• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 4
  • 2
  • 1
  • 1
  • Tagged with
  • 8
  • 8
  • 4
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Intelligent traffic monitoring, analysis and classification. / CUHK electronic theses & dissertations collection

January 2008 (has links)
The second problem that is addressed in the thesis is about traffic analysis and classification. Accurate identification of network applications is important to many network activities. Traditional port-based technique has become much less effective since many new applications no longer use well-known fixed port numbers. In this thesis, we propose a novel profile-based approach to identify traffic flows belonging to the target application. In contrast to classifying traffic based on statistics of individual flows in previous studies, we build behavioral profiles of the target application, which describe dominant communication patterns of the application. Based on the behavior profiles, a two-level matching is used in identifying new traffic. We demonstrate the effectiveness of our method on campus traffic traces. Our results show that one can identify the popular P2P applications with very high accuracy. / This thesis represents new intelligent methods for monitoring and classifying network traffic. Internet traffic flow measurement is vitally important for network management, accounting and performance studies. Cisco's NetFlow is a widely deployed flow measurement solution that uses a configurable static sampling rate to control processor and memory usage on the router and the amount of reporting flow records generated. But during flooding attacks the memory and network bandwidth consumed by flow records can increase beyond what is available. Currently available countermeasures have their own problems In this thesis, we propose an entropy based adaptive flow aggregation algorithm. Relying on information-theoretic techniques, the algorithm efficiently identifies the clusters of attack flows in real time and aggregates those large number of short attack flows into a few metaflows. Compared to currently available solutions, our solution not only alleviates the problem in memory and export bandwidth, but also significantly improves the accuracy of legitimate flows. We evaluate our system using both synthetic trace file and real trace files from the Internet. / Hu, Yan. / Adviser: Dah-Mino Chen. / Source: Dissertation Abstracts International, Volume: 70-06, Section: B, page: 3600. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2008. / Includes bibliographical references (leaves 128-135). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.

Anomaly diagnosis based on regression and classification analysis of statistical traffic features

Liu, Lei, Jin, X.L., Min, Geyong, Xu, L. 30 September 2013 (has links)
No / Traffic anomalies caused by Distributed Denial-of-Service (DDoS) attacks are major threats to both network service providers and legitimate customers. The DDoS attacks regularly consume and exhaust the resources of victims and hence result in abnormal bursty traffic through end-user systems. Additionally, malicious traffic aggregated into normal traffic often show dramatic changes in the traffic nature and statistical features. This study focuses on early detection of traffic anomalies caused by DDoS attacks in light of analyzing the network traffic behavior. Key statistical features including variance, autocorrelation, and self-similarity are employed to characterize the network traffic. Further, artificial neural network and support vector machine subject to the performance metrics are employed to predict and classify the abnormal traffic. The proposed diagnosis mechanism is validated through experiments where the datasets consist of two groups. The first group is the Massachusetts Institute of Technology Lincoln Laboratory dataset containing labeled DoS attack. The second group collected from DDoS attack simulation experiments covers three representative traffic shapes resulting from the dynamic attack rate configuration, namely, constant intensity, ramp-up behavior, and pulsing behavior. The experimental results demonstrate that the developed mechanism can effectively and precisely alert the abnormal traffic within short response period.

Definition av näringslivstransporter ur ett trafikmätningsperspektiv / A Definition of Commercial Vehicle Transport from a Traffic Measurement Perspective

