The application and development of a wide-area measurement system(WAMS)has enabled many applications and led to several requirements based on dynamic measurement data.Such data are transmitted as big data information ...The application and development of a wide-area measurement system(WAMS)has enabled many applications and led to several requirements based on dynamic measurement data.Such data are transmitted as big data information flow.To ensure effective transmission of wide-frequency electrical information by the communication protocol of a WAMS,this study performs real-time traffic monitoring and analysis of the data network of a power information system,and establishes corresponding network optimization strategies to solve existing transmission problems.This study utilizes the traffic analysis results obtained using the current real-time dynamic monitoring system to design an optimization strategy,covering the optimization in three progressive levels:the underlying communication protocol,source data,and transmission process.Optimization of the system structure and scheduling optimization of data information are validated to be feasible and practical via tests.展开更多
The development of communication technologies which support traffic-intensive applications presents new challenges in designing a real-time traffic analysis architecture and an accurate method that suitable for a wide...The development of communication technologies which support traffic-intensive applications presents new challenges in designing a real-time traffic analysis architecture and an accurate method that suitable for a wide variety of traffic types.Current traffic analysis methods are executed on the cloud,which needs to upload the traffic data.Fog computing is a more promising way to save bandwidth resources by offloading these tasks to the fog nodes.However,traffic analysis models based on traditional machine learning need to retrain all traffic data when updating the trained model,which are not suitable for fog computing due to the poor computing power.In this study,we design a novel fog computing based traffic analysis system using broad learning.For one thing,fog computing can provide a distributed architecture for saving the bandwidth resources.For another,we use the broad learning to incrementally train the traffic data,which is more suitable for fog computing because it can support incremental updates of models without retraining all data.We implement our system on the Raspberry Pi,and experimental results show that we have a 98%probability to accurately identify these traffic data.Moreover,our method has a faster training speed compared with Convolutional Neural Network(CNN).展开更多
A network analyzer can often comprehend many protocols, which enables it to display talks taking place between hosts over a network. A network analyzer analyzes the device or network response and measures for the oper...A network analyzer can often comprehend many protocols, which enables it to display talks taking place between hosts over a network. A network analyzer analyzes the device or network response and measures for the operator to keep an eye on the network’s or object’s performance in an RF circuit. The purpose of the following research includes analyzing the capabilities of NetFlow analyzer to measure various parts, including filters, mixers, frequency sensitive networks, transistors, and other RF-based instruments. NetFlow Analyzer is a network traffic analyzer that measures the network parameters of electrical networks. Although there are other types of network parameter sets including Y, Z, & H-parameters, these instruments are typically employed to measure S-parameters since transmission & reflection of electrical networks are simple to calculate at high frequencies. These analyzers are widely employed to distinguish between two-port networks, including filters and amplifiers. By allowing the user to view the actual data that is sent over a network, packet by packet, a network analyzer informs you of what is happening there. Also, this research will contain the design model of NetFlow Analyzer that Measurements involving transmission and reflection use. Gain, insertion loss, and transmission coefficient are measured in transmission measurements, whereas return loss, reflection coefficient, impedance, and other variables are measured in reflection measurements. These analyzers’ operational frequencies vary from 1 Hz to 1.5 THz. These analyzers can also be used to examine stability in measurements of open loops, audio components, and ultrasonics.展开更多
In order to identify any traces of suspicious activities for the networks security, Network Traffic Analysis has been the basis of network security and network management. With the continued emergence of new applicati...In order to identify any traces of suspicious activities for the networks security, Network Traffic Analysis has been the basis of network security and network management. With the continued emergence of new applications and encrypted traffic, the currently available approaches can not perform well for all kinds of network data. In this paper, we propose a novel stream pattern matching technique which is not only easily deployed but also includes the advantages of different methods. The main idea is: first, defining a formal description specification, by which any series of data stream can be unambiguously descrbed by a special stream pattern; then a tree representation is constructed by parsing the stream pattern; at last, a stream pattern engine is constructed with the Non-t-mite automata (S-CG-NFA) and Bit-parallel searching algorithms. Our stream pattern analysis system has been fully prototyped on C programming language and Xilinx Vn-tex2 FPGA. The experimental results show the method could provides a high level of recognition efficiency and accuracy.展开更多
