This document discusses internet traffic monitoring and analysis. It describes:
1) The growth of internet usage and evolving network environments that require reliable monitoring.
2) Real-world applications of monitoring including network usage analysis, planning, SLA monitoring, and security attack detection.
3) POSTECH's research activities including MRTG+, WebTrafMon, and their next-generation system NG-MON for high-speed monitoring.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
The document discusses intrusion prevention systems (IPS), which monitor network and system activity to identify and block malicious activity. It describes how IPS uses signature-based or anomaly-based detection methods to identify intrusions. IPS can be network-based, host-based, wireless, or focus on network behavior analysis. The document contrasts IPS with intrusion detection systems (IDS), which can only detect and report intrusions, while IPS can actively prevent them. It also compares IPS to firewalls, noting that IPS monitors for unwanted entries while firewalls regulate activity based on set rules.
Network security involves protecting computer networks from unauthorized access. It aims to achieve access control, confidentiality, authentication, integrity, and non-repudiation. Throughout history, as hacking and crimes emerged in the 1980s and the Internet became public in the 1990s, security concerns increased tremendously. Network security employs multiple layers including physical security, perimeter protection, user training, encryption, and firewalls among other hardware and software components. As threats continue to evolve, the field of network security must also evolve rapidly to protect information and system resources.
This document discusses web security and outlines some key terminology and issues. It defines internet security as protecting information by preventing, detecting, and responding to attacks. Some key points made are that 1 in 8 computers are infected with malware, spam and phishing attacks are common threats, and firewalls and antivirus software can help secure systems and block unwanted traffic. The document also provides definitions for common security terms like hackers, viruses, Trojan horses, and ransomware.
This document discusses cyber security and the need for it. It defines cyber as relating to information technology, the internet, and virtual reality. Cyber security is necessary to protect data from theft or misuse and safeguard systems from viruses. Some major security problems include viruses, hackers, malware, Trojan horses, and password cracking. It provides examples of each problem and recommends solutions like using antivirus software, firewalls, strong and unique passwords, and security suites.
This document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It defines DoS as making a machine or network unavailable to its intended users. DDoS uses other computers to launch the attack. Methods of attack mentioned include ICMP floods, teardrop attacks, and reflected/spoofed attacks. Signs of an attack include slow network performance. The document provides tips for system administrators and users, such as contacting providers and following security best practices, to mitigate attacks.
This document discusses various types of network attacks and countermeasures. It describes mapping to study a victim's network before attacking, packet sniffing where a host can read unencrypted communication, spoofing where an attacker takes a target's IP address to remain anonymous, and DoS/DDoS attacks which aim to overload services and bring them down. Hijacking combines different attack techniques to disrupt an entire network. The document provides details on each attack method and their techniques.
Network intrusion detection systems (NIDS) monitor network traffic for malicious activity by analyzing network packets at choke points like borders or the demilitarized zone. NIDS identify intrusions by comparing traffic patterns to known attack signatures or by detecting anomalies from established baselines. While NIDS can detect both previously known and unknown attacks, they require frequent signature database updates and may generate false positives. NIDS provide visibility without affecting network performance but cannot inspect encrypted traffic or all traffic on very large networks.
William F. Crowe presented on the cybersecurity kill chain, which models the stages of a cyber attack based on military doctrine. The model developed by Lockheed Martin includes stages of reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. ISACA and the European Union Agency for Network and Information Security also use similar kill chain models to analyze the process of advanced persistent threats targeting critical systems and data.
Ethical Hacking n VAPT presentation by Suvrat jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
The document defines security attacks and threats. It describes different types of attacks like passive attacks, active attacks, insider attacks, phishing attacks, spoofing attacks, hijack attacks, exploit attacks and password attacks. It also discusses two common threats - Cross Site Scripting (XSS) and SQL injection. XSS involves injecting malicious code snippets while SQL injection embeds malicious code in a poorly-designed app passed to the backend database.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines denial of service (DoS) attacks and how DDoS attacks differ in employing multiple compromised computers to coordinate a widespread attack. It then provides examples of targets that can be affected and overviews how DDoS attacks work by flooding the victim with traffic from many sources. The document goes on to discuss specific DDoS attack types, defenses against attacks, and how attacks are practically handled through router filtering, black hole routing, and traffic diversion techniques.
This document defines storage area networks (SANs) and discusses their architecture, technologies, management, security and benefits. A SAN consists of storage devices connected via a dedicated network that allows servers to access storage independently. Fibre Channel is the most widely used technology but iSCSI and FCIP allow block storage over IP networks. Effective SAN management requires coordination across storage, network and system levels. Security measures like authentication, authorization and encryption help protect data in this shared storage environment.
The document summarizes a presentation about service contracts. It discusses why service contracts are needed to formally specify relationships between service providers and consumers. It also describes what information should be included in a service contract, such as functional and non-functional requirements, policies, and the service contract definition process. Finally, it discusses characteristics of service contracts, including how they can be used to define policies, security, monitoring, and versioning of services.
This document provides an overview of using internet applications in Week 3 of a COMP121 course. It discusses internet, intranet and extranet networks and tools like HTTP, FTP, email, IRC, WWW, Gopher and WAIS. It outlines the scope and learning outcomes of understanding internet applications and protocols. Key topics covered include internet hardware and software, advantages and disadvantages of the internet, intranet and extranet, and layered system views of networking.
Traffic State Estimation and Prediction under Heterogeneous Traffic Conditions
The recent economic growth in developing countries
like India has resulted in an intense increase of vehicle
ownership and use, as witnessed by severe traffic congestion
and bottlenecks during peak hours in most of the metropolitan
cities. Intelligent Transportation Systems (ITS) aim to reduce
traffic congestion by adopting various strategies such as
providing pre-trip and en-route traffic information thereby
reducing demand, adaptive signal control for area wide
optimization of traffic flow, etc. The successful deployment
and the reliability of these systems largely depend on the
accurate estimation of the current traffic state and quick and
reliable prediction to future time steps. At a macroscopic level,
this involves the prediction of fundamental traffic stream
parameters which include speed, density and flow in spacetime
domain. The complexity of prediction is enhanced by
heterogeneous traffic conditions as prevailing in India due to
less lane discipline and complex interactions among different
vehicle types. Also, there is no exclusive traffic flow model for
heterogeneous traffic conditions which can characterize the
traffic stream at a macroscopic level. Hence, the present study
tries to explore the applicability of an existing macroscopic
model, namely the Lighthill-Whitham-Richards (LWR) model,
for short term prediction of traffic flow in a busy arterial in
the city of Chennai, India, under heterogeneous traffic
conditions. Both linear and exponential speed-density
relations were considered and incorporated into the
macroscopic model. The resulting partial differential
equations are solved numerically and the results are found to
be encouraging. This model can ultimately be helpful for the
implementation of ATIS/ATMS applications under
heterogeneous traffic environment.
Applying Computer Vision to Traffic Monitoring System in Vietnam
This document summarizes research on applying computer vision algorithms to develop an automatic traffic monitoring system in Vietnam. Key aspects of the system include vehicle detection using differences between frames, vehicle segmentation using edge detection and dilation, vehicle classification based on area and shape, and vehicle tracking across frames to count vehicles and estimate speeds. Experimental results found the system could detect 90-95% of vehicles and estimate speeds accurately 90-93% of the time. The research aims to improve traffic management by providing real-time traffic information.
This document describes a prototype application that predicts a user's travel routes based on their travel history in order to provide customized traffic advisories. It uses machine learning techniques to identify important locations from GPS and other sensor data. Routes between locations are learned from GPS data sequences and frequent routes are identified. When the user is predicted to leave a location, the application checks for traffic along likely routes and issues alerts if congestion exceeds normal levels for that route and time. A field study evaluated user acceptance of the advisories delivered by the application during transitions between locations.
The document discusses the need for reliable high-quality video transmission infrastructure but notes existing infrastructure is limited. It also notes wired infrastructure has high costs and deployment challenges. Wireless solutions can help overcome these issues by providing flexible, scalable networks to support various applications like traffic management, education, surveillance and more. Private wireless networks also offer reliability, security and control compared to public networks.
S-CUBE LP: Quality of Service-Aware Service Composition: QoS optimization in ...
This document discusses quality of service (QoS) optimization in service-based processes. It describes how to select and optimize composed web services to satisfy QoS constraints. The key aspects covered are QoS definition for web services, optimization at both the local service selection level and global process level, and rebinding services to maintain QoS as processes execute.
