Metropolitan Areas in the Czech Republic - Definitions, Basic Characteristics, Patterns of Suburbanisation and Their Impact on Political Behaviour

This study is based on the first stage of research on political change in metropolitan areas in the Czech Republic, conducted within the framework of the International Metropolitan Observatory Project (IMO). In the first part of the study the authors examine how metropolitan areas are defined. Given that there is currently no official definition of metropolitan areas in the Czech Republic, the criteria for their delineation were developed on the basis of existing definitions of metropolitan areas in other countries participating in the IMO project and with the use of available data. The application of these criteria to the Czech Republic produced the "provisional" delineation of four metropolitan areas within the country, centred on the cities of Prague, Brno, Pilsen, and Ostrava. The basic characteristics of these four metropolitan areas are outlined in the second part of the paper with data on populations and population density, migration patters, housing development, and basic data on spatial differences in social structures. Special attention is devoted to the process of suburbanisation as it evolved in the post-communist period, and patterns of the process are compared with the "typical" North American model. The authors conclude the paper with a study of selected aspects of political behaviour in relation to socio-spatial changes in the metropolitan areas.Der Text stellt das Ergebnis der ersten Arbeitsphase eines tschechischen Teams vor, das im Rahmen des internationalen Forschungskonsortiums Metropolitan Observatory Project (IMO) an einem Projekt zur Untersuchung politischer Veränderungen in Metropolregionen arbeitet. Die Abhandlung beschäftigt sich zunächst mit dem Problem der Definition von Metropolregionen. Da zur Zeit in der Tschechischen Republik keine offizielle Definition von Metropolregionen existiert, wurde eine eigene Definition entwickelt, die mit den Kriterien des IMO-Projekts kompatibel ist und nach der in Tschechien vier Metropolregionen - die Kernstädte Prag, Brünn, Ostrau und Pilsen und deren Umland - eingeteilt wurden. Der Text bietet einen Überblick über die Hauptmerkmale dieser Metropolregionen, insbesondere ihrer Population, der Bevölkerungsdichte, der Migrations- und Pendelmuster sowie der sozialräumlichen Veränderungen. Besondere Aufmerksamkeit wird der Beschreibung des Prozesses der Suburbanisierung in der Zeit nach dem Sturz des Kommunismus gewidmet. Die Modelle der Suburbanisierung werden mit dem "klassischen" nordamerikanischen Modell verglichen. Im abschließenden Teil des Textes werden ausgewählte Aspekte des politischen Verhaltens der Bewohner von Metropolregionen im Verhältnis zur sozialräumlichen Entwicklung untersucht

Real-time Analysis of NetFlow Data for Generating Network Traffic Statistics using Apache Spark

Abstract—In this paper, we present a framework for the realtime generation of network traffic statistics on Apache Spark Streaming, a modern distributed stream processing system. Our previous results showed that stream processing systems provide enough throughput to process a large volume of NetFlow data and hence they are suitable for network traffic monitoring. This paper describes the integration of Apache Spark Streaming into a current network monitoring architecture. We prove that it is possible to implement the same basic methods for NetFlow data analysis in the stream processing framework as in the traditional ones. Moreover, our stream processing implementation discovers new information which is not available when using traditional network monitoring approaches

On Information Value of Top N Statistics

In the era of Internet of Things (IoT), the volume of the monitored data from IoT network is enormous. However, not all data provide sufficient or relevant information. Since the analysis of big data is both resource and time exhausting, only relevant information should be analysed. In this paper, we scrutinize the widely used Top N statistics and evaluate its information value with respect to gathering information about individual hosts in the network. All theoretical discussions are evaluated on the real-world data. Moreover, we provide an assessment of statistic's suitability for identifying a host in network traffic. The results of the paper should assist data analyst of IoT network data

Toward Stream-Based IP Flow Analysis

Analyzing IP flows is an essential part of traffic measurement for cyber security. Based on information from IP flows, it is possible to discover the majority of concurrent cyber threats in highspeed, large-scale networks. Some major prevailing challenges for IP flow analysis include, but are not limited to, analysis over a large volume of IP flows, scalability issues, and detecting cyber threats in real time. In this article, we discuss the transformation of present IP flow analysis into a stream-based approach to face current challenges in IP flow analysis. We examine the possible positive and negative impacts of the transformation and present examples of real-world applications, along with our recommendations. Our ongoing results show that stream-based IP flow analysis successfully meets the above-mentioned challenges and is suitable for achieving real-time network security analysis and situational awareness

Network-based HTTPS Client Identification Using SSL/TLS Fingerprinting

The growing share of encrypted network traffic complicates network traffic analysis and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshake. The fingerprints of SSL/TLS handshakes, including a list of supported cipher suites, differ among clients and correlate to User-Agent values from a HTTP header. We built up a dictionary of SSL/TLS cipher suite lists and HTTP User-Agents and assigned the User-Agents to the observed SSL/TLS connections to identify communicating clients. We discuss host-based and network-based methods of dictionary retrieval and estimate the quality of the data. The usability of the proposed method is demonstrated on two case studies of network forensics

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Research in network traffic measurement and analysis is a long-lasting field with growing interest from both scientists and the industry. However, even after so many years, results replication, criticism, and review are still rare. We face not only a lack of research standards, but also inaccessibility of appropriate datasets that can be used for methods development and evaluation. Therefore, a lot of potentially high-quality research cannot be verified and is not adopted by the industry or the community. The aim of this paper is to overcome this controversy with a unique solution based on a combination of distinct approaches proposed by other research works. Unlike these studies, we focus on the whole issue covering all areas of data anonymization, authenticity, recency, publicity, and their usage for research provability. We believe that these challenges can be solved by utilization of semi-labeled datasets composed of real-world network traffic and annotated units with interest-related packet traces only. In this paper, we outline the basic ideas of the methodology from unit trace collection and semi-labeled dataset creation to its usage for research evaluation. We strive for this proposal to start a discussion of the approach and help to overcome some of the challenges the research faces today

The importance of Arctic driftwood for interdisciplinary global change research (Short Communication / Methodological note)

The Arctic is one of the regions most sensitive to global warming, for which climate and environmental proxy archives are largely insufficient. Arctic driftwood provides a unique resource for research into the circumpolar entanglements of terrestrial, coastal and marine factors and processes – past, present, future. Here, first dendrochronological and wood anatomical insights into 639 Arctic driftwood samples are presented. Samples were collected across northern Norway (n =430) and north-western Iceland (n =209) in 2022. The overall potentials and limitations of Arctic driftwood to improve tree-ring chronologies from the boreal forest, and to reconstruct changes in sea ice extent and ocean current dynamics are discussed. Finally, the role driftwood has possibly played for Arctic settlements in the past hundreds of years is examined

Real-time Pattern Detection in IP Flow Data using Apache Spark

Detection of network attacks is a challenging task, especially concerning detection coverage and timeliness. The defenders need to be able to detect advanced types of attacks and minimize the time gap between the attack detection and its mitigation. To meet these requirements, we present a stream-based IP flow data processing application for real-time attack detection using similarity search techniques. Our approach extends capabilities of traditional detection systems and allows to detect not only anomalies and attacks that match exactly to predefined patterns but also their variations. The approach is demonstrated on detection of SSH authentication attacks. We describe a process of patterns definition and illustrate their usage in a real-world deployment. We show that our approach provides sufficient performance of IP flow data processing for real-time detection while maintaining versatility and ability to detect network attacks that have not been recognized by traditional approaches