The phenomenon of data explosion represents a severe challenge for the upcoming big data era.However,the current Internet architecture is insufficient for dealing with a huge amount of traffic owing to an increase in ...The phenomenon of data explosion represents a severe challenge for the upcoming big data era.However,the current Internet architecture is insufficient for dealing with a huge amount of traffic owing to an increase in redundant content transmission and the end-point-based communication model.Information-centric networking(ICN)is a paradigm for the future Internet that can be utilized to resolve the data explosion problem.In this paper,we focus on content-centric networking(CCN),one of the key candidate ICN architectures.CCN has been studied in various network environments with the aim of relieving network and server burden,especially in name-based forwarding and in-network caching functionalities.This paper studies the effect of several caching strategies in the CCN domain from the perspective of network and server overhead.Thus,we comprehensively analyze the in-network caching performance of CCN under several popular cache replication methods(i.e.,cache placement).We evaluate the performance with respect to wellknown Internet traffic patterns that follow certain probabilistic distributions,such as the Zipf/Mandelbrot–Zipf distributions,and flashcrowds.For the experiments,we developed an OPNET-based CCN simulator with a realistic Internet-like topology.展开更多
Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality(VR)and blockchain technology but introduces privacy risks.Now,a series of challenges arise in Metaverse security...Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality(VR)and blockchain technology but introduces privacy risks.Now,a series of challenges arise in Metaverse security,including massive data traffic breaches,large-scale user tracking,analysis activities,unreliable Artificial Intelligence(AI)analysis results,and social engineering security for people.In this work,we concentrate on Decentraland and Sandbox,two well-known Metaverse applications in Web 3.0.Our experiments analyze,for the first time,the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy.We develop a lightweight traffic processing approach suitable for the Web 3.0 environment,which does not rely on complex decryption or reverse engineering techniques.We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts.This method provides a new approach to de-anonymizing users'identities through Metaverse applications.Our system,METAseen,analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices.The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information(PII),device information,and Metaverse-related data.By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider,we discovered that far more than 49%of the Metaverse data flows needed to be disclosed appropriately.展开更多
Unmanned Aerial Vehicles(UAVs)have become indispensable for intelligent traffic monitoring,particularly in low-light conditions,where traditional surveillance systems struggle.This study presents a novel deep learning...Unmanned Aerial Vehicles(UAVs)have become indispensable for intelligent traffic monitoring,particularly in low-light conditions,where traditional surveillance systems struggle.This study presents a novel deep learning-based framework for nighttime aerial vehicle detection and classification that addresses critical challenges of poor illumination,noise,and occlusions.Our pipeline integrates MSRCR enhancement with OPTICS segmentation to overcome low-light challenges,while YOLOv10 enables accurate vehicle localization.The framework employs GLOH and Dense-SIFT for discriminative feature extraction,optimized using the Whale Optimization Algorithm to enhance classification performance.A Swin Transformer-based classifier provides the final categorization,leveraging hierarchical attention mechanisms for robust performance.Extensive experimentation validates our approach,achieving detection mAP@0.5 scores of 91.5%(UAVDT)and 89.7%(VisDrone),alongside classification accuracies of 95.50%and 92.67%,respectively.These results outperform state-of-the-art methods by up to 5.10%in accuracy and 4.2%in mAP,demonstrating the framework’s effectiveness for real-time aerial surveillance and intelligent traffic management in challenging nighttime environments.展开更多
Unmanned Aerial Vehicles(UAVs)are increasingly employed in traffic surveillance,urban planning,and infrastructure monitoring due to their cost-effectiveness,flexibility,and high-resolution imaging.However,vehicle dete...Unmanned Aerial Vehicles(UAVs)are increasingly employed in traffic surveillance,urban planning,and infrastructure monitoring due to their cost-effectiveness,flexibility,and high-resolution imaging.However,vehicle detection and classification in aerial imagery remain challenging due to scale variations from fluctuating UAV altitudes,frequent occlusions in dense traffic,and environmental noise,such as shadows and lighting inconsistencies.Traditional methods,including sliding-window searches and shallow learning techniques,struggle with computational inefficiency and robustness under dynamic conditions.To address these limitations,this study proposes a six-stage hierarchical framework integrating radiometric calibration,deep learning,and classical feature engineering.The workflow begins with radiometric calibration to normalize pixel intensities and mitigate sensor noise,followed by Conditional Random Field(CRF)segmentation to isolate vehicles.YOLOv9,equipped with a bi-directional feature pyramid network(BiFPN),ensures precise multi-scale object detection.Hybrid feature extraction employs Maximally Stable Extremal Regions(MSER)for stable contour detection,Binary Robust Independent Elementary Features(BRIEF)for texture encoding,and Affine-SIFT(ASIFT)for viewpoint invariance.Quadratic Discriminant Analysis(QDA)enhances feature discrimination,while a Probabilistic Neural Network(PNN)performs Bayesian probability-based classification.Tested on the Roundabout Aerial Imagery(15,474 images,985K instances)and AU-AIR(32,823 instances,7 classes)datasets,the model achieves state-of-the-art accuracy of 95.54%and 94.14%,respectively.Its superior performance in detecting small-scale vehicles and resolving occlusions highlights its potential for intelligent traffic systems.Future work will extend testing to nighttime and adverse weather conditions while optimizing real-time UAV inference.展开更多
The popularity of the Internet of Things(IoT)has enabled a large number of vulnerable devices to connect to the Internet,bringing huge security risks.As a network-level security authentication method,device fingerprin...The popularity of the Internet of Things(IoT)has enabled a large number of vulnerable devices to connect to the Internet,bringing huge security risks.As a network-level security authentication method,device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases.However,flexible and diversified IoT devices with limited resources increase dif-ficulty of the device fingerprint authentication method executed in IoT,because it needs to retrain the model network to deal with incremental features or types.To address this problem,a device fingerprinting mechanism based on a Broad Learning System(BLS)is proposed in this paper.The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices,and extracts feature parameters of the traffic packets.A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset.The complexity of the dataset is reduced using Principal Component Analysis(PCA)and the device type is identified by training weights using BLS.The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.展开更多
Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)...Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.展开更多
The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermo...The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermore,with the increase in the adoption of encrypted data transmission by many people who tend to use a Virtual Private Network(VPN)or Tor Browser(dark web)to keep their data privacy and hidden,network traffic encryption is rapidly becoming a universal approach.This affects and complicates the quality of service(QoS),traffic monitoring,and network security provided by Internet Service Providers(ISPs),particularly for analysis and anomaly detection approaches based on the network traffic’s nature.The method of categorizing encrypted traffic is one of the most challenging issues introduced by a VPN as a way to bypass censorship as well as gain access to geo-locked services.Therefore,an efficient approach is especially needed that enables the identification of encrypted network traffic data to extract and select valuable features which improve the quality of service and network management as well as to oversee the overall performance.In this paper,the classification of network traffic data in terms of VPN and non-VPN traffic is studied based on the efficiency of time-based features extracted from network packets.Therefore,this paper suggests two machine learning models that categorize network traffic into encrypted and non-encrypted traffic.The proposed models utilize statistical features(SF),Pearson Correlation(PC),and a Genetic Algorithm(GA),preprocessing the traffic samples into net flow traffic to accomplish the experiment’s objectives.The GA-based method utilizes a stochastic method based on natural genetics and biological evolution to extract essential features.The PC-based method performs well in removing different features of network traffic.With a microsecond perpacket prediction time,the best model achieved an accuracy of more than 95.02 percent in the most demanding traffic classification task,a drop in accuracy of only 2.37 percent in comparison to the entire statistical-based machine learning approach.This is extremely promising for the development of real-time traffic analyzers.展开更多
Air traffic complexity is an objective metric for evaluating the operational condition of the airspace. It has several applications, such as airspace design and traffic flow management.Therefore, identifying a reliabl...Air traffic complexity is an objective metric for evaluating the operational condition of the airspace. It has several applications, such as airspace design and traffic flow management.Therefore, identifying a reliable method to accurately measure traffic complexity is important. Considering that many factors correlate with traffic complexity in complicated nonlinear ways,researchers have proposed several complexity evaluation methods based on machine learning models which were trained with large samples. However, the high cost of sample collection usually results in limited training set. In this paper, an ensemble learning model is proposed for measuring air traffic complexity within a sector based on small samples. To exploit the classification information within each factor, multiple diverse factor subsets(FSSs) are generated under guidance from factor noise and independence analysis. Then, a base complexity evaluator is built corresponding to each FSS. The final complexity evaluation result is obtained by integrating all results from the base evaluators. Experimental studies using real-world air traffic operation data demonstrate the advantages of our model for small-sample-based traffic complexity evaluation over other stateof-the-art methods.展开更多
An optimization model and its solution algorithm for alternate traffic restriction(ATR) schemes were introduced in terms of both the restriction districts and the proportion of restricted automobiles. A bi-level progr...An optimization model and its solution algorithm for alternate traffic restriction(ATR) schemes were introduced in terms of both the restriction districts and the proportion of restricted automobiles. A bi-level programming model was proposed to model the ATR scheme optimization problem by aiming at consumer surplus maximization and overload flow minimization at the upper-level model. At the lower-level model, elastic demand, mode choice and multi-class user equilibrium assignment were synthetically optimized. A genetic algorithm involving prolonging codes was constructed, demonstrating high computing efficiency in that it dynamically includes newly-appearing overload links in the codes so as to reduce the subsequent searching range. Moreover,practical processing approaches were suggested, which may improve the operability of the model-based solutions.展开更多
Recently,Quality of Experience(QoE)has been introduced as a subjective measure of a user’s experience of communication services.QoE was expected to take the place of traditional Quality of Service(QoS)measure in that...Recently,Quality of Experience(QoE)has been introduced as a subjective measure of a user’s experience of communication services.QoE was expected to take the place of traditional Quality of Service(QoS)measure in that QoE may express a direct and accurate user experience.In this paper,we propose a QoE management scheme which is based on a user’s simple feedback.We explain the proposed QoE management steps and the dominant reason extraction algorithm to determine the quality-falling instance.We also present a QoE prediction method that will provide an optimal quality management scheme in communication services.Experiments on multimedia streaming service prove the efficiency of the dominant factor extraction algorithm,and the experiment using the QoE prediction method present a very high accuracy.The QoE management scheme proposed in this paper can be generally adapted to any communication services,to increase the efficiency and effectiveness of quality management systems.展开更多
