Traffic monitoring in home networks : from theory to practice / Supervision du trafic dans les réseaux domestiques : de la théorie à la pratique

Aouini, Zied

15 December 2017

Les réseaux domestiques sont confrontés à une évolution continue et deviennent de plus en plus complexes. Leur complexité a évolué selon deux dimensions interdépendantes. D'une part, la topologie du réseau domestique devient plus complexe avec la multiplication des équipements et des technologies de connectivité. D'autre part, l'ensemble des services accessibles via le réseau domestique ne cesse de s’élargir. Un tel contexte a rendu la gestion du réseau domestique plus difficile pour les Fournisseurs d’Accès Internet (FAI) et les utilisateurs finaux. Dans ce manuscrit, nous nous concentrons sur la deuxième dimension de la complexité décrite ci-dessus liée au trafic circulant depuis/vers le réseau domestique. Notre première contribution consiste à proposer une architecture pour la supervision du trafic dans les réseaux domestiques. Nous fournissons une étude comparative de certains outils open source existants. Ensuite, nous effectuons une évaluation de performances expérimentale d’un sous ensemble des processus impliqués dans notre architecture. Sur la base des résultats obtenus, nous discutons les limites et les possibilités de déploiement de ce type de solution. Dans notre deuxième contribution, nous présentons notre analyse à large échelle des usages et du trafic résidentiel basée sur une trace de trafic réelle impliquant plus de 34 000 clients. Premièrement, nous présentons notre méthode de collecte et de traitement des données. Deuxièmement, nous présentons nos observations statistiques vis-à-vis des différentes couches de l’architecture Internet. Ensuite, nous effectuons une analyse subjective auprès de 645 clients résidentiels. Enfin, nos résultats fournissent une synthèse complète des usages et des caractéristiques des applications résidentielles. Dans notre troisième contribution, nous proposons une nouvelle méthode pour la classification en temps réel du trafic résidentiel. Notre méthode, laquelle est basée sur l’utilisation d’un algorithme d’apprentissage statistique de type C5.0, vise à combler les carences identifiées dans la littérature. Ensuite, nous détaillons notre implémentation d’une sonde légère sur un prototype de passerelle résidentielle capable de capturer, de suivre et d'identifier d’une manière fine les applications actives dans le réseau domestique. Cette implémentation nous permet, en outre, de valider nos principes de conception via un banc d'essai réaliste mis en place à cet effet. Les résultats obtenus indiquent que notre solution est efficace et faisable. / Home networks are facing a continuous evolution and are becoming more and more complex. Their complexity has evolved according to two interrelated dimensions. On the one hand, the home network topology (devices and connectivity technologies) tends to produce more complex configurations. On the other hand, the set of services accessed through the home network is growing in a tremendous fashion. Such context has made the home network management more challenging for both Internet Service Provider (ISP) and end-users. In this dissertation, we focus on the traffic dimension of the above described complexity. Our first contribution consists on proposing an architecture for traffic monitoring in home networks. We provide a comparative study of some existing open source tools. Then, we perform a testbed evaluation of the main software components implied in our architecture. Based on the experiments results, we discuss several deployment limits and possibilities. In our second contribution, we conduct a residential traffic and usages analysis based on real trace involving more than 34 000 customers. First, we present our data collection and processing methodology. Second, we present our findings with respect to the different layers of the TCP/IP protocol stack characteristics. Then, we perform a subjective analysis across 645 of residential customers. The results of both evaluations provide a complete synthesis of residential usage patterns and applications characteristics. In our third contribution, we propose a novel scheme for real-time residential traffic classification. Our scheme, which is based on a machine learning approach called C5.0, aims to fulfil the lacks identified in the literature. At this aim, our algorithm is evaluated using several traffic inputs. Then, we detail how we implemented a lightweight probe able to capture, track and identify finely applications running in the home network. This implementation allowed us to validate our designing principles upon realistic test conditions. The obtained results show clearly the efficiency and feasibility of our solution.

Réseau domestique

Performances réseau

Mesures passives

Classification du trafic

Algorithmes d'apprentissage statistique

Passerelle domestique

Analyse du trafic

Supervision des flux

Home network

Network performances

Passive measurements

Traffic classification

Machine Learning algorithms

Home gateway

Traffic analysis

Flow monitoring

Využití Google Analytics v e-shopu / The Use of Google Analytics in an E-shop

Jansa, Marek

January 2012

This thesis is focused on detailed description of the Web analytics tool Google Analytics and its use in improving attendance and competitiveness of Dobra vína company's e-shop. The aim is to propose measures that will increase sales of offered products. The measures were designed combining the analysis of web content, technical analysis of the web and the data obtained using Google Analytics. The thesis provides updated information on setting up Google Analytics: important changes that had taken place recently among which the transition to asynchronous syntax. These haven't been yet summarized in any other similar work. It also brings its own perspective on the use of information from Google Analytics to improve the performance of Internet business. The thesis presents the web analytics and the tool Google Analytics in general; it describes the setup and customization of the tracking code and finally it provides a short guide on how to read the visualized data. In the practical part it explores the web content of the Dobra vína's site and its technical aspects, after this it presents the specific settings of Google Analytics for the site and the final chapters analyze the data obtained from Google Analytics and propose adequate measures to take.

