Questo sito utilizza cookie di terze parti per inviarti pubblicità in linea con le tue preferenze. Se vuoi saperne di più clicca QUI 
Chiudendo questo banner, scorrendo questa pagina, cliccando su un link o proseguendo la navigazione in altra maniera, acconsenti all'uso dei cookie. OK

Sviluppo di una tecnica di riconoscimento statistico di applicazioni su rete IP

Network traffic recognition and identification based upon applications that generated it, is becoming fundamental for many management processes like:
- granting an adequate quality of service;
- managing billing policies;
- analyze sudden changes in the traffic dynamics and combat possible attacks.
In the latest years there was a development of softwares that un recognizable with the classic techniques such as port or payload inspection. New approaches were needed and the most successful were the statistical ones.
For the first thing we devided the classification methods of literature in three categories
: Session-based, Content-based e Constraint-based.
We analyzed the first two, pointing out their limitations and then we addressed to the third category.
The statistical methods were so devided on tha basis of the accuracy of the identification (per classes of applications or applications), in supervised or not supervised and in probabilistic or deterministic.
The studied method is fine-grained, supervised and probabilistic; it is moreover based upon charachteristica of the packets that can be got looking uniquely to IP level such as the dimension of the packets in bytes, the temporal distance fromthe first packet of a session and the order number of a packet.
The ID strategy is based upon the maximum likelihood criterium; in particular we considered tha application that generated the traffic as the one with tha maximumn a-priori probability. The ID method was developed according to three ways:pachet independent, dependent or forming a Markov chain.
We also made a comparison with a deterministic method based upon the minimum square distance.
The practical work consisted into the capture of traces with WireShark, writing Java code for the algorithm implementation and simulation to validate the algorithm. the studied protocols were HTTP, HTTPS and SIP. the varying parameters in the simulation were:
- M, the significant number of packets in a session;
- a session duration;
- the number of quantization slot in the Dimension x Time plane.
To complete the work we tried to integrate the ID method ina realtime capture to allow a dynamic identification. to this aim the various pdf were precomputed, while for traffic capture we exploited the Jpcap library.

Mostra/Nascondi contenuto.
PARTE II 2.Motivations 16 PARTE II 2. Motivations any network management tasks, such as flow prioritization, traffic policing and diagnostic monitoring, require always of- tener accurate identification and categorization of network traffic accord- ing to the type of application that has generated it [2][2]. The identification, which can be packet, flow or session-based, is becom- ing a fundamental prerequisite for numerous other network activities, such as granting an adequate level of QoS (e.g.: differentiated services, priority queuing, minimum bit-rate, …) or managing ISPs’ billing poli- cies [3][4]; moreover it can help in solving some network engineering problems such as workload characterization and modelling, capacity planning and route provisioning. A reliable traffic characterization could be also a good starting point, for network administrators, either to investigate in case of sudden changes in traffic dynamics and to counter possible security attacks. There are (see [4]) at least three categories of application identification methods: Session-based, Content-based and Constraint-based. M

Laurea liv.II (specialistica)

Facoltà: Ingegneria

Autore: Riccardo Pecori Contatta »

Composta da 157 pagine.

 

Questa tesi ha raggiunto 204 click dal 25/06/2012.

Disponibile in PDF, la consultazione è esclusivamente in formato digitale.