A Broad Learning-Driven Network Traffic Analysis System Based on Fog Computing Paradigm

The development of communication technologies which support traffic-intensive applications presents new challenges in designing a real-time traffic analysis architecture and an accurate method that suitable for a wide variety of traffic types.Current traffic analysis methods are executed on the cloud,which needs to upload the traffic data.Fog computing is a more promising way to save bandwidth resources by offloading these tasks to the fog nodes.However,traffic analysis models based on traditional machine learning need to retrain all traffic data when updating the trained model,which are not suitable for fog computing due to the poor computing power.In this study,we design a novel fog computing based traffic analysis system using broad learning.For one thing,fog computing can provide a distributed architecture for saving the bandwidth resources.For another,we use the broad learning to incrementally train the traffic data,which is more suitable for fog computing because it can support incremental updates of models without retraining all data.We implement our system on the Raspberry Pi,and experimental results show that we have a 98%probability to accurately identify these traffic data.Moreover,our method has a faster training speed compared with Convolutional Neural Network(CNN).

Design and Analysis of a Network Traffic Analysis Tool: NetFlow Analyzer

A network analyzer can often comprehend many protocols, which enables it to display talks taking place between hosts over a network. A network analyzer analyzes the device or network response and measures for the operator to keep an eye on the network’s or object’s performance in an RF circuit. The purpose of the following research includes analyzing the capabilities of NetFlow analyzer to measure various parts, including filters, mixers, frequency sensitive networks, transistors, and other RF-based instruments. NetFlow Analyzer is a network traffic analyzer that measures the network parameters of electrical networks. Although there are other types of network parameter sets including Y, Z, & H-parameters, these instruments are typically employed to measure S-parameters since transmission & reflection of electrical networks are simple to calculate at high frequencies. These analyzers are widely employed to distinguish between two-port networks, including filters and amplifiers. By allowing the user to view the actual data that is sent over a network, packet by packet, a network analyzer informs you of what is happening there. Also, this research will contain the design model of NetFlow Analyzer that Measurements involving transmission and reflection use. Gain, insertion loss, and transmission coefficient are measured in transmission measurements, whereas return loss, reflection coefficient, impedance, and other variables are measured in reflection measurements. These analyzers’ operational frequencies vary from 1 Hz to 1.5 THz. These analyzers can also be used to examine stability in measurements of open loops, audio components, and ultrasonics.

Data network traffic analysis and optimization strategy of real-time power grid dynamic monitoring system for wide-frequency measurements

The application and development of a wide-area measurement system(WAMS)has enabled many applications and led to several requirements based on dynamic measurement data.Such data are transmitted as big data information flow.To ensure effective transmission of wide-frequency electrical information by the communication protocol of a WAMS,this study performs real-time traffic monitoring and analysis of the data network of a power information system,and establishes corresponding network optimization strategies to solve existing transmission problems.This study utilizes the traffic analysis results obtained using the current real-time dynamic monitoring system to design an optimization strategy,covering the optimization in three progressive levels:the underlying communication protocol,source data,and transmission process.Optimization of the system structure and scheduling optimization of data information are validated to be feasible and practical via tests.

Offline traffic analysis system based on Hadoop

Offiine network traffic analysis is very important for an in-depth study upon the understanding of network conditions and characteristics, such as user behavior and abnormal traffic. With the rapid growth of the amount of information on the Intemet, the traditional stand-alone analysis tools face great challenges in storage capacity and computing efficiency, but which is the advantages for Hadoop cluster. In this paper, we designed an offiine traffic analysis system based on Hadoop （OTASH）, and proposed a MapReduce-based algorithm for TopN user statistics. In addition, we studied the computing performance and failure tolerance in OTASH. From the experiments we drew the conclusion that OTASH is suitable for handling large amounts of flow data, and are competent to calculate in the case of single node failure.

A Stream Pattern Matching Method for Traffic Analysis

In order to identify any traces of suspicious activities for the networks security, Network Traffic Analysis has been the basis of network security and network management. With the continued emergence of new applications and encrypted traffic, the currently available approaches can not perform well for all kinds of network data. In this paper, we propose a novel stream pattern matching technique which is not only easily deployed but also includes the advantages of different methods. The main idea is： first, defining a formal description specification, by which any series of data stream can be unambiguously descrbed by a special stream pattern; then a tree representation is constructed by parsing the stream pattern; at last, a stream pattern engine is constructed with the Non-t-mite automata （S-CG-NFA） and Bit-parallel searching algorithms. Our stream pattern analysis system has been fully prototyped on C programming language and Xilinx Vn-tex2 FPGA. The experimental results show the method could provides a high level of recognition efficiency and accuracy.