Možnosti a podmínky využití sociálních sítí pro zvýšení konkurenceschopnosti / Opportunities and conditions of use of social networks to increase competitiveness

Vondruška, Pavel

January 2012

The diploma thesis is focused on the social networking sites in terms of their use for increasing the competitiveness of companies. The first part deals with a theoretical introduction to social networks where the basic concepts are defined and then characterized by major networks globally. Each social network is analyzed both in terms of the structure of its users, and are listed as individual options, which provides for promotion within their system - they are mentioned both paid and unpaid opportunities. At the end of this section are described the general possibilities of using social networking for business - ways to measure the impact of these activities, risks and requirements of their operation within the company. The second part is a practical solution to use social networks to support the selected e-commerce business. The introduction provides basic parameters of the e-shop is defined by the competitive environment. The analysis carried out various solutions to various social networks. It is designed and implemented their own social network to the target audience the company. The practical part ends with a final report including recommendations for further progress in the use of social networks. The main contribution of the paper is to present a detailed analysis of selected enterprise communication on social networks, including putting all the relevant data from which the conclusion can be drawn in specific recommendations to further enhance competitiveness.

Učení se automatů pro rychlou detekci anomálií v síťovém provozu / Automata Learning for Fast Detection of Anomalies in Network Traffic

Hošták, Viliam Samuel

January 2021

The focus of this thesis is the fast network anomaly detection based on automata learning. It describes and compares several chosen automata learning algorithms including their adaptation for the learning of network characteristics. In this work, various network anomaly detection methods based on learned automata are proposed which can detect sequential as well as statistical anomalies in target communication. For this purpose, they utilize automata's mechanisms, their transformations, and statistical analysis. Proposed detection methods were implemented and evaluated using network traffic of the protocol IEC 60870-5-104 which is commonly used in industrial control systems.

Korelace dat na vstupu a výstupu sítě Tor / Correlation of Inbound and Outbound Traffic of Tor Network

Coufal, Zdeněk

January 2014

Communication in public networks based on the IP protocol is not really anonymous because it is possible to determine the source and destination IP address of each packet. Users who want to be anonymous are forced to use anonymization networks, such as Tor. In case such a user is target of lawful interception, it presents a problem for those systems because they only see that the user communicated with anonymization network and have a suspicion that the data stream at the output of anonymization network belong to the same user. The aim of this master thesis was to design a correlation method to determine the dependence of the data stream at the input and the output of the Tor network. The proposed method analysis network traffic and compares characteristics of data streams extracted from metadata, such as time of occurence and the size of packets. This method specializes in correlating data flows of protocol HTTP, specifically web server responses. It was tested on real data from the Tor network and successfully recognized dependency of data flows.

Analýza pohybu automobilů na křižovatkách / Movement Analysis of Vehicles on Crossroads

Benček, Vladimír

January 2016

This thesis proposes and implements a system for movement analysis of vehicles on crossroads. It detects and tracks the movement of vehicles in the video, gained from the stationary video camera, which has the view of some crossroad. The trajectories are stored and their number and directions are analysed. The detection was made using cascade classifier. A dataset of 10500 positive and 10500 negative samples has been created to train the classifier. Vehicles are tracked using KCF method. For trajectory clustering, needed by analysis, the Mean Shift method is used. Testing showed, that the overall success of vehicle movement analysis is 92.77%.

Monitorování dopravy z leteckých videí / Traffic Monitoring from Aerial Video Data

Babinec, Adam

January 2015

This thesis proposes a system for extraction of vehicle trajectories from aerial video data for traffic analysis. The system is designed to analyse video sequence of a single traffic scene captured by an action camera mounted on an arbitrary UAV flying at the altitudes of approximately 150 m. Each video frame is geo-registered using visual correspondence of extracted ORB features. For the detection of vehicles, MB-LBP classifier cascade is deployed, with additional step of pre-filtering of detection candidates based on movement and scene context. Multi-object tracking is achieved by Bayesian bootstrap filter with an aid of the detection algorithm. The performance of the system was evaluated on three extensively annotated datasets. The results show that on the average, 92% of all extracted trajectories are corresponding to the reality. The system is already being used in the research to aid the process of design and analysis of road infrastructures.