Olofsson, Josefin January 2021 (has links)
Kunskap om vägtrafikens sammansättning behövs för planering av relevanta åtgärder och utvärdering av framtida lösningar inom trafiksystemet. För att öka kunskapsunderlaget om trafikens tillstånd utvecklar Trafikverket Region Stockholm en mätplan för Stockholmsregionen som syftar till att genom mått och indikatorer bättre kunna förklara trafikläget och dess förändring. Behovet av att samordna transporter blir allt större i takt med att befolkningen ökar, men idag finns varierade möjligheter att kartlägga olika grupper av vägtrafiken. Näringslivstransporter pekas ut som ett av Trafikverkets målområden i mätplanen, inom vilka det finns behov av att öka kunskap och dataunderlag. I ett första steg att nå det målet behöver näringslivstransporter beskrivas genom en definition, vilket är det huvudsakliga syftet med detta examensarbete. Definitionen som formulerats, och som beskriver vad som bör betraktas som näringslivstransporter, baseras på information från litteratur och genom intervjuer där begreppet analyserats ur olika perspektiv. Resultatet visar att gruppen är bred och svår att kartlägga eftersom den innefattar en mängd olika transporttyper som genomförs med allt från personbil till stora lastbilar. Eftersom det finns en risk att näringslivstransporter som helhetsbegrepp kan bli begränsat i sin användning genom en för snäv definition har gruppen definierats med aktsamhet. Definitionen delas in i tre kategorier enligt följande: Näringslivstransport av gods, Näringslivstransport av personer och Näringslivstransport av tjänster. Eftersom kunskapsbristen om näringslivstransporter är stor och definitionen ska vara så anpassningsbar som möjligt görs ingen vidare indelning av de tre kategorierna, men exempel på vad varje kategori kan innehålla ges för att förklara hur definitionen kan tillämpas. Det är dock viktigt att poängtera att de olika kategorierna är i olika stort behov av ett ökat kunskapsunderlag baserat på deras omfattning och hur väl de kan kartläggas i olika mätmetoder. Utifrån definitionen genomfördes en dataanalys i syfte att undersöka hur stor del av näringslivstransporter som kan kartläggas i tillgängliga datakällor. Den data som studerades var MCS- och ANPR-data, samt en filminspelning av trafiken. Resultatet visar att det finns goda möjligheter att kategorisera olika typer av lastbilar som kan antas höra till näringslivstransporter genom framför allt ANPR-data, men en del av näringslivstransporter går endast att identifiera genom visuell information såsom logotyper i det filmade materialet. Förslag på vidare studier är att fortsatt kombinera tillgängliga mät- och kartläggningsmetoder, dels i syfte att härleda data till näringslivstransporter, dels för att undersöka vilken typ av information som idag inte kan erhållas om gruppen. Eftersom tidigare studier på näringslivstransporter som helhetsbegrepp är begränsade finns det även behov av att undersöka gruppen vidare, både i sin helhet och undergrupperna för sig. / Knowledge regarding the composition of road traffic is needed for the planning of relevant measures and evaluation of future infrastructure solutions in the transport system. In order to increase knowledge in this area, the Stockholm region of the Swedish Transport Administration is developing a measurement plan that aims to describe the status of the road traffic system and its development using a number of chosen measures and indicators. The need to coordinate transport is increasing with population growth, but today the opportunities to measure different transport categories varies. Commercial vehicles are identified as one of the target areas in the measurement plan, within which there is a need to increase knowledge and explore data sources for further analysis. A step towards achieving this goal is to define what is implied by the term commercial vehicles. This is the main aim of the thesis. The definition of commercial vehicles is based on information obtained from literature and interviews. This information has resulted is a categorization that includes a range of different types of transport. Measuring commercial vehicles is difficult as the definition includes transport carried out by passenger cars as well as trucks. As there is a risk that commercial vehicles as a group may be restricted by a definition that is too narrow, it must be carefully defined. The suggested definition divides commercial vehicles into three main categories: transport of goods, transport of people and transport of services. The aim of this definition is to make it adaptable to specific needs. Examples of what each category may contain, and how the definition can be applied are given in the report. It is important to point out that the different categories are in need of further study in order to increase the knowledge base. Based on the definition, a data analysis was carried out to investigate how commercial vehicles can be explained and measured using three available data sources. The data used included MCS (Motorway Control System), ANPR (Automatic Number Plate Recognition), and film recording. The results showed that there are good opportunities to categorize different types of trucks used for commercial purposes from the ANPR data in particular. However, some attributes of the group can only be identified through visual information such as logos from the film recordings. Proposals for further studies include the need to combine readily available measurement methods and data. Also, as previous studies on commercial vehicles are limited, there is also a need to investigate the group further, both in its entirety and the three categories separately.

