System for marking network traffic

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 105-108).Computer security performance analysis requires precise labeling of traffic as either background or attack traffic. When an experiment is performed on-line, it may also be important to identify traffic from the security system. Today this is tedious and difficult, requiring personnel with a deep understanding of multiple protocols. YAMA (Your Able Marking Aide) is a tool that labels sessions and packets associated with a set of user actions given those actions, the traffic, and a network configuration (host information and web page corpus). An evaluation of a version that processes web traffic is performed using data from Alexas Top 100 Sites. YAMA 1.0 correctly associates the action of visiting a specific site with 90% of all HTTP packets, and 99% of both HTTP GET and DNS packets. Furthermore, YAMA 1.0 produces zero false positives when given a high-level event indicating a user visited one web site and packets from a different site.by Néstor Felipe Hernández González.M.Eng

Associating network flows with user and application information

The concept of authenticating users e.g. by means of a login process is very well established and there is no doubt that it is absolutely necessary and helpful in a multiuser environment. Unfortunately specific information about a user originating a data stream or receiving it, is often no longer available at the traversed network nodes. This applies to the even more specific question of what application is used as well. Routers, gateways or firewalls usually have to base their classification of data on IP header inspection or have to try to extract information from the packets payload. We present an approach that works transparently and allows to associate user and application specific information with IP data streams by only slightly modifying components of the operating system environment and infrastructure components. On top of this framework we show usage scenarios for dedicatedly placing copyright information in media content and for an enhancement of the interoperation with the security infrastructure