2,521 research outputs found
Detection of encrypted traffic generated by peer-to-peer live streaming applications using deep packet inspection
The number of applications using the peer-to-peer (P2P) networking paradigm and their popularity has substantially grown over the last decade. They evolved from the le-sharing applications to media streaming ones. Nowadays these applications commonly encrypt the communication contents or employ protocol obfuscation techniques. In this dissertation, it was conducted an investigation to identify encrypted traf c ows generated by three of the most popular P2P live streaming applications: TVUPlayer, Livestation and GoalBit. For this work, a test-bed that could simulate a near real scenario was created, and traf c was captured from a great variety of applications. The method proposed resort to Deep Packet Inspection (DPI), so we needed
to analyse the payload of the packets in order to nd repeated patterns, that later were used to create a set of SNORT rules that can be used to detect key network packets generated by these applications. The method was evaluated experimentally on the test-bed created for that purpose, being shown that its accuracy is of 97% for GoalBit.A popularidade e o número de aplicações que usam o paradigma de redes par-a-par (P2P)
têm crescido substancialmente na última década. Estas aplicações deixaram de serem usadas
simplesmente para partilha de ficheiros e são agora usadas também para distribuir conteúdo
multimédia. Hoje em dia, estas aplicações têm meios de cifrar o conteúdo da comunicação
ou empregar técnicas de ofuscação directamente no protocolo. Nesta dissertação, foi realizada
uma investigação para identificar fluxos de tráfego encriptados, que foram gerados por
três aplicações populares de distribuição de conteúdo multimédia em redes P2P: TVUPlayer,
Livestation e GoalBit. Para este trabalho, foi criada uma plataforma de testes que pretendia
simular um cenário quase real, e o tráfego que foi capturado, continha uma grande variedade
de aplicações. O método proposto nesta dissertação recorre à técnica de Inspecção Profunda
de Pacotes (DPI), e por isso, foi necessário 21nalisar o conteúdo dos pacotes a fim de encontrar
padrões que se repetissem, e que iriam mais tarde ser usados para criar um conjunto de regras
SNORT para detecção de pacotes chave· na rede, gerados por estas aplicações, afim de se
poder correctamente classificar os fluxos de tráfego. Após descobrir que a aplicação Livestation
deixou de funcionar com P2P, apenas as duas regras criadas até esse momento foram usadas.
Quanto à aplicação TVUPlayer, foram criadas várias regras a partir do tráfego gerado por ela
mesma e que tiveram uma boa taxa de precisão. Várias regras foram também criadas para
a aplicação GoalBit em que foram usados quatro cenários: com e sem encriptação usando a
opção de transmissão tracker, e com e sem encriptação usando a opção de transmissão sem
necessidade de tracker (aqui foi usado o protocolo Kademlia). O método foi avaliado experimentalmente
na plataforma de testes criada para o efeito, sendo demonstrado que a precisão
do conjunto de regras para a aplicação GoallBit é de 97%.Fundação para a Ciência e a Tecnologia (FCT
Profiling user activities with minimal traffic traces
Understanding user behavior is essential to personalize and enrich a user's
online experience. While there are significant benefits to be accrued from the
pursuit of personalized services based on a fine-grained behavioral analysis,
care must be taken to address user privacy concerns. In this paper, we consider
the use of web traces with truncated URLs - each URL is trimmed to only contain
the web domain - for this purpose. While such truncation removes the
fine-grained sensitive information, it also strips the data of many features
that are crucial to the profiling of user activity. We show how to overcome the
severe handicap of lack of crucial features for the purpose of filtering out
the URLs representing a user activity from the noisy network traffic trace
(including advertisement, spam, analytics, webscripts) with high accuracy. This
activity profiling with truncated URLs enables the network operators to provide
personalized services while mitigating privacy concerns by storing and sharing
only truncated traffic traces.
In order to offset the accuracy loss due to truncation, our statistical
methodology leverages specialized features extracted from a group of
consecutive URLs that represent a micro user action like web click, chat reply,
etc., which we call bursts. These bursts, in turn, are detected by a novel
algorithm which is based on our observed characteristics of the inter-arrival
time of HTTP records. We present an extensive experimental evaluation on a real
dataset of mobile web traces, consisting of more than 130 million records,
representing the browsing activities of 10,000 users over a period of 30 days.
