• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 54
  • 21
  • 11
  • 6
  • 6
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 1
  • Tagged with
  • 97
  • 97
  • 60
  • 47
  • 36
  • 35
  • 32
  • 21
  • 21
  • 17
  • 15
  • 14
  • 14
  • 14
  • 14
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
21

Reducing Third Parties in the Network through Client-Side Intelligence

Kontaxis, Georgios January 2018 (has links)
The end-to-end argument describes the communication between a client and server using functionality that is located at the end points of a distributed system. From a security and privacy perspective, clients only need to trust the server they are trying to reach instead of intermediate system nodes and other third-party entities. Clients accessing the Internet today and more specifically the World Wide Web have to interact with a plethora of network entities for name resolution, traffic routing and content delivery. While individual communications with those entities may some times be end to end, from the user's perspective they are intermediaries the user has to trust in order to access the website behind a domain name. This complex interaction lacks transparency and control and expands the attack surface beyond the server clients are trying to reach directly. In this dissertation, we develop a set of novel design principles and architectures to reduce the number of third-party services and networks a client's traffic is exposed to when browsing the web. Our proposals bring additional intelligence to the client and can be adopted without changes to the third parties. Websites can include content, such as images and iframes, located on third-party servers. Browsers loading an HTML page will contact these additional servers to satisfy external content dependencies. Such interaction has privacy implications because it includes context related to the user's browsing history. For example, the widespread adoption of "social plugins" enables the respective social networking services to track a growing part of its members' online activity. These plugins are commonly implemented as HTML iframes originating from the domain of the respective social network. They are embedded in sites users might visit, for instance to read the news or do shopping. Facebook's Like button is an example of a social plugin. While one could prevent the browser from connecting to third-party servers, it would break existing functionality and thus be unlikely to be widely adopted. We propose a novel design for privacy-preserving social plugins that decouples the retrieval of user-specific content from the loading of third-party content. Our approach can be adopted by web browsers without the need for server-side changes. Our design has the benefit of avoiding the transmission of user-identifying information to the third-party server while preserving the original functionality of the plugins. In addition, we propose an architecture which reduces the networks involved when routing traffic to a website. Users then have to trust fewer organizations with their traffic. Such trust is necessary today because for example we observe that only 30% of popular web servers offer HTTPS. At the same time there is evidence that network adversaries carry out active and passive attacks against users. We argue that if end-to-end security with a server is not available the next best thing is a secure link to a network that is close to the server and will act as a gateway. Our approach identifies network vantage points in the cloud, enables a client to establish secure tunnels to them and intelligently routes traffic based on its destination. The proliferation of infrastructure-as-a-service platforms makes it practical for users to benefit from the cloud. We determine that our architecture is practical because our proposed use of the cloud aligns with existing ways end-user devices leverage it today. Users control both endpoints of the tunnel and do not depend on the cooperation of individual websites. We are thus able to eliminate third-party networks for 20% of popular web servers, reduce network paths to 1 hop for an additional 20% and shorten the rest. We hypothesize that user privacy on the web can be improved in terms of transparency and control by reducing the systems and services that are indirectly and automatically involved. We also hypothesize that such reduction can be achieved unilaterally through client-side initiatives and without affecting the operation of individual websites.
22

Offered load and stability controls in multi-hop wireless networks.

