4 research outputs found
Caracterização multi-escalar de tráfego em redes protegidas
Mestrado em Engenharia de Computadores e TelemáticaAtualmente, a Internet pode ser vista como uma mistura de diversos serviços
e aplicações que correm sobre protocolos comuns. O aparecimento de
inúmeras aplicações Web mudou o paradigma de interação dos utilizadores,
colocando-os num papel mais ativo, permitindo aos utilizadores da Internet
partilhar fotos, vídeos e muito mais. A análise do perfil de cada utilizador,
tanto em redes wired como wireless, tornou-se muito interessante para
tarefas como a otimização de recursos da rede, personalização de serviços
e segurança.
Nesta dissertação pretende-se recolher um conjunto sistemático de
capturas de tráfego correspondentes à utilização de diversas aplicações
Web e efetuar a caraterização estatística do tráfego correspondente a
cada aplicação em redes protegidas. O tráfego obtido (e as respetivas
estatísticas) será posteriormente utilizado para validar metodologias de
identificação de aplicações e caraterização do perfil de utilizadores da
Internet. O desenvolvimento de diversas metodologias estatísticas permite
caraterizar o tráfego associado a cada utilizador (tanto em redes wireless
como wired) com base em informação estatística do tráfego por ele gerado
enquanto utiliza os diversos serviços de rede. Neste sentido, é muito
importante dispor de capturas de tráfego real que sejam representativas de
uma utilização comum das diversas aplicações Web. Serviços on-line como
notícias, email, redes sociais, partilha de fotografias e de vídeos podem ser
estudados e caraterizados através da análise estatística do tráfego gerado
pela utilização de aplicações como jornais on-line, Youtube, Flickr, GMail,
Facebook, entre outras.
Ao extrair as métricas de tráfego ao nível da camada 2, realizar a
decomposição baseada em Wavelets e analisar os escalogramas obtidos,
será possível avaliar as diferentes componentes de tempo e de frequência
do tráfego analisado. Será então possível definir um perfil de comunicação
capaz de descrever o espetro de frequência característico de cada aplicação
web. Consequentemente, será possível identificar as aplicações utilizadas
pelos diferentes clientes ligados e criar perfis de utilizadores com precisão.Nowadays, Internet can be seen as an mix of services and applications
that run over common protocols. The emergence of several web-based
applications changed the users interaction paradigm by placing them in a
more active role, allowing users to share photos, videos and much more.
The analysis of each user profile, both in wired and wireless networks, can
become very interesting for tasks such as network resources optimization,
service customization and security. This thesis aims to collect a systematic
set of traffic captures corresponding to the use of several web-based applications
in protected networks and perform a statistical traffic characterization
for each application. The captured traffic (and the corresponding statistics)
will be subsequently used to validate the methodologies developed to
identify applications and characterize the traffic associated to each user.
There are several statistical methodologies that allows the identification of
users profiles (on both wireless and wired networks) based on statistical
information collected from the traffic generated while using the different
network services. In this sense, it is very important to have real traffic
captures that are representative of a common use of several web-based
applications. On-line services, such as news, e-mail, social networking,
photo sharing and videos can be studied and characterized through the
statistical analysis of the traffic captured while using applications such as
on-line newspapers, Youtube, Flickr, GMail, Facebbok, among others. By
extracting layer 2 traffic metrics, performing a wavelet decomposition and
analyzing the obtained scalograms, it is possible to evaluate the time and
frequency components of the analyzed traffic. A communication profile
can then be defined in order to describe the frequency spectrum that is
characteristic of each web-based application. By doing that, it will be
possible to identify the different applications used by the connected clients
and build accurate users profiles
Evaluation of Supervised Machine Learning for Classifying Video Traffic
Operational deployment of machine learning based classifiers in real-world networks has become an important area of research to support automated real-time quality of service decisions by Internet service providers (ISPs) and more generally, network administrators. As the Internet has evolved, multimedia applications, such as voice over Internet protocol (VoIP), gaming, and video streaming, have become commonplace. These traffic types are sensitive to network perturbations, e.g. jitter and delay. Automated quality of service (QoS) capabilities offer a degree of relief by prioritizing network traffic without human intervention; however, they rely on the integration of real-time traffic classification to identify applications. Accordingly, researchers have begun to explore various techniques to incorporate into real-world networks. One method that shows promise is the use of machine learning techniques trained on sub-flows – a small number of consecutive packets selected from different phases of the full application flow. Generally, research on machine learning classifiers was based on statistics derived from full traffic flows, which can limit their effectiveness (recall and precision) if partial data captures are encountered by the classifier. In real-world networks, partial data captures can be caused by unscheduled restarts/reboots of the classifier or data capture capabilities, network interruptions, or application errors. Research on the use of machine learning algorithms trained on sub-flows to classify VoIP and gaming traffic has shown promise, even when partial data captures are encountered. This research extends that work by applying machine learning algorithms trained on multiple sub-flows to classification of video streaming traffic.
Results from this research indicate that sub-flow classifiers have much higher and more consistent recall and precision than full flow classifiers when applied to video traffic. Moreover, the application of ensemble methods, specifically Bagging and adaptive boosting (AdaBoost) further improves recall and precision for sub-flow classifiers. Findings indicate sub-flow classifiers based on AdaBoost in combination with the C4.5 algorithm exhibited the best performance with the most consistent results for classification of video streaming traffic
Metodologias para caracterização de tráfego em redes de comunicações
Tese de doutoramento em Metodologias para caracterização de tráfego em redes de comunicaçõesInternet Tra c, Internet Applications, Internet Attacks, Tra c Pro ling,
Multi-Scale Analysis
abstract Nowadays, the Internet can be seen as an ever-changing platform where new
and di erent types of services and applications are constantly emerging. In
fact, many of the existing dominant applications, such as social networks,
have appeared recently, being rapidly adopted by the user community. All
these new applications required the implementation of novel communication
protocols that present di erent network requirements, according to the service
they deploy. All this diversity and novelty has lead to an increasing need
of accurately pro ling Internet users, by mapping their tra c to the originating
application, in order to improve many network management tasks such
as resources optimization, network performance, service personalization and
security. However, accurately mapping tra c to its originating application
is a di cult task due to the inherent complexity of existing network protocols
and to several restrictions that prevent the analysis of the contents of
the generated tra c. In fact, many technologies, such as tra c encryption,
are widely deployed to assure and protect the con dentiality and integrity
of communications over the Internet. On the other hand, many legal constraints
also forbid the analysis of the clients' tra c in order to protect
their con dentiality and privacy. Consequently, novel tra c discrimination
methodologies are necessary for an accurate tra c classi cation and user
pro ling. This thesis proposes several identi cation methodologies for an
accurate Internet tra c pro ling while coping with the di erent mentioned
restrictions and with the existing encryption techniques. By analyzing the
several frequency components present in the captured tra c and inferring
the presence of the di erent network and user related events, the proposed
approaches are able to create a pro le for each one of the analyzed Internet
applications. The use of several probabilistic models will allow the accurate
association of the analyzed tra c to the corresponding application. Several
enhancements will also be proposed in order to allow the identi cation of
hidden illicit patterns and the real-time classi cation of captured tra c.
In addition, a new network management paradigm for wired and wireless
networks will be proposed. The analysis of the layer 2 tra c metrics and
the di erent frequency components that are present in the captured tra c
allows an e cient user pro ling in terms of the used web-application. Finally,
some usage scenarios for these methodologies will be presented and
discussed