Global ETD Search

11	Automatic Internet of Things Device Category Identification using Traffic Rates Hsu, Alexander Sirui 12 March 2019 (has links) Due to the ever increasing supply of new Internet of Things (IoT) devices being added onto a network, it is vital secure the devices from incoming cyber threats. The manufacturing process of creating and developing a new IoT device allows many new companies to come out with their own device. These devices also increase the network risk because many IoT devices are created without proper security implementation. Utilizing traffic patterns as a method of device type detection will allow behavior identification using only Internet Protocol (IP) header information. The network traffic captured from 20 IoT devices belonging to 4 distinct types (IP camera, on/off switch, motion sensor, and temperature sensor) are generalized and used to identify new devices previously unseen on the network. Our results indicate some categories have patterns that are easier to generalize, while other categories are harder but we are still able recognize some unique characteristics. We also are able to deploy this in a test production network and adapted previous methods to handle streaming traffic and an additional noise categorization capable of identify non-IoT devices. The performance of our model is varied between classes, signifying that much future work has to be done to increase the classification score and overall usefulness. / Master of Science / IoT (Internet of Things) devices are an exploding field, with many devices being created, manufactured, and utilized per year. With the rise of so many internet capable devices, there is a risk that the devices may have vulnerabilities and exploits able to allow unauthorized users to access. While a problem for a consumer network, this is an increased problem in an enterprise network, since much of the information on the network is sensitive and should be kept confidential and private. While a ban of IoT devices on a network is able to solve this problem, with the rise of machine learning able to characterize and recognize patterns, a smarter approach can be created to distinguish when and which types of IoT devices enter the network. Previous attempts to identify IoT devices used signature schemes specific to a single device, but this paper aims to generalize traffic behaviors and identifying a device category rather than a specific IoT device to ensure future new devices can also be recognized. With device category identification in place on an internet network, smarter approaches can be implemented to ensure the devices remain secure while still able to be used. Machine learning IoT Smart Devices Network Traffic
12	Creating Models Of Internet Background Traffic Suitable For Use In Evaluating Network Intrusion Detection Systems Luo, Song 01 January 2005 (has links) This dissertation addresses Internet background traffic generation and network intrusion detection. It is organized in two parts. Part one introduces a method to model realistic Internet background traffic and demonstrates how the models are used both in a simulation environment and in a lab environment. Part two introduces two different NID (Network Intrusion Detection) techniques and evaluates them using the modeled background traffic. To demonstrate the approach we modeled five major application layer protocols: HTTP, FTP, SSH, SMTP and POP3. The model of each protocol includes an empirical probability distribution plus estimates of application-specific parameters. Due to the complexity of the traffic, hybrid distributions (called mixture distributions) were sometimes required. The traffic models are demonstrated in two environments: NS-2 (a simulator) and HONEST (a lab environment). The simulation results are compared against the original captured data sets. Users of HONEST have the option of adding network attacks to the background. The dissertation also introduces two new template-based techniques for network intrusion detection. One is based on a template of autocorrelations of the investigated traffic, while the other uses a template of correlation integrals. Detection experiments have been performed on real traffic and attacks; the results show that the two techniques can achieve high detection probability and low false alarm in certain instances. Network Traffic Modeling Network Traffic Simulation Network Intrusion Detection Computer Sciences Engineering
13	Detecting Remote Attacks Han, Wang-tzu 30 July 2004 (has links) With the advanced technology, our life has improved, however, it also brings the new model of crime events. Because the intrusion technique and intrusion tools are developed day by day, many computer crimes such as overstep system authority, intrusion events, computer crime, and network attack incidents are happening everywhere and everyday. In fact, those kinds of animus attack behaviors are troublesome problems. Staffs of network management may have to read security advisory, which is sent out by security organization. For example, they have to subscribe advisories for Computer Emergency Response Team or security mail list to continuously accumulate their security information. In addition, in the security protect system, they may need to spend huge fund to purchase firewall system, intrusion detection system, antivirus system and other related security protect systems. These attack behaviors have been evolved from one computer attacked to heavy attack by new intrusion model such as worm to