231 research outputs found
Report of the Third Workshop on the Usage of NetFlow/IPFIX in Network Management
The Network Management Research Group (NMRG) organized in 2010 the Third Workshop on the Usage of NetFlow/IPFIX in Network Management, as part of the 78th IETF Meeting in Maastricht. Yearly organized since 2007, the workshop is an opportunity for people from both academia and industry to discuss the latest developments of the protocol, possibilities for new applications, and practical experiences. This report summarizes the presentations and the main conclusions of the workshop
A Taxonomy for and Analysis of Anonymous Communications Networks
Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design
Deployment of Real-Time Network Traffic Analysis using GraphBLAS Hypersparse Matrices and D4M Associative Arrays
Matrix/array analysis of networks can provide significant insight into their
behavior and aid in their operation and protection. Prior work has demonstrated
the analytic, performance, and compression capabilities of GraphBLAS
(graphblas.org) hypersparse matrices and D4M (d4m.mit.edu) associative arrays
(a mathematical superset of matrices). Obtaining the benefits of these
capabilities requires integrating them into operational systems, which comes
with its own unique challenges. This paper describes two examples of real-time
operational implementations. First, is an operational GraphBLAS implementation
that constructs anonymized hypersparse matrices on a high-bandwidth network
tap. Second, is an operational D4M implementation that analyzes daily cloud
gateway logs. The architectures of these implementations are presented.
Detailed measurements of the resources and the performance are collected and
analyzed. The implementations are capable of meeting their operational
requirements using modest computational resources (a couple of processing
cores). GraphBLAS is well-suited for low-level analysis of high-bandwidth
connections with relatively structured network data. D4M is well-suited for
higher-level analysis of more unstructured data. This work demonstrates that
these technologies can be implemented in operational settings.Comment: Accepted to IEEE HPEC, 8 pages, 8 figures, 1 table, 69 references.
arXiv admin note: text overlap with arXiv:2203.13934. text overlap with
arXiv:2309.0180
The Effect of Video Caching on Network Resource Planning - A Real-Case Study
Traffic Engineering is one of the building blocks for a correct network planning. Internet Service Providers are always trying to fulfill the user Quality of Experience (QoE). However, each technological advance brings new services to the user, with new challenges to be solved to maintain the QoE
Pretty Private Group Management
Group management is a fundamental building block of today's Internet
applications. Mailing lists, chat systems, collaborative document edition but
also online social networks such as Facebook and Twitter use group management
systems. In many cases, group security is required in the sense that access to
data is restricted to group members only. Some applications also require
privacy by keeping group members anonymous and unlinkable. Group management
systems routinely rely on a central authority that manages and controls the
infrastructure and data of the system. Personal user data related to groups
then becomes de facto accessible to the central authority. In this paper, we
propose a completely distributed approach for group management based on
distributed hash tables. As there is no enrollment to a central authority, the
created groups can be leveraged by various applications. Following this
paradigm we describe a protocol for such a system. We consider security and
privacy issues inherently introduced by removing the central authority and
provide a formal validation of security properties of the system using AVISPA.
We demonstrate the feasibility of this protocol by implementing a prototype
running on top of Vuze's DHT
- …