Traffic Measurement and Timestamp Accuracy Evaluation of Java ME Traffic Generator on Smartphone

Huq, Mohammed Azizul January 2011 (has links)
Research on network traffic measurement is becoming popular because it could find the reason and valuable information regarding the occurrence of timestamp accuracy error. In this thesis the performance of UDP traffic between application level and link level has been investigated on three different Smartphone operating systems. One Java ME traffic generator and sink was developed for this thesis work. Distributed Passive Measurement Infrastructure with Measurement Point was used for the experiment. To get high timestamp accuracy DAG 3.5E card was used which was synchronized with GPS. Through the different tests under different protocol layers, it can be concluded that the Android mobile performs better as Java ME application works like a native application, whereas Symbian and Windows mobile struggles with incompatible implementation for poor JVM support. Time stamping at link level is more accurate and far different from application level. This thesis also investigated the performance evaluation of different JVM for Windows mobile.

Online propagace webového portálu / Online Propagation of Web Portal

Sobková, Jitka January 2016 (has links)
The subject of the thesis Online Propagation of Web Portal is formulation of recom-mendations for online campaigns for selected business entity. In the first chapter are defined basic concepts of Internet advertising as part of marketing and terms of web analytics. In the second chapter, there are internet campaigns analyzed using web analy-tics. On the basis of this analysis are formulated specific recommendations in the third chapter. The fourth chapter deals with the evaluation of modified campaigns. The fifth chapter deals with the evaluation of the results and the formulation of final recommen-dations.

Locality of Internet Traffic : An analysis based upon traffic in an IP access network

Sun, Jie January 2012 (has links)
The rapid growth of Internet Traffic has emerged as a major issue due to the rapid development of various network applications and Internet services. One of the challenges facing Internet Service Providers (ISPs) is to optimize the performance of their networks in the face of continuously increasing amounts of IP traffic while guaranteeing some specific Quality of Services (QoS). Therefore it is necessary for ISPs to study the traffic patterns and user behaviors in different localities, to estimate the application usage trends, and thereby to come up with solutions that can effectively, efficiently, and economically support their users’ traffic. The main objective of this thesis is to analyze and characterize traffic in a local multi-service residential IP network in Sweden (referred to in this report as “Network North”). The data about the amount of traffic was measured using a real-time traffic-monitoring tool from PacketLogic. Traffic from the monitored network to various destinations was captured and classified into 5 ring-wise locality levels in accordance with the traffic’s geographic destinations: traffic within Network North and traffic to the remainder of the North of Sweden, Sweden, Europe, and World. Parameters such as traffic patterns (e.g., traffic volume distribution, application usage, and application popularity) and user behavior (e.g., usage habits, user interests, etc.) at different geographic localities were studied in this project. As a result of a systematic and in-depth measurement and the fact that the number of content servers at the World, Europe, and Sweden levels are quite large, we recommend that an intelligent content distribution system be positioned at Level 1 localities in order to reduce the amount of duplicate traffic in the network and thereby removing this traffic load from the core network. The results of these measurements provide a temporal reference for ISPs of their present traffic and should allow them to better manage their network. However, due to certain circumstances the analysis was limited due to the set of available daily traffic traces. To provide a more trustworthy solution, a relatively longer-term, periodic, and seasonal traffic analysis could be done in the future based on the established measurement framework. / Den ökande tillväxten av Internet Trafik har blivit en viktig fråga med anledning av den snabba utvecklingen av olika internetbaserade applikationer och tjänster. En av utmaningarna för Internet leverantörerna är att optimera prestandan i sina nät inför de ständigt ökande datamängderna och samtidigt garantera kvalitet på tjänsterna (QoS). Därför är det nödvändigt för Internetleverantörer att studera trafikmönster och lokala differentierade användarbeteenden, för att uppskatta trender av nyttjande av internettjänster, och därmed komma med lösningar som effektivt och ekonomiskt stödja deras kunders trafik. Det främsta syftet med denna avhandling är att analysera och karaktärisera internettrafiken i ett lokalt IP baserat multiservicenätverk i Sverige (i denna rapport avseende "Network North"). Uppgifterna om trafikmängden mättes i realtid med ett övervakningsverktyg från PacketLogic. Trafik till och från det övervakade nätverkets olika destinationer fångades upp och delades in i 5 cirkelliknande lokaliseringsnivåer i enlighet med geografiska trafikdestinationer: trafik inom nätverket North och till resten av norra Sverige, Sverige, Europa och världen. Parametrar som trafikmönster (t.ex. distribuerad internettrafik mängd, användning av olika tjänster och applikationer med dess popularitet) och användarbeteenden (t.ex. användar-vanor och intressen, etc.) på olika geografiska lokaliseringsnivåer har studerades i inom projekt. Som ett resultat av de systematiska och djupgående internetmätningar med det faktum av det stora antalet existerande tjänsteinnehållsservrar som ofta finns placerad långt ifrån slutanvändaren, ute i världen eller i Europa som är ganska så många till antalet. Rekommenderar vi att ett intelligent tjänstedistributionssystem appliceras närmre slutanvändaren på en regional nivå, för att minska på dagens onödiga omfattande duplicerande internettrafik i nom stamnäteten. Resultaten av dessa trafikmätningar av internettrafik ger en tidsmässig referens för Internetleverantörerna av deras nuvarande trafik och bör göra det möjligt för dem att bättre hantera sin nätverksinfrastruktur. Men på grund av vissa omständigheter begränsades mätanalysen på grund av möjliga och tillgängliga tidrammar att utföra dagliga trafikmätningsuppsättningen. För att ge en mer tillförlitlig lösning kan en på en längre sikt, periodisk och säsongsbunden trafikanalys göras i framtiden, baserat på den etablerade mätinfrastrukturen.