In this paper,we present the resuks of the BitTorrent measurement study.Two sources of BitTorrent data were utilised:meta-data files and the logs of one of the currently most popular BitTorrent clients--gTorrent.Exper...In this paper,we present the resuks of the BitTorrent measurement study.Two sources of BitTorrent data were utilised:meta-data files and the logs of one of the currently most popular BitTorrent clients--gTorrent.Experimental data were collected for fifteen days from the popular torrent-discovery site thepiratebay.org(more than 30000 torrents were captured and analysed).During this pe-riod the activity and logs of an unmodified version ofμTorrent client downloading ses-sions were also captured.The obtained ex-perimental results are swarm-oriented,which allows us to look at BitTorrent and its users from an exchanged resources perspective.Moreover,comparative analysis of the clients'connections with and without theμTP proto-col is carried out to verify the extent to whichμTP improves BitTorrent transmissions.To the authors'best knowledge,none of the previous studies have addressed these issues.展开更多
The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a re...The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a result,research on network analysis has become vital.Machine learning-based techniques for network analysis provide a more extensive and adaptable approach in comparison to traditional rule-based methods.In this paper,we propose a framework for analyzing communications between IoT devices using supervised learning and ensemble techniques and present experimental results that validate the efficacy of the proposed framework.The results indicate that using the proposed ensemble techniques improves accuracy by up to 1.7%compared to single-algorithm approaches.These results also suggest that the proposed framework can flexibly adapt to general IoT network analysis scenarios.Unlike existing frameworks,which only exhibit high performance in specific situations,the proposed framework can serve as a fundamental approach for addressing a wide range of issues.展开更多
Website fingerprinting,also known asWF,is a traffic analysis attack that enables local eavesdroppers to infer a user’s browsing destination,even when using the Tor anonymity network.While advanced attacks based on de...Website fingerprinting,also known asWF,is a traffic analysis attack that enables local eavesdroppers to infer a user’s browsing destination,even when using the Tor anonymity network.While advanced attacks based on deep neural network(DNN)can performfeature engineering and attain accuracy rates of over 98%,research has demonstrated thatDNNis vulnerable to adversarial samples.As a result,many researchers have explored using adversarial samples as a defense mechanism against DNN-based WF attacks and have achieved considerable success.However,these methods suffer from high bandwidth overhead or require access to the target model,which is unrealistic.This paper proposes CMAES-WFD,a black-box WF defense based on adversarial samples.The process of generating adversarial examples is transformed into a constrained optimization problem solved by utilizing the Covariance Matrix Adaptation Evolution Strategy(CMAES)optimization algorithm.Perturbations are injected into the local parts of the original traffic to control bandwidth overhead.According to the experiment results,CMAES-WFD was able to significantly decrease the accuracy of Deep Fingerprinting(DF)and VarCnn to below 8.3%and the bandwidth overhead to a maximum of only 14.6%and 20.5%,respectively.Specially,for Automated Website Fingerprinting(AWF)with simple structure,CMAES-WFD reduced the classification accuracy to only 6.7%and the bandwidth overhead to less than 7.4%.Moreover,it was demonstrated that CMAES-WFD was robust against adversarial training to a certain extent.展开更多
The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain ...The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain an advantage against attacks.However,early botnet detection is challenging because of continuous malware mutations,the adoption of sophisticated obfuscation techniques,and the massive volume of data.The literature addresses botnet detection by modeling the behavior of malware spread,the classification of malicious traffic,and the analysis of traffic anomalies.This article details ANTE,a system for ANTicipating botnEt signals based on machine learning algorithms.The system adapts itself to different scenarios and detects different types of botnets.It autonomously selects the most appropriate Machine Learning(ML)pipeline for each botnet and improves the classification before an attack effectively begins.The system evaluation follows trace-driven experiments and compares ANTE results to other relevant results from the literature over four representative datasets:ISOT HTTP Botnet,CTU-13,CICDDoS2019,and BoT-IoT.Results show an average detection accuracy of 99.06%and an average bot detection precision of 100%.展开更多
In order to understand how a network is being used or whether it is being abused, an administrator needs to inspect the flow of the traffic and "infers" the intent of the users and applications. So the network traff...In order to understand how a network is being used or whether it is being abused, an administrator needs to inspect the flow of the traffic and "infers" the intent of the users and applications. So the network traffic measurement and analysis are crucial to network monitoring, reliable DDoS detecting and attack source locating as well. In this paper, we discuss the principle of real-time network traffic measurement and analysis through embedding a traffic measurement and analysis engine into IP packet-decoding module, and emphasize the implementation of visualizing the real-time network traffic, which are helpful to network monitoring and network traffic modeling.展开更多
文摘The application and development of a wide-area measurement system(WAMS)has enabled many applications and led to several requirements based on dynamic measurement data.Such data are transmitted as big data information flow.To ensure effective transmission of wide-frequency electrical information by the communication protocol of a WAMS,this study performs real-time traffic monitoring and analysis of the data network of a power information system,and establishes corresponding network optimization strategies to solve existing transmission problems.This study utilizes the traffic analysis results obtained using the current real-time dynamic monitoring system to design an optimization strategy,covering the optimization in three progressive levels:the underlying communication protocol,source data,and transmission process.Optimization of the system structure and scheduling optimization of data information are validated to be feasible and practical via tests.