Comprehensive Analysis of Caching Performance under Probabilistic Traffic Patterns for Content Centric Networking

The phenomenon of data explosion represents a severe challenge for the upcoming big data era.However,the current Internet architecture is insufficient for dealing with a huge amount of traffic owing to an increase in redundant content transmission and the end-point-based communication model.Information-centric networking(ICN)is a paradigm for the future Internet that can be utilized to resolve the data explosion problem.In this paper,we focus on content-centric networking(CCN),one of the key candidate ICN architectures.CCN has been studied in various network environments with the aim of relieving network and server burden,especially in name-based forwarding and in-network caching functionalities.This paper studies the effect of several caching strategies in the CCN domain from the perspective of network and server overhead.Thus,we comprehensively analyze the in-network caching performance of CCN under several popular cache replication methods(i.e.,cache placement).We evaluate the performance with respect to wellknown Internet traffic patterns that follow certain probabilistic distributions,such as the Zipf/Mandelbrot–Zipf distributions,and flashcrowds.For the experiments,we developed an OPNET-based CCN simulator with a realistic Internet-like topology.

Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances,Challenges and Future Directions

Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.

Analysis on emission factor of fugitive dust from road traffic

ＡｎａｌｙｓｉｓｏｎｅｍｉｓｉｏｎｆａｃｔｏｒｏｆｆｕｇｉｔｉｖｅｄｕｓｔｆｒｏｍｒｏａｄｔｒａｆｉｃＦｕＬｉｘｉｎＤｅｐａｒｔｍｅｎｔｏｆＥｎｖｉｒｏｎｍｅｎｔａｌＥｎｇｉｎｅｅｒｉｎｇ，ＴｓｉｎｇｈｕａＵｎｉｖｅｒｓｉｔｙ，Ｂｅｉｊｉｎｇ１０００...

CMAES-WFD:Adversarial Website Fingerprinting Defense Based on Covariance Matrix Adaptation Evolution Strategy

Website fingerprinting,also known asWF,is a traffic analysis attack that enables local eavesdroppers to infer a user’s browsing destination,even when using the Tor anonymity network.While advanced attacks based on deep neural network(DNN)can performfeature engineering and attain accuracy rates of over 98%,research has demonstrated thatDNNis vulnerable to adversarial samples.As a result,many researchers have explored using adversarial samples as a defense mechanism against DNN-based WF attacks and have achieved considerable success.However,these methods suffer from high bandwidth overhead or require access to the target model,which is unrealistic.This paper proposes CMAES-WFD,a black-box WF defense based on adversarial samples.The process of generating adversarial examples is transformed into a constrained optimization problem solved by utilizing the Covariance Matrix Adaptation Evolution Strategy(CMAES)optimization algorithm.Perturbations are injected into the local parts of the original traffic to control bandwidth overhead.According to the experiment results,CMAES-WFD was able to significantly decrease the accuracy of Deep Fingerprinting(DF)and VarCnn to below 8.3%and the bandwidth overhead to a maximum of only 14.6%and 20.5%,respectively.Specially,for Automated Website Fingerprinting(AWF)with simple structure,CMAES-WFD reduced the classification accuracy to only 6.7%and the bandwidth overhead to less than 7.4%.Moreover,it was demonstrated that CMAES-WFD was robust against adversarial training to a certain extent.

BLS-identification:A device fingerprint classification mechanism based on broad learning for Internet of Things

The popularity of the Internet of Things(IoT)has enabled a large number of vulnerable devices to connect to the Internet,bringing huge security risks.As a network-level security authentication method,device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases.However,flexible and diversified IoT devices with limited resources increase dif-ficulty of the device fingerprint authentication method executed in IoT,because it needs to retrain the model network to deal with incremental features or types.To address this problem,a device fingerprinting mechanism based on a Broad Learning System(BLS)is proposed in this paper.The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices,and extracts feature parameters of the traffic packets.A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset.The complexity of the dataset is reduced using Principal Component Analysis(PCA)and the device type is identified by training weights using BLS.The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.

Model and algorithm of optimizing alternate traffic restriction scheme in urban traffic network

An optimization model and its solution algorithm for alternate traffic restriction(ATR) schemes were introduced in terms of both the restriction districts and the proportion of restricted automobiles. A bi-level programming model was proposed to model the ATR scheme optimization problem by aiming at consumer surplus maximization and overload flow minimization at the upper-level model. At the lower-level model, elastic demand, mode choice and multi-class user equilibrium assignment were synthetically optimized. A genetic algorithm involving prolonging codes was constructed, demonstrating high computing efficiency in that it dynamically includes newly-appearing overload links in the codes so as to reduce the subsequent searching range. Moreover,practical processing approaches were suggested, which may improve the operability of the model-based solutions.