proceed large scale spread attacking recently. Furthermore, each attack use different communication protocol and port, which is aimed at the system vulnerability, it is not easy to detect these attacks. If we can observe the variation of network traffic to detect the unusual hosts, for controlling the usage of network or occurring extraordinary phenomenon, it could help network managers to discover and solve network attack problems in time. Lately, many intrusion events have been happened increasingly, and the denial-of-service has become the most serious network event of the Computer Crime and Security Survey of FBI/CSI in 2003. Therefore, in various attacking types, we choose vulnerability scan and denial-of-service as our research direction. This research extend to develop IPAudit[16], a network traffic monitor system, which is to detect hosts flows traffic of the local area network. We establish network attack rules by using data miningclassification (C4.5) to analyze attack data, and we estimate the correctness percentage of classification. This study also uses different attack applications for the same attack type to process the cross experiment. The result has shown that the technology of data mining classification (C4.5) can help us to forecast efficiently the same attack type events. Data mining classification network traffic analysis vulnerability scan Denial-of-service
14	A network traffic model for wireless mesh networks / Z.S. van der Merwe. Van der Merwe, Zuann Stephanus January 2013 (has links) Design and management decisions require an accurate prediction of the performance of the network. Network performance estimation techniques require accurate network traffic models. In this thesis we are concerned with the modelling of network traffic for the wireless mesh network (WMN) environment. Queueing theory has been used in the past to model the WMN environment and we found in this study that queueing theory was used in two main methods to model WMNs. The first method is to consider each node in the network in terms of the number of hops it is away from the gateway. Each node is then considered as a queueing station and the parameters for the station is derived from the number of hops each node is away from the gateway. These topologies can be very limiting in terms of the number of physical topologies they can model due to the fact that their parameters are only dependent on the number of hop-counts each node is away from the gateway. The second method is to consider a fixed topology with no gateways. This method simplifies analysis but once again is very limiting. In this dissertation we propose a queueing based network traffic model that uses a connection matrix to define the topology of the network. We then derive the parameters for our model from the connection matrix. The connection matrix allows us to model a wider variety of topologies without modifying our model. We verify our model by comparing results from our model to results from a discrete event simulator and we validate our model by comparing results from our model to results from models previously proposed by other authors. By comparing results from our model to results of other models we show that our model is indeed capable of modelling a wider variety of topologies. / Thesis (MIng (Computer and Electronic Engineering))--North-West University, Potchefstroom Campus, 2013. Network traffic model Queueing Theory Wireless Mesh Networks (WMN)
15	A network traffic model for wireless mesh networks / Z.S. van der Merwe. Van der Merwe, Zuann Stephanus January 2013 (has links) Design and management decisions require an accurate prediction of the performance of the network. Network performance estimation techniques require accurate network traffic models. In this thesis we are concerned with the modelling of network traffic for the wireless mesh network (WMN) environment. Queueing theory has been used in the past to model the WMN environment and we found in this study that queueing theory was used in two main methods to model WMNs. The first method is to consider each node in the network in terms of the number of hops it is away from the gateway. Each node is then considered as a queueing station and the parameters for the station is derived from the number of hops each node is away from the gateway. These topologies can be very limiting in terms of the number of physical topologies they can model due to the fact that their parameters are only dependent on the number of hop-counts each node is away from the gateway. The second method is to consider a fixed topology with no gateways. This method simplifies analysis but once again is very limiting. In this dissertation we propose a queueing based network traffic model that uses a connection matrix to define the topology of the network. We then derive the parameters for our model from the connection matrix. The connection matrix allows us to model a wider variety of topologies without modifying our model. We verify our model by comparing results from our model to results from a discrete event simulator and we validate our model by comparing results from our model to results from models previously proposed by other authors. By comparing results from our model to results of other models we show that our model is indeed capable of modelling a wider variety of topologies. / Thesis (MIng (Computer and Electronic Engineering))--North-West University, Potchefstroom Campus, 2013. Network traffic model Queueing Theory Wireless Mesh Networks (WMN)
