Design and Analysis of a Network Traffic Analysis Tool: NetFlow Analyzer

A network analyzer can often comprehend many protocols, which enables it to display talks taking place between hosts over a network. A network analyzer analyzes the device or network response and measures for the operator to keep an eye on the network’s or object’s performance in an RF circuit. The purpose of the following research includes analyzing the capabilities of NetFlow analyzer to measure various parts, including filters, mixers, frequency sensitive networks, transistors, and other RF-based instruments. NetFlow Analyzer is a network traffic analyzer that measures the network parameters of electrical networks. Although there are other types of network parameter sets including Y, Z, & H-parameters, these instruments are typically employed to measure S-parameters since transmission & reflection of electrical networks are simple to calculate at high frequencies. These analyzers are widely employed to distinguish between two-port networks, including filters and amplifiers. By allowing the user to view the actual data that is sent over a network, packet by packet, a network analyzer informs you of what is happening there. Also, this research will contain the design model of NetFlow Analyzer that Measurements involving transmission and reflection use. Gain, insertion loss, and transmission coefficient are measured in transmission measurements, whereas return loss, reflection coefficient, impedance, and other variables are measured in reflection measurements. These analyzers’ operational frequencies vary from 1 Hz to 1.5 THz. These analyzers can also be used to examine stability in measurements of open loops, audio components, and ultrasonics.

Data network traffic analysis and optimization strategy of real-time power grid dynamic monitoring system for wide-frequency measurements

The application and development of a wide-area measurement system(WAMS)has enabled many applications and led to several requirements based on dynamic measurement data.Such data are transmitted as big data information flow.To ensure effective transmission of wide-frequency electrical information by the communication protocol of a WAMS,this study performs real-time traffic monitoring and analysis of the data network of a power information system,and establishes corresponding network optimization strategies to solve existing transmission problems.This study utilizes the traffic analysis results obtained using the current real-time dynamic monitoring system to design an optimization strategy,covering the optimization in three progressive levels:the underlying communication protocol,source data,and transmission process.Optimization of the system structure and scheduling optimization of data information are validated to be feasible and practical via tests.

A Broad Learning-Driven Network Traffic Analysis System Based on Fog Computing Paradigm

The development of communication technologies which support traffic-intensive applications presents new challenges in designing a real-time traffic analysis architecture and an accurate method that suitable for a wide variety of traffic types.Current traffic analysis methods are executed on the cloud,which needs to upload the traffic data.Fog computing is a more promising way to save bandwidth resources by offloading these tasks to the fog nodes.However,traffic analysis models based on traditional machine learning need to retrain all traffic data when updating the trained model,which are not suitable for fog computing due to the poor computing power.In this study,we design a novel fog computing based traffic analysis system using broad learning.For one thing,fog computing can provide a distributed architecture for saving the bandwidth resources.For another,we use the broad learning to incrementally train the traffic data,which is more suitable for fog computing because it can support incremental updates of models without retraining all data.We implement our system on the Raspberry Pi,and experimental results show that we have a 98%probability to accurately identify these traffic data.Moreover,our method has a faster training speed compared with Convolutional Neural Network(CNN).

Offline traffic analysis system based on Hadoop

Offiine network traffic analysis is very important for an in-depth study upon the understanding of network conditions and characteristics, such as user behavior and abnormal traffic. With the rapid growth of the amount of information on the Intemet, the traditional stand-alone analysis tools face great challenges in storage capacity and computing efficiency, but which is the advantages for Hadoop cluster. In this paper, we designed an offiine traffic analysis system based on Hadoop （OTASH）, and proposed a MapReduce-based algorithm for TopN user statistics. In addition, we studied the computing performance and failure tolerance in OTASH. From the experiments we drew the conclusion that OTASH is suitable for handling large amounts of flow data, and are competent to calculate in the case of single node failure.