This document discusses a project to build a machine learning model to predict traffic congestion levels based on images of roads. It uses the Histogram of Oriented Gradients (HOG) algorithm to extract features from images downloaded from a government data source. These features are used to train a random forest model to classify congestion levels. The model is tested on a test dataset, achieving an accuracy of 92.9%. Challenges include manually labelling images and issues with image resolution and lighting.
This document provides an agenda for hardening Windows 2003 web servers. It covers various topics including physical security, OS installation, account policies, local policies, services configuration, user accounts, IP policies, permissions, hardening IIS, and additional hardening techniques. The goal is to create a secure environment and maintain security by configuring the OS, services, user accounts, permissions and IIS according to security best practices.
The document discusses trends in various industries and demographic groups. It provides statistics on year-over-year growth and key demographics for several companies including Abbott Laboratories, Pacific Life, CVS Caremark, and trends for age groups ranging from 13-70 years old. Unknown terms are used that make the overall meaning difficult to discern from the document.
ICCV2009: MAP Inference in Discrete Models: Part 5
The course program document outlines the schedule for a one-day tutorial on comparison of optimization methods. The schedule includes sessions on discrete models in computer vision, message passing algorithms, quadratic pseudo-boolean optimization, transformation and move-making methods, and recent advances such as dual decomposition and higher-order models. All materials from the tutorial will be made available online after the conference at the listed URL.
This document discusses various topics related to criminal justice programs and profiling of serial killers. It includes outlines on profiling serial killers and the SARA problem solving model. It also covers classical, biological, social and psychological theories of crime. Various criminal justice organizations and conferences are mentioned. Case studies related to Ted Bundy are discussed in the context of criminal justice programs and profiling.
The document discusses storage area networks (SANs) and fiber channel technology. It provides background on SANs and how they function as a separate high-speed network connecting storage resources like RAID systems directly to servers. It then covers SAN topologies using fiber channel, including point-to-point, arbitrated loop, and fabric switch configurations. Finally, it discusses planning, managing and the management perspective of SANs in the data center.
The document outlines various security concepts including attacks, services, mechanisms, and methods of defense for network security. It discusses security attacks like interruption, interception, modification, and fabrication. It also covers security services like confidentiality, authentication, integrity, non-repudiation, and availability. Finally, it mentions methods of defense such as encryption, software and hardware controls, policies, and physical controls.
World War 2 involved extensive spying and intelligence gathering efforts. The US established the Coordinator of Information in 1941 to collect and analyze national security data, but the FBI was reluctant to share information. After the Pearl Harbor attacks, it was clear that intelligence coordination needed improvement. The Office of Strategic Services was formed in 1942 to conduct clandestine operations like training foreign troops and sending operatives behind enemy lines. Notable OSS agent Moe Berg was a Major League Baseball player who used his language skills and undercover abilities on missions in Yugoslavia, Norway, and Italy. The military also had their own intelligence operations such as code breaking and interrogating prisoners of war. After the war, the OSS was dissolved and re
The document discusses Android development and UI design. It introduces some common widgets in Android like TextView, buttons, and different layouts like linear, relative and table layouts. It also discusses activities, services, intents and the Android component and manifest files.
This lecture will cover sets and set operations from the textbook "Discrete Mathematics & Its Applications" by Kenneth H. Rosen. The topics to be discussed are sets and set operations, with the lecture focusing on defining what sets are and exploring operations that can be performed on sets such as unions, intersections, and complements. Multiple examples of sets and set operations will be examined in detail during the lecture.
Prevention based mechanism for attacks in Network Security
Network Security has become vital in today’s information technology era, as a result
of that numerous techniques are a unit adopted to bypass it. Network administrator has to be
compelled to manage with the recent advancements in each the hardware and software system fields
for their betterment of the user’s knowledge. This paper outlines the varied attack strategies in the
field of Networking and numerous prevention mechanisms against them.
DDoS attacks target companies and institutions that provide online services. They work by overloading servers with traffic from multiple compromised systems known as "bots" or "zombies". Common DDoS attack types include SMURF, TCP SYN/ACK, UDP flood, DNS amplification, and attacks using peer-to-peer networks. Defenses include configuring routers and firewalls to filter unauthorized traffic, limiting response messages, and tracking malicious activity on peer-to-peer networks. As attack methods evolve, continued development of detection and mitigation techniques is needed.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
This document discusses distributed denial of service (DDoS) attacks. It begins by defining a DDoS attack as an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. It then explains how DDoS attacks work by exploiting vulnerable systems to create large networks of compromised devices that can be directed by an attacker to target a specific system or server. Finally, it discusses different types of DDoS attacks including volumetric attacks, protocol attacks, and application layer attacks and some famous DDoS incidents like attacks on the Church of Scientology and various websites.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
The document discusses intrusion prevention systems (IPS), which monitor network and system activity to identify and block malicious activity. It describes how IPS uses signature-based or anomaly-based detection methods to identify intrusions. IPS can be network-based, host-based, wireless, or focus on network behavior analysis. The document contrasts IPS with intrusion detection systems (IDS), which can only detect and report intrusions, while IPS can actively prevent them. It also compares IPS to firewalls, noting that IPS monitors for unwanted entries while firewalls regulate activity based on set rules.
Network security involves protecting computer networks from unauthorized access. It aims to achieve access control, confidentiality, authentication, integrity, and non-repudiation. Throughout history, as hacking and crimes emerged in the 1980s and the Internet became public in the 1990s, security concerns increased tremendously. Network security employs multiple layers including physical security, perimeter protection, user training, encryption, and firewalls among other hardware and software components. As threats continue to evolve, the field of network security must also evolve rapidly to protect information and system resources.
This document discusses web security and outlines some key terminology and issues. It defines internet security as protecting information by preventing, detecting, and responding to attacks. Some key points made are that 1 in 8 computers are infected with malware, spam and phishing attacks are common threats, and firewalls and antivirus software can help secure systems and block unwanted traffic. The document also provides definitions for common security terms like hackers, viruses, Trojan horses, and ransomware.
This document discusses cyber security and the need for it. It defines cyber as relating to information technology, the internet, and virtual reality. Cyber security is necessary to protect data from theft or misuse and safeguard systems from viruses. Some major security problems include viruses, hackers, malware, Trojan horses, and password cracking. It provides examples of each problem and recommends solutions like using antivirus software, firewalls, strong and unique passwords, and security suites.
This document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It defines DoS as making a machine or network unavailable to its intended users. DDoS uses other computers to launch the attack. Methods of attack mentioned include ICMP floods, teardrop attacks, and reflected/spoofed attacks. Signs of an attack include slow network performance. The document provides tips for system administrators and users, such as contacting providers and following security best practices, to mitigate attacks.
This document discusses various types of network attacks and countermeasures. It describes mapping to study a victim's network before attacking, packet sniffing where a host can read unencrypted communication, spoofing where an attacker takes a target's IP address to remain anonymous, and DoS/DDoS attacks which aim to overload services and bring them down. Hijacking combines different attack techniques to disrupt an entire network. The document provides details on each attack method and their techniques.
Network intrusion detection systems (NIDS) monitor network traffic for malicious activity by analyzing network packets at choke points like borders or the demilitarized zone. NIDS identify intrusions by comparing traffic patterns to known attack signatures or by detecting anomalies from established baselines. While NIDS can detect both previously known and unknown attacks, they require frequent signature database updates and may generate false positives. NIDS provide visibility without affecting network performance but cannot inspect encrypted traffic or all traffic on very large networks.
William F. Crowe presented on the cybersecurity kill chain, which models the stages of a cyber attack based on military doctrine. The model developed by Lockheed Martin includes stages of reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. ISACA and the European Union Agency for Network and Information Security also use similar kill chain models to analyze the process of advanced persistent threats targeting critical systems and data.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
The document defines security attacks and threats. It describes different types of attacks like passive attacks, active attacks, insider attacks, phishing attacks, spoofing attacks, hijack attacks, exploit attacks and password attacks. It also discusses two common threats - Cross Site Scripting (XSS) and SQL injection. XSS involves injecting malicious code snippets while SQL injection embeds malicious code in a poorly-designed app passed to the backend database.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines denial of service (DoS) attacks and how DDoS attacks differ in employing multiple compromised computers to coordinate a widespread attack. It then provides examples of targets that can be affected and overviews how DDoS attacks work by flooding the victim with traffic from many sources. The document goes on to discuss specific DDoS attack types, defenses against attacks, and how attacks are practically handled through router filtering, black hole routing, and traffic diversion techniques.