Využití Google Analytics v e-shopu / The Use of Google Analytics in an E-shop

Jansa, Marek January 2012 (has links)
This thesis is focused on detailed description of the Web analytics tool Google Analytics and its use in improving attendance and competitiveness of Dobra vína company's e-shop. The aim is to propose measures that will increase sales of offered products. The measures were designed combining the analysis of web content, technical analysis of the web and the data obtained using Google Analytics. The thesis provides updated information on setting up Google Analytics: important changes that had taken place recently among which the transition to asynchronous syntax. These haven't been yet summarized in any other similar work. It also brings its own perspective on the use of information from Google Analytics to improve the performance of Internet business. The thesis presents the web analytics and the tool Google Analytics in general; it describes the setup and customization of the tracking code and finally it provides a short guide on how to read the visualized data. In the practical part it explores the web content of the Dobra vína's site and its technical aspects, after this it presents the specific settings of Google Analytics for the site and the final chapters analyze the data obtained from Google Analytics and propose adequate measures to take.

CheesePi: Delay Characterization through TCP-based Analysis from End-to-End Monitoring

Portelli, Rebecca January 2016 (has links)
With increasing access to interconnected IP networks, people demand a faster response time from Internet services. Traffic from web browsing, the second most popular service, is particularly time-sensitive. This demands reliability and a guarantee of delivery with a good quality of service from ISPs. Additionally, the majority of the population do not have the technical background to monitor the delay themselves from their home networks, and their ISPs do not have a vantage point to monitor and diagnose network problems from the users’ perspective. Hence, the aim for this research was to characterise the “in-protocol” network delay encountered during web browsing from within a LAN. This research presents TCP traffic monitoring performed on a client device as well as TCP traffic monitoring over both the client-end and the server-end devices separately observing an automated web client/server communication. This was followed by offline analysis of the captured traces where each TCP flow was dissected into: handshake, data transfer, and teardown phases. The aim behind such extraction was to enable characterisation of network round-trip delay as well as network physical delay, end host processing delay, web transfer delay, and packets lost as perceived by the end hosts during data transfer. The outcome of measuring from both end devices showed that monitoring from both ends of a client/server communication results to a more accurate measurement of the genuine delay encountered when packets traverse the network than when measuring from the client-end only. Primarily, this was concluded through the ability to distinguish between the pure network delay and the kernel processing delay experienced during the TCP handshake and teardown. Secondly, it was confirmed that the two RTTs identified in a TCP handshake are not symmetrical and that a TCP teardown RTT takes longer than the TCP handshake RTT within the same TCP flow since a server must take measures to avoid SYN flooding attacks. Thirdly, by monitoring from both end devices, it was possible to identify routing path asymmetries by calculating the physical one-way delay a packet using the forward path in comparison to the physical delay of a packet using the reverse path. Lastly, by monitoring from both end devices, it is possible to distinguish between a packet that was actually lost and a packet that arrived with a higher delay than its subsequent packet during data transfer. Furthermore, utilizing TCP flows to measure the RTT delay excluding end host processing gave a better