基金supported by JSPS KAKENHI Grant Number JP16K00117, JP19K20250KDDI Foundationthe China Scholarship Council (201808050016)
文摘The development of communication technologies which support traffic-intensive applications presents new challenges in designing a real-time traffic analysis architecture and an accurate method that suitable for a wide variety of traffic types.Current traffic analysis methods are executed on the cloud,which needs to upload the traffic data.Fog computing is a more promising way to save bandwidth resources by offloading these tasks to the fog nodes.However,traffic analysis models based on traditional machine learning need to retrain all traffic data when updating the trained model,which are not suitable for fog computing due to the poor computing power.In this study,we design a novel fog computing based traffic analysis system using broad learning.For one thing,fog computing can provide a distributed architecture for saving the bandwidth resources.For another,we use the broad learning to incrementally train the traffic data,which is more suitable for fog computing because it can support incremental updates of models without retraining all data.We implement our system on the Raspberry Pi,and experimental results show that we have a 98%probability to accurately identify these traffic data.Moreover,our method has a faster training speed compared with Convolutional Neural Network(CNN).
文摘A network analyzer can often comprehend many protocols, which enables it to display talks taking place between hosts over a network. A network analyzer analyzes the device or network response and measures for the operator to keep an eye on the network’s or object’s performance in an RF circuit. The purpose of the following research includes analyzing the capabilities of NetFlow analyzer to measure various parts, including filters, mixers, frequency sensitive networks, transistors, and other RF-based instruments. NetFlow Analyzer is a network traffic analyzer that measures the network parameters of electrical networks. Although there are other types of network parameter sets including Y, Z, & H-parameters, these instruments are typically employed to measure S-parameters since transmission & reflection of electrical networks are simple to calculate at high frequencies. These analyzers are widely employed to distinguish between two-port networks, including filters and amplifiers. By allowing the user to view the actual data that is sent over a network, packet by packet, a network analyzer informs you of what is happening there. Also, this research will contain the design model of NetFlow Analyzer that Measurements involving transmission and reflection use. Gain, insertion loss, and transmission coefficient are measured in transmission measurements, whereas return loss, reflection coefficient, impedance, and other variables are measured in reflection measurements. These analyzers’ operational frequencies vary from 1 Hz to 1.5 THz. These analyzers can also be used to examine stability in measurements of open loops, audio components, and ultrasonics.
基金This work is supported by the following projects: National Natural Science Foundation of China grant 60772136, 111 Development Program of China NO.B08038, National Science & Technology Pillar Program of China NO.2008BAH22B03 and NO. 2007BAH08B01.
文摘In order to identify any traces of suspicious activities for the networks security, Network Traffic Analysis has been the basis of network security and network management. With the continued emergence of new applications and encrypted traffic, the currently available approaches can not perform well for all kinds of network data. In this paper, we propose a novel stream pattern matching technique which is not only easily deployed but also includes the advantages of different methods. The main idea is: first, defining a formal description specification, by which any series of data stream can be unambiguously descrbed by a special stream pattern; then a tree representation is constructed by parsing the stream pattern; at last, a stream pattern engine is constructed with the Non-t-mite automata (S-CG-NFA) and Bit-parallel searching algorithms. Our stream pattern analysis system has been fully prototyped on C programming language and Xilinx Vn-tex2 FPGA. The experimental results show the method could provides a high level of recognition efficiency and accuracy.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2014R1A1A2057796)and(2015R1D1A1A01059049)
文摘The phenomenon of data explosion represents a severe challenge for the upcoming big data era.However,the current Internet architecture is insufficient for dealing with a huge amount of traffic owing to an increase in redundant content transmission and the end-point-based communication model.Information-centric networking(ICN)is a paradigm for the future Internet that can be utilized to resolve the data explosion problem.In this paper,we focus on content-centric networking(CCN),one of the key candidate ICN architectures.CCN has been studied in various network environments with the aim of relieving network and server burden,especially in name-based forwarding and in-network caching functionalities.This paper studies the effect of several caching strategies in the CCN domain from the perspective of network and server overhead.Thus,we comprehensively analyze the in-network caching performance of CCN under several popular cache replication methods(i.e.,cache placement).We evaluate the performance with respect to wellknown Internet traffic patterns that follow certain probabilistic distributions,such as the Zipf/Mandelbrot–Zipf distributions,and flashcrowds.For the experiments,we developed an OPNET-based CCN simulator with a realistic Internet-like topology.
