26 research outputs found
Modelos Matemáticos Basados en Consumos Computacionales para el Estudio de Rendimiento de Sondas de Análisis de Tráfico en Redes de Datos
196 p.La monitorización de tráfico es una operación crÃtica dentro de las tareas de gestión de red. Por ello, es necesario disponer de herramientas y equipos que analicen el tráfico de red y detecten posibles anomalÃas, fallos de configuración, ataques o intrusiones. Este trabajo de Tesis se centra en el estudio de equipos denominados sondas de análisis de tráfico que realizan labores de monitorización. Tras analizar la evolución de estos sistemas desde las primeras redes Gigabit Ethernet hasta las redes 5G actuales, la Tesis propone modelos analÃticos dirigidos a medir el rendimiento de dichos dispositivos. Se presentan tres modelos basados en teorÃa de colas: en el primero, sobre un cola tándem con un único servidor activo, se formula un proceso de decisión de Markov que optimiza el throughput de una sonda de análisis; en el segundo, se analiza y se mide el rendimiento de un sistema de captura de paquetes mediante un modelo de cola con vacations; por último, el tercero plantea una red abierta de colas para tomar decisiones en el despliegue de funciones virtuales de red (VNFs) de un servicio de Misión CrÃtica sobre una red 5G. Cada modelo se resuelve con una técnica diferente y posteriormente se valida, bien sea comparando sus resultados con medidas experimentales de una sonda real o bien mediante simulación
Recommended from our members
Design and Implementation of Algorithms for Traffic Classification
Traffic analysis is the practice of using inherent characteristics of a network flow such as timings, sizes, and orderings of the packets to derive sensitive information about it. Traffic analysis techniques are used because of the extensive adoption of encryption and content-obfuscation mechanisms, making it impossible to infer any information about the flows by analyzing their content. In this thesis, we use traffic analysis to infer sensitive information for different objectives and different applications. Specifically, we investigate various applications: p2p cryptocurrencies, flow correlation, and messaging applications. Our goal is to tailor specific traffic analysis algorithms that best capture network traffic’s intrinsic characteristics in those applications for each of these applications. Also, the objective of traffic analysis is different for each of these applications. Specifically, in Bitcoin, our goal is to evaluate Bitcoin traffic’s resilience to blocking by powerful entities such as governments and ISPs. Bitcoin and similar cryptocurrencies play an important role in electronic commerce and other trust-based distributed systems because of their significant advantage over traditional currencies, including open access to global e-commerce. Therefore, it is essential to
the consumers and the industry to have reliable access to their Bitcoin assets. We also examine stepping stone attacks for flow correlation. A stepping stone is a host that an attacker uses to relay her traffic to hide her identity. We introduce two fingerprinting systems, TagIt and FINN. TagIt embeds a secret fingerprint into the flows by moving the packets to specific time intervals. However, FINN utilizes DNNs to embed the fingerprint by changing the inter-packet delays (IPDs) in the flow. In messaging applications, we analyze the WhatsApp messaging service to determine if traffic leaks any sensitive information such as members’ identity in a particular conversation to the adversaries who watch their encrypted traffic. These messaging applications’ privacy is essential because these services provide an environment to dis- cuss politically sensitive subjects, making them a target to government surveillance and censorship in totalitarian countries. We take two technical approaches to design our traffic analysis techniques. The increasing use of DNN-based classifiers inspires our first direction: we train DNN classifiers to perform some specific traffic analysis task. Our second approach is to inspect and model the shape of traffic in the target application and design a statistical classifier for the expected shape of traffic. DNN- based methods are useful when the network is complex, and the traffic’s underlying noise is not linear. Also, these models do not need a meticulous analysis to extract the features. However, deep learning techniques need a vast amount of training data to work well. Therefore, they are not beneficial when there is insufficient data avail- able to train a generalized model. On the other hand, statistical methods have the advantage that they do not have training overhead
Treatment-Based Classi?cation in Residential Wireless Access Points
IEEE 802.11 wireless access points (APs) act as the central communication hub inside homes, connecting all networked devices to the Internet. Home users run a variety of network applications with diverse Quality-of-Service requirements (QoS) through their APs. However, wireless APs are often the bottleneck in residential networks as broadband connection speeds keep increasing. Because of the lack of QoS support and complicated configuration procedures in most off-the-shelf APs, users can experience QoS degradation with their wireless networks, especially when multiple applications are running concurrently.
This dissertation presents CATNAP, Classification And Treatment iN an AP , to provide better QoS support for various applications over residential wireless networks, especially timely delivery for real-time applications and high throughput for download-based applications. CATNAP consists of three major components: supporting functions, classifiers, and treatment modules. The supporting functions collect necessary flow level statistics and feed it into the CATNAP classifiers. Then, the CATNAP classifiers categorize flows along three-dimensions: response-based/non-response-based, interactive/non-interactive, and greedy/non-greedy. Each CATNAP traffic category can be directly mapped to one of the following treatments: push/delay, limited advertised window size/drop, and reserve bandwidth. Based on the classification results, the CATNAP treatment module automatically applies the treatment policy to provide better QoS support.
CATNAP is implemented with the NS network simulator, and evaluated against DropTail and Strict Priority Queue (SPQ) under various network and traffic conditions. In most simulation cases, CATNAP provides better QoS supports than DropTail: it lowers queuing delay for multimedia applications such as VoIP, games and video, fairly treats FTP flows with various round trip times, and is even functional when misbehaving UDP traffic is present. Unlike current QoS methods, CATNAP is a plug-and-play solution, automatically classifying and treating flows without any user configuration, or any modification to end hosts or applications
Proactive measurement techniques for network monitoring in heterogeneous environments
Tesis doctoral inédita. Universidad Autónoma de Madrid, Escuela Politécnica Superior, Departamento de TecnologÃa Electrónica y de las Comunicaciones, 201
Automated Inference System for End-To-End Diagnosis of Network Performance Issues in Client-Terminal Devices
Traditional network diagnosis methods of Client-Terminal Device (CTD)
problems tend to be laborintensive, time consuming, and contribute to increased
customer dissatisfaction. In this paper, we propose an automated solution for
rapidly diagnose the root causes of network performance issues in CTD. Based on
a new intelligent inference technique, we create the Intelligent Automated
Client Diagnostic (IACD) system, which only relies on collection of
Transmission Control Protocol (TCP) packet traces. Using soft-margin Support
Vector Machine (SVM) classifiers, the system (i) distinguishes link problems
from client problems and (ii) identifies characteristics unique to the specific
fault to report the root cause. The modular design of the system enables
support for new access link and fault types. Experimental evaluation
demonstrated the capability of the IACD system to distinguish between faulty
and healthy links and to diagnose the client faults with 98% accuracy. The
system can perform fault diagnosis independent of the user's specific TCP
implementation, enabling diagnosis of diverse range of client devicesComment: arXiv admin note: substantial text overlap with arXiv:1207.356