This document defines storage area networks (SANs) and discusses their architecture, technologies, management, security and benefits. A SAN consists of storage devices connected via a dedicated network that allows servers to access storage independently. Fibre Channel is the most widely used technology but iSCSI and FCIP allow block storage over IP networks. Effective SAN management requires coordination across storage, network and system levels. Security measures like authentication, authorization and encryption help protect data in this shared storage environment.
The document summarizes a presentation about service contracts. It discusses why service contracts are needed to formally specify relationships between service providers and consumers. It also describes what information should be included in a service contract, such as functional and non-functional requirements, policies, and the service contract definition process. Finally, it discusses characteristics of service contracts, including how they can be used to define policies, security, monitoring, and versioning of services.
This document provides an overview of using internet applications in Week 3 of a COMP121 course. It discusses internet, intranet and extranet networks and tools like HTTP, FTP, email, IRC, WWW, Gopher and WAIS. It outlines the scope and learning outcomes of understanding internet applications and protocols. Key topics covered include internet hardware and software, advantages and disadvantages of the internet, intranet and extranet, and layered system views of networking.
Traffic State Estimation and Prediction under Heterogeneous Traffic ConditionsIDES Editor
The recent economic growth in developing countries
like India has resulted in an intense increase of vehicle
ownership and use, as witnessed by severe traffic congestion
and bottlenecks during peak hours in most of the metropolitan
cities. Intelligent Transportation Systems (ITS) aim to reduce
traffic congestion by adopting various strategies such as
providing pre-trip and en-route traffic information thereby
reducing demand, adaptive signal control for area wide
optimization of traffic flow, etc. The successful deployment
and the reliability of these systems largely depend on the
accurate estimation of the current traffic state and quick and
reliable prediction to future time steps. At a macroscopic level,
this involves the prediction of fundamental traffic stream
parameters which include speed, density and flow in spacetime
domain. The complexity of prediction is enhanced by
heterogeneous traffic conditions as prevailing in India due to
less lane discipline and complex interactions among different
vehicle types. Also, there is no exclusive traffic flow model for
heterogeneous traffic conditions which can characterize the
traffic stream at a macroscopic level. Hence, the present study
tries to explore the applicability of an existing macroscopic
model, namely the Lighthill-Whitham-Richards (LWR) model,
for short term prediction of traffic flow in a busy arterial in
the city of Chennai, India, under heterogeneous traffic
conditions. Both linear and exponential speed-density
relations were considered and incorporated into the
macroscopic model. The resulting partial differential
equations are solved numerically and the results are found to
be encouraging. This model can ultimately be helpful for the
implementation of ATIS/ATMS applications under
heterogeneous traffic environment.
Applying Computer Vision to Traffic Monitoring System in Vietnam Lê Anh
This document summarizes research on applying computer vision algorithms to develop an automatic traffic monitoring system in Vietnam. Key aspects of the system include vehicle detection using differences between frames, vehicle segmentation using edge detection and dilation, vehicle classification based on area and shape, and vehicle tracking across frames to count vehicles and estimate speeds. Experimental results found the system could detect 90-95% of vehicles and estimate speeds accurately 90-93% of the time. The research aims to improve traffic management by providing real-time traffic information.
This document describes a prototype application that predicts a user's travel routes based on their travel history in order to provide customized traffic advisories. It uses machine learning techniques to identify important locations from GPS and other sensor data. Routes between locations are learned from GPS data sequences and frequent routes are identified. When the user is predicted to leave a location, the application checks for traffic along likely routes and issues alerts if congestion exceeds normal levels for that route and time. A field study evaluated user acceptance of the advisories delivered by the application during transitions between locations.
The document discusses the need for reliable high-quality video transmission infrastructure but notes existing infrastructure is limited. It also notes wired infrastructure has high costs and deployment challenges. Wireless solutions can help overcome these issues by providing flexible, scalable networks to support various applications like traffic management, education, surveillance and more. Private wireless networks also offer reliability, security and control compared to public networks.
S-CUBE LP: Quality of Service-Aware Service Composition: QoS optimization in ...virtual-campus
This document discusses quality of service (QoS) optimization in service-based processes. It describes how to select and optimize composed web services to satisfy QoS constraints. The key aspects covered are QoS definition for web services, optimization at both the local service selection level and global process level, and rebinding services to maintain QoS as processes execute.
This document discusses a project to build a machine learning model to predict traffic congestion levels based on images of roads. It uses the Histogram of Oriented Gradients (HOG) algorithm to extract features from images downloaded from a government data source. These features are used to train a random forest model to classify congestion levels. The model is tested on a test dataset, achieving an accuracy of 92.9%. Challenges include manually labelling images and issues with image resolution and lighting.
This document provides an agenda for hardening Windows 2003 web servers. It covers various topics including physical security, OS installation, account policies, local policies, services configuration, user accounts, IP policies, permissions, hardening IIS, and additional hardening techniques. The goal is to create a secure environment and maintain security by configuring the OS, services, user accounts, permissions and IIS according to security best practices.
The document discusses trends in various industries and demographic groups. It provides statistics on year-over-year growth and key demographics for several companies including Abbott Laboratories, Pacific Life, CVS Caremark, and trends for age groups ranging from 13-70 years old. Unknown terms are used that make the overall meaning difficult to discern from the document.
ICCV2009: MAP Inference in Discrete Models: Part 5zukun
The course program document outlines the schedule for a one-day tutorial on comparison of optimization methods. The schedule includes sessions on discrete models in computer vision, message passing algorithms, quadratic pseudo-boolean optimization, transformation and move-making methods, and recent advances such as dual decomposition and higher-order models. All materials from the tutorial will be made available online after the conference at the listed URL.
This document discusses various topics related to criminal justice programs and profiling of serial killers. It includes outlines on profiling serial killers and the SARA problem solving model. It also covers classical, biological, social and psychological theories of crime. Various criminal justice organizations and conferences are mentioned. Case studies related to Ted Bundy are discussed in the context of criminal justice programs and profiling.
The document discusses storage area networks (SANs) and fiber channel technology. It provides background on SANs and how they function as a separate high-speed network connecting storage resources like RAID systems directly to servers. It then covers SAN topologies using fiber channel, including point-to-point, arbitrated loop, and fabric switch configurations. Finally, it discusses planning, managing and the management perspective of SANs in the data center.
The document outlines various security concepts including attacks, services, mechanisms, and methods of defense for network security. It discusses security attacks like interruption, interception, modification, and fabrication. It also covers security services like confidentiality, authentication, integrity, non-repudiation, and availability. Finally, it mentions methods of defense such as encryption, software and hardware controls, policies, and physical controls.
World War 2 involved extensive spying and intelligence gathering efforts. The US established the Coordinator of Information in 1941 to collect and analyze national security data, but the FBI was reluctant to share information. After the Pearl Harbor attacks, it was clear that intelligence coordination needed improvement. The Office of Strategic Services was formed in 1942 to conduct clandestine operations like training foreign troops and sending operatives behind enemy lines. Notable OSS agent Moe Berg was a Major League Baseball player who used his language skills and undercover abilities on missions in Yugoslavia, Norway, and Italy. The military also had their own intelligence operations such as code breaking and interrogating prisoners of war. After the war, the OSS was dissolved and re
The document discusses Android development and UI design. It introduces some common widgets in Android like TextView, buttons, and different layouts like linear, relative and table layouts. It also discusses activities, services, intents and the Android component and manifest files.
This lecture will cover sets and set operations from the textbook "Discrete Mathematics & Its Applications" by Kenneth H. Rosen. The topics to be discussed are sets and set operations, with the lecture focusing on defining what sets are and exploring operations that can be performed on sets such as unions, intersections, and complements. Multiple examples of sets and set operations will be examined in detail during the lecture.
Prevention based mechanism for attacks in Network SecurityEditor IJMTER
Network Security has become vital in today’s information technology era, as a result
of that numerous techniques are a unit adopted to bypass it. Network administrator has to be
compelled to manage with the recent advancements in each the hardware and software system fields
for their betterment of the user’s knowledge. This paper outlines the varied attack strategies in the
field of Networking and numerous prevention mechanisms against them.
This document discusses the growing threat of distributed denial of service (DDoS) attacks and strategies for mitigating them. It notes that DDoS attacks are increasing in size and sophistication, with some now reaching hundreds of gigabits per second. The document outlines different types of network layer and application layer DDoS attacks and examines methods that can be used to detect and prevent these attacks, such as packet anomaly checking, blacklisting, authentication, rate limiting, and protocol inspection. It also describes A10 Networks' Thunder TPS appliance for high-performance DDoS mitigation.