January 2005 (has links)
Ng Ping-chung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 71-72). / Abstracts in English and Chinese. / Chapter Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Overview and Motivation --- p.1 / Chapter 1.2 --- Background of Offered Load Control --- p.2 / Chapter 1.3 --- Background of Stability Control --- p.3 / Chapter 1.4 --- Organization of the Thesis --- p.4 / Chapter Chapter 2 --- Performance Problems and Solutions --- p.6 / Chapter 2.1 --- Simulation Set-up --- p.6 / Chapter 2.2 --- High Packet-Drop Rate --- p.7 / Chapter 2.3 --- Re-routing Instability --- p.8 / Chapter 2.3.1 --- Hidden-Node Problem --- p.8 / Chapter 2.3.2 --- Ineffectiveness of Solving Hidden-Node Problem with RTS/CTS …… --- p.9 / Chapter 2.4 --- Solutions to High-Packet Loss Rate and Re-routing Instability --- p.10 / Chapter 2.4.1 --- Link-Failure Re-routing --- p.11 / Chapter 2.4.2 --- Controlling Offered Load --- p.13 / Chapter 2.5 --- Verification of Simulation Results with Real-life Experimental Measurements --- p.14 / Chapter Chapter 3 --- Offered Load Control --- p.16 / Chapter 3.1 --- Capacity Limited by the Hidden-node and Exposed-node Problems --- p.16 / Chapter 3.1.1 --- Signal Capture --- p.18 / Chapter 3.1.2 --- Analysis of Vulnerable Period induced by Hidden Nodes --- p.20 / Chapter 3.1.3 --- Analysis of Vulnerable Period induced by Exposed Nodes --- p.21 / Chapter 3.1.4 --- Sustainable Throughput --- p.22 / Chapter 3.2 --- Capacity Limited by Carrier Sensing Property --- p.23 / Chapter 3.3 --- Numerical Results --- p.26 / Chapter 3.4 --- General Throughput Analysis of a Single Multi-hop Traffic Flow --- p.29 / Chapter 3.5 --- Throughput Analysis on Topologies with Variable Distances between Successive Nodes --- p.31 / Chapter Chapter 4 --- Discussions of Other Special Cases --- p.33 / Chapter 4.1 --- A Carrier-sensing Limited Example --- p.33 / Chapter 4.2 --- A Practical Solution to Improve Throughput --- p.34 / Chapter Chapter 5 --- Achieving Fairness in Other Network Topologies --- p.36 / Chapter 5.1 --- Lattice Topology --- p.36 / Chapter Chapter 6 --- Stability Control --- p.39 / Chapter 6.1 --- Ad-hoc routing protocols --- p.39 / Chapter 6.2 --- Proposed scheme --- p.40 / Chapter 6.2.1 --- Original AODV --- p.41 / Chapter 6.2.2 --- AODV with Proposed Scheme --- p.42 / Chapter 6.2.2.1 --- A Single Flow in a Single Chain of Nodes --- p.43 / Chapter 6.2.2.2 --- Real-break Case --- p.44 / Chapter 6.3 --- Improvements --- p.45 / Chapter Chapter 7 --- Impacts of Data Transmission Rate and Payload Size --- p.48 / Chapter 7.1 --- Signal Capture --- p.48 / Chapter 7.2 --- Vulnerable region --- p.50 / Chapter Chapter 8 --- Performance Enhancements in Multiple Flows --- p.53 / Chapter 8.1 --- Impacts of Re-routing Instability in Two Flow Topology --- p.53 / Chapter 8.2 --- Impacts of Vulnerable Periods in Multiple Flow Topologies --- p.55 / Chapter 8.2.1 --- The Vulnerable Period induced by Individual Hidden-terminal Flow --- p.57 / Chapter 8.2.2 --- The Number of Hidden-terminal Flows --- p.58 / Chapter 8.2.3 --- Correlation between Hidden-terminal Flows --- p.60 / Chapter Chapter 9 --- Conclusion --- p.63 / Chapter Appendix A: --- General Throughput Analysis of a Single Multi-hop Traffic Flow --- p.67 / Chapter A.l --- Capacity Limited by Hidden-node and Exposed-Node --- p.67 / Chapter A.1.1 --- Sustainable Throughput --- p.68 / Chapter A.2 --- Capacity Limited by Carrier Sensing Property --- p.68 / Bibliography --- p.71
23

Intelligent traffic monitoring, analysis and classification. / CUHK electronic theses & dissertations collection

