Sharif Digital Repository

Today, we live in an information age where all people can access the vast amount of data in the world by connecting to the Internet.Since the Internet has expanded significantly to share information, some individuals and organizations seek to be able to prevent the possible sabotage of some people by monitoring network users. Analysis of computer network traffic is one of the importance issues that many activities have been done in this area. One of the most important questions in traffic analysis is to identify the main content of traffic on the encrypted network. Numerous studies have shown that the traffic of websites visited through the Tor network, including Specific information that... 

Up to now two kinds of hardware have been used in routers: ASIC processors or general purpose processors. These two solutions have their own flaws. ASIC hardwares are fast but they are not flexible for implementation or development of new applications. And general purpose processors are not fast enough for fast data rate of network. On the other hand, there is an ever increasing gap between the memory access speed and network data rate. At this time the main bottleneck in packet processing systems is memory. For solving this problem, two groups of solution have been introduced. The first group tries to reduce the demand for memory by using cache or longer system words. The second group uses... 

The attempt of this project is to propose a simple model for traffic analysis which eventually leads to the presentation of an online classifier for network traffic anomaly detection. In this research, e show empirically that despite the variety of data networks in size, number of users, applications, and load, the inter-arrival times of normal TCP flows comply with the Weibull distribution whereas specific irregularities (anomalies) causes deviations from the distribution. Consequently, any type of anomalies affecting TCP flows, including intentional intrusions or unintended faults and network failures in general, can be detected by analyzing the discrepancy of TCP flow inter-arrival times... 

In recent years, internet traffic is experiencing an explosive growth. High performance networking in large scale computer networks creates several security challenges. Exploiting Deep Packet Inspection (DPI) is regarded as a big challenge especially for massive data when number of concurrent connections grows. Using simple security based on network layer data can easily avaded by attackers and also can not detect more sophisticated attacks like DDoS. In this paper we proposed a new grammar model named bidirectional asynchronous counting grammar and it’s automata. With this grammar model we can define policies based on extracted fields in both request and response flows. Using new model of... 

Payload Attribution Systems (PAS) are one of the most important tools of network forensics for detecting offenders and victims after the occurrence of a cybercrime. A PAS stores the network traffic history in order to detect the source and destination pair of a certain data stream in case a malicious activity occurs on the network. The huge volume of information that is daily transferred in the network means that the data stored by a PAS must be as compact and concise as possible. Moreover, the investigation of this large volume of data for a malicious data stream must be handled within a reasonable time. For this purpose, several techniques based on storing a digest of traffic using Bloom... 

Many congestion control protocols proposed so far to alleviate the problems encountered by TCP protocol in high-speed networks and wireless links have to estimate the parameters of the network. For example, the TCP WESTWOOD congestion window is adjusted based on available bandwidth estimation, or TCP Vegas detects the congestion status based on RTT (Round Trip Time) estimation, and XCP protocol operates according to network traffic load. In this paper, we proposed a novel estimation algorithm that is based on burst identification techniques in router. we show through analysis and simulation that during burst periods this method can estimate the congestion window size of the specific flow... 

Almost all of the network traffic classification systems use pre-defined extracted features by the experts in computer network. These features include regular expressions, port number, information in the header of different layers and statistical feature of the flow. The main problem of the traffic analysis and anomaly detection system lies in finding appropriate features. The feature extraction is a time consuming process which needs an expert to be done. It is notable that the classification of special kinds of traffic like encrypted traffic is impossible using some subset of mentioned features.The lack of integration in feature detection and classification is also another important issue... 

Trac classication in today’s high-bandwidth networks is challenging, resource consuming, and inaccurate due to the high volume, velocity, and variety aracteristics of the network trac. Trac aracterization and Application identication teniques are widely addressed in the current literature. Due to the massive volume and streaming data in recent years, stream algorithms have been considered by many researers in dierent areas. Online application detection is an issue that has been addressed less frequently in literature. In this thesis, we investigate the performance of 10 dierent stream classication algorithms along with traditional classication algorithms. To generate a robust classier for... 

Mobile Ad-Hoc Networks (MANETs) have been studied as one of the most important technologies in the mid to late 1990s. There are several research works on types of network traffic modeling and prediction. Therefore, a very important issue is to make prediction on traffic-flows that each node handles. Because of this, prediction permits us to improve and increase the performance of the network. This project is a contributing effort to improve the traffic packets prediction by Neural Networks in MANET. The main goal of this thesis is about the recovery of data after crisis in phenomenal roads and highways. Our goal is recognizing phenomenal crisis-points in roads. In this thesis packets are... 

Network traffic classification has been an essential element for security monitoring in the network security scope and also for quality of service purposes. Every now and then, new traffic classes are added to the available groups which are unknown to the system. In an security scope, the novelties are actually the zero-day attacks which can have huge effects on the system environment. There have been many methods developed for traffic classification which are able to distinguish known traffic using signatures or learning-based methods. In a real world scenario, The primary challenge that new traffic classifiers face, is to detect novelty and separate them from the previously known labels....