Detekce slow-rate DDoS útoků / Detection of slow-rate DDoS attacks

Sikora, Marek

January 2017

This diploma thesis is focused on the detection and protection against Slow DoS and DDoS attacks using computer network traffic analysis. The reader is introduced to the basic issues of this specific category of sophisticated attacks, and the characteristics of several specific attacks are clarified. There is also a set of methods for detecting and protecting against these attacks. The proposed methods are used to implement custom intrusion prevention system that is deployed on the border filtering server of computer network in order to protect Web servers against attacks from the Internet. Then created system is tested in the laboratory network. Presented results of the testing show that the system is able to detect attacks Slow GET, Slow POST, Slow Read and Apache Range Header and then protect Web servers from affecting provided services.

INTEGRATING CONNECTED VEHICLE DATA FOR OPERATIONAL DECISION MAKING

Rahul Suryakant Sakhare (9320111)

26 April 2023

<p>  </p> <p>Advancements in technology have propelled the availability of enriched and more frequent information about traffic conditions as well as the external factors that impact traffic such as weather, emergency response etc. Most newer vehicles are equipped with sensors that transmit their data back to the original equipment manufacturer (OEM) at near real-time fidelity. A growing number of such connected vehicles (CV) and the advent of third-party data collectors from various OEMs have made big data for traffic commercially available for use. Agencies maintaining and managing surface transportation are presented with opportunities to leverage such big data for efficiency gains. The focus of this dissertation is enhancing the use of CV data and applications derived from fusing it with other datasets to extract meaningful information that will aid agencies in data driven efficient decision making to improve network wide mobility and safety performance.   </p> <p>One of the primary concerns of CV data for agencies is data sampling, particularly during low-volume overnight hours. An evaluation of over 3 billion CV records in May 2022 in Indiana has shown an overall CV penetration rate of 6.3% on interstates and 5.3% on non-interstate roadways. Fusion of CV traffic speeds with precipitation intensity from NOAA’s High-Resolution Rapid-Refresh (HRRR) data over 42 unique rainy days has shown reduction in the average traffic speed by approximately 8.4% during conditions classified as very heavy rain compared to no rain. </p> <p>Both aggregate analysis and disaggregate analysis performed during this study enables agencies and automobile manufacturers to effectively answer the often-asked question of what rain intensity it takes to begin impacting traffic speeds. Proactive measures such as providing advance warnings that improve the situational awareness of motorists and enhance roadway safety should be considered during very heavy rain periods, wind events, and low daylight conditions.</p> <p>Scalable methodologies that can be used to systematically analyze hard braking and speed data were also developed. This study demonstrated both quantitatively and qualitatively how CV data provides an opportunity for near real-time assessment of work zone operations using metrics such as congestion, location-based speed profiles and hard braking. The availability of data across different states and ease of scalability makes the methodology implementable on a state or national basis for tracking any highway work zone with little to no infrastructure investment. These techniques can provide a nationwide opportunity in assessing the current guidelines and giving feedback in updating the design procedures to improve the consistency and safety of construction work zones on a national level.  </p> <p>CV data was also used to evaluate the impact of queue warning trucks sending digital alerts. Hard-braking events were found to decrease by approximately 80% when queue warning trucks were used to alert motorists of impending queues analyzed from 370 hours of queueing with queue trucks present and 58 hours of queueing without the queue trucks present, thus improving work zone safety. </p> <p>Emerging opportunities to identify and measure traffic shock waves and their forming or recovery speed anywhere across a roadway network are provided due to the ubiquity of the CV data providers. A methodology for identifying different shock waves was presented, and among the various case studies found typical backward forming shock wave speeds ranged from 1.75 to 11.76 mph whereas the backward recovery shock wave speeds were between 5.78 to 16.54 mph. The significance of this is illustrated with a case study of  a secondary crash that suggested  accelerating the clearance by 9 minutes could have prevented the secondary crash incident occurring at the back of the queue. Such capability of identifying and measuring shock wave speeds can be utilized by various stakeholders for traffic management decision-making that provide a holistic perspective on the importance of both on scene risk as well as the risk at the back of the queue. Near real-time estimation of shock waves using CV data can recommend travel time prediction models and serve as input variables to navigation systems to identify alternate route choice opportunities ahead of a driver’s time of arrival.   </p> <p>The overall contribution of this thesis is developing scalable methodologies and evaluation techniques to extract valuable information from CV data that aids agencies in operational decision making.</p>

Transport engineering

Connected Vehicles (CVs)