January 2008 (has links)
The second problem that is addressed in the thesis is about traffic analysis and classification. Accurate identification of network applications is important to many network activities. Traditional port-based technique has become much less effective since many new applications no longer use well-known fixed port numbers. In this thesis, we propose a novel profile-based approach to identify traffic flows belonging to the target application. In contrast to classifying traffic based on statistics of individual flows in previous studies, we build behavioral profiles of the target application, which describe dominant communication patterns of the application. Based on the behavior profiles, a two-level matching is used in identifying new traffic. We demonstrate the effectiveness of our method on campus traffic traces. Our results show that one can identify the popular P2P applications with very high accuracy. / This thesis represents new intelligent methods for monitoring and classifying network traffic. Internet traffic flow measurement is vitally important for network management, accounting and performance studies. Cisco's NetFlow is a widely deployed flow measurement solution that uses a configurable static sampling rate to control processor and memory usage on the router and the amount of reporting flow records generated. But during flooding attacks the memory and network bandwidth consumed by flow records can increase beyond what is available. Currently available countermeasures have their own problems In this thesis, we propose an entropy based adaptive flow aggregation algorithm. Relying on information-theoretic techniques, the algorithm efficiently identifies the clusters of attack flows in real time and aggregates those large number of short attack flows into a few metaflows. Compared to currently available solutions, our solution not only alleviates the problem in memory and export bandwidth, but also significantly improves the accuracy of legitimate flows. We evaluate our system using both synthetic trace file and real trace files from the Internet. / Hu, Yan. / Adviser: Dah-Mino Chen. / Source: Dissertation Abstracts International, Volume: 70-06, Section: B, page: 3600. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2008. / Includes bibliographical references (leaves 128-135). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.
24

ISPs' traffic engineering and peering strategy. / ISP的流量工程和互連策略 / CUHK electronic theses & dissertations collection / ISP de liu liang gong cheng he hu lian ce lüe

January 2007 (has links)
Our study on interdomain traffic engineering focuses on AS Path Prepending (ASPP), a popular way for inbound traffic engineering. In order to improve the current situation that ISPs often practise this approach in a trial-and-error basis, we propose a greedy algorithm to help ISPs perform this approach systematically and efficiently. Then we demonstrate two fundamental issues of decentralized selfish traffic engineering, routing instability and global network performance degradation, based on an abstract model where ISPs perform traffic engineering for their individual load balance. We also present a real-world pathologic case of prepending instability from our measurement study. Some simple guidelines are given for ISPs to avoid such routing instability. / Our work on peering strategy is to help ISPs understand the economic implications of various traffic patterns and make proper decisions to optimize their business. We first conduct an economic analysis for an overlay streaming network to gain some insights on the free ride phenomenon. We further improve the analysis by taking the response of subscribers into consideration and formulate the dynamic market as a multi-leader-follower game to capture the Nash Equilibrium of the routing tussle among the major players of the Internet marketplace. Based on this framework together with a gravity traffic model, we present some important observations on the implications of overlays on ISPs' peering strategy. / Over the past several years, numerous types of "overlay" networks change the interdomain traffic pattern and ISPs lose the routing control of some interdomain traffic flows due to the application layer routing. As a result, some ISPs may provide unintended transit service for other local ISPs. It upsets the traditional business model and makes ISPs' peering strategies more complicated. / The Internet has quickly evolved into a vast global network owned and operated by thousands of interconnected Internet Service Providers. Each of these ISPs, as one autonomous system, has its individual economic interests. ISPs can achieve their objectives through peering strategy and interdomain traffic engineering. These two issues are important for ISPs' business and have significant implications on the Internet architecture. / Wang, Hui. / "September 2007." / Adviser: Dah Ming Chiu. / Source: Dissertation Abstracts International, Volume: 69-08, Section: B, page: 4865. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2007. / Includes bibliographical references (p. 163-170). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.
25

Principles of backlog balancing for rate-based flow control and congestion control in ATM networks. / CUHK electronic theses & dissertations collection

January 1996 (has links)
by Guo, Xiao-Lei. / Thesis (Ph.D.)--Chinese University of Hong Kong, 1996. / Includes bibliographical references (p. 138-[147]). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Mode of access: World Wide Web.
26

Characterization and performance evaluation for the proportional delay differentiated services.