Our results show that the proposed methodology achieves around 90% accuracy in
segregating URLs representing user activities from non-representative URLs
An Information-Based Dynamic Extrapolation Model for Networked Virtual Environments
Various Information Management techniques have been developed to help maintain a consistent shared virtual world in a
Networked Virtual Environment. However, such techniques have to be carefully adapted to the application state dynamics and
the underlying network. This work presents a novel framework that minimizes inconsistency by optimizing bandwidth usage to
deliver useful information. This framework measures the state evolution using an information model and dynamically switches
extrapolation models and the packet rate to make the most information-efficient usage of the available bandwidth. The results
shown demonstrate that this approach can help optimize consistency under constrained and time-varying network conditions
A novel Big Data analytics and intelligent technique to predict driver's intent
Modern age offers a great potential for automatically predicting the driver's intent through the increasing miniaturization of computing technologies, rapid advancements in communication technologies and continuous connectivity of heterogeneous smart objects. Inside the cabin and engine of modern cars, dedicated computer systems need to possess the ability to exploit the wealth of information generated by heterogeneous data sources with different contextual and conceptual representations. Processing and utilizing this diverse and voluminous data, involves many challenges concerning the design of the computational technique used to perform this task. In this paper, we investigate the various data sources available in the car and the surrounding environment, which can be utilized as inputs in order to predict driver's intent and behavior. As part of investigating these potential data sources, we conducted experiments on e-calendars for a large number of employees, and have reviewed a number of available geo referencing systems. Through the results of a statistical analysis and by computing location recognition accuracy results, we explored in detail the potential utilization of calendar location data to detect the driver's intentions. In order to exploit the numerous diverse data inputs available in modern vehicles, we investigate the suitability of different Computational Intelligence (CI) techniques, and propose a novel fuzzy computational modelling methodology. Finally, we outline the impact of applying advanced CI and Big Data analytics techniques in modern vehicles on the driver and society in general, and discuss ethical and legal issues arising from the deployment of intelligent self-learning cars
Error Level Analysis Technique for Identifying JPEG Block Unique Signature for Digital Forensic Analysis
The popularity of unique image compression features of image files opens an interesting research analysis process, given that several digital forensics cases are related to diverse file types. Of interest has been fragmented file carving and recovery which forms a major aspect of digital forensics research on JPEG files. Whilst there exist several challenges, this paper focuses on the challenge of determining the co-existence of JPEG fragments within various file fragment types. Existing works have exhibited a high false-positive rate, therefore rendering the need for manual validation. This study develops a technique that can identify the unique signature of JPEG 8 × 8 blocks using the Error Level Analysis technique, implemented in MATLAB. The experimental result that was conducted with 21 images of JFIF format with 1008 blocks shows the efficacy of the proposed technique. Specifically, the initial results from the experiment show that JPEG 8 × 8 blocks have unique characteristics which can be leveraged for digital forensics. An investigator could, therefore, search for the unique characteristics to identify a JPEG fragment during a digital investigation process
Data-driven Computational Social Science: A Survey
Social science concerns issues on individuals, relationships, and the whole
society. The complexity of research topics in social science makes it the
amalgamation of multiple disciplines, such as economics, political science, and
sociology, etc. For centuries, scientists have conducted many studies to
understand the mechanisms of the society. However, due to the limitations of
traditional research methods, there exist many critical social issues to be
explored. To solve those issues, computational social science emerges due to
the rapid advancements of computation technologies and the profound studies on
social science. With the aids of the advanced research techniques, various
kinds of data from diverse areas can be acquired nowadays, and they can help us
look into social problems with a new eye. As a result, utilizing various data
to reveal issues derived from computational social science area has attracted
more and more attentions. In this paper, to the best of our knowledge, we
present a survey on data-driven computational social science for the first time
which primarily focuses on reviewing application domains involving human
dynamics. The state-of-the-art research on human dynamics is reviewed from
three aspects: individuals, relationships, and collectives. Specifically, the
research methodologies used to address research challenges in aforementioned
application domains are summarized. In addition, some important open challenges
with respect to both emerging research topics and research methods are
discussed.Comment: 28 pages, 8 figure
Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction
A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.publishedVersio
Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey
International audienceTraffic analysis is a compound of strategies intended to find relationships, patterns, anomalies, and misconfigurations, among others things, in Internet traffic. In particular, traffic classification is a subgroup of strategies in this field that aims at identifying the application's name or type of Internet traffic. Nowadays, traffic classification has become a challenging task due to the rise of new technologies, such as traffic encryption and encapsulation, which decrease the performance of classical traffic classification strategies. Machine Learning gains interest as a new direction in this field, showing signs of future success, such as knowledge extraction from encrypted traffic, and more accurate Quality of Service management. Machine Learning is fast becoming a key tool to build traffic classification solutions in real network traffic scenarios; in this sense, the purpose of this investigation is to explore the elements that allow this technique to work in the traffic classification field. Therefore, a systematic review is introduced based on the steps to achieve traffic classification by using Machine Learning techniques. The main aim is to understand and to identify the procedures followed by the existing works to achieve their goals. As a result, this survey paper finds a set of trends derived from the analysis performed on this domain; in this manner, the authors expect to outline future directions for Machine Learning based traffic classification
Recommended from our members
A Comprehensive Survey of Voice over IP Security Research
We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems
- …