Global ETD Search

11	The Design and Implementation of Protocol Classifier based on Linux Netfilter Chen, Chien-Hua 10 September 2006 (has links) The management of network bandwidth is more important along with the population growth of Internet. For the issue of network bandwidth management the first thing needs to be done is to analyze network traffic belongs to which protocol. And then we can restrict the usage of network bandwidth accroding to the mangement policy. The mean used to identify network traffic in the past is port-based one which based on the well-known default port number of application protocols. For example, the Hyper-Text Transfer Protocol (HTTP) uses port number 80 as his default port, therefor we could classify traffic which appears in port 80 as HTTP traffic. It is not enough for applications in our own day, especilly the Peer-to-Peer application that used random port number as his default port in order to evade the port-based classifiaction. In order to conquer the issue described above we developed a content-based protocol classifier which inspects the payload of packets. We also compared our system with other content-based protocol classifiers. In addition, we also provided a verification tool which verifies the result of protocol classifier by connecting to the host and testing the hehavior of specific application. Linux Netfilter Traffic Analysis Application-level Signatures Online Application Classification
12	HTTP Traffic Analysis based on a Lossy Packet-level Trace Zhao, Song 23 August 2013 (has links) No description available. Computer Science HTTP traffic analysis Packet-level trace lossy
13	A Visualization Framework for SiLK Data exploration and Scan Detection El-Shehaly, Mai Hassan 21 September 2009 (has links) Network packet traces, despite having a lot of noise, contain priceless information, especially for investigating security incidents or troubleshooting performance problems. However, given the gigabytes of flow crossing a typical medium sized enterprise network every day, spotting malicious activity and analyzing trends in network behavior becomes a tedious task. Further, computational mechanisms for analyzing such data usually take substantial time to reach interesting patterns and often mislead the analyst into reaching false positives, benign traffic being identified as malicious, or false negatives, where malicious activity goes undetected. Therefore, the appropriate representation of network traffic data to the human user has been an issue of concern recently. Much of the focus, however, has been on visualizing TCP traffic alone while adapting visualization techniques for the data fields that are relevant to this protocol's traffic, rather than on the multivariate nature of network security data in general, and the fact that forensic analysis, in order to be fast and effective, has to take into consideration different parameters for each protocol. In this thesis, we bring together two powerful tools from different areas of application: SiLK (System for Internet-Level Knowledge), for command-based network trace analysis; and ComVis, a generic information visualization tool. We integrate the power of both tools by aiding simplified interaction between them, using a simple GUI, for the purpose of visualizing network traces, characterizing interesting patterns, and fingerprinting related activity. To obtain realistic results, we applied the visualizations on anonymized packet traces from Lawrence Berkley National Laboratory, captured on selected hours across three months. We used a sliding window approach in visually examining traces for two transport-layer protocols: ICMP and UDP. The main contribution of this research is a protocol-specific framework of visualization for ICMP and UDP data. We explored relevant header fields and the visualizations that worked best for each of the two protocols separately. The resulting views led us to a number of guidelines that can be vital in the creation of "smart books" describing best practices in using visualization and interaction techniques to maintain network security; while creating visual fingerprints which were found unique for individual types of scanning activity. Our visualizations use a multiple-views approach that incorporates the power of two-dimensional scatter plots, histograms, parallel coordinates, and dynamic queries. / Master of Science Scan Detection Network Security Visualization Network Traffic Visualization Network Traffic Analysis Visualization tools Traffic Analysis Tools Information Visualization
14	Understanding Home Networks with Lightweight Privacy-Preserving Passive Measurement Zhou, Xuzi 01 January 2016 (has links) Homes are involved in a significant fraction of Internet traffic. However, meaningful and comprehensive information on the structure and use of home networks is still hard to obtain. The two main challenges in collecting such information are the lack of measurement infrastructure in the home network environment and individuals’ concerns about information privacy. To tackle these challenges, the dissertation introduces Home Network Flow Logger (HNFL) to bring lightweight privacy-preserving passive measurement to home networks. The core of HNFL is a Linux kernel module that runs on resource-constrained commodity home routers to collect network traffic data from raw packets. Unlike prior passive measurement tools, HNFL is shown to work without harming either data accuracy or router performance. This dissertation also includes a months-long field study to collect passive measurement data from home network gateways where network traffic is not mixed by NAT (Network Address Translation) in a non-intrusive way. The comprehensive data collected from over fifty households are analyzed to learn the characteristics of home networks such as number and distribution of connected devices, traffic distribution among internal devices, network availability, downlink/uplink bandwidth, data usage patterns, and application traffic distribution. Home Network Lightweight Measurement Passive Measurement Privacy Preservation Traffic Analysis Digital Communications and Networking