Real traffic-data based evaluation of vehicular traffic environment and state- of-the-art with future issues in location-centric data dissemination for VANETs

Extensive investigation has been performed in location-centric or geocast routing protocols for reliable and efficient dissemination of information in Vehicular Adhoc Networks （VANETs）. Various location-centric routing protocols have been suggested in literature for road safety ITS applications considering urban and highway traffic environment. This paper characterizes vehicular environments based on real traffic data and investigates the evolution of location-centric data dissemination. The current study is carded out with three main objectives： （i） to analyze the impact of dynamic traffic environment on the design of data dissemination techniques, （ii） to characterize location-centric data dissemination in terms of functional and qualitative behavior of protocols, properties, and strengths and weaknesses, and （iii） to find some future research directions in information dissemination based on location. Vehicular traffic environments have been classified into three categories based on physical characteristics such as speed, inter-vehicular distance, neighborhood stability, traffic volume, etc. Real traffic data is considered to analyze on-road traffic environments based on the measurement of physical parameters and weather conditions. Design issues are identified in incorporating physical parameters and weather conditions into data dissemination. Functional and qualitative characteristics of location-centric techniques are explored considering urban and highway environments. Comparative analysis of location-centric techniques is carded out for both urban and highway environments individually based on some unique and common characteristics of the environments. Finally, some future research directions are identified in the area based on the detailed investigation of traffic environments and location-centric data dissemination techniques.

VPN and Non-VPN Network Traffic Classification Using Time-Related Features

The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermore,with the increase in the adoption of encrypted data transmission by many people who tend to use a Virtual Private Network(VPN)or Tor Browser(dark web)to keep their data privacy and hidden,network traffic encryption is rapidly becoming a universal approach.This affects and complicates the quality of service(QoS),traffic monitoring,and network security provided by Internet Service Providers(ISPs),particularly for analysis and anomaly detection approaches based on the network traffic’s nature.The method of categorizing encrypted traffic is one of the most challenging issues introduced by a VPN as a way to bypass censorship as well as gain access to geo-locked services.Therefore,an efficient approach is especially needed that enables the identification of encrypted network traffic data to extract and select valuable features which improve the quality of service and network management as well as to oversee the overall performance.In this paper,the classification of network traffic data in terms of VPN and non-VPN traffic is studied based on the efficiency of time-based features extracted from network packets.Therefore,this paper suggests two machine learning models that categorize network traffic into encrypted and non-encrypted traffic.The proposed models utilize statistical features(SF),Pearson Correlation(PC),and a Genetic Algorithm(GA),preprocessing the traffic samples into net flow traffic to accomplish the experiment’s objectives.The GA-based method utilizes a stochastic method based on natural genetics and biological evolution to extract essential features.The PC-based method performs well in removing different features of network traffic.With a microsecond perpacket prediction time,the best model achieved an accuracy of more than 95.02 percent in the most demanding traffic classification task,a drop in accuracy of only 2.37 percent in comparison to the entire statistical-based machine learning approach.This is extremely promising for the development of real-time traffic analyzers.

Real-time Capturing and Measurement of Traffic Flow Based on WinPcap

In order to understand how a network is being used or whether it is being abused, an administrator needs to inspect the flow of the traffic and ＂infers＂ the intent of the users and applications. So the network traffic measurement and analysis are crucial to network monitoring, reliable DDoS detecting and attack source locating as well. In this paper, we discuss the principle of real-time network traffic measurement and analysis through embedding a traffic measurement and analysis engine into IP packet-decoding module, and emphasize the implementation of visualizing the real-time network traffic, which are helpful to network monitoring and network traffic modeling.

Traffic Matrix Estimation for IP-over-WDM Networks via Optical Bypass Techniques

A traffic matrix is a necessary parameter fornetwork management functions,and itsupplies a flow-level view of a largescale IP-over-WDM backbone network.This paper studies the problem of traffic matrix estimationand proposes an exact traffic matrix estimation approach based on network tomography techniques.The traditional network tomography model is extended to make it compatible with compressive sensing constraints.First,a stochastic perturbation is introduced in the traditional network tomography inference model.Then,an algorithm is proposed to achieve additional optical link observations via optical bypass techniques.The obtained optical link observations are used as extensions for the perturbed network tomography model to ensure that the synthetic model can meetcompressive sensing constraints.Finally,the traffic matrix is estimated from the synthetic model by means of a compressive sensing recovery algorithm.

