How to Validate Traffic Generators?

Abstract-Network traffic generators are widely used in networking research and they are validated by a very broad range of metrics (mainly traffic characteristics). In this paper we overview the state of the art of these metrics and unveil that there is no consensus in the research community how to validate these traffic generators and which metric to choose for validation purpose. This situation makes it extremely difficult to evaluate validation results and compare different traffic generators. We advocate the research for finding a common set of metrics for the validation and comparative evaluation of traffic generators

Traffic Modeling and Anomaly Detection for Internet of Things

芝浦工業大学2020年

Generazione software di traffico Ethernet ad alta velocità: Ostinato incontra netmap

In questa tesi viene affrontato il problema della generazione software di traffico su reti Ethernet ad alta velocità (10 Gbps). In particolare, si estenderà uno specifico programma, chiamato "Ostinato", per utilizzare il framework "netmap", con l'obiettivo di aumentare il numero massimo di pacchetti inviabili al secondo e di migliorare l'accuratezza di tale processo trasmissivo. Si fornirà inoltre una valutazione sperimentale delle proprietà metrologiche dell'applicativo (numero massimo di pacchetti trasmissibili al secondo, accuratezza nella generazione sintetica del traffico, ecc.), non reperibile altresì in letteratura. L'analisi metrologica svolta inizialmente (sulla versione ufficiale di Ostinato) ha evidenziato una scarsa accuratezza, specie su sistemi operativi non Linux. Nell'introdurre il supporto nativo a netmap, quindi, alcune parti parti fondamentali del programma sono state riviste, compreso il motore di trasmissione dei pacchetti. Dopo la ristrutturazione del codice, i dati sperimentali collezionati hanno mostrato la capacità del generatore di produrre pacchetti con perfetta precisione e accuratezza fino al punto di saturazione della piattaforma (il cui valore dipende ovviamente dalle caratteristiche dell'elaboratore, dal sottosistema di rete adottato e dalle dimensioni dei pacchetti Ethernet trasmessi). Con netmap, Ostinato risulta in grado di produrre 10 Gbps di traffico (e oltre), anche nel caso peggiore di pacchetti Ethernet di dimensione minima, proponendosi come strumento indispensabile per realizzare esperimenti e misurazioni su reti ad alta velocità, in quanto unico nella sua capacità di coniugare prestazioni elevate, precisione, accuratezza, flessibilità e semplicità di utilizzo

Flow Table Management in Programmable Network Data Planes

The design-space of network devices is constantly evolving, driven by the continual demand for increased global inter-connectivity, intelligent orchestration, and distributed computation between cloud and edge resources. Modern businesses are increasingly reliant on a connected world for a competitive advantage as well as essential operations. Meanwhile, there is an increasing number of attacks on critical communication infrastructure from a variety of malicious actors. Thus, there is an increasing urgency to improve all aspects of security in data communication networks. Additionally, Software-Defined Networking (SDN) has increasingly gained traction and utility across data centers and network administration. SDN concepts enable increased flexibility for network operators, including the ability to implement a broad class of custom network functions for real-time diagnostics as well as traffic management. While SDN has notable advantages over traditional network appliances, current implementations are often more susceptible to malicious attacks due to increased complexity and abstractions imposed on packet classification and table management. This dissertation investigates architectural techniques to improve the reliability and performance of data plane processing hardware. Our techniques are applicable to both traditional packet processing as well as SDN data plane architectures. The contributions of this research include two novel and complementary techniques to improve data plane performance through optimizing the use of available packet classification resources. By leveraging storage-efficient stochastic data structures and machine learning inspired replacement policies, our techniques improve data plane processing efficiency and predictability. The first technique leverages a Bloom Filter to prioritize established traffic and prevent malicious starvation of expensive packet classification resources. This Pre-Classification technique is general enough to be considered for any classification pipeline with non-uniform processing requirements. The second technique, originally developed for speculative microprocessors, adapts the Hashed Perceptron binary classifier to flow table cache management. The proposed Flow Correlator mechanism leverages the Hashed Perceptron to correlate flow activity with temporal patterns and transport/network layer hints. This technique demonstrates the viability of associating temporal patterns to network flows enabling improvements in flow table cache management. Amenable to hardware implementations, both Flow Correlator and Pre-Classification techniques show promise in improving the reliability and performance of flow-centric packet processing architectures

Anonymization & Generation of Network Packet Datasets Using Deep learning

Corporate networks are constantly bombarded by malicious actors trying to gain access. The current state of the art in protecting networks is deep learning-based intrusion detection systems (IDS). However, for an IDS to be effective it needs to be trained on a good dataset. The best datasets for training an IDS are real data captured from large corporate networks. Unfortunately, companies cannot release their network data due to privacy concerns creating a lack of public cybersecurity data. In this thesis I take a novel approach to network dataset anonymization using character-level LSTM models to learn the characteristics of a dataset; then generate a new, anonymized, synthetic dataset, with similar characteristics to the original. This method shows excellent performance when tested for characteristic preservation and anonymization performance on three datasets. One that includes malicious and benign URLs, one with DNS packets, and one with malicious and benign TCP packets. Using this method I take the first step in solving the lack of publication of private network datasets