that the relationship between the bandwidth and the transfer delay is nonlinear.
|
10 |
Color Features for Boosted Pedestrian Detection / Färgsärdrag för boostingbaserad fotgängardetekteringHansson, Niklas January 2015 (has links)
The car has increasingly become more and more intelligent throughout the years. Today's radar and vision based safety systems can warn a driver and brake the vehicle automatically if obstacles are detected. Research projects such as the Google Car have even succeeded in creating fully autonomous cars. The demands to obtain the highest rating in safety tests such as Euro NCAP are also steadily increasing, and as a result, the development of these systems have become more attractive for car manufacturers. In the near future, a car must have a system for detecting, and performing automatic braking for pedestrians to receive the highest safety rating of five stars. The prospect is that the volume of active safety system will increase drastically when the car manufacturers start installing them in not only luxury cars, but also in the regularly priced ones. The use of automatic braking comes with a high demand on the performance of active safety systems, false positives must be avoided at all costs. Dollar et al. [2014] introduced Aggregated Channel Features (ACF) which is based on a 10-channel LUV+HOG feature map. The method uses decision trees learned from boosting and has been shown to outperform previous algorithms in object detection tasks. The rediscovery of neural networks, and especially Convolutional Neural Networks (CNN) has increased the performance in almost every field of machine learning, including pedestrian detection. Recently Yang et al.[2015] combined the two approaches by using the the feature maps from a CNN as input to a decision tree based boosting framework. This resulted in state of the art performance on the challenging Caltech pedestrian data set. This thesis presents an approach to improve the performance of a cascade of boosted classifiers by investigating the impact of using color information for pedestrian detection. The color self similarity feature introduced by Walk et al.[2010] was used to create a version better adapted for boosting. This feature is then used in combination with a gradient based feature at the last step of a cascade. The presented feature increases the performance compared to currently used classifiers at Autoliv, on data recorded by Autoliv and on the benchmark Caltech pedestrian data set. / Bilen har genom åren kommit att bli mer och mer intelligent. Dagens radar- och kamerabaserade säkerhetssystem kan varna och bromsa bilen automatiskt om hider detekteras. Forskningsprojekt såsom Google Car har t.o.m lyckats köra bilar helt autonomt. Kraven för att uppnå den högsta säkerhetsklassningen i t.ex. Euro NCAP blir allt strängare i takt med att dessa system utvecklas och som följd har dessa system blivit attraktivare för biltillverkare. Inom en snart framtid kommer det att krävas att en bil har ett system för att upptäcka och att bromsa automatiskt för fotgängare för att uppnå den högsta klassen, fem stjärnor. Förutsikterna är att produktionsvolymer för aktiva säkerhetsytem kommer att öka drastiskt när biltillverkarna börjar utrusta vanliga bilar och inte enbart lyxmodeller med dessa system. Användningen av aktiv bromsning ställer höga krav på prestanda, felakting aktivering av system måste i högsta grad undvikas. Dollar et al. [2014] presenterade Aggregated Channel Features (ACF) som baseras på en tiokanalig LUV+HOG särdragskarta. Metoden använder beslutsträd på pixelnivå som tas fram genom boosting och överträffade tidigare algoritmer för objektigenkänning. Återupptäkten av neurala nätverker och i synnerlighet Convolutional Neural Networks (CNN) har medfört en ökning i prestanda inom nästan alla fält av maskininlärning, inklusive fotgängardetektion. Nyligen kombinerades dessa två metoder av Yang et al.[2015] genom att särdragskartan från ett CNN användes som insignal till ett beslutsträdsbaserat boostingramverk. Detta ledde till det hittills bästa resultatet på det utmanande Caltech pedestrian dataset. I det här examensarbetet presenteras en metod som kan öka prestandan för en kaskad av boostingklassificerare ämnad för fotgängardetektion. Det färgbaserad särdraget color self similarity, Walk et al.[2010], används för att skapa en version som är bättre lämpad för boosting. Det presenterade särdraget ökade prestandan jämfört med befintliga klassificerare som används av Autoliv på både data inspelat av Autoliv och på Caltech pedestrian dataset.
|
Page generated in 0.054 seconds