Statistical based Approach for Packet Classification
|
|
- Joseph Miles
- 5 years ago
- Views:
Transcription
1 Statistical based Approach for Packet Classification Dr. Mrudul Dixit 1, Ankita Sanjay Moholkar 2, Sagarika Satish Limaye 2, Devashree Chandrashekhar Limaye 2 Cummins College of engineering for women, Pune 1 Assistant Professor, 2 Student ABSTRACT Increasing demand for large network bandwidths leads to the growth in the data traffic. As a consequence of this packet classification is required for handling the drastically increasing the traffic on both the edge and the core devices. In today s world, large applications have been developed like service-aware routing, intrusion detection and prevention systems, intelligent routing, traffic management and shaping. Hence use of intelligent and efficient packet classification techniques is recommended. Traditional classification techniques such as Port based classification, Deep packet inspection, etc. have certain drawbacks. Hence there is a need for more efficient classification techniques to route internet packets to their specific applications. One such technique is Statistical Classification. This paper gives an overview of its advantages and limitations. KEYWORDS Statistical Classification, Internet Packets, Statistical Parameters, Packet Classification, Port based Classification, Supervised learning, Internet traffic. I. INTRODUCTION Packet Classification is a process of classifying or processing internet packets for meeting certain objectives such as routing and filtering. Access control, traffic engineering, intrusion detection, software defined networking and many other network services require the discrimination of packets based on the multiple fields of packet headers, which is called packet classification. Packet classification features provide the capability to partition network traffic into multiple priority levels or classes of service. The objective of the packet classification is to classify the internet packets by applying a set of predefined rules. Each rule consists of some set of components in a range matching expression. A packet is said to be matched if and only if a desired rule matches the particular field of the packet and satisfies the matching expression. A2 A3 A4 A1 A5 R2 R3 R4 R1 R5 CLASSIFIER Internet Packets FIG 1: PACKET CLASSIFICATION 25 Dr. Mrudul Dixit, Ankita Sanjay Moholkar, Sagarika Satish Limaye, Devashree Chandrashekhar Limaye
2 Internet packet is sent to the particular application(a) if it matches the rule(r), else it is dropped. PERFORMANCE MEASURES Packetclassification techniques can be chosen on the basis of certain performance measures. They are as follows:- a. Accuracy It is the measure of correct classifications to total classifications. The error rate should be as low as possible for all the classifications, and significantly for crucial key classes. b. Speed There is a trade-off between the accuracy and speed( at which classifier does it's work). A highly accurate system is comparatively slower. Hence the classifier is chosen based on the speed required for a particular application. c. Comprehensibility It is a measure of the ease with which a human operator can use the classifier. d. Time to learn - For real-time systems, it is necessary to learn a classification rule quickly or make adjustments quickly, or read only a few observations to establish the rule. [5] II. APPLICATIONS OF PACKET CLASSIFICATION 1. ROUTING Routers are devices that route packets towards their destinations, and physical links that transport packets from one router to another. Routers need to have the capability todistinguish and isolate traffic belonging to different flows. The ability to classify each incomingpacket to determine the flow it belongs to is called packet classification, and could be based onan arbitrary number of fields in the packet header. FIG 2: ROUTING 2. INTRUSION DETECTION SYSTEM Intrusion Detection system is a software which helps us to protect our system from other system when other person tries to access our system through network. Predictive type of modeling is used to predict the output based on past data. Classification is used to predict the output by relying on past collected data. Intrusion 26 Dr. Mrudul Dixit, Ankita Sanjay Moholkar, Sagarika Satish Limaye, Devashree Chandrashekhar Limaye