characterisation of the RTT delay as opposed to using ICMP traffic. / Med ökande tillgång till den sammankopplade IP-nätet, krävs det en snabbare responstid från Internettjänster. Trafik från surfning, den näst mest populära tjänsten är särskilt tidskänsliga. Detta kräver tillförlitlighet och en garanti för data leverans med en god servicekvalitet från Internetleverantörer. Dessutom har de flesta av befolkningen inte den tekniska bakgrunden för att övervaka fördröjning sig från sina hemmanätverk, och deras Internetleverantörer har ingen utsiktspunkt för att övervaka och diagnostisera nätverksproblem från användarnas perspektiv. Därför syftet med denna forskning är att karakterisera “in-protokoll”  fördöljingen i nätet, som påträffas under surfning inifrån ett LAN. Denna forskning visar TCP-trafik monitoring som utförs på en klientenhet, samt separat TCP-trafik monitoring över både klient-end och serve-end enheter, för att observera en automatiserad webbklient / server-kommunikation. Detta följs av offline analys av de infångade tracer där varje TCP flöde dissekerades in: handskakning, dataöverföring, och nedkoppling faser. Syftet bakom sådan utvinning är att möjliggöra karakterisering av nätverk fördröjning samt nätverkets fysiska fördröjning, behandlingsfördröjning, webböverföringsfördröjning och förlorade paket som uppfattas av end-device under dataöverföring. The outcome of measuring from both end devices showed that monitoring from both ends of a client/server communication results to a more accurate measurement of the genuine delay encountered when packets traverse the network than when measuring from the client-end only. Primarily, this was concluded through the ability to distinguish between the pure network delay and the kernel processing delay experienced during the TCP handshake and teardown. Secondly, it was confirmed that the two RTTs identified in a TCP handshake are not symmetrical and that a TCP teardown RTT takes longer than the TCP handshake RTT within the same TCP flow since a server must take measures to avoid SYN flooding attacks. Thirdly, by monitoring from both end devices, it was possible to identify routing path asymmetries by calculating the physical one-way delay a packet using the forward path in comparison to the physical delay of a packet using the reverse path. Lastly, by monitoring from both end devices, it is possible to distinguish between a packet that was actually lost and a packet that arrived with a higher delay than its subsequent packet during data transfer. Furthermore, utilizing TCP flows to measure the RTT delay excluding end host processing gave a better characterisation of the RTT delay as opposed to using ICMP traffic. Resultatet av mätningarna från både slut-enheter visar att övervakning från båda ändar av en klient / server-kommunikation resulterar  en noggrannare mätning av fördröjningar som uppstår när paketen färdas över nätverket än vid mätning från den enda klienten. Främst avslutades detta genom förmågan att skilja mellan den rena nätfördröjningen och kernel bearbetning under TCP handskakning och nedkoppling. För det andra bekräftades att de två RTT som identifierats i en TCP handskakning inte är symmetriska och att TCP nedkoppling RTT är längre än TCP handskakning RTT inom samma TCP flödet, eftersom servern  måste vidta åtgärder för att undvika SYN översvämning attacker. För det tredje, genom att övervaka från båda avancerade enheter, var det möjligt att identifiera path asymmetrier genom att beräkna den fysiska envägsfördröjningen av ett paket på framåtriktade banan i jämförelse med den fysiska fördröjningen för ett paket på den omvända banan. Slutligen genom att övervaka från båda end enheter, är det möjligt att skilja mellan ett paket som faktiskt förlorades och ett paket som kom med en högre fördröjning än dess efterföljande paket under dataöverföring. Dessutom utnyttjande av TCP flöden för att mäta RTT exkluderat end-nod porocessering gav en bättre karakterisering av RTT fördröjning jämfört med att ICMP-trafik.

Page generated in 0.0791 seconds