Caracterização multi-escalar de tráfego em redes protegidas

Mestrado em Engenharia de Computadores e TelemáticaAtualmente, a Internet pode ser vista como uma mistura de diversos serviços e aplicações que correm sobre protocolos comuns. O aparecimento de inúmeras aplicações Web mudou o paradigma de interação dos utilizadores, colocando-os num papel mais ativo, permitindo aos utilizadores da Internet partilhar fotos, vídeos e muito mais. A análise do perfil de cada utilizador, tanto em redes wired como wireless, tornou-se muito interessante para tarefas como a otimização de recursos da rede, personalização de serviços e segurança. Nesta dissertação pretende-se recolher um conjunto sistemático de capturas de tráfego correspondentes à utilização de diversas aplicações Web e efetuar a caraterização estatística do tráfego correspondente a cada aplicação em redes protegidas. O tráfego obtido (e as respetivas estatísticas) será posteriormente utilizado para validar metodologias de identificação de aplicações e caraterização do perfil de utilizadores da Internet. O desenvolvimento de diversas metodologias estatísticas permite caraterizar o tráfego associado a cada utilizador (tanto em redes wireless como wired) com base em informação estatística do tráfego por ele gerado enquanto utiliza os diversos serviços de rede. Neste sentido, é muito importante dispor de capturas de tráfego real que sejam representativas de uma utilização comum das diversas aplicações Web. Serviços on-line como notícias, email, redes sociais, partilha de fotografias e de vídeos podem ser estudados e caraterizados através da análise estatística do tráfego gerado pela utilização de aplicações como jornais on-line, Youtube, Flickr, GMail, Facebook, entre outras. Ao extrair as métricas de tráfego ao nível da camada 2, realizar a decomposição baseada em Wavelets e analisar os escalogramas obtidos, será possível avaliar as diferentes componentes de tempo e de frequência do tráfego analisado. Será então possível definir um perfil de comunicação capaz de descrever o espetro de frequência característico de cada aplicação web. Consequentemente, será possível identificar as aplicações utilizadas pelos diferentes clientes ligados e criar perfis de utilizadores com precisão.Nowadays, Internet can be seen as an mix of services and applications that run over common protocols. The emergence of several web-based applications changed the users interaction paradigm by placing them in a more active role, allowing users to share photos, videos and much more. The analysis of each user profile, both in wired and wireless networks, can become very interesting for tasks such as network resources optimization, service customization and security. This thesis aims to collect a systematic set of traffic captures corresponding to the use of several web-based applications in protected networks and perform a statistical traffic characterization for each application. The captured traffic (and the corresponding statistics) will be subsequently used to validate the methodologies developed to identify applications and characterize the traffic associated to each user. There are several statistical methodologies that allows the identification of users profiles (on both wireless and wired networks) based on statistical information collected from the traffic generated while using the different network services. In this sense, it is very important to have real traffic captures that are representative of a common use of several web-based applications. On-line services, such as news, e-mail, social networking, photo sharing and videos can be studied and characterized through the statistical analysis of the traffic captured while using applications such as on-line newspapers, Youtube, Flickr, GMail, Facebbok, among others. By extracting layer 2 traffic metrics, performing a wavelet decomposition and analyzing the obtained scalograms, it is possible to evaluate the time and frequency components of the analyzed traffic. A communication profile can then be defined in order to describe the frequency spectrum that is characteristic of each web-based application. By doing that, it will be possible to identify the different applications used by the connected clients and build accurate users profiles

Metodologias para caracterização de tráfego em redes de comunicações

Tese de doutoramento em Metodologias para caracterização de tráfego em redes de comunicaçõesInternet Tra c, Internet Applications, Internet Attacks, Tra c Pro ling, Multi-Scale Analysis abstract Nowadays, the Internet can be seen as an ever-changing platform where new and di erent types of services and applications are constantly emerging. In fact, many of the existing dominant applications, such as social networks, have appeared recently, being rapidly adopted by the user community. All these new applications required the implementation of novel communication protocols that present di erent network requirements, according to the service they deploy. All this diversity and novelty has lead to an increasing need of accurately pro ling Internet users, by mapping their tra c to the originating application, in order to improve many network management tasks such as resources optimization, network performance, service personalization and security. However, accurately mapping tra c to its originating application is a di cult task due to the inherent complexity of existing network protocols and to several restrictions that prevent the analysis of the contents of the generated tra c. In fact, many technologies, such as tra c encryption, are widely deployed to assure and protect the con dentiality and integrity of communications over the Internet. On the other hand, many legal constraints also forbid the analysis of the clients' tra c in order to protect their con dentiality and privacy. Consequently, novel tra c discrimination methodologies are necessary for an accurate tra c classi cation and user pro ling. This thesis proposes several identi cation methodologies for an accurate Internet tra c pro ling while coping with the di erent mentioned restrictions and with the existing encryption techniques. By analyzing the several frequency components present in the captured tra c and inferring the presence of the di erent network and user related events, the proposed approaches are able to create a pro le for each one of the analyzed Internet applications. The use of several probabilistic models will allow the accurate association of the analyzed tra c to the corresponding application. Several enhancements will also be proposed in order to allow the identi cation of hidden illicit patterns and the real-time classi cation of captured tra c. In addition, a new network management paradigm for wired and wireless networks will be proposed. The analysis of the layer 2 tra c metrics and the di erent frequency components that are present in the captured tra c allows an e cient user pro ling in terms of the used web-application. Finally, some usage scenarios for these methodologies will be presented and discussed