3 detection system monitors network traffic for identifying harmful packets. Packet classification is an important to the IDS functionality as it is in charge of scanning network packet header [7]. FIG 3: INTRUSION DETECTION SYSTEM 3. FIREWALL Packet filtering: a type of packet classification is often part of a firewall program for protecting a local network from unwanted intrusion. Firewall unlike intrusion detection system does not block malicious packets it simply drops packets blocked by user. The process of passing or dropping a packet is based on source and destination addresses, ports, or protocols. Packet filter is a program used in software firewall. Each packet is examined by the packet classifier based on a specific set of rules, and depending upon these rules a decision is made on whether to drop or accept the packet. FIG 4: FIREWALL 27 Dr. Mrudul Dixit, Ankita Sanjay Moholkar, Sagarika Satish Limaye, Devashree Chandrashekhar Limaye
4 4. SECURITY AND NETWORK MONITORING Security and network monitoring applications require packet classification and filtration. Security and network monitoring systems are used for monitoring a large network and identifying breaches and threats and taking corrective measures [6]. III. TRADITIONAL METHODS FOR PACKET CLASSIFICATION Packet classification means finding out in a set of filters the highest priority filter matching the packet. The classification task has become more complex and is based on at least five fields these fields are dependent upon the type of classification process used. 1. Port based classification: A port number is the logical address of each application or process that uses a network or the Internet to communicate. Port numbers range from It is the most common method that traffic classification is based on: associating a well-known port number with a given traffic type. This method needs access only to the header of the packets. It matches port numbers to applications where an application is associated with well-defined port numbers (0-1024), example: http used for browsing has port number 80; SMTP used for has port number 25, etc. It is fast and simple to implement. No complex computations required. But this traditional technique has some limitations: Some port numbers may be the dynamic ones that are not registered with IANA (port numbers above 49151). Port numbers in the system can be manipulated and hence packet classification can fail. Useful only for the applications and services, which use fixed port numbers IP layer encryption may obscure the TCP and UDP port numbers thus making it unable to identify the actual port numbers.[1] Payload Based Classification (Deep Packet Inspection): A payload refers to the actual data that is to be transferred to the desired destination. It is appended with a header having parameters like source and destination addresses for transport. This method looks into the headers as well as the payloads inside the packet. It performs scanning of the payload bit by bit to identify a predefined sequence stream of a certain network protocol. The stored sequences of the bit steams are compared with those of thepayloads and classified accordingly. But this traditional technique has some limitations: It has significant complexities and processing on the traffic devices. Direct payload analysis may lead to violation of privacy policies. It is also difficult to maintain bit stream sequences having high hit ratios. To reduce trace file size, packets are recorded with limited length. Hence, signature may not be contained in that part. It lacks support for many applications (example: Skype) Packet fragmentation also leads to computational complexity. [1] IV. MODERN TECHNIQUE FOR PACKET CLASSIFICATION To overcome the limitations of the traditional techniques, a new method has been found which deals with the statistical parameters of the packets for efficient classification. 28 Dr. Mrudul Dixit, Ankita Sanjay Moholkar, Sagarika Satish Limaye, Devashree Chandrashekhar Limaye
5 STATISTICAL CLASSIFICATION Statistical based classification techniques is referred to as a modern technique for packet classification done at transport or network layer. A statistical classification algorithm is built on the basis of cluster analysis. Traffic is taken from the datasets made up of thousands of flows for many different application protocols. The classic approach of training and testing shows that cluster analysis yields very good results with very little information. The investigated applications are characterized from a signature at the network layer that is used to recognize such applications even when the port number is not significant[3]. It deals with only a certain statistical