Network Traffic Anomaly Detection Using Shallow Packet Inspection and Parallel K-means Data Clustering

Velea, Radu; Ciobanu, Casian; Mărgărit, Laurențiu; Bica, Ion

doi:10.24846/v26i4y201702

Cited by 11 publications

(2 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Le et al leverage the PCAPNG file format in AntMonitor, a system for monitoring mobile devices, to attach mobile application names to raw packets [40]. Velea et al also leverage the PCAPNG traffic capture format to encode pre-processed feature information, such as the use of encryption, the protocol, and the number of packets in a flow using a custom-developed block option [82,83]. In contrast to these works, our work focuses on building a generalizable system for network traffic analysis tasks by encoding arbitrary metadata onto packets.…”

Section: Related Workmentioning

confidence: 99%

Towards Reproducible Network Traffic Analysis

Holland¹,

Schmitt²,

Mittal³

et al. 2022

Preprint

View full text Add to dashboard Cite

Analysis techniques are critical for gaining insight into network traffic given both the higher proportion of encrypted traffic and increasing data rates. Unfortunately, the domain of network traffic analysis suffers from a lack of standardization, leading to incomparable results and barriers to reproducibility. Unlike other disciplines, no standard dataset format exists, forcing researchers and practitioners to create bespoke analysis pipelines for each individual task. Without standardization researchers cannot compare "applesto-apples," preventing us from knowing with certainty if a new technique represents a methodological advancement or if it simply benefits from a different interpretation of a given dataset.In this work, we examine irreproducibility that arises from the lack of standardization in network traffic analysis. First, we study the literature, highlighting evidence of irreproducible research based on different interpretations of popular public datasets. Next, we investigate the underlying issues that have lead to the status quo and prevent reproducible research. Third, we outline the standardization requirements that any solution aiming to fix reproducibility issues must address. We then introduce pcapML, an open source system which increases reproducibility of network traffic analysis research by enabling metadata information to be directly encoded into raw traffic captures in a generic manner. Finally, we use the standardization pcapML provides to create the pcapML benchmarks, an open source leaderboard website and repository built to track the progress of network traffic analysis methods.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Reproducible Network Traffic Analysis

Holland¹,

Schmitt²,

Mittal³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Many security applications claim to rely on a basic mechanism, which means that vehicles continuously transmit security messages [3], [4,16]. These safety messages contain the knowledge about the present status of the vehicles, such as the speed, direction, position and acceleration [5,35].…”

Section: Introductionmentioning

confidence: 99%

Secure VANETs: Trusted Communication Scheme Between Vehicles and Infrastructure Based on Fog Computing

Arif¹,

Wang²,

Balas³

2019

STUD INFORM CONTROL

View full text Add to dashboard Cite

In the Vehicular Ad-hoc Networks (VANETs), a vehicle or the vehicle driver could be recognized and tracked by eavesdropping its queries (e.g., beacons) by an adversary as these contains personal information like location, speed, and communication of the vehicles. This attack leads to threats to the vehicle`s location and leakage of personal information. The current solution, is to use the anonymizer as a third trusted party between the vehicles and the LBS. In this paper we refer to the use of a Fog server with Fog anonymizer to secure the communication among the vehicles and LBS. Our scheme consists of four phases. In first phase, the vehicle driver initiates the communication process and generate the encrypted messages. These messages may contain the sub-messages. In phase 2, the Fog server received the messages via different roots. The Fs combined the messages and decrypt the messages based on the PK received by the vehicle. All the Fog server perform the same task for encryption and decryption. If any of the Fog server was compromised, we still had the link for communication. In Phase 3, the Fog anonymizer receive the messages from the Fog node, anonymize them based on the anonymization process. Thereafter, the Fog anonymizer send these messages to LBS to achieve desired goals. The Fog anonymizer perform the same job for anonymization and de-anonymization, while sending and receiving the messages from the LBS. In the last phase, the LBS received the messages from the Fog anonymizer, understand the communication messages, compile the desired results, and sent them back to the Fog anonymizer. Our analysis shows that the proposed scheme preserved the location privacy based on the queries at low communication and computational cost.

show abstract