Learn More
The security of information technology and computer networks is effected by a wide variety of actors and processes which together make up a security ecosystem; here we examine this ecosystem, consolidating many aspects of security that have hitherto been discussed only separately. First, we analyze the roles of the major actors within this ecosystem and the(More)
In recent years, academic literature has analyzed many attacks on network trace anonymization techniques. These attacks usually correlate external information with anonymized data and successfully de-anonymize objects with distinctive signatures. However, analyses of these attacks still underestimate the real risk of publishing anonymized data, as the most(More)
—Flow monitoring has become a prevalent method for monitoring traffic in high-speed networks. By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable than traditional packet-based traffic analysis. Flow monitoring embraces the complete chain of packet observation , flow export using protocols such as(More)
The Internet's transport layer - the SOCK_STREAM service from TCP and the SOCK_DGRAM service from UDP--has seen little evolution over the past three decades, despite wildly changing requirements. Indeed, the movement of the "waist" of the protocol stack hourglass from IP up the stack toward HTTP (over TLS) over TCP has combined with a proliferation of(More)
In this paper, we characterize, quantify, and correct timing errors introduced into network flow data by collection and export via Cisco NetFlow version 9. We find that while some of these sources of error (clock skew, export delay) are generally implementation-dependent and known in the literature, there is an additional cyclic error of up to one second(More)
We propose a novel approach for real-time privacy preserving traffic filtering based on entropy estimation. The decision of the real-time classifier is based on the entropy of the payload from first packet of a flow. The aim of the classifier is to detect traffic with encrypted payload. As a proof of concept we show the applicability of our approach as a(More)
Explicit Congestion Notification (ECN) is a TCP/IP extension that can avoid packet loss and thus improve network performance. Though standardized in 2001, it is barely used in today's Internet. This study, following on previous active measurement studies over the past decade, shows marked and continued increase in the deployment of ECN-capable servers, and(More)