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
This document summarizes a survey on distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANETs). It begins by introducing MANETs and some of the key security issues they face, including DDoS attacks. It then discusses different types of DDoS attacks like flooding and amplification/reflection attacks. The document proposes a new defense scheme against amplification attacks, which exploit protocols like DNS and NTP to amplify traffic. It describes using the Network Security Simulator to model and simulate DDoS attacks with master, zombie, and server entities to evaluate defense techniques and compare the impact of protocols like DNS and NTP.
Internets Manage Communication Procedure and Protection that Crash on ServersIRJET Journal
This document summarizes a research study that evaluated the performance of the Windows Server and Mac OS X Server operating systems when subjected to different types of ICMP-based denial-of-service attacks. The attacks tested were ping floods and Smurf attacks. Both servers were installed on the same Apple Mac Pro hardware platform to isolate the effects of the operating systems. The Windows Server was able to handle more legitimate HTTP connections than the Mac OS X Server under ping flood attacks, but crashed at a much lower bandwidth of Smurf attack traffic (150 Mbps) compared to the Mac OS X Server (500 Mbps). The study concludes that while Windows Server performed better against ping floods, its built-in protections were less effective against Smurf attacks
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
LTE was started in 2004 as a project to provide high data rates, low latency and a packet-optimized radio access technology. It aims to support speeds of up to 50 times faster than 3G and improved spectral efficiency for cellular networks. Some key advantages of LTE include high throughput, low latency, seamless connectivity between networks, and support for both FDD and TDD in the same platform. Fraud management is important for telecom operators to identify and prevent fraud to avoid revenue losses. New types of frauds on NGN include SIM box fraud and malware on mobile devices. Effective fraud detection requires techniques that can identify fraud accurately with no false alarms by analyzing all network data through various access points.
Network Fundamental for Malware Analysis.pptxSazidHossain9
This document provides an overview of basic network fundamentals and components relevant for malware analysis. It discusses what a computer network is, sample network configurations, wired and wireless network components like cables and media. It also covers network communication topics like IP addresses, subnets, DNS, and how web pages work. Finally, it provides a brief introduction to the Windows Registry and how it is used to store program settings and locations.
Impact of Flash Crowd Attack in Online Retail ApplicationsIJEACS
This document discusses flash crowd attacks on online retail applications. It begins by introducing denial of service (DoS) and distributed denial of service (DDoS) attacks. It then explains that flash crowd attacks are a type of DDoS attack that aims to overwhelm servers with legitimate-looking requests. The document outlines the network model used to simulate flash crowd attacks and presents results analyzing the impact on server energy levels. It finds that as the number of requests increases, servers experience decreased energy and lifetime. The study aims to minimize these attacks by having servers identify real clients to prioritize sending responses.
This document discusses the design and implementation of an embedded intrusion detection and authority management system on an embedded Linux platform. The system is capable of identifying Smurf attacks and analyzing ICMP traffic in real-time. It uses a low-power embedded development board running Linux 2.4.18 to monitor network traffic and detect suspicious behavior and security threats like port scans, buffer overflows, and DDoS attacks in a cost-effective manner. Experimental results show that the embedded system can successfully detect Smurf attacks and provide detection information comparable to a desktop system, while using less resources.
The document discusses trends in computer networking job roles. It describes several common networking roles including network administrator, network technician, network security specialist, and network manager. For each role it provides details on typical responsibilities and qualifications needed. It also discusses the increasing demand for networking professionals with security skills due to more organizations moving transactions and data online.
This document provides an overview of computer networks, including defining what a network is, identifying the benefits and risks of networks, different types of networks, and network terminology. Specifically, it describes how a network allows sharing of software, hardware, and information. The document also discusses client/server networks and how servers provide services to clients. It identifies advantages like information sharing and collaboration, while risks include security issues, hackers, viruses, and loss of privacy.
Investigation, Design and Implementation of a SecureFiras Alsayied
1) The document outlines a network design project for the University of Tripoli that involves designing the network infrastructure and implementing security policies and protocols.
2) The design includes VLANs, firewalls, VPN access, and wireless access across multiple engineering departments.
3) The implementation phase focuses on secure configuration of network devices, access control lists, firewall rules, encrypted management access, and a captive portal for wireless users.
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of nodes that interrelate with each other for switch over the information. This information is necessary for that node is reserved confidentially. Attacker in the system may capture this private information and distorted. So security is the major issue. There are several security attacks in network. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviors they may happen obviously or it may due to some attackers .Various schemes are developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
This document proposes a system called FireCol, which stands for a collaborative protection network for detecting flooding DDoS attacks. FireCol uses a distributed network of intrusion prevention systems located at internet service providers that form virtual protection rings around hosts. These systems collaborate by exchanging selected traffic information to detect DDoS attacks close to the source. The document outlines the architecture of FireCol and experimental results showing its effectiveness at detecting attacks with low overhead. Future work is mentioned to extend FireCol's capabilities.
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
This document discusses network traffic analysis using Wireshark. It begins with an introduction to how network traffic analysis is important for performance optimization, network forensics, penetration testing, and ensuring integrated systems work properly. It then discusses how traffic analysis can be used maliciously by attackers to obtain sensitive information like passwords and files. The document goes on to explain how Wireshark can be used for both legitimate network analysis and malicious attacks, and describes different types of network attacks like passive and active attacks. It also discusses methods attackers can use to sniff network traffic on a switch. The document concludes with recommendations for countermeasures like access restrictions, encryption, and switch security features.
Modern DDoS attacks are increasing in size, frequency, and complexity. A layered DDoS protection solution is needed to stop volumetric, application layer, and advanced attacks. Cisco and Arbor Networks provide a comprehensive solution combining Arbor's DDoS protection products with Cisco's ASR 9000 routers that have virtual DDoS protection modules. This embedded network protection leverages the infrastructure for mitigation techniques like ACLs, BGP Flowspec, and source/destination-based remote triggered blackholing to block attacks at multiple points before reaching customers.
ADVANCED MULTIMEDIA PLATFORM BASED ON BIG DATA AND ARTIFICIAL INTELLIGENCE IM...IJNSA Journal
The proposed work describes the design of a multimedia platform managing users and implementing cybersecurity. The paper describes in details the use cases of the whole platform embedding Big Data and artificial intelligence (AI) engine predicting network attacks. The platform has been tested by Tree Ensemble algorithm classifying and predicting anomalous server logs of possible attacks. The data logs are collected in Cassandra Big Data System enabling the AI training model. The work has been developed within the framework of a research industry project.
Similar to Internet Traffic Monitoring and Analysis (20)
This document provides information about server variables in ASP.NET, including how to display all server variables using ServerVars.aspx. It also shows how to output the machine name using Node.aspx. The document lists several Microsoft URLs and encourages signing up for TechEd 2011 between June 8-31st to save $500 on registration. It directs people to the North America 2011 kiosk for registration and invites them to join in Atlanta next year.
The document provides an overview of SQL Server security best practices. It recommends turning off unnecessary services, using Windows authentication over mixed mode if possible, securing the 'sa' account with a strong password, enabling auditing of failed logins, disabling unnecessary features like xp_cmdshell, and using schemas and stored procedures to implement the principle of least privilege for user access. It also discusses topics like encrypting data at the column level using keys and certificates. The goal is to harden SQL Server security without making it inaccessible to legitimate users and applications.
The document discusses disk I/O performance in SQL Server 2005. It begins with some questions about which queries and RAID configurations would affect disk I/O the most. It then covers the basics of I/O and different RAID levels, their pros and cons. The document provides an overview of monitoring physical and logical disk performance, and offers tips on tuning disk I/O performance when bottlenecks occur. It concludes with resources for further information.
This document provides an overview of different RAID levels including RAID 0, 1, 5 and 10. It explains how each RAID level works in terms of disk configuration and data storage. It also discusses hardware considerations like SCSI and ATA disks as well as backup media options.
The document provides an overview of SQL (Structured Query Language), including its standards, environment, data types, DDL (Data Definition Language) for defining database schema, DML (Data Manipulation Language) for manipulating data, and DCL (Data Control Language) for controlling access. It discusses SQL statements for defining tables, inserting, updating, deleting, and querying data using SELECT statements with various clauses. Views are also introduced as virtual tables defined by a SELECT statement on base tables.
Three key points from the document:
1. SQL Server 2005 introduces several new high availability and scalability features such as database mirroring and partitioning to protect against server failures and reduce database contention.
