Satellite B-ISDN traffic analysis

The impact of asynchronous transfer mode (ATM) traffic on the advanced satellite broadband integrated services digital network (B-ISDN) with onboard processing is reported. Simulation models were built to analyze the cell transfer performance through the statistical multiplexer at the earth station and the fast packet switch at the satellite. The effectiveness of ground ATM cell preprocessing was established, as well as the performance of several schemes for improving the down-link beam utilization when the space segment employs a fast packet switch

Non-blind watermarking of network flows

Linking network flows is an important problem in intrusion detection as well as anonymity. Passive traffic analysis can link flows but requires long periods of observation to reduce errors. Active traffic analysis, also known as flow watermarking, allows for better precision and is more scalable. Previous flow watermarks introduce significant delays to the traffic flow as a side effect of using a blind detection scheme; this enables attacks that detect and remove the watermark, while at the same time slowing down legitimate traffic. We propose the first non-blind approach for flow watermarking, called RAINBOW, that improves watermark invisibility by inserting delays hundreds of times smaller than previous blind watermarks, hence reduces the watermark interference on network flows. We derive and analyze the optimum detectors for RAINBOW as well as the passive traffic analysis under different traffic models by using hypothesis testing. Comparing the detection performance of RAINBOW and the passive approach we observe that both RAINBOW and passive traffic analysis perform similarly good in the case of uncorrelated traffic, however, the RAINBOW detector drastically outperforms the optimum passive detector in the case of correlated network flows. This justifies the use of non-blind watermarks over passive traffic analysis even though both approaches have similar scalability constraints. We confirm our analysis by simulating the detectors and testing them against large traces of real network flows

TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer

Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET's setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50~Gbps using commodity hardware

Heavy-traffic analysis of k-limited polling systems

In this paper we study a two-queue polling model with zero switch-over times and $k$-limited service (serve at most $k_i$ customers during one visit period to queue $i$, $i=1,2$) in each queue. The arrival processes at the two queues are Poisson, and the service times are exponentially distributed. By increasing the arrival intensities until one of the queues becomes critically loaded, we derive exact heavy-traffic limits for the joint queue-length distribution using a singular-perturbation technique. It turns out that the number of customers in the stable queue has the same distribution as the number of customers in a vacation system with Erlang-$k_2$ distributed vacations. The queue-length distribution of the critically loaded queue, after applying an appropriate scaling, is exponentially distributed. Finally, we show that the two queue-length processes are independent in heavy traffic

Duplicate detection methodology for IP network traffic analysis

Network traffic monitoring systems have to deal with a challenging problem: the traffic capturing process almost invariably produces duplicate packets. In spite of this, and in contrast with other fields, there is no scientific literature addressing it. This paper establishes the theoretical background concerning data duplication in network traffic analysis: generating mechanisms, types of duplicates and their characteristics are described. On this basis, a duplicate detection and removal methodology is proposed. Moreover, an analytical and experimental study is presented, whose results provide a dimensioning rule for this methodology.Comment: 7 pages, 8 figures. For the GitHub project, see https://github.com/Enchufa2/nantool