Analysis on emission factor of fugitive dust from road traffic

ＡｎａｌｙｓｉｓｏｎｅｍｉｓｉｏｎｆａｃｔｏｒｏｆｆｕｇｉｔｉｖｅｄｕｓｔｆｒｏｍｒｏａｄｔｒａｆｉｃＦｕＬｉｘｉｎＤｅｐａｒｔｍｅｎｔｏｆＥｎｖｉｒｏｎｍｅｎｔａｌＥｎｇｉｎｅｅｒｉｎｇ，ＴｓｉｎｇｈｕａＵｎｉｖｅｒｓｉｔｙ，Ｂｅｉｊｉｎｇ１０００...

CMAES-WFD:Adversarial Website Fingerprinting Defense Based on Covariance Matrix Adaptation Evolution Strategy

Website fingerprinting,also known asWF,is a traffic analysis attack that enables local eavesdroppers to infer a user’s browsing destination,even when using the Tor anonymity network.While advanced attacks based on deep neural network(DNN)can performfeature engineering and attain accuracy rates of over 98%,research has demonstrated thatDNNis vulnerable to adversarial samples.As a result,many researchers have explored using adversarial samples as a defense mechanism against DNN-based WF attacks and have achieved considerable success.However,these methods suffer from high bandwidth overhead or require access to the target model,which is unrealistic.This paper proposes CMAES-WFD,a black-box WF defense based on adversarial samples.The process of generating adversarial examples is transformed into a constrained optimization problem solved by utilizing the Covariance Matrix Adaptation Evolution Strategy(CMAES)optimization algorithm.Perturbations are injected into the local parts of the original traffic to control bandwidth overhead.According to the experiment results,CMAES-WFD was able to significantly decrease the accuracy of Deep Fingerprinting(DF)and VarCnn to below 8.3%and the bandwidth overhead to a maximum of only 14.6%and 20.5%,respectively.Specially,for Automated Website Fingerprinting(AWF)with simple structure,CMAES-WFD reduced the classification accuracy to only 6.7%and the bandwidth overhead to less than 7.4%.Moreover,it was demonstrated that CMAES-WFD was robust against adversarial training to a certain extent.

VPN and Non-VPN Network Traffic Classification Using Time-Related Features

The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermore,with the increase in the adoption of encrypted data transmission by many people who tend to use a Virtual Private Network(VPN)or Tor Browser(dark web)to keep their data privacy and hidden,network traffic encryption is rapidly becoming a universal approach.This affects and complicates the quality of service(QoS),traffic monitoring,and network security provided by Internet Service Providers(ISPs),particularly for analysis and anomaly detection approaches based on the network traffic’s nature.The method of categorizing encrypted traffic is one of the most challenging issues introduced by a VPN as a way to bypass censorship as well as gain access to geo-locked services.Therefore,an efficient approach is especially needed that enables the identification of encrypted network traffic data to extract and select valuable features which improve the quality of service and network management as well as to oversee the overall performance.In this paper,the classification of network traffic data in terms of VPN and non-VPN traffic is studied based on the efficiency of time-based features extracted from network packets.Therefore,this paper suggests two machine learning models that categorize network traffic into encrypted and non-encrypted traffic.The proposed models utilize statistical features(SF),Pearson Correlation(PC),and a Genetic Algorithm(GA),preprocessing the traffic samples into net flow traffic to accomplish the experiment’s objectives.The GA-based method utilizes a stochastic method based on natural genetics and biological evolution to extract essential features.The PC-based method performs well in removing different features of network traffic.With a microsecond perpacket prediction time,the best model achieved an accuracy of more than 95.02 percent in the most demanding traffic classification task,a drop in accuracy of only 2.37 percent in comparison to the entire statistical-based machine learning approach.This is extremely promising for the development of real-time traffic analyzers.