2. Database snapshots can be used to protect applications and users from errors by providing historical, read-only views of databases.
3. Optimistic concurrency controls and online index operations in SQL Server 2005 allow databases to remain available for reads and writes during maintenance operations.
This document provides an overview of the key changes and improvements in IIS 7 compared to previous versions. Some of the main points covered include:
- IIS 7 architecture is more modular, with around 40 individual modules that can be installed and managed individually. This reduces server footprint and attack surface.
- ASP.NET integration is improved, allowing .NET modules to plug directly into the request pipeline. Configuration is also centralized into web.config files.
- New tools like Failed Request Tracing and IIS Manager provide better troubleshooting of issues without needing repro steps.
- Centralization of content and configuration is easier through features like DFS and client-side caching.
- Management can be done through
The document provides important deadlines and contact information for speakers at a Microsoft conference. Key dates include June 30 to submit speaker registration forms, July 16 to submit presentation materials, and September 9 for final PowerPoint slides. The document also provides guidance on publishing slides online and using licensed content.
The document provides important deadlines and contact information for speakers at the Microsoft Tech•Ed SEA 2007 conference, including deadlines to submit presentation materials and finalize schedules. It also lists topics that will be covered in breakout sessions and instructor-led labs at the conference.
The document discusses clustering and high availability for Microsoft servers. It defines key clustering terms and describes four types of clustering: high performance computing, component load balancing, network load balancing, and server clustering. It provides an overview of clustering for Exchange Server and SQL Server, including requirements and configuration details.
The document discusses F5 Networks solutions for application delivery networking, including an overview of the F5 ADN and how it provides application acceleration, load balancing, security and other capabilities. Use cases are presented showing how the F5 ADN improves performance and user experience. The presentation also highlights various F5 products and their capabilities for optimizing application delivery.
This document provides an overview and agenda for updates to Windows SharePoint Services 3.0 and SharePoint 2007, including the installation process and recommendations. It summarizes the key updates released in 2007 and 2008, such as SharePoint 2007 Service Pack 1 and the Infrastructure Update. It also outlines the recommended deployment process for applying the updates to a SharePoint farm.
The document discusses Microsoft SharePoint server farm topologies and sizing recommendations. It covers factors to consider like availability, capacity, performance, and organizational requirements. It provides guidance on the number of servers, databases, web applications, and other components for small, medium and large farm designs based on the number of users and workload. It also discusses virtualization support and recommendations.
This document summarizes best practices for SharePoint farm architecture based on lessons learned from years of SharePoint deployments. It discusses farm architecture options including all-in-one, dedicated SQL, and virtualized farms. It also covers high availability design using network load balancing and SQL database mirroring. Additional topics include logical architecture, hardware and software considerations, the SharePoint installation process, and enabling Kerberos authentication for security.
The document discusses different types of Microsoft clustering solutions including Network Load Balancing (NLB), Component Load Balancing (CLB), Server Cluster, and Compute Cluster. It provides information on the functionality, requirements, supported operating systems and applications for each solution. Specific architectures for SharePoint and file clusters are also reviewed along with references for additional information.
Internet servers hosting online applications need to be scalable to handle large numbers of simultaneous users. There are three main techniques for load balancing across replicated servers: DNS rotation, cooperative offloading using TCP handoff, and load balancing routers. DNS rotation requires few changes but has rigid policies while cooperative offloading and load balancing routers can be more adaptive but require changes to servers, clients, or routers.
The document discusses various vulnerabilities in web servers and web applications. It covers popular web servers like IIS, Apache, and others. It then discusses attacking vulnerabilities in web servers like sample files, source code disclosure, canonicalization, and buffer overflows. It also discusses vulnerabilities in web applications like cross-site scripting, SQL injection, cross-site request forgery, and HTTP response splitting. It provides examples of exploits and recommendations for countermeasures to secure web servers and applications.
This document provides guidance on migrating applications from classic ASP to ASP.NET. It discusses key changes between the two frameworks, strategies for migrating code, handling COM and database components, best practices, and compatibility questions. Migrating requires understanding differences in languages, frameworks, and architectures between ASP and ASP.NET and potentially rewriting code to take advantage of new ASP.NET features. A phased, tested approach is recommended.
The document summarizes security advice for securing Windows networks. It discusses revealing hacker personas including automated attacks, targeted attacks, and the different skill levels of hackers from lame to sophisticated. It then discusses top security mistakes made and demonstrates how to secure Windows networks using features in Windows Server 2003 like group policy templates. Security improvements in Windows XP Service Pack 2 are also summarized, including network protection technologies like Windows Firewall and memory protection with Data Execution Prevention.
The document provides an overview of SQL and PHP for working with databases. It discusses SQL concepts like creating and modifying tables, inserting and selecting data. It then covers connecting to databases from PHP, executing SQL queries from PHP, and processing HTML forms to insert data into databases using PHP. Key topics include SQL syntax for common operations, the basic PHP code for connecting to MySQL, running queries, and retrieving result rows, and using the $_POST array to access form data submitted to a PHP processing page.
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk.
What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year?
Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year.
This webinar will review:
- Key changes to privacy regulations in 2024
- Key themes in privacy and data governance in 2024
- How to maximize your privacy program in the second half of 2024
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
Best Practices for Effectively Running dbt in Airflow.pdfTatiana Al-Chueyr
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
Support en anglais diffusé lors de l'événement 100% IA organisé dans les locaux parisiens d'Iguane Solutions, le mardi 2 juillet 2024 :
- Présentation de notre plateforme IA plug and play : ses fonctionnalités avancées, telles que son interface utilisateur intuitive, son copilot puissant et des outils de monitoring performants.
- REX client : Cyril Janssens, CTO d’ easybourse, partage son expérience d’utilisation de notre plateforme IA plug & play.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Internet Traffic Monitoring and Analysis
1. Internet Traffic Monitoring and Analysis 홍 원 기 포항공과대학교 컴퓨터공학과 분산처리 및 네트워크관리 연구실 [email_address] http://dpnm.postech.ac.kr/ Tel: 054-279-2244
2. Table of Contents Introduction Real-World Applications of Traffic Monitoring and Analysis POSTECH R&D Activities in Traffic Monitoring and Analysis NG-MON: N ext G eneration Network Traffic MON itoring and Analysis System Summary
3. 1. Introduction – Growth of Internet Use The number of Internet users is growing Source : Nua Inc. Internet traffic has increased dramatically Source: America’s Network
4. 1. Introduction - Evolving IP Network Environment WAN : SONET/SDH (OC3, OC12, OC48, OC192), ATM, WDM/DWDM LAN : 10/100 Mbps to 1 Gbps to 10 Gbps Ethernet Broadband Internet Access : Cable Modem, ADSL, VDSL Wireless Access : WLAN (IEEE 802.11), Wireless Internet Wired/Wireless Convergence : Softswitch, Media Gateway, NGCN
5. 1. Introduction – Reliance on Internet The Internet generated revenue has been increasing rapidly! Source : Active Media. Internet’s importance and reliance are increasing!