基金supported by the National Key R&D Program of China (2021YFB2700200)the National Natural Science Foundation of China (U21B2021,61932014,61972018,62202027)+2 种基金Young Elite Scientists Sponsorship Program by CAST (2022QNRC001)Beijing Natural Science Foundation (M23016)Yunnan Key Laboratory of Blockchain Application Technology Open Project (202105AG070005,YNB202206)。
文摘Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality(VR)and blockchain technology but introduces privacy risks.Now,a series of challenges arise in Metaverse security,including massive data traffic breaches,large-scale user tracking,analysis activities,unreliable Artificial Intelligence(AI)analysis results,and social engineering security for people.In this work,we concentrate on Decentraland and Sandbox,two well-known Metaverse applications in Web 3.0.Our experiments analyze,for the first time,the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy.We develop a lightweight traffic processing approach suitable for the Web 3.0 environment,which does not rely on complex decryption or reverse engineering techniques.We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts.This method provides a new approach to de-anonymizing users'identities through Metaverse applications.Our system,METAseen,analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices.The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information(PII),device information,and Metaverse-related data.By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider,we discovered that far more than 49%of the Metaverse data flows needed to be disclosed appropriately.
基金supported through Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2025R508)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia。
文摘Unmanned Aerial Vehicles(UAVs)have become indispensable for intelligent traffic monitoring,particularly in low-light conditions,where traditional surveillance systems struggle.This study presents a novel deep learning-based framework for nighttime aerial vehicle detection and classification that addresses critical challenges of poor illumination,noise,and occlusions.Our pipeline integrates MSRCR enhancement with OPTICS segmentation to overcome low-light challenges,while YOLOv10 enables accurate vehicle localization.The framework employs GLOH and Dense-SIFT for discriminative feature extraction,optimized using the Whale Optimization Algorithm to enhance classification performance.A Swin Transformer-based classifier provides the final categorization,leveraging hierarchical attention mechanisms for robust performance.Extensive experimentation validates our approach,achieving detection mAP@0.5 scores of 91.5%(UAVDT)and 89.7%(VisDrone),alongside classification accuracies of 95.50%and 92.67%,respectively.These results outperform state-of-the-art methods by up to 5.10%in accuracy and 4.2%in mAP,demonstrating the framework’s effectiveness for real-time aerial surveillance and intelligent traffic management in challenging nighttime environments.
基金supported through Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2025R508)Princess Nourah bint Abdulrahman University,Riyadh,Saudi ArabiaThe research team thanks the Deanship of Graduate Studies and Scientific Research at Najran University for supporting the research project through the Nama’a program,with the project code NU/GP/SERC/13/18-5.
文摘Unmanned Aerial Vehicles(UAVs)are increasingly employed in traffic surveillance,urban planning,and infrastructure monitoring due to their cost-effectiveness,flexibility,and high-resolution imaging.However,vehicle detection and classification in aerial imagery remain challenging due to scale variations from fluctuating UAV altitudes,frequent occlusions in dense traffic,and environmental noise,such as shadows and lighting inconsistencies.Traditional methods,including sliding-window searches and shallow learning techniques,struggle with computational inefficiency and robustness under dynamic conditions.To address these limitations,this study proposes a six-stage hierarchical framework integrating radiometric calibration,deep learning,and classical feature engineering.The workflow begins with radiometric calibration to normalize pixel intensities and mitigate sensor noise,followed by Conditional Random Field(CRF)segmentation to isolate vehicles.YOLOv9,equipped with a bi-directional feature pyramid network(BiFPN),ensures precise multi-scale object detection.Hybrid feature extraction employs Maximally Stable Extremal Regions(MSER)for stable contour detection,Binary Robust Independent Elementary Features(BRIEF)for texture encoding,and Affine-SIFT(ASIFT)for viewpoint invariance.Quadratic Discriminant Analysis(QDA)enhances feature discrimination,while a Probabilistic Neural Network(PNN)performs Bayesian probability-based classification.Tested on the Roundabout Aerial Imagery(15,474 images,985K instances)and AU-AIR(32,823 instances,7 classes)datasets,the model achieves state-of-the-art accuracy of 95.54%and 94.14%,respectively.Its superior performance in detecting small-scale vehicles and resolving occlusions highlights its potential for intelligent traffic systems.Future work will extend testing to nighttime and adverse weather conditions while optimizing real-time UAV inference.
基金supported by National Key R&D Program of China(2019YFB2102303)National Natural Science Foundation of China(NSFC61971014,NSFC11675199)Young Backbone Teacher Training Program of Henan Colleges and Universities(2021GGJS170).
文摘The popularity of the Internet of Things(IoT)has enabled a large number of vulnerable devices to connect to the Internet,bringing huge security risks.As a network-level security authentication method,device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases.However,flexible and diversified IoT devices with limited resources increase dif-ficulty of the device fingerprint authentication method executed in IoT,because it needs to retrain the model network to deal with incremental features or types.To address this problem,a device fingerprinting mechanism based on a Broad Learning System(BLS)is proposed in this paper.The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices,and extracts feature parameters of the traffic packets.A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset.The complexity of the dataset is reduced using Principal Component Analysis(PCA)and the device type is identified by training weights using BLS.The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.