parameters and not with the headers or data of the packets. It uses parameters such as: Distribution of flow duration The incoming packet flow is separated according to the incoming time and is further distributed on the basis of number of flows of various applications. FIG 5: DISTRIBUTION OF FLOW DURATION [2] Flow idle time - It is a measure of the time for which the flow remains idle and no incoming packets are received. For e.g. - Packets received till(p.r.t): 9.54 p.m. Packets received after(p.r.a): 9.57 p.m. Hence, flow idle time = P.r.a P.r.t = 3 minutes (no packets received for 3 minutes as the flow was idle). Packet inter-arrival time It is the mean or average of the time lapse between the data packets arriving at a certain host. Total packet length It is the total length of a single packet including its header and data. Number of packets It is the number of incoming packets in a given period of time. Minimum/maximum, average and standard deviation of packet length - Standard deviation of the packet lengths is found in order to differentiate the packets. Minimum/maximum, average and standard deviation of inter-arrival time - Standard deviation of the inter-arrival time is found in order to differentiate the packets. PACKET NO. 1 PACKET NO. 2 PACKET NO. 3 PACKET INTER-ARRIVAL TIME TOTAL PACKET LENGTH FIG 6: STATISTICAL PARAMETERS: PACKET LENGTH AND INTER-ARRIVAL TIME 29 Dr. Mrudul Dixit, Ankita Sanjay Moholkar, Sagarika Satish Limaye, Devashree Chandrashekhar Limaye
6 These parameters are different for different applications. The traffic can be real-time, or can be obtained from the datasets such as NSL-KDD, DARPA, CAIDA, etc. The incoming packets having similar parameters are grouped into clusters, where one particular cluster belongs to one particular application. The formation of these clusters is done using machine learning (supervised learning). GROUP 1: Packet inter-arrival time: 20-50ms GROUP 2: Packet inter-arrival time: 30-45s Flow idle time: Flow idle time: APPLICATION 1 APPLICATION minutes 2-5 minutes FIG 7: FORMATION OF GROUPS Supervised Learning: Supervised learning creates knowledge structures that support the task of classifying new instances into predefined classes [3]. The machine that is to be trained for packet classification is given a set of parameters (example: inter arrival time). In supervised learning there are two types of datasets: training and testing. Training: The learning phase that examines the provided data (called the training dataset) and constructs (builds) a classification model [3]. Testing: The model that has been built in the training phase is used to classify new unseen instance [3]. The training dataset is used by the classifier to study the data recognize the patterns in the pre-defined parameter and form groups according to the application, based on a probability model (like in Naïve Bayes ). And then it is tested using the testing dataset. And based on these results efficiency and other parameters are obtained. Various supervised learning algorithms that can be used for packet classification are: Decision Trees Support Vector Machine K-Nearest Mapping Naïve Bayes Random Forest DATASET TRAINING DATASETS TESTING DATASETS DATA NORMALIZATION DATA NORMALIZATION ML ALGORITHMS APPLICATION 1 APPLICATION 3 APPLICATION 2 FIG 8: STATISTICAL CLASSIFICATION USING ML ALGORITHMS 30 Dr. Mrudul Dixit, Ankita Sanjay Moholkar, Sagarika Satish Limaye, Devashree Chandrashekhar Limaye
7 V. WHY STATISTICAL CLASSIFICATION OVER TRADITIONAL METHODS? The main limitation of deep packet inspection c that is security breach on instances where data is encrypted is avoided as in case of statistical approach inspection of packet is not needed. Statistical approach does not need information like port number so any tampering with the port number, which is the limitation of port based classification, is avoided. Statistical classification is in real time and hence is adaptable to changes that happen in real time, it can train itself to adapt to the changes that happen over time. Statistical classification attains high accuracy even though it is based on very limited information. The statistical approach is faster than the traditional approach as it is based on the flow characteristics and does not require information like the source and destination IP etc. from the form the header. VI. CONCLUSION This paper gives an overview of packet classification and compares the traditional and modern techniques used for packet classification. It also reviews the