Learn More
— Traditionally, Internet applications have been identified by using predefined well-known ports with questionable accuracy. An alternative approach, application-layer signature mapping, involves the exhaustive search of reliable signatures but with more promising accuracy. With a prior protocol knowledge, the signature generation can guarantee a high(More)
This paper presents the design of a next generation network traffic monitoring and analysis system, called NG-MON (Next Generation MONitoring), for high-speed networks such as 10 Gbps and above. Packet capturing and analysis on such high-speed networks is very difficult using traditional approaches. Using distributed, pipelining and parallel processing(More)
One recent trend in network security attacks is an increasing number of indirect attacks which influence network traffic negatively, instead of directly entering a system and damaging it. In future, damages from this type of attack are expected to become more serious. In addition, the bandwidth consumption by these attacks influences the entire network(More)
Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in(More)
The necessity of network traffic monitoring and analysis is growing dramatically with increasing network usage demands from individual users as well as business communities. Most network traffic monitoring and analysis systems are based on flows. One key asset with these systems is to compress a significant amount of packet data into flows. However, the(More)
Accurate application traffic classification and identification are important for network monitoring and analysis. The accuracy of traditional Internet application traffic classification approaches is rapidly decreasing due to the diversity of today's Internet application traffic, such as ephemeral port allocation, proprietary protocol, and traffic(More)
—The traffic dynamics of the Internet's dominant applications, such as peer-to-peer and multimedia, worsen the accuracy of the existing application traffic identification. There is a strong need for both practical and reliable identification methods with proof of accuracy. This paper proposes a hybrid approach of signature matching and session behavior(More)
— As the Internet evolves into an all-IP communication infrastructure, a key issue to consider is that of creating and managing IP-based services with efficient resource utilization in a scalable, flexible, and automatic way. In this paper, we present the Autonomic Service Architecture (ASA), a uniform framework for automated management of both Internet(More)
One of t he main problems with today's Internet traffic analysis is the large number of network-based applications whose types and traffic patterns are not simple compared to the past. Today, peer-to-peer (P2P), streaming media, and game traffic are increasing continuously. The difficulty with the traffic analysis is that this newly emerging traffic is not(More)
— Traditional telecommunications service providers are undergoing a transition to a shared infrastructure in which multiple services will be delivered by peer and server computers interconnected by IP networks. IP transport networks that can transfer packets according to differentiated levels of QoS, availability and price are a key element to generating(More)