Intrusion Detection Method of Internet of Things Based on Multi GBDT Feature Dimensionality Reduction and Hierarchical Traffic Detection

The rapid development of Internet of Things(IoT)technology has brought great convenience to people’s life.However,the security protection capability of IoT is weak and vulnerable.Therefore,more protection needs to be done for the security of IoT.The paper proposes an intrusion detection method for IoT based on multi GBDT feature reduction and hierarchical traffic detection model.Firstly,GBDT is used to filter the features of IoT traffic data sets BoT-IoT and UNSW-NB15 to reduce the traffic feature dimension.At the same time,in order to improve the reliability of feature filtering,this paper constructs multiple GBDT models to filter the features of multiple sub data sets,and comprehensively evaluates the filtered features to find out the best alternative features.Then,two neural networks are trained with the two data sets after dimensionality reduction,and the traffic will be detected with the trained neural network.In order to improve the efficiency of traffic detection,this paper proposes a hierarchical traffic detection model,which can reduce the computational cost and time cost of detection process.Experiments show that the multi GBDT dimensionality reduction method can obtain better features than the traditional PCA dimensionality reduction method.Besides,the use of dual data sets improves the comprehensiveness of the IoT intrusion detection system,which can detect more types of attacks,and the hierarchical traffic model improves the detection efficiency of the system.

Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances,Challenges and Future Directions

Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.

Autonomous machine learning for early bot detection in the internet of things

The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain an advantage against attacks.However,early botnet detection is challenging because of continuous malware mutations,the adoption of sophisticated obfuscation techniques,and the massive volume of data.The literature addresses botnet detection by modeling the behavior of malware spread,the classification of malicious traffic,and the analysis of traffic anomalies.This article details ANTE,a system for ANTicipating botnEt signals based on machine learning algorithms.The system adapts itself to different scenarios and detects different types of botnets.It autonomously selects the most appropriate Machine Learning(ML)pipeline for each botnet and improves the classification before an attack effectively begins.The system evaluation follows trace-driven experiments and compares ANTE results to other relevant results from the literature over four representative datasets:ISOT HTTP Botnet,CTU-13,CICDDoS2019,and BoT-IoT.Results show an average detection accuracy of 99.06%and an average bot detection precision of 100%.

Countering DNS Amplification Attacks Based on Analysis of Outgoing Traffic

Domain name system(DNS)amplification distributed denial of service(DDoS)attacks are one of the popular types of intrusions that involve accessing DNS servers on behalf of the victim.In this case,the size of the response is many times greater than the size of the request,in which the source of the request is substituted for the address of the victim.This paper presents an original method for countering DNS amplification DDoS attacks.The novelty of our approach lies in the analysis of outgoing traffic from the victim’s server.DNS servers used for amplification attacks are easily detected in Internet control message protocol(ICMP)packet headers(type 3,code 3)in outgoing traffic.ICMP packets of this type are generated when accessing closed user datagram protocol(UDP)ports of the victim,which are randomly assigned by the Saddam attack tool.To prevent such attacks,we used a Linux utility and a software-defined network(SDN)module that we previously developed to protect against port scanning.The Linux utility showed the highest efficiency of 99.8%,i.e.,only two attack packets out of a thousand reached the victim server.

一种实时的新型网络性能预警系统

设计了一种基于NetFlow流量分析的实时的新型网络性能预警系统,主要是利用基于NetFlow协议的高性能数据采集模式并运用统计学和预测学的相关算法,根据对当前网络流量值影响最大的在时间上最临近的流量值,预测下一时刻的流量数据。该系统能根据不同网络运行状态及时准确的预测出网络不同时间段的各种异常情况,有效分析网络运行效率并及时发现瓶颈,为优化网络性能提供了有力依据。

一种实时的新型网络性能预警系统

设计了一种基于NetFlow流量分析的实时的新型网络性能预警系统,它主要是利用基于NetFlow协议的高性能数据采集模式并运用统计学和预测学的相关算法,根据对当前网络流量值影响最大的在时间上最临近的流量值,预测下一时刻的流量数据。该系统能根据不同网络运行状态及时准确地预测出网络不同时间段的各种异常情况,有效分析网络运行效率并及时发现瓶颈,为优化网络性能提供了有力依据。

Traffic Modeling and Analysis of Cellular Networks with Dynamic Channel Allocation

Dynamic channel allocation can reduce the blocking probability of cellular networks. This paper aims atestimating the blocking probability for cellular networki with dynamic channel allocation. Traffic analysis modelsare presented to evaluate performance of cellular networkS, The blocking probabilities versus traffic offered to eachcell are analyzed and simulated Comparisons between analysis and simulation results are made.