limitations of the traditional techniques, and states how modern technique called Statistical Classification can overcome those limitations.it can be seen that the modern technique of packet classification is more adaptable, as it is based on machine learning, than the traditional methods. The performance measures like accuracy, speed, comprehensibilityand time to learn are better for statistical classification than any traditional method, as statistical classification works in real time. This modern technique is very efficient, accurate, and capable of classifying traffic in real time, which is very important in the era of growing Internet traffic. REFERENCES [1]CiprianDobre, Internet Traffic Classification based on Flow Statistical Properties with Machine Int.J.NetworkMgmt 2015; 00:1-14 [2] Myung-Sup Kim Young J, Flow-based Characteristic Analysis of Internet Application Traffic. Learning, [3]Thuy T.T. Nguyen and Grenville Armitage, A Survey of Techniques for Internet Traffic Classification using Machine Learning. [4]Andrea Baiocchi, On-the-fly statistical classification of internet traffic at application layer based on cluster analysis. [5] Book- Donald Michie, David Stiegelhalter, Charles Taylor,Machine learningneural and Statistical classification [6] Chapter 3: reconfigurable firewall based on FPGA-based parameterized content addressable memory [7]V. Jaiganesh Dr. P. Sumathi A.Vinitha, Classification Algorithms in Intrusion Detection System: A Survey 31 Dr. Mrudul Dixit, Ankita Sanjay Moholkar, Sagarika Satish Limaye, Devashree Chandrashekhar Limaye
Internet Traffic Classification using Machine Learning
Internet Traffic Classification using Machine Learning by Alina Lapina 2018, UiO, INF5050 Alina Lapina, Master student at IFI, Full stack developer at Ciber Experis 2 Based on Thuy T. T. Nguyen, Grenville
More informationAutomated Traffic Classification and Application Identification using Machine Learning. Sebastian Zander, Thuy Nguyen, Grenville Armitage
Automated Traffic Classification and Application Identification using Machine Learning Sebastian Zander, Thuy Nguyen, Grenville Armitage {szander,tnguyen,garmitage}@swin.edu.au Centre for Advanced Internet
More informationImproved Classification of Known and Unknown Network Traffic Flows using Semi-Supervised Machine Learning
Improved Classification of Known and Unknown Network Traffic Flows using Semi-Supervised Machine Learning Timothy Glennan, Christopher Leckie, Sarah M. Erfani Department of Computing and Information Systems,
More information4. The transport layer
4.1 The port number One of the most important information contained in the header of a segment are the destination and the source port numbers. The port numbers are necessary to identify the application
More informationSmart Home Network Management with Dynamic Traffic Distribution. Chenguang Zhu Xiang Ren Tianran Xu
Smart Home Network Management with Dynamic Traffic Distribution Chenguang Zhu Xiang Ren Tianran Xu Motivation Motivation Per Application QoS In small home / office networks, applications compete for limited
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationSVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP
UNIVERSITÀ DEGLI STUDI DI PARMA FACOLTÀ di INGEGNERIA Corso di Laurea Specialistica in Ingegneria delle Telecomunicazioni SVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationInternet Traffic Classification Using Machine Learning. Tanjila Ahmed Dec 6, 2017
Internet Traffic Classification Using Machine Learning Tanjila Ahmed Dec 6, 2017 Agenda 1. Introduction 2. Motivation 3. Methodology 4. Results 5. Conclusion 6. References Motivation Traffic classification
More informationCan we trust the inter-packet time for traffic classification?
Can we trust the inter-packet time for traffic classification? Mohamad Jaber, Roberto G. Cascella and Chadi Barakat INRIA Sophia Antipolis, EPI Planète 2004, Route des Luciolles Sophia Antipolis, France
More informationBittorrent traffic classification
Bittorrent traffic classification Tung M Le 1, Jason But Centre for Advanced Internet Architectures. Technical Report 091022A Swinburne University of Technology Melbourne, Australia jbut@swin.edu.au Abstract-
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationTree-Based Minimization of TCAM Entries for Packet Classification
Tree-Based Minimization of TCAM Entries for Packet Classification YanSunandMinSikKim School of Electrical Engineering and Computer Science Washington State University Pullman, Washington 99164-2752, U.S.A.