6. Traditional Internet Applications Web, FTP, Email, Telnet, etc. Emerging Internet applications Online games, shopping, banking, stock trading, network storage VOD, EOD, VoIP P2P applications – instant messaging, file sharing 1. Introduction – Internet Applications Online game VoIP VOD
7. Peer-to-Peer (P2P) New concept between file sharing and transferring Generates high volume of traffic 1. Introduction – Structure of Applications Structures of applications are changing! Client-Server Traditional structure client server peer discovery, content, transfer query peer peer
8. Bursty data transfer vs. Streaming data transfer 1. Introduction – Types of Traffic Static sessions vs. Dynamic sessions packet network packet Types of traffic are various and increasing! Negotiate & allocate connect disconnect use dynamic protocol, port data connect disconnect control use static protocol, port network
9. 1. Introduction – Motivation Needs of Customers Want to get their money’s worth Fast, reliable, high-quality, secure, virus-free Internet access Needs of Service Providers Understand the behavior of their networks Provide fast, high-quality, reliable service to satisfy customers and thus reduce churn rate Plan for network deployment and expansion SLA monitoring Network security attack detection and prevention
10. 1. Introduction – Application Areas Network Problem Determination and Analysis Traffic Report Generation Intrusion & Hacking Attack (e.g., DoS, DDoS) Detection Service Level Monitoring (SLM) Network Planning Usage-based Billing Customer Relationship Management (CRM) Marketing
11. 1. Introduction – Problems Capturing Packets How to capture all packets from high-speed, high volume networks (Mbps Gbps Tbps)? Flow Generation & Storage What packet information to save to perform various analysis? How to minimize storage requirements? Analysis How to analyze and generate data needed quickly? Streaming media (Windows Media, Real, Quicktime) P2P traffic Network Security Attacks
12. 2. Real-World Applications - Network Usage Analysis WAN Traffic Usage View Using MRTG At Internet Junction Time Series Data View Daily Monthly Weekly Yearly Internet Traffic Usage View
13. 2. Real-World Applications - Network Planning Network grows in complexity and increases in usage difficult to predict usage trends and loading on individual segments Previously, SNMP was the only tool available to service providers seeking access to usage statistics - severely limited For accurate network capacity planning Service providers must have access to in-depth info about their networks Network bottleneck details broken down into bandwidth used vs. bandwidth available Detailed network usage history reports A complete view of current use Analytical tools to analyze and predict usage trends
14. 2. Real-World Applications - Network Weather Service (Abilene) Abilene Network weather map of the traffic load on the core links Measurement Method: SNMP http://loadrunner.uits.iu.edu/weathermaps/abilene/ Courtesy of the Abilene Network Operations Center, Indiana University
15. 2. Real-World Applications - Network Weather Service (AT&T) Network Performance Map on AT&T backbone network http://ipnetwork.bgtmo.ip.att.net/ Measured Metrics Round Trip Delay Packet Loss Availability Measurement Method ICMP based tools Ping, Traceroute Every 30 minutes The left figure shows the latency and loss rate from Atlanta to all the other major cities in USA
16. 2. Real-World Applications - SLA Monitoring Service Level Agreement (SLA) is a contract between a network service provider and a customer that specifies, usually in measurable terms, what services the network service provider will furnish. SLA Life Cycle SLA Negotiation Using QoS Parameters SLA Implementation (provisioning) Network provisioning using QoS technology such as Diffserv, Intserv, MPLS, etc. Service configuration SLA Execution and Monitoring QoS Parameter to Network Performance Metric Mapping SLA violation handling Real-time reporting Product/Service Development Negotiation Sales Implementation Execution Monitoring Assessment
17. 2. Real-World Applications - Usage-based Billing On a typical broadband network, 5% of the customers consume over 50% of the bandwidth. Gas Telephone Electricity Can you imagine your telephone , electricity and gas not being metered and priced by usage? What about the services provided by current NSP and ISP? Such as VPN, broadband Internet (xDSL, Cable Modem) These services are charged using a flat-fee billing model . Is this situation is reasonable?
18. 2. Real-World Applications - CRM Customer Relationship Management ( CRM) is a discipline as well as a set of discrete software and technologies that focus on automating and improving the business processes associated with managing customer relationships in the areas of sales, marketing, customer service and support. Business Objectives of CRM Increased efficiency through automation The ability to provide faster response to customer inquiries Having a deeper knowledge of customer needs Generating more marketing or cross-selling opportunities Better information for better management Reduced cost of sales and increased productivity of sales representatives Receiving customer feedback that leads to new and improved products or services Traffic Monitoring for CRM basic technology to get the customer’s network usage pattern and using for target marketing
19. 2. Real-World Applications - Security Network Security Threats Reconnaissance probing or mapping the network to identify targets (e.g., ping and port scans, usually a precursor to an actual exploit attempt) Denial of Service (DoS) Attempts to consume bandwidth or computing resources in order to prevent a host communicating on the network (e.g., Smurf attacks or SYN floods) Distributed DoS (DDoS) Very similar to DoS, except that the attack originates from multiple machines Exploits Attempts to gain access to or compromise systems on the network, often seen as repeated failed login attempts Misuse Attempts to violate organizational policy (e.g., using disallowed services or including unauthorized content in e-mail or ftp transfers)
20. Code Red Worm (July 19, 2001) A famous example of a TCP flood attack Infected over 350,000 hosts over a week The infection rate was doubling in about 37 minutes The first incarnation of the Code-Red worm (CRv1) began to infect hosts running unpatched versions of MS IIS web server on July 12th, 2001. The first version of the worm uses a static seed for it's random number generator. Then, around 10:00 UTC in the morning of July 19th, 2001, a random seed variant of the Code-Red worm (CRv2) appeared and spread. MS Windows machines were vulnerable Microsoft web servers MS Windows NT 4.0 IIS 4.0, Windows 2000 IIS 5.0 and Windows XP beta IIS 6.0 were all susceptible to the Index Server ISAPI vulnerability which could be used to take control of a server by specially formatting a web page request. The worm's original purpose was to perform a denial-of-service attack against www.whitehouse.gov.
21. Code Red Worm (July 19, 2001) Damages Various service & network outages throughout the world The economic cost of the original Code Red worm and its more malicious cousin, Code Red II, was more than $2 Billion US, according to Computer Economics. "the most expensive virus in the history of the Internet"
22. Sapphire/Slammer Worm (Jan 25, 2003) A famous example of an UDP flood attack Exploited a buffer overflow vulnerability in computers on the Internet running MS SQL Server or MSDE 2000 (MS Desktop Engine) Sent UDP packet (376 bytes size of very small worm) with destination UDP port 1434 . No response required from the receiving machine. Spreading strategy was based on random IP scanning It selects IP addresses at random to infect, eventually finding all susceptible hosts. Infected more than 90% of vulnerable hosts in the world within 10 minutes. The worm infected at least 100,000 hosts Propagation was two orders of magnitude faster than the Code Red “ The fastest spreading worm in the history of the Internet”
23. Sapphire/Slammer Worm (Jan 25, 2003) Damages Since the worm did not contain malicious payload, it fortunately did not damage the data on the compromised machines Saturated network links causing network and service outages Caused big financial damages (hundreds of millions of dollars) to Internet-based businesses (such as Internet shopping malls, on-line paid contents services - games, movies)
24. 3. POSTECH R&D Activities in Traffic Monitoring MRTG+ WebTrafMon I WebTrafMon II NG-MON
25. MRTG+ Network link utilization monitoring, analysis & reporting system Extended Multi-Router Traffic Grapher (MRTG) added security , threshold reporting & sensitive map uses Web browser, Web server & SNMP agents generates HTML pages containing GIF images which provide a LIVE visual representation traffic based on Perl and C being used to monitor POSTECH, POSCO enterprise networks since 1997
29. WebTrafMon Web -based IP Network Tra ffic Mon itoring System Developed at DPNM Lab, POSTECH In 1998, WebTrafMon I was first designed and developed to complement MRTG+ In 1999, upgrading and performance tuning of WebTrafMon I In 2000-2001, WebTrafMon II with a new architecture and a new implementation In 2002, NG-MON is being developed WebTrafMon has been deployed at the LAN-Internet junction of POSTECH campus network WebTrafMon provides comprehensive information Spatial, temporal and composition analysis Detailed analysis of traffic by minute, hour, day, month, year By protocols (network, transport, application & service)
30. WebTrafMon-I Features Web-based User Interface Real-time and short-term analysis Packet capture with sampling (1/10, 1/100, etc.) Analysis Feature MAC Layer: Packet Size Network Layer : IP, ARP, RARP Transport Layer: TCP, UDP Application Layer: Telnet, FTP, HTTP, SMTP, DNS…
33. WebTrafMon-I Limitations All in one system cause packet loss and response and analysis time delay analysis network interface user network traffic data packet header information analyzed information capture presentation All in a single server Long Analysis Time Response Time Delay Packet Loss
34. WebTrafMon-II Requirements Improve the limitations of WebTrafMon-I No packet loss in probe Real-time and long-term analysis Reduced analysis and response time Distributed Load Sharing Architecture capture presentation user network interface packet header information network traffic data distributed environment analysis
35. WebTrafMon-II Architecture database Traffic analyzer (minutely, hourly, daily, monthly, yearly) probe network point promiscuous mode packet capture hash log format and save into DB user distributed environment request response packet header information log file log format port information port information make short term, long term traffic data minutely minutely hourly, daily, monthly, yearly statistics network traffic data analyzer Flow generator