基金supported by King Khalid University,Saudi Arabia underGrant No.RGP.2/61/43.
文摘Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.
文摘The continual growth of the use of technological appliances during the COVID-19 pandemic has resulted in a massive volume of data flow on the Internet,as many employees have transitioned to working from home.Furthermore,with the increase in the adoption of encrypted data transmission by many people who tend to use a Virtual Private Network(VPN)or Tor Browser(dark web)to keep their data privacy and hidden,network traffic encryption is rapidly becoming a universal approach.This affects and complicates the quality of service(QoS),traffic monitoring,and network security provided by Internet Service Providers(ISPs),particularly for analysis and anomaly detection approaches based on the network traffic’s nature.The method of categorizing encrypted traffic is one of the most challenging issues introduced by a VPN as a way to bypass censorship as well as gain access to geo-locked services.Therefore,an efficient approach is especially needed that enables the identification of encrypted network traffic data to extract and select valuable features which improve the quality of service and network management as well as to oversee the overall performance.In this paper,the classification of network traffic data in terms of VPN and non-VPN traffic is studied based on the efficiency of time-based features extracted from network packets.Therefore,this paper suggests two machine learning models that categorize network traffic into encrypted and non-encrypted traffic.The proposed models utilize statistical features(SF),Pearson Correlation(PC),and a Genetic Algorithm(GA),preprocessing the traffic samples into net flow traffic to accomplish the experiment’s objectives.The GA-based method utilizes a stochastic method based on natural genetics and biological evolution to extract essential features.The PC-based method performs well in removing different features of network traffic.With a microsecond perpacket prediction time,the best model achieved an accuracy of more than 95.02 percent in the most demanding traffic classification task,a drop in accuracy of only 2.37 percent in comparison to the entire statistical-based machine learning approach.This is extremely promising for the development of real-time traffic analyzers.
基金co-supported by the State Key Program of National Natural Science Foundation of China (No. 91538204)the National Science Fund for Distinguished Young Scholars (No. 61425014)the National Key Technologies R&D Program of China (No. 2015BAG15B01)
文摘Air traffic complexity is an objective metric for evaluating the operational condition of the airspace. It has several applications, such as airspace design and traffic flow management.Therefore, identifying a reliable method to accurately measure traffic complexity is important. Considering that many factors correlate with traffic complexity in complicated nonlinear ways,researchers have proposed several complexity evaluation methods based on machine learning models which were trained with large samples. However, the high cost of sample collection usually results in limited training set. In this paper, an ensemble learning model is proposed for measuring air traffic complexity within a sector based on small samples. To exploit the classification information within each factor, multiple diverse factor subsets(FSSs) are generated under guidance from factor noise and independence analysis. Then, a base complexity evaluator is built corresponding to each FSS. The final complexity evaluation result is obtained by integrating all results from the base evaluators. Experimental studies using real-world air traffic operation data demonstrate the advantages of our model for small-sample-based traffic complexity evaluation over other stateof-the-art methods.
基金Projects(71171200,51108465,71101155)supported by the National Natural Science Foundation of China
文摘An optimization model and its solution algorithm for alternate traffic restriction(ATR) schemes were introduced in terms of both the restriction districts and the proportion of restricted automobiles. A bi-level programming model was proposed to model the ATR scheme optimization problem by aiming at consumer surplus maximization and overload flow minimization at the upper-level model. At the lower-level model, elastic demand, mode choice and multi-class user equilibrium assignment were synthetically optimized. A genetic algorithm involving prolonging codes was constructed, demonstrating high computing efficiency in that it dynamically includes newly-appearing overload links in the codes so as to reduce the subsequent searching range. Moreover,practical processing approaches were suggested, which may improve the operability of the model-based solutions.
基金supported by the Ministry of Knowledge Economy (MKE), Korea, under the Convergence Information Technology Research Center (CITRC) support program, under Grant No. NIPA-2012-H0401-12-1002supervised by the National IT Industry Promotion Agency (NIPA)
文摘Recently,Quality of Experience(QoE)has been introduced as a subjective measure of a user’s experience of communication services.QoE was expected to take the place of traditional Quality of Service(QoS)measure in that QoE may express a direct and accurate user experience.In this paper,we propose a QoE management scheme which is based on a user’s simple feedback.We explain the proposed QoE management steps and the dominant reason extraction algorithm to determine the quality-falling instance.We also present a QoE prediction method that will provide an optimal quality management scheme in communication services.Experiments on multimedia streaming service prove the efficiency of the dominant factor extraction algorithm,and the experiment using the QoE prediction method present a very high accuracy.The QoE management scheme proposed in this paper can be generally adapted to any communication services,to increase the efficiency and effectiveness of quality management systems.