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationASA Access Control. Section 3
[ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationReal-Time Protocol (RTP)
Real-Time Protocol (RTP) Provides standard packet format for real-time application Typically runs over UDP Specifies header fields below Payload Type: 7 bits, providing 128 possible different types of
More informationIntrusion Detection Using Data Mining Technique (Classification)
Intrusion Detection Using Data Mining Technique (Classification) Dr.D.Aruna Kumari Phd 1 N.Tejeswani 2 G.Sravani 3 R.Phani Krishna 4 1 Associative professor, K L University,Guntur(dt), 2 B.Tech(1V/1V),ECM,
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationNetwork Support for Multimedia
Network Support for Multimedia Daniel Zappala CS 460 Computer Networking Brigham Young University Network Support for Multimedia 2/33 make the best of best effort use application-level techniques use CDNs
More informationChapter 8. Network Troubleshooting. Part II
Chapter 8 Network Troubleshooting Part II CCNA4-1 Chapter 8-2 Network Troubleshooting Review of WAN Communications CCNA4-2 Chapter 8-2 WAN Communications Function at the lower three layers of the OSI model.
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationndpi & Machine Learning A future concrete idea
ndpi & Machine Learning A future concrete idea 1. Conjunction between DPI & ML 2. Introduction to Tensorflow and ConvNet project Traffic classification approaches Category Classification methodology Attribute(s)
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationEarly Application Identification
Early Application Identification Laurent Bernaille Renata Teixeira Kave Salamatian Université Pierre et Marie Curie - LIP6/CNRS Which applications run on my network? Internet Edge Network (campus, enterprise)
More informationModeling Intrusion Detection Systems With Machine Learning And Selected Attributes
Modeling Intrusion Detection Systems With Machine Learning And Selected Attributes Thaksen J. Parvat USET G.G.S.Indratrastha University Dwarka, New Delhi 78 pthaksen.sit@sinhgad.edu Abstract Intrusion
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
More informationTable of Contents...2 Abstract...3 Protocol Flow Analyzer...3
TABLE OF CONTENTS Table of Contents...2 Abstract...3 Protocol Flow Analyzer...3 What is a Protocol Flow?...3 Protocol Flow Analysis...3 Benefits of Protocol Flow Analysis...4 HTTP Flow Analyzer Overview...4
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationAPPENDIX F THE TCP/IP PROTOCOL ARCHITECTURE
APPENDIX F THE TCP/IP PROTOCOL ARCHITECTURE William Stallings F.1 TCP/IP LAYERS... 2 F.2 TCP AND UDP... 4 F.3 OPERATION OF TCP/IP... 6 F.4 TCP/IP APPLICATIONS... 10 Copyright 2014 Supplement to Computer
More informationObjectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.
Team Project 1 Due: Beijing 00:01, Friday Nov 7 Language: English Turn-in (via email) a.pdf file. Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and
More informationINTRODUCTION TO ICT.
INTRODUCTION TO ICT. (Introducing Basic Network Concepts) Lecture # 24-25 By: M.Nadeem Akhtar. Department of CS & IT. URL: https://sites.google.com/site/nadeemcsuoliict/home/lectures 1 INTRODUCTION TO
More informationDDOS Attack Prevention Technique in Cloud
DDOS Attack Prevention Technique in Cloud Priyanka Dembla, Chander Diwaker CSE Department, U.I.E.T Kurukshetra University Kurukshetra, Haryana, India Email: priyankadembla05@gmail.com Abstract Cloud computing
More informationLecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations
Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations Prateek Saxena March 3 2008 1 The Problems Today s lecture is on the discussion of the critique on 1998 and 1999 DARPA IDS evaluations conducted
More informationSoftware Defined Networking
Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite
More informationInternet Protocol version 6
Internet Protocol version 6 Claudio Cicconetti International Master on Communication Networks Engineering 2006/2007 IP version 6 The Internet is growing extremely rapidly. The
More informationKeywords Machine learning, Traffic classification, feature extraction, signature generation, cluster aggregation.