37. WebTrafMon-II Limitations Takes long time to analyze high-speed, high-volume traffic Takes long time to generate presentation pages Analyzer does not support multiple probes High overhead in the NFS file system Need for NG-Mon (Next Generation Monitoring) System
38. 4. NG-MON History MRTG+ (1996-97) Traffic load analysis with sensitive map WebTrafMon-I (1997-98) Traffic type analysis on a single monolithic system (up to 10 Mbps) WebTrafMon-II (1999-2001) Traffic type analysis using a distributed architecture (up to 100 Mbps) NG-MON (2002-present) N ext G eneration Network Traffic MON itoring and Analysis System Targeting 10 Gbps or higher networks To support various analysis applications Streaming media, multimedia conferencing, P2P, game traffic analysis Network security attack detection and analysis SLA monitoring Usage-based billing Customer relationship management
39. NG-MON - Requirements Distributed, load-balancing architecture for scalability subdivide monitoring system into several functional components efficient load sharing between phases and within each phase pipelined and parallel architecture Lossless packet capture Flow-based analysis aggregate packet information into flows for efficient processing Support for various applications Considerations for small storage requirements
40. NG-MON - Design NG-MON is composed of 5 phases Packet Capture Flow Generation Flow Store Traffic Analysis Presentation & Reporting Packet Capturer Flow Generator Flow Store Traffic Analyzer Presenter Web Server Network Device User Interface Web browser stored flows analyzed data raw packet packet header information flow information
41. NG-MON - Packet Capture Network Link Splitting Device divided raw packet pkt header messages Distribution of raw packets by using splitting function provided by an optical splitter by using mirroring function provided in network devices Probe captures all packets coming into probe export buffer-queues : one to one with flow generators fills buffer-queues with packet header’s 5-tuple based hashing collect the scattered packets in the same flow into the same buffer-queue Probe #1 Probe #2 Probe #3
42. NG-MON - Flow Generation Distribution of packet header information 5-tuple based hashing in the probe Packet header messages of potentially the same flow get delivered to the same flow generator Flow generator receives packet header messages and generates flows and exports flow messages to flow store pkt header messages flow messages Flow Generator #1 Flow Generator #2 Flow Generator #3 Flow Generator #4
43. NG-MON - Flow Store Separation of write operations from read operations the destination address of flow message is assigned to the flow store according to the time While one or more flow stores are inserting flow data, the other flow stores are queried by the traffic analyzers Flow store provides traffic information to support various analysis applications provides an analysis API to analyzers t 2 t 3 Database Query / Response Traffic Analyzer #1 Traffic Analyzer #2 flow messages Write operations Read operations t 1 Flow Store #1 Flow Store #2 Flow Store #3
44. NG-MON - Traffic Analysis & Presentation Analyzer extracts information from Flow Stores and can perform application specific analysis Separate analyzer is needed for each application Flow Store #1 Presenter Traffic Throughput Analyzer Usage-based billing application DDoS or DoS Attack Analyzer Other applications Flow Store #2 Flow Store #3 Web Server
45. NG-MON - Implementation Phase Packet Capture Flow Generator Flow Store Analyzer Presenter Development Tool pcap library C language C language C language MySQL C language MySQL PHP jpgraph library Hardware System Xeon 2.4 GHz 2 CPUs 1 Gbytes memory 2-1000 Mbps NICs 80 GB hard disk Pentium-III 800 GHz CPU 256 Mbytes memory 2-100 Mbps NICs 20GB hard disk OS Redhat Linux 7.2
46. NG-MON - Deployment at POSTECH http://ngmon.postech.ac.kr Packet Capture Flow Generator Flow Store Analyzer Presenter 141.223.182. 40 EnterFLEX at Computer Center Flow Store 141.223. 182.[31,32,33,34] POSTECH Computer Center 141.223.182. 38 EnterFLEX at Computer Center 141.223.182. 37 EnterFLEX at Computer Center 141.223.182. 36 EnterFLEX at Computer Center INTERNET 1Gbps Optical link NetOptics 1Gbps Optical Splitter Packet Capture Flow Generator Packet Capture Flow Generator Packet Capture Flow Generator POSTECH Gigabit Campus Network Router Router
52. 5. Summary Internet is continuously growing in terms of: # of users & hosts, traffic loads & types ISPs and enterprises need to monitor their networks for various purposes (e.g., Problem Detection, Workload Characterization, Planning, SLA, Billing, Security, CRM) This talk introduced monitoring approaches, flow generation and analysis methods, tools, R&D/standards activities, NG-MON , and real-world applications NG-MON Scalable and cost-effective architecture Spatial, temporal, composition analysis P2P, multimedia service, game traffic analysis Network security attack analysis Network monitoring and analysis is essential for service providers and enterprise network administrators but it is not easy and still needs a lot of work to do it right!
Abstract Most Internet networking devices are now equipped with a Web server for providing Web-based element management so that an administrator may take advantage of this enhanced and powerful management interface. On the other hand, for network management, an administrator normally buys and deploys SNMP-based network management platform to be customized to his network. Each management scheme has mutually exclusive advantages; consequently, two schemes coexist in the real world. This results in both a high development cost and a dual management interface for administrator. We propose an embedded Web server (EWS)-based network management architecture as an alternative to an SNMP based network management and to leverage on already existing embedded web server. We extend EWS-based element management architecture to the network management architecture. Our proposed architecture uses HTTP as a communication protocol with management information and operation encoding. Further we designed a management system on the basis of our proposed architecture that supports basic management functions.
------------------------------------------------------------------------------------------------------------------------------------------------------------- [http://http://www.caida.org/outreach/metricswg/faq.xml] CAIDA Outreach Network Measurement FAQ 2.1. Why should I measure my network's behaviour? If you don't measure it, you have no objective record or benchmark of how it behaves. This could make it difficult to judge whether changes in the network have improved its performance, or degraded it. If you are buying Internet connectivity from an ISP you need to understand the kind of service being offered, and you need to measure the actual performance so as to verify that you're getting what you pay for. ------------------------------------------------------------------------------------------------------------------------------------------------------------- [KRNET Tutorial] http://dpnm.postech.ac.kr/webboard/ Internet Traffic Monitoring & Analysis User’s Needs * Monitor the performance experienced by one ’ s application - Why is the web page download so slow? - Why is my multicast video stream jerky? * Check if level of service meets one ’ s need - Do I have enough b/w? * Check if one experiences intrusions and attacks - Is someone attacking me? Service provider ’ s needs * Monitor the current level of activity * Enforce SLAs(service level agreements) * Detect faults and failures * Engineer the network for better performance * Plan for future capacity * Feedback to customers -----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------- [http://http://www.caida.org/outreach/metricswg/faq.xml] CAIDA Outreach Network Measurement FAQ 2.1. Why should I measure my network's behaviour? If you don't measure it, you have no objective record or benchmark of how it behaves. This could make it difficult to judge whether changes in the network have improved its performance, or degraded it. If you are buying Internet connectivity from an ISP you need to understand the kind of service being offered, and you need to measure the actual performance so as to verify that you're getting what you pay for. ------------------------------------------------------------------------------------------------------------------------------------------------------------- [KRNET Tutorial] http://dpnm.postech.ac.kr/webboard/ Internet Traffic Monitoring & Analysis User’s Needs * Monitor the performance experienced by one ’ s application - Why is the web page download so slow? - Why is my multicast video stream jerky? * Check if level of service meets one ’ s need - Do I have enough b/w? * Check if one experiences intrusions and attacks - Is someone attacking me? Service provider ’ s needs * Monitor the current level of activity * Enforce SLAs(service level agreements) * Detect faults and failures * Engineer the network for better performance * Plan for future capacity * Feedback to customers -----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------- [http://http://www.caida.org/outreach/metricswg/faq.xml] CAIDA Outreach Network Measurement FAQ 2.1. Why should I measure my network's behaviour? If you don't measure it, you have no objective record or benchmark of how it behaves. This could make it difficult to judge whether changes in the network have improved its performance, or degraded it. If you are buying Internet connectivity from an ISP you need to understand the kind of service being offered, and you need to measure the actual performance so as to verify that you're getting what you pay for. ------------------------------------------------------------------------------------------------------------------------------------------------------------- [KRNET Tutorial] http://dpnm.postech.ac.kr/webboard/ Internet Traffic Monitoring & Analysis User’s Needs * Monitor the performance experienced by one ’ s application - Why is the web page download so slow? - Why is my multicast video stream jerky? * Check if level of service meets one ’ s need - Do I have enough b/w? * Check if one experiences intrusions and attacks - Is someone attacking me? Service provider ’ s needs * Monitor the current level of activity * Enforce SLAs(service level agreements) * Detect faults and failures * Engineer the network for better performance * Plan for future capacity * Feedback to customers -----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------- [http://http://www.caida.org/outreach/metricswg/faq.xml] CAIDA Outreach Network Measurement FAQ 2.1. Why should I measure my network's behaviour? If you don't measure it, you have no objective record or benchmark of how it behaves. This could make it difficult to judge whether changes in the network have improved its performance, or degraded it. If