scholarly journals Fingerprinting Network Entities Based on Traffic Analysis in High-Speed Network Environment

2018 ◽  
Vol 2018 ◽  
pp. 1-15
Author(s):  
Xiaodan Gu ◽  
Ming Yang ◽  
Yiting Zhang ◽  
Peilong Pan ◽  
Zhen Ling
Keyword(s):  
High Speed ◽  
Performance Test ◽  
Time Lapse ◽  
Traffic Analysis ◽  
Network Environment ◽  
Environment Analysis ◽  
Novel Device ◽  
Online Identification ◽  
High Speed Network ◽  
Feature Dimension

For intrusion detection, it is increasingly important to detect the suspicious entities and potential threats. In this paper, we introduce the identification technologies of network entities to detect the potential intruders. However, traditional entities identification technologies based on the MAC address, IP address, or other explicit identifiers can be deactivated if the identifier is hidden or tampered. Meanwhile, the existing fingerprinting technology is also restricted by its limited performance and excessive time lapse. In order to realize entities identification in high-speed network environment, PFQ kernel module and Storm are used for high-speed packet capture and online traffic analysis, respectively. On this basis, a novel device fingerprinting technology based on runtime environment analysis is proposed, which employs logistic regression to implement online identification with a sliding window mechanism, reaching a recognition accuracy of 77.03% over a 60-minute period. In order to realize cross-device user identification, Web access records, domain names in DNS responses, and HTTP User-Agent information are extracted to constitute user behavioral fingerprints for online identification with Multinomial Naive Bayes model. When the minimum effective feature dimension is set to 9, it takes only 5 minutes to reach an accuracy of 79.51%. Performance test results show that the proposed methods can support over 10Gbps traffic capture and online analysis, and the system architecture is justified in practice because of its practicability and extensibility.

scholarly journals RT-SAD: Real-Time Sketch-Based Adaptive DDoS Detection for ISP Network

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Haibin Shi ◽  
Guang Cheng ◽  
Ying Hu ◽  
Fuzhou Wang ◽  
Haoxuan Ding
Keyword(s):  
Real Time ◽  
High Speed ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Network Environment ◽  
The Real ◽  
Feature Extraction Method ◽  
Ddos Attack ◽  
High Speed Network ◽  
Ddos Attack Detection

With the great changes in network scale and network topology, the difficulty of DDoS attack detection increases significantly. Most of the methods proposed in the past rarely considered the real-time, adaptive ability, and other practical issues in the real-world network attack detection environment. In this paper, we proposed a real-time adaptive DDoS attack detection method RT-SAD, based on the response to the external network when attacked. We designed a feature extraction method based on sketch and an adaptive updating algorithm, which makes the method suitable for the high-speed network environment. Experiment results show that our method can detect DDoS attacks using sampled Netflowunder high-speed network environment, with good real-time performance, low resource consumption, and high detection accuracy.

scholarly journals An Effective Conversation-Based Botnet Detection Method

2017 ◽  
Vol 2017 ◽  
pp. 1-9 ◽  
Author(s):  
Ruidong Chen ◽  
Weina Niu ◽  
Xiaosong Zhang ◽  
Zhongliu Zhuo ◽  
Fengmao Lv
Keyword(s):  
High Speed ◽  
Detection System ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Supervised Machine Learning ◽  
Detection Methods ◽  
Network Environment ◽  
Botnet Detection ◽  
Processing Technologies ◽  
High Speed Network

A botnet is one of the most grievous threats to network security since it can evolve into many attacks, such as Denial-of-Service (DoS), spam, and phishing. However, current detection methods are inefficient to identify unknown botnet. The high-speed network environment makes botnet detection more difficult. To solve these problems, we improve the progress of packet processing technologies such as New Application Programming Interface (NAPI) and zero copy and propose an efficient quasi-real-time intrusion detection system. Our work detects botnet using supervised machine learning approach under the high-speed network environment. Our contributions are summarized as follows: (1) Build a detection framework using PF_RING for sniffing and processing network traces to extract flow features dynamically. (2) Use random forest model to extract promising conversation features. (3) Analyze the performance of different classification algorithms. The proposed method is demonstrated by well-known CTU13 dataset and nonmalicious applications. The experimental results show our conversation-based detection approach can identify botnet with higher accuracy and lower false positive rate than flow-based approach.

Five-Dimensional Microscopy using Widefield-Deconvolution: Practical Considerations and Biological Applications

1996 ◽  
Vol 54 ◽  
pp. 268-269
Author(s):  
W.F. Marshall ◽  
K. Oegema ◽  
J. Nunnari ◽  
A.F. Straight ◽  
D.A. Agard ◽  
...  
Keyword(s):  
Confocal Microscopy ◽  
High Speed ◽  
Laser Scanning ◽  
Ccd Camera ◽  
Image Plane ◽  
Time Lapse ◽  
Laser Scanning Confocal Microscopy ◽  
Three Dimensions ◽  
Excitation Light ◽  
Cooled Ccd

The ability to image cells in three dimensions has brought about a revolution in biological microscopy, enabling many questions to be asked which would be inaccessible without this capability. There are currently two major methods of three dimensional microscopy: laser-scanning confocal microscopy and widefield-deconvolution microscopy. The method of widefield-deconvolution uses a cooled CCD to acquire images from a standard widefield microscope, and then computationally removes out of focus blur. Using such a scheme, it is easy to acquire time-lapse 3D images of living cells without killing them, and to do so for multiple wavelengths (using computer-controlled filter wheels). Thus, it is now not only feasible, but routine, to perform five dimensional microscopy (three spatial dimensions, plus time, plus wavelength).Widefield-deconvolution has several advantages over confocal microscopy. The two main advantages are high speed of acquisition (because there is no scanning, a single optical section is acquired at a time by using a cooled CCD camera) and the use of low excitation light levels Excitation intensity can be much lower than in a confocal microscope for three reasons: 1) longer exposures can be taken since the entire 512x512 image plane is acquired in parallel, so that dwell time is not an issue, 2) the higher quantum efficiently of a CCD detect over those typically used in confocal microscopy (although this is expected to change due to advances in confocal detector technology), and 3) because no pinhole is used to reject light, a much larger fraction of the emitted light is collected. Thus we can typically acquire images with thousands of photons per pixel using a mercury lamp, instead of a laser, for illumination. The use of low excitation light is critical for living samples, and also reduces bleaching. The high speed of widefield microscopy is also essential for time-lapse 3D microscopy, since one must acquire images quickly enough to resolve interesting events.

Sign in / Sign up

Export Citation Format

Share Document