Volume 3, Issue 12, December 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A Survey on
More informationDetecting Malicious Hosts Using Traffic Flows
Detecting Malicious Hosts Using Traffic Flows Miguel Pupo Correia joint work with Luís Sacramento NavTalks, Lisboa, June 2017 Motivation Approach Evaluation Conclusion Outline 2 1 Outline Motivation Approach
More informationDetecting Specific Threats
The following topics explain how to use preprocessors in a network analysis policy to detect specific threats: Introduction to Specific Threat Detection, page 1 Back Orifice Detection, page 1 Portscan
More informationKUPF: 2-Phase Selection Model of Classification Records
KUPF: 2-Phase Selection Model of Classification Records KAKIUCHI Masatoshi Nara Institute of Science and Technology Background Many Internet services classify the data to be handled according to rules
More informationUNIT 2 TRANSPORT LAYER
Network, Transport and Application UNIT 2 TRANSPORT LAYER Structure Page No. 2.0 Introduction 34 2.1 Objective 34 2.2 Addressing 35 2.3 Reliable delivery 35 2.4 Flow control 38 2.5 Connection Management
More information10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network
10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity
More informationAn Ensemble Data Mining Approach for Intrusion Detection in a Computer Network
International Journal of Science and Engineering Investigations vol. 6, issue 62, March 2017 ISSN: 2251-8843 An Ensemble Data Mining Approach for Intrusion Detection in a Computer Network Abisola Ayomide
More informationDetecting Botnets Using Cisco NetFlow Protocol
Detecting Botnets Using Cisco NetFlow Protocol Royce Clarenz C. Ocampo 1, *, and Gregory G. Cu 2 1 Computer Technology Department, College of Computer Studies, De La Salle University, Manila 2 Software
More informationApplication Intelligence and Integrated Security Using Cisco Catalyst 6500 Supervisor Engine 32 PISA
Application Intelligence and Integrated Security Using Cisco Catalyst 6500 Supervisor Engine 32 PISA Overview The Cisco Catalyst 6500 Series Supervisor Engine 32 Programmable Intelligent Services Accelerator
More informationliberate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently
liberate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently Fangfan Li, Abbas Razaghpanah, Arash Molavi Kakhki, Arian Akhavan Niaki, David Choffnes, Phillipa Gill,
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationBig Data Analytics for Host Misbehavior Detection
Big Data Analytics for Host Misbehavior Detection Miguel Pupo Correia joint work with Daniel Gonçalves, João Bota (Vodafone PT) 2016 European Security Conference June 2016 Motivation Networks are complex,
More informationMapping Mechanism to Enhance QoS in IP Networks
Mapping Mechanism to Enhance QoS in IP Networks by Sriharsha Karamchati, Shatrunjay Rawat, Sudhir Yarram, Guru Prakash Ramaguru in The 32nd International Conference on Information Networking (ICOIN 2018)
More informationConfiguring Application Visibility and Control for Cisco Flexible Netflow
Configuring Application Visibility and Control for Cisco Flexible Netflow First published: July 22, 2011 This guide contains information about the Cisco Application Visibility and Control feature. It also
More informationGeneric Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture
Generic Architecture EECS : Introduction to Computer Networks Switch and Router Architectures Computer Science Division Department of Electrical Engineering and Computer Sciences University of California,
More informationWireless Networks And Cross-Layer Design: An Implementation Approach
Wireless Networks And Cross-Layer Design: An Implementation Approach Vitthal B.Kamble 1, Dr. M.U.Kharat 2 1,2 Department of Computer Engineering,University of Pune 1,2 G.H.Raisoni College of Engineering
More informationA Firewall Architecture to Enhance Performance of Enterprise Network
A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle
More informationTOWARDS HIGH-PERFORMANCE NETWORK APPLICATION IDENTIFICATION WITH AGGREGATE-FLOW CACHE
TOWARDS HIGH-PERFORMANCE NETWORK APPLICATION IDENTIFICATION WITH AGGREGATE-FLOW CACHE Fei He 1, 2, Fan Xiang 1, Yibo Xue 2,3 and Jun Li 2,3 1 Department of Automation, Tsinghua University, Beijing, China