15	Service-Level Monitoring of HTTPS Traffic / Identification des Services dans le Trafic HTTPS Shbair, Wazen M. 03 May 2017 (has links) Dans cette thèse, nous dressons tout d'abord un bilan des différentes techniques d'identification de trafic et constatons l'absence de solution permettant une identification du trafic HTTPS à la fois précise et respectueuse de la vie privée des utilisateurs. Nous nous intéressons dans un premier temps à une technique récente, néanmoins déjà déployée, permettant la supervision du trafic HTTPS grâce à l'inspection du champ SNI, extension du protocole TLS. Nous montrons que deux stratégies permettent de contourner cette méthode. Comme remédiation, nous proposons une procédure de vérification supplémentaire basée sur un serveur DNS de confiance. Les résultats expérimentaux montrent que cette solution pragmatique est efficace. Ensuite, nous proposons une architecture qui permet l'identification des services dans le trafic HTTPS, en se basant sur l'apprentissage automatique. Nous avons ainsi défini un nouvel ensemble de caractéristiques statistiques combinées avec une identification à deux niveaux, identifiant d'abord le fournisseur de services, puis le service, selon notre évaluation à partir de trafic réel. Enfin, nous améliorons cette architecture afin de permettre l'identification du trafic en temps réel en ne considérant que les premiers paquets des flux plutôt que leur totalité. Pour évaluer notre approche, nous avons constitué un dataset comportant les flux complets de chargement des principaux sites web et l'avons rendu public pour comparaison. Nous présentons également un prototype de logiciel reconstituant les flux HTTPS en temps réel puis les identifiant / In this thesis, we provide a privacy preserving for monitoring HTTPS services. First, we first investigate a recent technique for HTTPS services monitoring that is based on the Server Name Indication (SNI) field of the TLS handshake. We show that this method has many weakness, which can be used to cheat monitoring solutions.To mitigate this issue, we propose a novel DNS-based approach to validate the claimed value of SNI. The evaluation show the ability to overcome the shortage. Second, we propose a robust framework to identify the accessed HTTPS services from a traffic dump, without relying neither on a header field nor on the payload content. Our evaluation based on real traffic shows that we can identify encrypted HTTPS services with high accuracy. Third, we have improved our framework to monitor HTTPS services in real-time. By extracting statistical features over the TLS handshake packets and a few application data packets, we can identify HTTPS services very early in the session. The obtained results and a prototype implementation show that our method offers good identification accuracy, high HTTPS flow processing throughput, and a low overhead delay HTTPS Supervision Sécurité Analyse de trafic Pare-feu HTTPS Security monitoring Traffic analysis Firewall 005.8
16	Study of FPGA Implementation of Entropy Norm Computation for IP Data Streams Nagalakshmi, Subramanya 18 April 2008 (has links) Recent literature has reported the use of entropy measurements for anomaly detection purposes in IP data streams. Space efficient randomized algorithms for estimating entropy of data streams are available in the literature. However no hardware implementation of these algorithms is available. The main challenge to software implementation for IP data streams has been in storing large volumes of data, along with, the requirement of high speed at which they have to be analyzed. In this thesis, a recent randomized algorithm available in the literature is analyzed for hardware implementation. Software/hardware simulations indicate it is possible to implement a large portion of the algorithm on a low cost Xilinx Virtex-II Pro FPGA with trade-offs for real-time operation. The thesis reports on the feasibility of this algorithm's FPGA implementation and the corresponding trade-offs and limitations. IP anomaly Reconfigurable hardware Randomized algorithm Hardware design Traffic analysis American Studies Arts and Humanities
17	Statistical Profile Generation of Real-time UAV-based Traffic Data Puri, Anuj 28 August 2008 (has links) Small unmanned vehicles are used to provide the eye-in-the-sky alternative to monitoring and regulating traffic dynamically. Spatial-temporal visual data are collected in real-time and they are used to generate traffic-related statistical profiles, serving as inputs to traffic simulation models. Generated profiles, which are continuously updated, are used to calibrate traffic model parameters, to obtain more accurate and reliable simulation models, and for model modifications. This method overcomes limitations of existing traffic simulation models, which suffer from outdated data, poorly calibrated parameters, questionable accuracy and poor predictions of traffic patterns. Traffic analysis Simulation modeling Intelligent systems Unmanned aerial vehicles Traffic forecasting American Studies Arts and Humanities