Trajectory Data Fusion

traffic operations

trajectory data characteristics

WORK ZONES

rain intensity

HRRR

big data applications

impact evaluation method

shockwave formation

Connected and Automated Vehicles (CAVs)

transport and infrastructure

Traffic Analysis

Hard-braking

Towards Realistic Datasets forClassification of VPN Traffic : The Effects of Background Noise on Website Fingerprinting Attacks / Mot realistiska dataset för klassificering av VPN trafik : Effekten av bakgrundsoljud på website fingerprint attacker

Sandquist, Christoffer, Ersson, Jon-Erik

January 2023

Virtual Private Networks (VPNs) is a booming business with significant margins once a solid user base has been established and big VPN providers are putting considerable amounts of money into marketing. However, there exists Website Fingerprinting (WF) attacks that are able to correctly predict which website a user is visiting based on web traffic even though it is going through a VPN tunnel. These attacks are fairly accurate when it comes to closed world scenarios but a problem is that these scenarios are still far away from capturing typical user behaviour.In this thesis, we explore and build tools that can collect VPN traffic from different sources. This traffic can then be combined into more realistic datasets that we evaluate the accuracy of WF attacks on. We hope that these datasets will help us and others better simulate more realistic scenarios.Over the course of the project we developed automation scripts and data processing tools using Bash and Python. Traffic was collected on a server provided by our university using a combination of containerisation, the scripts we developed, Unix tools and Wireshark. After some manual data cleaning we combined our captured traffic together with a provided dataset of web traffic and created a new dataset that we used in order to evaluate the accuracy of three WF attacks.By the end we had collected 1345 capture files of VPN traffic. All of the traffic were collected from the popular livestreaming website twitch.tv. Livestreaming channels were picked from the twitch.tv frontpage and we ended up with 245 unique channels in our dataset. Using our dataset we managed to decrease the accuracy of all three tested WF attacks from 90% down to 47% with a WF attack confidence threshold of0.0 and from 74% down to 17% with a confidence threshold of 0.99. Even though this is a significant decrease in accuracy it comes with a roughly tenfold increase in the number of captured packets for the WF attacker.Thesis artifacts are available at github.com/C-Sand/rds-collect. / Virtual Private Network (VPN) marknaden har växt kraftigt och det finns stora marginaler när en solid användarbas väl har etablerats. Stora VPN-leverantörer lägger dessutom avsevärda summor pengar på marknadsföring. Det finns dock WF-attacker som kan korrekt gissa vilken webbplats en användare besöker baserat på webbtrafik, även om den går genom en VPN-tunnel.Dessa attacker har rätt bra precision när det kommer till scenarier i sluten värld, men problemet är att dessa fortfarande är långt borta från att simulera typiskt användarbeteende.I det här examensarbetet utforskar och bygger vi verktyg som kan samla in VPNtrafik från olika källor. Trafiken kan användas för att kombineras till mera realistiska dataset och sedan användas för att utvärdera träffsäkerheten av WF-attacker. Vi hoppas att dessa dataset kommer att hjälpa oss och andra att bättre simulera verkliga scenarier.Under projektets gång utvecklade vi ett par automatiserings skript och verktyg för databearbetning med hjälp av Bash och Python. Trafik samlades in på en server från vårt universitet med en kombination av containeriseringen, skripten vi utvecklade, Unix-verktyg och Wireshark. Efter en del manuell datarensning kombinerade vi vår infångade trafik tillsammans med det tillhandahållna datasetet med webbtrafik och skapade ett nytt dataset som vi använde för att utvärdera riktigheten av tre WF attacker.Vid slutet hade vi samlat in 1345 filer med VPN-trafik. All trafik samlades in från den populära livestream plattformen twitch.tv. Livestreamingkanaler plockades ut från twitchs förstasida och vi slutade med 245 unika kanaler i vårat dataset. Med hjälp av vårat dataset lyckades vi minska noggrannheten för alla tre testade WF-attacker från 90% ner till 47% med tröskeln på 0,0 och från 74% ner till 17% med en tröskel på 0,99. Även om detta är en betydande minskning av noggrannheten kommer det med en ungefär tiofaldig ökning av antalet paket. I slutändan samlade vi bara trafik från twitch.tv men fick ändå några intressanta resultat och skulle gärna se fortsatt forskning inom detta område.Kod, instruktioner, dataset och andra artefakter finns tillgängliga via github.com/CSand/rds-collect.

Data collection

Website fingerprinting

dataset

traffic analysis

VPN

encrypted traffic

machine learning

deep learning

network measurements

twitch

Datainsamling

Profilering av hemsidor

dataset

trafikanalys

VPN

krypterad trafik

maskininlärning

djupinlärning

nätverksmätningar

twitch

Computer and Information Sciences

Data- och informationsvetenskap