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationTraffic and Performance Visibility for Cisco Live 2010, Barcelona
Traffic and Performance Visibility for Cisco Live 2010, Barcelona Background Cisco Live is Cisco's annual premier education and training event for IT, networking, and communications professionals. Cisco
More informationBitTorrent Traffic Classification
BitTorrent Traffic Classification Atwin O. Calchand, Van T. Dinh, Philip Branch, Jason But Centre for Advanced Internet Architectures, Technical Report 090227A Swinburne University of Technology Melbourne,
More informationFirewall Simulation COMP620
Firewall Simulation COMP620 Firewall Simulation The simulation allows participants to configure their own simulated firewalls using Cisco-like syntax. Participants can take benign or malicious actions
More informationTunneling Activities Detection Using Machine Learning Techniques
Fabien Allard 1, Renaud Dubois 1, Paul Gompel 2 and Mathieu Morel 3 1 Thales Communications 160 Boulevard de Valmy BP 82 92704 Colombes Cedex FRANCE firstname.lastname@fr.thalesgroup.com 2 pgompel@gmail.com
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationFPGA based Network Traffic Analysis using Traffic Dispersion Graphs
FPGA based Network Traffic Analysis using Traffic Dispersion Graphs 2 nd September, 2010 Faisal N. Khan, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationDESIGN AND IMPLEMENTATION OF OPTIMIZED PACKET CLASSIFIER
International Journal of Computer Engineering and Applications, Volume VI, Issue II, May 14 www.ijcea.com ISSN 2321 3469 DESIGN AND IMPLEMENTATION OF OPTIMIZED PACKET CLASSIFIER Kiran K C 1, Sunil T D
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationCan Passive Mobile Application Traffic be Identified using Machine Learning Techniques
Dublin Institute of Technology ARROW@DIT Dissertations School of Computing 2015-03-10 Can Passive Mobile Application Traffic be Identified using Machine Learning Techniques Peter Holland Dublin Institute
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationK-Nearest-Neighbours with a Novel Similarity Measure for Intrusion Detection
K-Nearest-Neighbours with a Novel Similarity Measure for Intrusion Detection Zhenghui Ma School of Computer Science The University of Birmingham Edgbaston, B15 2TT Birmingham, UK Ata Kaban School of Computer
More informationEECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture
EECS : Introduction to Computer Networks Switch and Router Architectures Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
More informationMachine Learning based Traffic Classification using Low Level Features and Statistical Analysis
Machine Learning based Traffic using Low Level Features and Statistical Analysis Rajesh Kumar M.Tech Scholar PTU Regional Center (SBBSIET) Jalandhar, India TajinderKaur Assistant Professor SBBSIET Padhiana
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationAutomation the process of unifying the change in the firewall performance
Automation the process of unifying the change in the firewall performance 1 Kirandeep kaur, 1 Student - Department of Computer science and Engineering, Lovely professional university, Phagwara Abstract
More informationSirindhorn International Institute of Technology Thammasat University
Name.............................. ID............... Section...... Seat No...... Sirindhorn International Institute of Technology Thammasat University Course Title: IT Security Instructor: Steven Gordon
More informationHigh Ppeed Circuit Techniques for Network Intrusion Detection Systems (NIDS)
The University of Akron IdeaExchange@UAkron Mechanical Engineering Faculty Research Mechanical Engineering Department 2008 High Ppeed Circuit Techniques for Network Intrusion Detection Systems (NIDS) Ajay
More informationEfficient Flow based Network Traffic Classification using Machine Learning
Efficient Flow based Network Traffic Classification using Machine Learning Jamuna.A*, Vinodh Ewards S.E** *(Department of Computer Science and Engineering, Karunya University, Coimbatore-114) ** (Assistant
More informationAn advanced data leakage detection system analyzing relations between data leak activity