18	Traffic Analysis, Modeling and Their Applications in Energy-Constrained Wireless Sensor Networks : On Network Optimization and Anomaly Detection Wang, Qinghua January 2010 (has links) Wireless sensor network (WSN) has emerged as a promising technology thanks to the recent advances in electronics, networking, and information processing. A wide range of WSN applications have been proposed such as habitat monitoring, environmental observations and forecasting systems, health monitoring, etc. In these applications, many low power and inexpensive sensor nodes are deployed in a vast space to cooperate as a network. Although WSN is a promising technology, there is still a great deal of additional research required before it finally becomes a mature technology. This dissertation concentrates on three factors which are holding back the development of WSNs. Firstly, there is a lack of traffic analysis & modeling for WSNs. Secondly, network optimization for WSNs needs more investigation. Thirdly, the development of anomaly detection techniques for WSNs remains a seldomly touched area. In the field of traffic analysis & modeling for WSNs, this dissertation presents several ways of modeling different aspects relating to WSN traffic, including the modeling of sequence relations among arriving packets, the modeling of a data traffic arrival process for an event-driven WSN, and the modeling of a traffic load distribution for a symmetric dense WSN. These research results enrich the current understanding regarding the traffic dynamics within WSNs, and provide a basis for further work on network optimization and anomaly detection for WSNs. In the field of network optimization for WSNs, this dissertation presents network optimization models from which network performance bounds can be derived. This dissertation also investigates network performances constrained by the energy resources available in an indentified bottleneck zone. For a symmetric dense WSN, an optimal energy allocation scheme is proposed to minimize the energy waste due to the uneven energy drain among sensor nodes. By modeling the interrelationships among communication traffic, energy consumption and WSN performances, these presented results have efficiently integrated the knowledge on WSN traffic dynamics into the field of network optimization for WSNs. Finally, in the field of anomaly detection for WSNs, this dissertation uses two examples to demonstrate the feasibility and the ease of detecting sensor network anomalies through the analysis of network traffic. The presented results will serve as an inspiration for the research community to develop more secure and more fault-tolerant WSNs. / STC Wireless sensor network traffic analysis network optimization anomaly detection Computer and systems science Data- och systemvetenskap
19	A PRELIMINARY STUDY FOR IDENTIFYING NAT TRAFFIC USING MACHINE LEARNING Gokcen, Yasemin 01 April 2014 (has links) It is shown in the literature that the NAT devices have become a convenient way to hide the identity of malicious behaviors. In this thesis, the aim is to identify the presence of the NAT devices in the network traffic and (if possible) to predict the number of users behind those NAT devices. To this end, I utilize different approaches and evaluate the performance of these approaches under different network environments represented by the availability of different data fields. To achieve this, I propose a machine learning (ML) based approach to detect NAT devices. I evaluate my approach against different passive fingerprinting techniques representing the state-of-the-art in the literature and show that the performance of the proposed ML based approach is very promising even without using any payload (application layer) information. Traffic Flows Traffic Analysis Machine Learning Forensic Analysis
20	Blind Network Tomography Raza, Muhammad 18 July 2011 (has links) abstract The parameters required for network monitoring are not directly measurable and could be estimated indirectly by network tomography. Some important research issues, related to network tomography, motivated the research in this dissertation. The research work in this dissertation makes four significant novel contributions to the field of network tomography. These research contributions were focused on the blind techniques for performing network tomography, the modeling of errors in network tomography, improving estimates with multi-metric-based network tomography, and distributed network tomography. All of these four research problems, related to network tomography, were solved by various blind techniques including NNMF, SCS, and NTF. These contributions have been verified by processing the data obtained from laboratory experiments and by examining the correlation between the estimated and measured link delays. Evaluation of these contributions was based on the data obtained from various test beds that consisted of networking devices.

Search results