January 2001 (has links)
Leung Ka Hing. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2001. / Includes bibliographical references (leaves 94-96). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Characterization and Performance Analysis --- p.8 / Chapter 2.1 --- Two-class Proportional Differentiated Service --- p.11 / Chapter 2.2 --- N-class Proportional DS --- p.13 / Chapter 3 --- Experiments of Proportional Delay Differentiation using the It- erative Algorithm --- p.20 / Chapter 3.1 --- Experiments using Poisson arrivals --- p.21 / Chapter 3.2 --- Experiments using other arrivals distributions --- p.33 / Chapter 4 --- Dynamic Adjustment --- p.37 / Chapter 4.1 --- Adjustment algorithms --- p.37 / Chapter 5 --- Experiments of Proportional Delay Differentiation using Dy- namic Adjustment --- p.41 / Chapter 5.1 --- Illustration of dynamic adjustment --- p.43 / Chapter 5.2 --- Poisson --- p.45 / Chapter 5.3 --- Pareto --- p.48 / Chapter 5.4 --- MMPP --- p.54 / Chapter 5.5 --- Heterogeneous traffic classes --- p.60 / Chapter 5.6 --- Experiments for short time-scale analysis --- p.62 / Chapter 6 --- Multiple nodes --- p.69 / Chapter 7 --- Summary of the Experiments Results --- p.75 / Chapter 8 --- Improvement of WTP --- p.78 / Chapter 8.1 --- Algorithm --- p.78 / Chapter 8.2 --- Experiments --- p.80 / Chapter 9 --- Possible Extensions --- p.85 / Chapter 9.1 --- Application Extension --- p.85 / Chapter 9.2 --- Performance Quantification --- p.87 / Chapter 10 --- Conclusion --- p.90
27

Reconfiguration issues in a quasi-static packet switch.

January 2003 (has links)
by Man Wai-Hung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 62-66). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- General Types of Switch Architecture --- p.2 / Chapter 1.1.1 --- Input-Buffered Switch --- p.2 / Chapter 1.1.2 --- Output-Buffered Switch --- p.4 / Chapter 1.1.3 --- Crossbar-Based Switch --- p.4 / Chapter 1.1.4 --- Shared Buffer Memory Switch --- p.5 / Chapter 1.2 --- From Clos Network to Cross-path Switch --- p.6 / Chapter 1.3 --- Motivation and Organization --- p.12 / Chapter 2 --- Route Reconfiguration in Clos Network --- p.14 / Chapter 2.1 --- Connection Matrix in Clos Network --- p.15 / Chapter 2.2 --- Rearranging Central Modules in Clos Network --- p.18 / Chapter 2.3 --- Changing the Connection Matrix --- p.20 / Chapter 2.4 --- One Step Route Reconfiguration --- p.21 / Chapter 2.5 --- Closing Remarks --- p.25 / Chapter 3. --- Frame-Based Reconfiguration Scheme in Cross-Path Switch --- p.26 / Chapter 3.1 --- Route Assignment in Cross-Path Switch --- p.27 / Chapter 3.1.1 --- Requirement Matrix and Capacity Matrix --- p.27 / Chapter 3.1.2 --- Allocation Vector --- p.29 / Chapter 3.2 --- Progress Tracing in Cross-Path Switch --- p.30 / Chapter 3.3 --- Implementing Frame-Based Reconfiguration --- p.32 / Chapter 3.3.1 --- Recognizing Receiver Virtual Path --- p.33 / Chapter 3.3.2 --- Finding Donor Virtual Path --- p.34 / Chapter 3.4 --- Simulation Results --- p.36 / Chapter 3.4.1 --- Fixed Requirement Matrix --- p.36 / Chapter 3.4.2 --- Time-Varying Requirement Matrix --- p.38 / Chapter 3.5 --- Unfavourable Reconfigurations --- p.39 / Chapter 3.6 --- Closing Remarks --- p.41 / Chapter 4. --- Performance and Delay Tradeoff in Frame-Based Reconfiguration Scheme --- p.43 / Chapter 4.1 --- Service Curve and Cross-Path Switch --- p.44 / Chapter 4.2 --- Service Curve of Cross-Path Switch under Reconfiguration --- p.45 / Chapter 4.3 --- Impact of Reconfiguration Algorithms to Maximum Delay Increase --- p.48 / Chapter 4.4 --- Numerical Example --- p.56 / Chapter 4.5 --- Closing Remarks --- p.57 / Chapter 5. --- Conclusions and Future Researches --- p.59 / Chapter 5.1 --- Suggestions for Future Researches --- p.60 / Bibliography --- p.62
28

Enhancing distributed traffic monitoring via traffic digest splitting.