TIFAflow: Enhancing Traffic Archiving System with Flow Granularity for Forensic Analysis in Network Security

The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system （such as Hadoop, ZFS, etc.） and open cloud computing platform （such as OpenStack, CloudStack, and Eucalyptus, etc.）, it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine＋FAstbit （TIFA） with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.

Key Technologies of Urban TIA and Their Application

With the high speed development of Chinese economy, urban traffic problems have become increasingly serious. Based on an analysis of the significance and function of TIA (Traffic Impact Analysis), the characteristics, procedure and key techniques of TIA are elaborated according to the overseas experience. Then, in combination with the domestic practice, the standard of executing TIA, the prediction of traffic volume, the standard of appraisement, etc ., are discussed in detail. Finally, construction of the commercial pedestrian street of Chunxi road in Chengdu city is taken as an example for analysis.

Performance analysis of optical burst switching under bursty traffic

The performance of the algorithm of the data channel scheduling algorithm of latest available unscheduled channel with void filling (LAUC-VF) under bursty traffic is presented firstly. A bursty traffic model for optical burst switch performance simulation is also introduced.

TPII:tracking personally identifiable information via user behaviors in HTTP traffic

It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide precise and recommending services.Meanwhile,Internet service providers(ISPs)or local network providers also have strong requirements to collect PIIs for finer-grained traffic control and security services.However,it is a challenge to locate PIIs accurately in the massive data of network traffic just like looking a needle in a haystack.In this paper,we address this challenge by presenting an efficient and light-weight approach,namely TPII,which can locate and track PIIs from the HTTP layer rebuilt from raw network traffics.This approach only collects three features from HTTP fields as users'behaviors and then establishes a tree-based decision model to dig PIIs efficiently and accurately.Without any priori knowledge,TPII can identify any types of PIIs from any mobile applications,which has a broad vision of applications.We evaluate the proposed approach on a real dataset collected from a campus network with more than 13k users.The experimental results show that the precision and recall of TPII are 91.72%and 94.51%respectively and a parallel implementation of TPII can achieve 213 million records digging and labelling within one hour,reaching near to support 1Gbps wirespeed inspection in practice.Our approach provides network service providers a practical way to collect PIIs for better services.

An Active De-anonymizing Attack Against Tor Web Traffic

Tor is pervasively used to conceal target websites that users are visiting. A de-anonymization technique against Tor, referred to as website fingerprinting attack, aims to infer the websites accessed by Tor clients by passively analyzing the patterns of encrypted traffic at the Tor client side. However, HTTP pipeline and Tor circuit multiplexing techniques can affect the accuracy of the attack by mixing the traffic that carries web objects in a single TCP connection. In this paper, we propose a novel active website fingerprinting attack by identifying and delaying the HTTP requests at the first hop Tor node. Then, we can separate the traffic that carries distinct web objects to derive a more distinguishable traffic pattern. To fulfill this goal, two algorithms based on statistical analysis and objective function optimization are proposed to construct a general packet delay scheme. We evaluate our active attack against Tor in empirical experiments and obtain the highest accuracy of 98.64%, compared with 85.95% of passive attack. We also perform experiments in the open-world scenario. When the parameter k of k-NN classifier is set to 5, then we can obtain a true positive rate of 90.96% with a false positive rate of 3.9%.

Investigating the impacts of urban speed limit reduction through microscopic traffic simulation

Road traffic congestion has become an everyday phenomenon in today's cities all around the world.The reason is clear:at peak hours,the road network operates at full capacity.In this way,growing traffic demand cannot be satisfied,not even with traffic-responsive signal plans.The external impacts of traffic congestion come with a serious socio-economic cost:air pollution,increased travel times and fuel consumption,stress,as well as higher risk of accidents.To tackle these problems,a number of European cities have implemented reduced speed limit measures.Similarly,a general urban speed limit measure is in preparatory phase in Budapest,Hungary.In this context,a complex preliminary impact assessment is needed using a simulated environment.Two typical network parts of Budapest were analyzed with microscopic traffic simulations.The results revealed that speed limits can affect traffic differently in diverse network types indicating that thorough examination and preparation works are needed prior to the introduction of speed limit reduction.