1,721,414 research outputs found
Feature interview with Antonio Nucci: chief technology officer of narus, winner of the "CTO of the year"
Full text linkDr. Antonio Nucci is the chief technology officer of Narus and is responsible for setting the company's direction with respect to technology and innovation. He oversees the entire technology innovation lifecycle, including incubation, research, and prototyping. He also is responsible for ensuring a smooth transition to engineering for final commercialization. Antonio has published more than 100 technical papers and has been awarded 38 U.S. patents. He authored a book, "Design, Measurement and Management of Large-Scale IP Networks Bridging the Gap Between Theory and Practice", in 2009 on advanced network analytics. In 2007 he was recognized for his vision and contributions with the prestigious Infoworld CTO Top 25 Award. In 2013, Antonio was honored by InfoSecurity Products Guide's 2013 Global Excellence Awards as "CTO of the Year" and Gold winner in the "People Shaping Info Security" category. He served as a technical lead member of the Enduring Security Framework (ESF) initiative sponsored by various U.S. agencies to produce a set of recommendations, policies, and technology pilots to better secure the Internet (Integrated Network Defense). He is also a technical advisor for several venture capital firms. Antonio holds a Ph.D. in computer science, and master's and bachelor's degrees in electrical engineering from Politecnico di Torino, Ital
Real-Time TCP/IP Analysis with Common Hardware
No full textTraffic measurement represents an indispensable and valuable tool for the analysis of nowadays telecommunication networks. Moreover, it is desirable for traffic measurement and analysis to be both continuous and persistent, since only these joint requirements allow to track important changes on the traffic pattern. On the other hand, transmission links bandwidth keep improving, at a seemingly inexorable rate: therefore, the analysis of the traffic is becoming more complex than ever. This paper focuses on the description and the benchmarking of a network traffic analyzer, called Tstat, able to process real-time traffic further providing i) several advanced measurement indexes of transport layer protocols and ii) ever-lasting monitoring capabilities. Particularly, our aim is to assess what kind of links, and under which load, can be continuously and persistently monitored without compromising the complexity of the traffic analysis that has to be performed
Clustering and evolutionary approach for longitudinal web traffic analysis
Full text linkIn recent years, data-driven approaches have attracted the interest of the research community. Considering network monitoring, unsupervised machine learning solutions such as clustering are particularly appealing to let the network analysts observe patterns, and track the evolution of traffic over time. In this paper, we present a novel unsupervised methodology to automatically process and analyze batches of HTTP traffic, looking just at the URL structure. First, we describe IDBSCAN, Iterative-DBSCAN. We design it to obtain well-shaped clusters, and to simplify the choice of parameters — often a cumbersome step for the network analyst. Second, we show LENTA, Longitudinal Exploration for Network Traffic Analysis, which allows to automatically observe the evolution over time of traffic, naturally highlighting trends and pinpointing anomalies.
We first evaluate IDBSCAN and LENTA on synthetic data to compare their performance against well-known algorithms. Then we apply them on a real case, facing the analysis of hundred thousands of URLs collected from a live network. Results show both the goodness of clusters produced by IDBSCAN and LENTA ability to highlight changes in traffic, facilitating the analyst job
LENTA: Longitudinal Exploration for Network Traffic Analysis from Passive Data
Full text linkIn this work, we present LENTA (Longitudinal Exploration for Network Traffic Analysis), a system that supports the network analysts in the identification of traffic generated by services and applications running on the web. In the case of URLs observed in operative network, LENTA simplifies the analyst’s job by letting her observe few hundreds of clusters instead of the original hundred thousands of single URLs. We implement a self-learning methodology, where the system grows its knowledge, which is used in turn to automatically associate traffic to previously observed services, and identify new traffic generated by possibly suspicious applications. This approach lets the analysts easily observe changes in network traffic, identify new services, and unexpected activities. We follow a data-driven approach and run LENTA on traces collected both in ISP networks and directly on hosts via proxies. We analyze traffic in batches of 24-hours worth of traffic. Big data solutions are used to enable horizontal scalability and meet performance requirements. We show that LENTA allows the analyst to clearly understand which services are running on their network, possibly highlighting malicious traffic and changes over time, greatly simplifying the view and understanding of the network traffic
Method for detecting web tracking services
Full text linkMethod for detecting web tracking services during browsing activity performed by clients having associated client identifiers, the method comprising the steps of extracting key- value pairs contained into navigation data, looking for one-to-one correspondence between said client identifiers and the values contained in said keys and selecting the keys for which at least a client-value one-to-one correspondence for at least a predetermined number of clients is observed, said keys identifying the associated services as services performing tracking activities
- …