you are buying Internet connectivity from an ISP you need to understand the kind of service being offered, and you need to measure the actual performance so as to verify that you're getting what you pay for. ------------------------------------------------------------------------------------------------------------------------------------------------------------- [KRNET Tutorial] http://dpnm.postech.ac.kr/webboard/ Internet Traffic Monitoring & Analysis User’s Needs * Monitor the performance experienced by one ’ s application - Why is the web page download so slow? - Why is my multicast video stream jerky? * Check if level of service meets one ’ s need - Do I have enough b/w? * Check if one experiences intrusions and attacks - Is someone attacking me? Service provider ’ s needs * Monitor the current level of activity * Enforce SLAs(service level agreements) * Detect faults and failures * Engineer the network for better performance * Plan for future capacity * Feedback to customers -----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------- [http://http://www.caida.org/outreach/metricswg/faq.xml] CAIDA Outreach Network Measurement FAQ 2.1. Why should I measure my network's behaviour? If you don't measure it, you have no objective record or benchmark of how it behaves. This could make it difficult to judge whether changes in the network have improved its performance, or degraded it. If you are buying Internet connectivity from an ISP you need to understand the kind of service being offered, and you need to measure the actual performance so as to verify that you're getting what you pay for. ------------------------------------------------------------------------------------------------------------------------------------------------------------- [KRNET Tutorial] http://dpnm.postech.ac.kr/webboard/ Internet Traffic Monitoring & Analysis User’s Needs * Monitor the performance experienced by one’s application - Why is the web page download so slow? - Why is my multicast video stream jerky? * Check if level of service meets one’s need - Do I have enough b/w? * Check if one experiences intrusions and attacks - Is someone attacking me? Service provider’s needs * Monitor the current level of activity * Enforce SLAs(service level agreements) * Detect faults and failures * Engineer the network for better performance * Plan for future capacity * Feedback to customers -----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------- [http://http://www.caida.org/outreach/metricswg/faq.xml] CAIDA Outreach Network Measurement FAQ 2.1. Why should I measure my network's behaviour? If you don't measure it, you have no objective record or benchmark of how it behaves. This could make it difficult to judge whether changes in the network have improved its performance, or degraded it. If you are buying Internet connectivity from an ISP you need to understand the kind of service being offered, and you need to measure the actual performance so as to verify that you're getting what you pay for. ------------------------------------------------------------------------------------------------------------------------------------------------------------- [KRNET Tutorial] http://dpnm.postech.ac.kr/webboard/ Internet Traffic Monitoring & Analysis User’s Needs * Monitor the performance experienced by one ’ s application - Why is the web page download so slow? - Why is my multicast video stream jerky? * Check if level of service meets one ’ s need - Do I have enough b/w? * Check if one experiences intrusions and attacks - Is someone attacking me? Service provider ’ s needs * Monitor the current level of activity * Enforce SLAs(service level agreements) * Detect faults and failures * Engineer the network for better performance * Plan for future capacity * Feedback to customers -----------------------------------------------------------------------------------------------------------------------
To monitor high speed network such 10Gpbs link, the NG-MON should consider these 5 significant requirements. The first one, as stated, NG-MON needs distributed, load-balancing architecture. To distribute the processing load , we should divide monitoring and analysis task into several functional units, and we also need an efficient load sharing mechanism within each phase. For load distribution method , we considered the pipeline and parallel methods. The second is lossless packet capture . NG-MON should capture all packets without a loss to provide all the required information to various analysis applications. The fourth one is, to reduce processing load , flow based analysis is essential. by the flow-based analysis, NG-MON can aggregate packet information into flows for efficient processing. Also, limited storage at each phase should be considered. By the consideration of these requirements we designed the architecture of NG-MON.
This is an overall architecture of NG-MON design. The key feature in our design is an pipelined distribution and load balancing technique. Whole tasks are divided into 5 phases like this. Packet capture, Flow Generation, Flow Store, Traffic Analysis and Presentation phase. The entire raw packets are captured in the Packet Capture phase. And packet header information extracted from raw packets are delivered to the second phase: Flow Generation phase, The flow information is generated in this Flow Generation phase. the flow information is stored in the Flow Store phase. Traffic Analyzer queries to Flow Store and store analyzed data, provide them to Presenter. Load distribution mechanism used in each phase will be explained in the following slides in detail.
This slide shows the first phase of our NG-MON design: packet capture phase. Large bulk traffic on the network links is distributed over probe systems and sent to next phase, Flow Generation. In the distribution of raw packets we can use one of these methods. First one is by using splitting function provided by an optical splitter. And Using mirroring functions provided by network devices is the second one. These probe systems captures incoming packets and extract packet header information form layered headers of each raw packet, then push into the export buffer-queues by packet header’s 5-tuple based hashing. Each probe system maintain the same number of buffer queues corresponding to the number of flow generators. If a buffer queue becomes full , probe constructs packet header messages then export to next phase. The raw packets with the same color indicates that they belong to the same flow. As you can see, packets which belong to the same flow put together into the same packet header messages. ( 5-tuple : src & dst address, protocol number, src & dst port number )
This and next slides shows the second phases of our NG-MON design. In this phase, packet headers are compressed into flows. For the distribution of packet header information, we used 5-tuple based hashing and buffer queue for each flow generator. Therefore the packet header information of potentially the same flow get delivered to the same flow generator. There can’t be the case that same flow is generated in different flow generator at a certain moment. Flow generators simply generate flow messages from incoming packet header messages, then exports these to next phase, flow store.
This slide shows the third phase of our NG-MON architecture: Flow Store phase The main role of Flow Store phase is to store flow information and handle the request from analyzer: those are write operation and read operation . For the load distribution and efficient processing , we considered a method that prevent write operations from occurring with read operations at the same time in a single flow store system. In order to do this, the destination address of flow messages should be changed over to Flow Store sequentially depending on the time slot changes. While one or more flow stores are inserting flow data, the other flow stores are queried by the traffic analyzers. As you can see here , at the time slot t1, Flow Store 1 only receives flow messages and the other Flow Stores are processing queries from Analyzers. Before the time slot changes from t1 to t2, queries to Flow Store 2 should be finished. Then the time slot becomes t2, flow messages will go into the Flow Store 2, and queries to Flow Store 1 will be started. In our earlier work , we realized that one of the bottleneck of the monitoring process is a huge storage space required. So, Flow Store keeps flow information for only several time slots, and then discard them when they are finished an analysis by traffic analyzers. Therefore, flow store only requires a small and fixed amount of disk space. Flow store provides traffic information to support various analysis applications and provide an analysis API to analyzers.
This slide shows the fourth and fifth phases of our NG-MON architecture. These two phases are tightly coupled according to the analysis purpose; such as Traffic Throughput Analysis, Usage-based billing analysis, DDOS and DOS attack analysis, such like that. Analyzer extracts information from Flow Stores and can perform application specific analysis . Separate analyzer is needed for each application. we separated the presenter from traffic analyzer, because more than one systems tend to be allocated in the traffic analysis phase.
In this summer We implemented a prototype of NG-MON and deployed our system in our campus backbone network. In the implementation, we used Net Optics’ Gigabit Fiber Optic tap to split the traffic and used GE Card to get it. The hardware configuration we used are, P-III 800MHz, 256 Mbytes memory, 20Gbytes HD. And we developed our system on Redhat Linux 7.2 OS. And used C language with pcap library in Packet Capture phase. In the Flow Store, we used MySQL Database to store flows. Presenter uses PHP with jpgraph library to present the analysis result through the web.
This and other two slides show some selected screen shots of our prototype implementation. Our analyzer shows various throughput information according to the HOST, SUBNET, and PROTOCOL. This screen shot shows the throughput of host received in one minute, and total throughput changes by the time in one hour is illustrated in the form of line graph.
This and other two slides show some selected screen shots of our prototype implementation. Our analyzer shows various throughput information according to the HOST, SUBNET, and PROTOCOL. This screen shot shows the throughput of host received in one minute, and total throughput changes by the time in one hour is illustrated in the form of line graph.
This is a detailed subnet data sent view in a certain minute.
Left one is an application protocol view in a certain minute. And right one is Time series graph of the throughput at each protocol layer during a certain hour.
Left one is an application protocol view in a certain minute. And right one is Time series graph of the throughput at each protocol layer during a certain hour.