The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper designs a high-speed network data acquisition system based on big data platform with good expansibility and high real-time, aiming at the need of enterprises or organizations to acquire high-speed network data efficiently in network intrusion detection. Taking into account the storage capacity and computing power requirements of high-speed network traffic capture and processing, the whole...
The current network anomaly traffic detection technologies usually focus on the rules matching and statistical method which are suitable for the general network environment. For the communication characteristics of the controlled network environment, this paper puts forward a network anomaly traffic detection method based on the flow template, which captures and analyses the real-time network traffic...
Multi-stage attacks can evolve dramatically, causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal, and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection area, in order to build a framework based on an events correlation approach. This paper proposes a...
The value of Intrusion Detection System (IDS) traces is based on being able to meaningfully parse the complex data patterns appearing therein as based on the pre-defined intrusion 'detection' rule sets. As IDS traces monitor large groups of servers, large amounts of network data and also spanning a variety of patterns, efficient analytical approaches are needed to address this big heterogeneous data...
This paper introduces a novel approach for anomaly detection. The solution consists of an automatic detection system that operates without the need of network administrator intervention. Network IP flows are modeled by a graph and Tsallis entropy is applied in order to detect anomalies. Furthermore, our solution can extract and present detailed information from the network traffic. It provides to...
Reducing latency for accessing web objects is a major challenge in Proxy Server and various techniques such as web caching and Web pre-fetching is used for it. In this paper we have integrated the approach of web caching and pre-fetching using sequential data mining techniques to enhance the proxy server's performance. The web access logs collected at squid proxy servers, can be used derive interesting...
It is vitally important for applications in detecting DoS attacks, traffic management, and network security to real-time automatically identify traffic patterns in backbone networks with high speed links carrying large numbers of flows. Our objective is to determine traffic patterns that use up a disproportionate fraction of network resources. This paper first analyzes the major time and space cost...
Traffic classification has become a crucial domain of research due to the rise in applications that are either encrypted or tend to change port consecutively. The challenge of flow classification is to determine the applications involved without any information on the payload. In this paper, our goal is to achieve a robust and reliable flow classification using data mining techniques. We propose a...
There are numerous methods for identifying network traffic in recent research. In our experiment, flow is collected by using parallel probe and network IP packets are captured based on WinPcap's packet collecting technology. According to the characteristics of application layer protocol, a scalable identification system is proposed and network traffic can be classified as different application classes...
This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The proposed online system belongs...
We analyzed the memory limitation problem of traffic identification arithmetic when faced the large and fast stream data, and extracted the traffic attribute based on the P2P working mechanism. Using VFDT method to identify the P2P traffic can scan the traffic data only once relying on the Hoeffding Restriction, the method reduce the complexity of algorithm on the part of timing and memory and ensure...
Although analyzing anomalous network traffic behavior is a popular research topic, few studies have been undertaken on the analysis of communication pattern per host based on their flows to characterize the anomalous Internet traffic. This paper discusses the possibility of using a flow-based communication pattern per host as a metric to identify anomalies. The key idea underlining our method is that...
In this paper, an SVM (Support Vector Machines)-based P2P (Peer-to-peer) traffic identification algorithm is presented. It could capture traffic information online, training-offline and categories online. The SVM algorithm uses double characteristics IP and IP-Port to identify P2P traffic by means of different traffic features separately. From results of experiments, we proved that choosing the appropriate...
Network packet traces, despite having a lot of noise, contain priceless information, especially for investigating security incidents. However, given the gigabytes of flow crossing a typical medium sized enterprise network every day, spotting malicious activity and analyzing trends in network behavior becomes a tedious task. Computational mechanisms for analyzing such data usually take substantial...
As the rapid growth of Internet and the communication link speed, it becomes increasingly challenging for network processors to timely route the incoming traffic to the destination ports. The traditional approach must look up the routing table based on the destination IP address to determine the output port. The ternary CAM approach provides fast associative look up, but is very costly for large routing...
In recent years, many network users has been the serious impact by the intrusion of the Internet, there are many attack events occur at the present time. On the Internet, the intruders usually launch attacks from the stepping stone that they previously compromised. In this way, the attackers can reduce their risk of directly detected. Even if the network managers detect the invasion that still can't...
An alarming trend for the global routing table's growth factor in the interdomain IP backbone shows that Internet inter-domain routing scalability becomes an issue again. It is widely agreed upon that the rapid global routing table size growth is mainly due to the growth in the number of ASs and the wide deployments of multihoming and traffic engineering. These popular commercial practices deaggregate...
Multimedia real time applications are rapidly growing across the Internet. The significant growth of such type of traffic indicates the need to provide special treatment across the Internet. Current Internet which is based on IPv4 is unable to provide more than the best effort service. IPv6 as the next generation protocol has the greater capability to fulfill the requirements of newly emerging real...
In this paper, a system for PPPoE protocol analysis is designed and implemented. The system includes three modules: network capture module, traffic analysis module and information log module. The network packets are captured by Winpcap which can enhance high correctness and efficiency of the network capture. The mechanism of PPPoE data communication and the packet capture method of using Winpcap are...
Peer-to-peer technology has become an extremely popular Internet application technology. This technology opens enormous business opportunities to the Internet and also seriously interferes with the quality of the Internet service. The traditional single deep flow inspection or deep packet inspection detection systems have owns merits and demerits. This paper describes a new peer-to-peer traffic identification...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.