Intrusion Detection Method of Internet of Things Based on Multi GBDT Feature Dimensionality Reduction and Hierarchical Traffic Detection

The rapid development of Internet of Things(IoT)technology has brought great convenience to people’s life.However,the security protection capability of IoT is weak and vulnerable.Therefore,more protection needs to be done for the security of IoT.The paper proposes an intrusion detection method for IoT based on multi GBDT feature reduction and hierarchical traffic detection model.Firstly,GBDT is used to filter the features of IoT traffic data sets BoT-IoT and UNSW-NB15 to reduce the traffic feature dimension.At the same time,in order to improve the reliability of feature filtering,this paper constructs multiple GBDT models to filter the features of multiple sub data sets,and comprehensively evaluates the filtered features to find out the best alternative features.Then,two neural networks are trained with the two data sets after dimensionality reduction,and the traffic will be detected with the trained neural network.In order to improve the efficiency of traffic detection,this paper proposes a hierarchical traffic detection model,which can reduce the computational cost and time cost of detection process.Experiments show that the multi GBDT dimensionality reduction method can obtain better features than the traditional PCA dimensionality reduction method.Besides,the use of dual data sets improves the comprehensiveness of the IoT intrusion detection system,which can detect more types of attacks,and the hierarchical traffic model improves the detection efficiency of the system.

Autonomous machine learning for early bot detection in the internet of things

The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain an advantage against attacks.However,early botnet detection is challenging because of continuous malware mutations,the adoption of sophisticated obfuscation techniques,and the massive volume of data.The literature addresses botnet detection by modeling the behavior of malware spread,the classification of malicious traffic,and the analysis of traffic anomalies.This article details ANTE,a system for ANTicipating botnEt signals based on machine learning algorithms.The system adapts itself to different scenarios and detects different types of botnets.It autonomously selects the most appropriate Machine Learning(ML)pipeline for each botnet and improves the classification before an attack effectively begins.The system evaluation follows trace-driven experiments and compares ANTE results to other relevant results from the literature over four representative datasets:ISOT HTTP Botnet,CTU-13,CICDDoS2019,and BoT-IoT.Results show an average detection accuracy of 99.06%and an average bot detection precision of 100%.

Countering DNS Amplification Attacks Based on Analysis of Outgoing Traffic

Domain name system(DNS)amplification distributed denial of service(DDoS)attacks are one of the popular types of intrusions that involve accessing DNS servers on behalf of the victim.In this case,the size of the response is many times greater than the size of the request,in which the source of the request is substituted for the address of the victim.This paper presents an original method for countering DNS amplification DDoS attacks.The novelty of our approach lies in the analysis of outgoing traffic from the victim’s server.DNS servers used for amplification attacks are easily detected in Internet control message protocol(ICMP)packet headers(type 3,code 3)in outgoing traffic.ICMP packets of this type are generated when accessing closed user datagram protocol(UDP)ports of the victim,which are randomly assigned by the Saddam attack tool.To prevent such attacks,we used a Linux utility and a software-defined network(SDN)module that we previously developed to protect against port scanning.The Linux utility showed the highest efficiency of 99.8%,i.e.,only two attack packets out of a thousand reached the victim server.

TIFAflow: Enhancing Traffic Archiving System with Flow Granularity for Forensic Analysis in Network Security

The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system （such as Hadoop, ZFS, etc.） and open cloud computing platform （such as OpenStack, CloudStack, and Eucalyptus, etc.）, it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine＋FAstbit （TIFA） with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.

Estimating the frequency of traffic overloading on road bridges

Load limits,which appear to be routinely exceeded by trucks,occasionally result in road bridge failures.Therefore,predicting failures is crucial for safeguarding road safety.Past studies have largely focused on forecasting bridge failure event probability using the reliability analysis method,whilst occasionally accounting for vehicular overloading effects.Only recently,a study has investigated design traffic overloading event frequency using generalised linear regression models(GLRMs),including a power component and negative binomial regressions(NBRs).However,as far as the authors know,artificial neural network models(ANNMs)have never been applied to this field.This paper is an attempt to fill in these gaps.First a frequencybased metric of traffic overloading was adopted as a driver of failure probability.Second,two alternative‘frequency'models were specified,calibrated,and validated.The former was based on a GLRM,the latter on ANNMs.Then,these models were compared using regression plots(RPs),measures of errors(Mo Es)and the ratio between the number of observed vs predicted design load overcoming events to evaluate their performance.The models analysed more than 2 million weigh-in-motion(WIM)data records from a pilot station on a bridge on a heavily used ring road in Brescia(Italy).Results showed that ANNMs outperformed GLRMs.ANNMs have a higher correlation coefficient(between predicted and target frequencies),lower Mo Es,and a closer-to-unity ratio(between predicted and target frequencies).These findings may increase prediction accuracy of design traffic overloading events and give road authorities more effective traffic management to protect bridges from load hazards.