基金partially supported by the Polish National Science Center under Grant No.2011/01/D/ST7/05054
文摘In this paper,we present the resuks of the BitTorrent measurement study.Two sources of BitTorrent data were utilised:meta-data files and the logs of one of the currently most popular BitTorrent clients--gTorrent.Experimental data were collected for fifteen days from the popular torrent-discovery site thepiratebay.org(more than 30000 torrents were captured and analysed).During this pe-riod the activity and logs of an unmodified version ofμTorrent client downloading ses-sions were also captured.The obtained ex-perimental results are swarm-oriented,which allows us to look at BitTorrent and its users from an exchanged resources perspective.Moreover,comparative analysis of the clients'connections with and without theμTP proto-col is carried out to verify the extent to whichμTP improves BitTorrent transmissions.To the authors'best knowledge,none of the previous studies have addressed these issues.
基金supported by Innovative Human Resource Development for Local Intellectualization program through the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(IITP2024-00156287,50%)funded by the Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2022-0-01203,Regional Strategic Industry Convergence Security Core Talent Training Business,50%).
文摘The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a result,research on network analysis has become vital.Machine learning-based techniques for network analysis provide a more extensive and adaptable approach in comparison to traditional rule-based methods.In this paper,we propose a framework for analyzing communications between IoT devices using supervised learning and ensemble techniques and present experimental results that validate the efficacy of the proposed framework.The results indicate that using the proposed ensemble techniques improves accuracy by up to 1.7%compared to single-algorithm approaches.These results also suggest that the proposed framework can flexibly adapt to general IoT network analysis scenarios.Unlike existing frameworks,which only exhibit high performance in specific situations,the proposed framework can serve as a fundamental approach for addressing a wide range of issues.
基金the Key JCJQ Program of China:2020-JCJQ-ZD-021-00 and 2020-JCJQ-ZD-024-12.
文摘Website fingerprinting,also known asWF,is a traffic analysis attack that enables local eavesdroppers to infer a user’s browsing destination,even when using the Tor anonymity network.While advanced attacks based on deep neural network(DNN)can performfeature engineering and attain accuracy rates of over 98%,research has demonstrated thatDNNis vulnerable to adversarial samples.As a result,many researchers have explored using adversarial samples as a defense mechanism against DNN-based WF attacks and have achieved considerable success.However,these methods suffer from high bandwidth overhead or require access to the target model,which is unrealistic.This paper proposes CMAES-WFD,a black-box WF defense based on adversarial samples.The process of generating adversarial examples is transformed into a constrained optimization problem solved by utilizing the Covariance Matrix Adaptation Evolution Strategy(CMAES)optimization algorithm.Perturbations are injected into the local parts of the original traffic to control bandwidth overhead.According to the experiment results,CMAES-WFD was able to significantly decrease the accuracy of Deep Fingerprinting(DF)and VarCnn to below 8.3%and the bandwidth overhead to a maximum of only 14.6%and 20.5%,respectively.Specially,for Automated Website Fingerprinting(AWF)with simple structure,CMAES-WFD reduced the classification accuracy to only 6.7%and the bandwidth overhead to less than 7.4%.Moreover,it was demonstrated that CMAES-WFD was robust against adversarial training to a certain extent.
基金This work was supported by National Council for Scientific and Technological Development(CNPq/Brazil)grants#309129/2017-6 and#432204/2018-0,by Sao Paulo Research Foundation(FAPESP)+2 种基金grant#2018/23098-0,by the Coordination for the Improvement of Higher Education Personnel CAPES/Brazilgrants#88887.501287/2020-00 and#88887.509309/2020–00by the National Teaching and Research Network(RNP)by the GT-Periscope project.
文摘The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things(IoT)highlight the necessity of the early detection of botnets(i.e.,a network of infected devices)to gain an advantage against attacks.However,early botnet detection is challenging because of continuous malware mutations,the adoption of sophisticated obfuscation techniques,and the massive volume of data.The literature addresses botnet detection by modeling the behavior of malware spread,the classification of malicious traffic,and the analysis of traffic anomalies.This article details ANTE,a system for ANTicipating botnEt signals based on machine learning algorithms.The system adapts itself to different scenarios and detects different types of botnets.It autonomously selects the most appropriate Machine Learning(ML)pipeline for each botnet and improves the classification before an attack effectively begins.The system evaluation follows trace-driven experiments and compares ANTE results to other relevant results from the literature over four representative datasets:ISOT HTTP Botnet,CTU-13,CICDDoS2019,and BoT-IoT.Results show an average detection accuracy of 99.06%and an average bot detection precision of 100%.
文摘In order to understand how a network is being used or whether it is being abused, an administrator needs to inspect the flow of the traffic and "infers" the intent of the users and applications. So the network traffic measurement and analysis are crucial to network monitoring, reliable DDoS detecting and attack source locating as well. In this paper, we discuss the principle of real-time network traffic measurement and analysis through embedding a traffic measurement and analysis engine into IP packet-decoding module, and emphasize the implementation of visualizing the real-time network traffic, which are helpful to network monitoring and network traffic modeling.