16	Data Driven Learning of Dynamical Systems Using Neural Networks Mussmann, Thomas Frederick 04 October 2021 (has links) No description available. Mathematics
17	A Visualization Framework for SiLK Data exploration and Scan Detection El-Shehaly, Mai Hassan 21 September 2009 (has links) Network packet traces, despite having a lot of noise, contain priceless information, especially for investigating security incidents or troubleshooting performance problems. However, given the gigabytes of flow crossing a typical medium sized enterprise network every day, spotting malicious activity and analyzing trends in network behavior becomes a tedious task. Further, computational mechanisms for analyzing such data usually take substantial time to reach interesting patterns and often mislead the analyst into reaching false positives, benign traffic being identified as malicious, or false negatives, where malicious activity goes undetected. Therefore, the appropriate representation of network traffic data to the human user has been an issue of concern recently. Much of the focus, however, has been on visualizing TCP traffic alone while adapting visualization techniques for the data fields that are relevant to this protocol's traffic, rather than on the multivariate nature of network security data in general, and the fact that forensic analysis, in order to be fast and effective, has to take into consideration different parameters for each protocol. In this thesis, we bring together two powerful tools from different areas of application: SiLK (System for Internet-Level Knowledge), for command-based network trace analysis; and ComVis, a generic information visualization tool. We integrate the power of both tools by aiding simplified interaction between them, using a simple GUI, for the purpose of visualizing network traces, characterizing interesting patterns, and fingerprinting related activity. To obtain realistic results, we applied the visualizations on anonymized packet traces from Lawrence Berkley National Laboratory, captured on selected hours across three months. We used a sliding window approach in visually examining traces for two transport-layer protocols: ICMP and UDP. The main contribution of this research is a protocol-specific framework of visualization for ICMP and UDP data. We explored relevant header fields and the visualizations that worked best for each of the two protocols separately. The resulting views led us to a number of guidelines that can be vital in the creation of "smart books" describing best practices in using visualization and interaction techniques to maintain network security; while creating visual fingerprints which were found unique for individual types of scanning activity. Our visualizations use a multiple-views approach that incorporates the power of two-dimensional scatter plots, histograms, parallel coordinates, and dynamic queries. / Master of Science Scan Detection Network Security Visualization Network Traffic Visualization Network Traffic Analysis Visualization tools Traffic Analysis Tools Information Visualization
18	Emulation of Network Device Behaviour for Robot Controller Testing Opacin, Muhamed January 2023 (has links) The testing of software for robot controllers has become increasingly difficult as robotic systems become more complex. As the complexity of the systems increases, the number of hardware systems that the robot relies on also grows. This poses a challenge in testing robot controllers, which is crucial to ensure that robots function safely and effectively in their intended applications. While simulation can be used as a platform for software testing, it is not feasible to simulate everything in a virtual environment, especially when test cases require physical connections to hardware for input and output signals sent to robot controllers. Therefore, the objective of this thesis is to replicate I/O device network communication in order to enhance virtual testing processes. The approach employed involves capturing real-time network traffic, modifying and rebuilding it, and subsequently replaying it. The work examines existing academic research on these approaches and technologies, and investigates the specific challenges in the testing process by conducting research within a company leading globally in industrial robot development. A conceptual model is proposed, and a prototype is developed. The solution demonstrates potential in addressing the current challenges in robot controller testing by enabling network capture, modification, and level 4 network traffic replay. However, experimental results reveal various limitations, such as significant delays in generating responses. Therefore, further research and development are required if the solution is to be implemented in a real-world setting. emulation software testing robotics industrial robots computer networks network protocols i/o devices network traffic network traffic replay Engineering and Technology Teknik och teknologier Robotics Robotteknik och automation Computer Systems Datorsystem