An advanced data leakage detection system analyzing relations between data leak activity Min-Ji Seo 1 Ph. D. Student, Software Convergence Department, Soongsil University, Seoul, 156-743, Korea. 1 Orcid
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationNetwork Analysis of Point of Sale System Compromises
Network Analysis of Point of Sale System Compromises Operation Terminal Guidance Chicago Electronic & Financial Crimes Task Force U.S. Secret Service Outline Background Hypothesis Deployment Methodology
More informationFast and Reconfigurable Packet Classification Engine in FPGA-Based Firewall
2011 International Conference on Electrical Engineering and Informatics 17-19 July 2011, Bandung, Indonesia Fast and Reconfigurable Packet Classification Engine in FPGA-Based Firewall Arief Wicaksana #1,
More information3.2 COMMUNICATION AND INTERNET TECHNOLOGIES
3.2 COMMUNICATION AND INTERNET TECHNOLOGIES 3.2.1 PROTOCOLS PROTOCOL Protocol a set of rules governing the way that devices communicate with each other. With networks and the Internet, we need to allow
More informationOptimizing the Internet Quality of Service and Economics for the Digital Generation. Dr. Lawrence Roberts President and CEO,
Optimizing the Internet Quality of Service and Economics for the Digital Generation Dr. Lawrence Roberts President and CEO, lroberts@anagran.com Original Internet Design File Transfer and Remote Computing
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More information* Knowledge of Adaptive Security Appliance (ASA) firewall, Adaptive Security Device Manager (ASDM).
Contents Introduction Prerequisites Requirements Components Used Background Information Configuration Step 1. Configure Intrusion Policy Step 1.1. Create Intrusion Policy Step 1.2. Modify Intrusion Policy
More information9. Wireshark I: Protocol Stack and Ethernet
Distributed Systems 205/2016 Lab Simon Razniewski/Florian Klement 9. Wireshark I: Protocol Stack and Ethernet Objective To learn how protocols and layering are represented in packets, and to explore the
More informationUDP: Datagram Transport Service
UDP: Datagram Transport Service 1 Topics Covered Introduction Transport Protocols and End-to-End Communication The User Datagram Protocol The Connectionless Paradigm Message-Oriented Interface UDP Communication
More informationConfiguring QoS CHAPTER
CHAPTER 34 This chapter describes how to use different methods to configure quality of service (QoS) on the Catalyst 3750 Metro switch. With QoS, you can provide preferential treatment to certain types
More informationCSCD 433/533 Advanced Networks
CSCD 433/533 Advanced Networks Lecture 2 Network Review Winter 2017 Reading: Chapter 1 1 Topics Network Topics Some Review from CSCD330 Applications Common Services Architecture OSI Model AS and Routing
More informationManaged IP Services from Dial Access to Gigabit Routers
Managed IP Services from Dial Access to Gigabit Routers Technical barriers and Future trends for IP Differentiated Services Grenville Armitage, PhD Member of Technical Staff High Speed Networks Research,
More informationNetwork Defenses KAMI VANIEA 1
Network Defenses KAMI VANIEA 26 SEPTEMBER 2017 KAMI VANIEA 1 First the news http://arstech nica.com/secu rity/2015/04/ meet-greatcannon-theman-in-themiddleweapon-chinaused-ongithub/ 2 First the news http://arstechni
More information9th Slide Set Computer Networks
Prof. Dr. Christian Baun 9th Slide Set Computer Networks Frankfurt University of Applied Sciences WS1718 1/49 9th Slide Set Computer Networks Prof. Dr. Christian Baun Frankfurt University of Applied Sciences
More informationNORMALIZATION INDEXING BASED ENHANCED GROUPING K-MEAN ALGORITHM
NORMALIZATION INDEXING BASED ENHANCED GROUPING K-MEAN ALGORITHM Saroj 1, Ms. Kavita2 1 Student of Masters of Technology, 2 Assistant Professor Department of Computer Science and Engineering JCDM college
More informationHardware Assisted Recursive Packet Classification Module for IPv6 etworks ABSTRACT
Hardware Assisted Recursive Packet Classification Module for IPv6 etworks Shivvasangari Subramani [shivva1@umbc.edu] Department of Computer Science and Electrical Engineering University of Maryland Baltimore
More information