January 2009 (has links)
Lam, Chi Ho. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2009. / Includes bibliographical references (leaves 113-117). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.vi / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- Organization --- p.4 / Chapter 2 --- Related Works and Background --- p.7 / Chapter 2.1 --- Related Works --- p.7 / Chapter 2.2 --- Background --- p.9 / Chapter 2.2.1 --- Datalite --- p.9 / Chapter 2.2.2 --- Proportional Union Method --- p.14 / Chapter 2.2.3 --- Quasi-Likelihood Approach --- p.18 / Chapter 3 --- Estimation Error of Existing TD-based TMA schemes --- p.24 / Chapter 3.1 --- Error Accumulation and Amplification of Existing Schemes --- p.25 / Chapter 3.1.1 --- Pu --- p.25 / Chapter 3.1.2 --- Qmle --- p.26 / Chapter 3.1.3 --- Datalite --- p.26 / Chapter 3.2 --- Estimation Error of 3-sets intersection cases --- p.28 / Chapter 3.2.1 --- Pu --- p.28 / Chapter 3.2.2 --- Datalite --- p.30 / Chapter 4 --- Error Reduction Via Traffic Digest Splitting --- p.36 / Chapter 4.1 --- Motivation --- p.36 / Chapter 4.2 --- Objective Functions for Optimal TD-splitting --- p.39 / Chapter 4.3 --- Problem Formulation of Threshold-based Splitting --- p.41 / Chapter 4.3.1 --- Minimizing Maximum Estimation Error --- p.42 / Chapter 4.3.2 --- Minimizing R.M.S. Estimation Error --- p.46 / Chapter 4.4 --- Analysis of Estimation Error Reduction Via Single-Level TD-splitting --- p.48 / Chapter 4.4.1 --- Noise-to-signal Ratio Reduction --- p.49 / Chapter 4.4.2 --- Estimation Error Reduction --- p.52 / Chapter 4.5 --- Recursive Splitting --- p.56 / Chapter 4.5.1 --- Minimizing Maximum Estimation Error --- p.57 / Chapter 4.5.2 --- Minimizing R.M.S. Estimation Error --- p.59 / Chapter 5 --- Realization of TD-splitting for Network Traffic Measurement --- p.61 / Chapter 5.1 --- Tracking Sub-TD Membership --- p.64 / Chapter 5.1.1 --- Controlling the Noise due to Non-Existent Flows on a Target Link --- p.64 / Chapter 5.1.2 --- Sub-TD Membership Tracking for Single-level TD-splitting --- p.65 / Chapter 5.1.3 --- Sub-TD Membership Tracking under Recursive Splitting --- p.66 / Chapter 5.2 --- Overall Operations to support TD-splitting for Network-wide Traffic Measurements --- p.67 / Chapter 5.2.1 --- Computation Time for TD-splitting --- p.69 / Chapter 6 --- Performance Evaluation --- p.72 / Chapter 6.1 --- Applying TD-splitting on Generic Network Topology --- p.72 / Chapter 6.1.1 --- Simulation Settings --- p.73 / Chapter 6.1.2 --- Validity of the Proposed Surrogate Objective Functions --- p.75 / Chapter 6.1.3 --- Performance of Single-level TD-splitting --- p.77 / Chapter 6.1.4 --- Performance of Recursive TD-splitting --- p.88 / Chapter 6.1.5 --- Heterogeneous NSR Loading --- p.95 / Chapter 6.2 --- Internet Trace Evaluation --- p.99 / Chapter 6.2.1 --- Simulation Results --- p.100 / Chapter 7 --- Conclusion --- p.105 / Chapter A --- Extension of QMLE for Cardinality Estimation of 3-sets Intersection --- p.107 / Bibliography --- p.113
29

Internet user access via dial-up and campus wireless networks-tracffic characterization and statistics

Hutchins, Ronald Roscoe January 2001 (has links)
No description available.
30

Network tomography based on flow level measurements

Arifler, Dogu 28 August 2008 (has links)
Not available / text

Page generated in 0.125 seconds