Intrusion detection is an important area of research. Traditionally, the approach taken to find attacks inspect contents every packet. However, packet inspection cannot easily be performed at high-speeds. Therefore, researchers and operators started investigating alternative approaches, such as flow-based intrusion detection. In that flow data through network analyzed, instead each individual The goal this paper provide a survey current research in starts with motivation why needed. concept...

Flow monitoring has become a prevalent method for traffic in high-speed networks. By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable traditional packet-based analysis. embraces complete chain packet observation, flow export using protocols such as NetFlow and IPFIX, data collection, In contrast what assumed, all stages are closely intertwined. Each these therefore thoroughly understood, before being able perform sound measurements....

Personal cloud storage services are gaining popularity. With a rush of providers to enter the market and an increasing offer cheap space, it is be expected that will soon generate high amount Internet traffic. Very little known about architecture performance such systems, workload they have face. This understanding essential for designing efficient systems predicting their impact on network.

We are currently observing a significant increase in the popularity of Unmanned Aerial Vehicles (UAVs), popularly also known by their generic term drones. This is not only case for recreational UAVs, that one can acquire few hundred dollars, but more sophisticated ones, namely professional whereby cost reach several thousands dollars. These UAVs to be largely employed sensitive missions such as monitoring critical infrastructures and operations police force. Given these applications,...

In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial Service (DDoS) attacks against educational institutions. These were effective enough to cause online exams hundreds students be cancelled. Surprisingly, these purchased by from Web sites, known as Booters. sites provide DDoS paid service (DDoS-as-a-Service) at costs starting 1 USD. Since this problem was first identified Booters have been used repeatedly perform on schools in...

Personal cloud storage services are data-intensive applications already producing a significant share of Internet traffic. Several solutions offered by different companies attract more and people. However, little is known about each service capabilities, architecture -- most all performance implications design choices. This paper presents methodology to study services. We apply our compare 5 popular offers, revealing system architectures capabilities. The on designs assessed executing series...

The domain name system (DNS) is a core component of the Internet. It performs vital task mapping human readable names into machine data (such as IP addresses, which hosts handle e-mail, and so on). content DNS reveals lot about technical operations domain. Thus, studying state large parts over time valuable information evolution We collect unique long-term set with daily measurements for all domains under main top-level (TLDs) on Internet (including .com, .net, .org, comprising 50% global...

Over the past five years we have witnessed introduction of DNSSEC, a security extension to DNS that relies on digital signatures. DNSSEC strengthens by preventing attacks such as cache poisoning. However, common argument against deployment is its potential for abuse in Distributed Denial Service (DDoS) attacks, particular reflection and amplification attacks. responses DNSSEC-signed domain are typically larger than those an unsigned domain, thus, it may seem could actually worsen problem...

Although network management has always played a key role for industry, it only recently received similar level of attention from many research communities, accelerated by funding opportunities new initiatives, including the FP7 Program in Europe and GENI/FIND United States. Work is ongoing to assess state art identify challenges future field, this article contributes discussion. It presents major findings two-day workshop organized jointly IRTF/NMRG EMANICS Network Excellence, at which...

As the Internet continues to grow, it becomes more and apparent that existing management technologies need be improved, extended or replaced in order extend functionality reduce development time operational costs. Within IETF, IRTF, IAB, several new approaches are currently under discussion. Evolutionary aim at improving used technologies, whereas revolutionary try replace management-specific with standard distributed systems technologies. This article surveys research work way develop future

Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of critical infrastructures, such as water distribution facilities. These provide automated processes that ensure correct functioning these in a much similar those management operations found traditional Internet Protocol (IP), particular Simple Network Management (SNMP). In this paper we first look into characteristics SCADA traffic, with goal building an empirical foundation for future...

Supervisory Control and Data Acquisition (SCADA) networks are commonly deployed to aid the operation of large industrial facilities. The polling mechanism used retrieve data from field devices causes transmission be highly periodic. In this paper, we propose an approach that exploits traffic periodicity detect anomalies, which represent potential intrusion attempts. We present a proof concept show feasibility our approach.

The spread of 1-10 Gbps technology has in recent years paved the way to a flourishing landscape new, high-bandwidth Internet services. At same time, we have also observed increasingly frequent and widely diversified attacks. To this threat, research community answered with growing interest intrusion detection, aiming timely detect intruders prevent damage. We believe that detection problem is key component field detection. Our studies, however, made us realize additional needed, particular...

Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives. Although many attacks in a flow-based fashion is fairly straightforward, no insight typically provided whether an attack was successful. We address this shortcoming by presenting algorithm compromises, i.e., hosts that compromised during attack. Our has implemented as part our open-source IDS SSHCure and validated using almost 100 servers, workstations...

Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with loss revenue for targets, has given rise a market DDoS Protection Service (DPS) providers, whom victims can outsource cleansing traffic by using diversion.

Reproducibility is one of the key characteristics good science, but hard to achieve for experimental disciplines like Internet measurements and networked systems. This guide provides advice researchers, particularly those new field, on designing experiments so that their work more likely be reproducible serve as a foundation follow-on by others.

This paper compares the performance of Web services based network monitoring to traditional, SNMP based, monitoring. The study focuses on ifTable, and investigates as function number retrieved objects. following aspects are examined: bandwidth usage, CPU time, memory consumption round trip delay. For our several prototypes agents were implemented; these can retrieve single ifTable elements, rows, columns or entire ifTable. presents a generic formula calculate SNMP's requirements; was...

In recent years, emerging technologies such as the Internet of Things gain increasing interest in various communities. However, majority IoT devices have little or no protection at software and infrastructure levels thus are also opening up new vulnerabilities that might be misused by cybercriminals to perform large-scale cyber attacks means botnets. These kind lead service outages cause enormous financial loss, image reputation damage. One approach proactively block spreading botnets is...

Abstract Policy makers in regions such as Europe are increasingly concerned about the trustworthiness and sovereignty of foundations their digital economy, because it often depends on systems operated or manufactured elsewhere. To help curb this problem, we propose novel notion a responsible Internet, which provides higher degrees trust for critical service providers (e.g., power grids) all kinds other users by improving transparency, accountability, controllability Internet at...

It is often assumed that Internet traffic exhibits Gaussian characteristics, and this assumption has been validated in various studies of real traffic. Less known, however, about possible boundaries: at what timescales how much user aggregation required for to be Gaussian? The goal paper investigate these questions by analyzing hundreds traces, collected four representative locations. To assess whether Gaussian, the starts with introducing an easy fast procedure, based on earlier work Kilpi...