19	Allmänhetens säkerhetsmedvetenhet med avseende på trådlös kommunikation Wallin, Andreas, Rubensson, Jonas, Iggstrand, Alexander January 2014 (has links) Offentliga trådlösa nätverk finns idag mer tillgängliga än någonsin. Samtidigt haralla dessa nätverk något gemensamt – de går alla att avlyssna och risken finns attanvändarens information kan komma i fel händer. Uppsatsen behandlarallmänhetens säkerhetsmedvetenhet med avseende på denna typ av nätverk genomtvå undersökningar. Den första undersökningen sker via ett tekniskt experiment därdet på flera geografiska platser har erbjudits ett trådlöst nätverk till allmänheten. Pådetta nätverk har det i realtid getts möjligheten att bedöma användarnassäkerhetsmedvetenhet genom att analysera deras nätverkstrafik. Den andraundersökningen sker via en enkät för att få ett resultat från ett teoretiskt perspektiv,hur användarna tror sig agera vid användning av ett sådant nätverk. Således ger denen inblick i den kunskap och säkerhetsmedvetenhet människor i allmänhet tror sigbesitta.Resultaten från undersökningarna tyder på att människors säkerhetsmedvetenhetkan och bör förbättras. Ett första steg är ytterligare utbildning angående de riskersom existerar och hur man undviker dem, något som tas upp i denna uppsats. / Public wireless networks are more available than ever. The networks all havesomething in common—they can be tapped in to, which poses the risk of sensitiveuser information being compromised. This research paper explores the public’ssecurity awareness with regards to public wireless networks by two differentmethods. One technical experiment in which, access to a public wireless networks inseveral different locations were offered. This allowed us to, in real-time, assess thesafety awareness of the users of our public wireless network, by analyzing theirnetwork traffic. The second was a survey, which were distributed to our sample ofpeople. It asked the sample questions about how they perceive their own behavioron a public wireless network. Thus, the survey allowed us to get an idea of theknowledge and the security awareness the public in general believe that they have.The results from our research indicate that people’s security awareness can andshould be improved. One first step towards improvement would be educationconcerning the risks that exist and how to avoid them, which is something that will be brought up in this paper. Security awareness Wireless network Eavesdropping Network traffic Säkerhetsmedvetenhet Trådlösa nätverk Avlyssning Nätverkstrafik
20	Esquema de escalonamento baseado na regularidade local de fluxos de dados internet / A stream scheduling scheme based on local regularity of internet traffic Jorge, Christian 31 January 2006 (has links) Orientador: Lee Luan Ling / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Eletrica e de Computação / Made available in DSpace on 2018-08-06T02:50:26Z (GMT). No. of bitstreams: 1 Jorge_Christian_M.pdf: 1384136 bytes, checksum: 21169a9d54dc981f5cfe38cdbaf733e5 (MD5) Previous issue date: 2006 / Resumo: Nas redes de comunicações, a atual integração de vários tipos de serviços, cada qual com características estatísticas e requisitos de qualidade de serviço distintos, traz consigo a necessidade de esquemas eficientes de gerenciamento e controle de congestionamento do tráfego presente. Em pequenas escalas de tempo, os esquemas atuais podem ter sua eficiência reduzida devido à alta irregularidade do tráfego. Desta forma, neste presente trabalho, tendo como base à disciplina de escalonamento Generalized Processor Sharing (GPS), propõe-se um esquema de escalonamento de fluxos de dados que utiliza o expoente de Hölder pontual para caracterização local de cada fluxo. Para isso, propõe-se conjuntamente um estimador dinâmico destes expoentes e um preditor. Os expoentes de Hölder pontuais são estimados dinamicamente por meio do decaimento dos coeficientes wavelets em janelas de tempo. O preditor proposto possui características adaptativas e baseia-se no filtro de Kalman e no filtro de Mínimos Médios Quadrados Normalizado (Normalized Least-Mean-Square - NLMS). As avaliações realizadas mostram que este esquema de escalonamento contribui para o controle dinâmico preventivo no sentido de se obter uma menor perda de dados e um melhor uso da taxa de transmissão do enlace, em comparação com o GPS convencional / Abstract: Today network traffic is composed of many services with different statistical characteristics and quality of service requirements. This integration needs efficient traffic congestion control and management schemes. Dynamic and preventive schemes usually anticipate traffic conditions by means of a prediction process. Nevertheless, at fine-grained time scales, traffic exhibits strong irregularities and more complex scaling law that make this prediction process a non-trivial task. In this work we model network traffic flows as multifractal processes and introduce the pointwise Hölder exponent as an indicator of the local regularity degree. Also we propose a new traffic flow scheduling scheme based on the Generalized Processor Sharing (GPS) discipline that incorporate the pointwise Hölder exponent to locally characterize each data flow. For this end we explicitly present both dynamic pointwise Hölder exponent estimation and prediction mechanisms. The pointwise Hölder estimation is carried out dynamically based on the decay of the wavelet coefficients in the selected time windows. The proposed predictor is adaptive and implemented with both Kalman and Normalized Least Mean Squares (NLMS) filters. Experimental evaluations have validated the proposed scheduling scheme, resulting in low data loss rate and a better sharing of the network resources in comparison with the usual GPS scheme / Mestrado / Telecomunicações e Telemática / Mestre em Engenharia Elétrica Telecomunicações - Tráfego Internet Wavelets (Matemática) Kalman, Filtragem de Network traffic Multifractals Holder exponent Kalman filter Scheduling

Search results