Protocol Identification of Encrypted Network Streams

2010 ◽  
pp. 328-341
Author(s):  
Matthew Gebski ◽  
Alex Penev ◽  
Raymond K. Wong
Keyword(s):  
Real World ◽  
Network Traffic ◽  
Experimental Evaluation ◽  
Network Monitoring ◽  
Traffic Analysis ◽  
Network Data ◽  
Stream Characteristics ◽  
Protocol Identification

Traffic analysis is an important issue for network monitoring and security. The authors focus on identifying protocols for network traffic by analysing the size, timing and direction of network packets. By using these network stream characteristics, they propose a technique for modelling the behaviour of various tcp protocols. This model can be used for recognising protocols even when running under encrypted tunnels. This is complemented with experimental evaluation on real world network data.

scholarly journals Hfinger: Malware HTTP Request Fingerprinting

Entropy ◽  
2021 ◽  
Vol 23 (5) ◽  
pp. 507
Author(s):  
Piotr Białczak ◽  
Wojciech Mazurczyk
Keyword(s):  
Real World ◽  
Network Traffic ◽  
Experimental Evaluation ◽  
Data Sets ◽  
Real World Data ◽  
Malicious Software ◽  
Default Mode ◽  
World Data ◽  
Effectiveness Analysis ◽  
Http Protocol

Malicious software utilizes HTTP protocol for communication purposes, creating network traffic that is hard to identify as it blends into the traffic generated by benign applications. To this aim, fingerprinting tools have been developed to help track and identify such traffic by providing a short representation of malicious HTTP requests. However, currently existing tools do not analyze all information included in the HTTP message or analyze it insufficiently. To address these issues, we propose Hfinger, a novel malware HTTP request fingerprinting tool. It extracts information from the parts of the request such as URI, protocol information, headers, and payload, providing a concise request representation that preserves the extracted information in a form interpretable by a human analyst. For the developed solution, we have performed an extensive experimental evaluation using real-world data sets and we also compared Hfinger with the most related and popular existing tools such as FATT, Mercury, and p0f. The conducted effectiveness analysis reveals that on average only 1.85% of requests fingerprinted by Hfinger collide between malware families, what is 8–34 times lower than existing tools. Moreover, unlike these tools, in default mode, Hfinger does not introduce collisions between malware and benign applications and achieves it by increasing the number of fingerprints by at most 3 times. As a result, Hfinger can effectively track and hunt malware by providing more unique fingerprints than other standard tools.

Net_Watch: A Tool for Network Traffic Analysis

2020 ◽  
Author(s):  
Sumit Kumari ◽  
Neetu Sharma ◽  
Prashant Ahlawat
Keyword(s):  
Network Traffic ◽  
Traffic Analysis ◽  
Network Traffic Analysis

scholarly journals User Profiling Using Smartphone Network Traffic Analysis

2021 ◽  
Author(s):  
Ayush Bahuguna ◽  
Ankit Agrawal ◽  
Ashutosh Bhatia ◽  
Kamlesh Tiwari ◽  
Deepak Vishwakarma
Keyword(s):  
Network Traffic ◽  
Traffic Analysis ◽  
User Profiling ◽  
Network Traffic Analysis

scholarly journals Simplification and Detection of Outlying Trajectories from Batch and Streaming Data Recorded in Harsh Environments

2019 ◽  
Vol 8 (6) ◽  
pp. 272 ◽  
Author(s):  
Iq Reviessay Pulshashi ◽  
Hyerim Bae ◽  
Hyunsuk Choi ◽  
Seunghwan Mun ◽  
Riska Asriana Sutrisnowati
Keyword(s):  
South Korea ◽  
Real World ◽  
Experimental Evaluation ◽  
Streaming Data ◽  
Harsh Environments ◽  
Noise Filtering ◽  
New Approach ◽  
Detection Algorithms ◽  
Outlying Point

Analysis of trajectory such as detection of an outlying trajectory can produce inaccurate results due to the existence of noise, an outlying point-locations that can change statistical properties of the trajectory. Some trajectories with noise are repairable by noise filtering or by trajectory-simplification. We herein propose the application of a trajectory-simplification approach in both batch and streaming environments, followed by benchmarking of various outlier-detection algorithms for detection of outlying trajectories from among simplified trajectories. Experimental evaluation in a case study using real-world trajectories from a shipyard in South Korea shows the benefit of the new approach.

scholarly journals Network traffic analysis and evaluation of a multi-user virtual environment

2012 ◽  
Vol 26 ◽  
pp. 1-15 ◽  
Author(s):  
Juan L. Font ◽  
Daniel Cascado ◽  
José L. Sevillano ◽  
Fernando Díaz del Río ◽  
Gabriel Jiménez
Keyword(s):  
Virtual Environment ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Analysis And Evaluation ◽  
Network Traffic Analysis

Procedural extensions of SQL

2021 ◽  
Vol 14 (8) ◽  
pp. 1378-1391
Author(s):  
Surabhi Gupta ◽  
Karthik Ramachandra
Keyword(s):  
Real World ◽  
Experimental Evaluation ◽  
New Work ◽  
Research Challenges ◽  
Depth Analysis ◽  
Challenges And Opportunities ◽  
Procedural Code

Procedural extensions of SQL have been in existence for many decades now. However, little is known about their magnitude of usage and their complexity in real-world workloads. Procedural code executing in a RDBMS is known to have inefficiencies and limitations; as a result there have been several efforts to address this problem. However, the lack of understanding of their use in real workloads makes it challenging to (a) motivate new work in this area, (b) identify research challenges and opportunities, and (c) demonstrate impact of novel work. We aim to address these challenges with our work. In this paper, we present the results of our in-depth analysis of thousands of stored procedures, user-defined functions and triggers taken from several real workloads. We introduce SQL-ProcBench , a benchmark for procedural workloads in RDBMSs. SQL-ProcBench has been created using the insights derived from our analysis, and thus represents real workloads. Using SQL-ProcBench, we present an experimental evaluation on several database engines to understand and identify research challenges and opportunities. We emphasize the need to work on these interesting and relevant problems, and encourage researchers to contribute to this area.

Sign in / Sign up

Export Citation Format

Share Document