Presentation is loading. Please wait.

Presentation is loading. Please wait.

Google-based Traffic Classification Aleksandar Kuzmanovic Northwestern University IEEE Computer Communications Workshop (CCW 08) October 23, 2008

PublishBrian Wilkinson Modified over 10 years ago

Similar presentations

Presentation on theme: "Google-based Traffic Classification Aleksandar Kuzmanovic Northwestern University IEEE Computer Communications Workshop (CCW 08) October 23, 2008"— Presentation transcript:

1 Google-based Traffic Classification Aleksandar Kuzmanovic Northwestern University IEEE Computer Communications Workshop (CCW 08) October 23, 2008 http://networks.cs.northwestern.edu

2 I. Trestian Unconstrained Endpoint Profiling (Googling the Internet) 2 Traffic Classification Problem – traffic classification Current approaches (port-based, payload signatures, numerical and statistical etc.) Our approach –Use information about destination IP addresses available on the Internet A. Kuzmanovic Google-based Traffic Classification

3 I. Trestian Unconstrained Endpoint Profiling (Googling the Internet) 3 Getting External Information Use Google! Can we systematically exploit search engines to harvest endpoint information available on the Internet? Huge amount of endpoint information available on the web A. Kuzmanovic Google-based Traffic Classification

4 I. Trestian Unconstrained Endpoint Profiling (Googling the Internet) 4 Websites run logging software and display statistics Some popular proxy services also display logs Popular servers (e.g., gaming) IP addresses are listed Blacklists, banlists, spamlists also have web interfaces Even P2P information is available on the Internet since the first point of contact with a P2P swarm is a publicly available IP address Where Does the Information Come From? Servers Clients P2P Malicious A. Kuzmanovic Google-based Traffic Classification

5 I. Trestian Unconstrained Endpoint Profiling (Googling the Internet) URL Hit text URL Hit text URL Hit text …. Rapid Match Domain name Keywords Domain name Keywords …. IP tagging IP Address xxx.xxx.xxx.xxx Website cache Search hits 5 Methodology – Web Classifier and IP Tagging A. Kuzmanovic Google-based Traffic Classification

6 I. Trestian Unconstrained Endpoint Profiling (Googling the Internet) 6 165.124.182.169 Tagged IP Cache Traffic Classification Mail server 193.226.5.150Website 68.87.195.25Router 186.25.13.24Halo server Hold a small % of the IP addresses seen Look at source and destination IP addresses and classify traffic A. Kuzmanovic Google-based Traffic Classification

7 I. Trestian Unconstrained Endpoint Profiling (Googling the Internet) When no sampling is done UEP outperforms BLINC UEP maintains a large classification ratio even at higher sampling rates BLINC stays in the dark 2% at sampling rate 100 UEP retains high classification capabilities with sampled traffic UEP retains high classification capabilities with sampled traffic 7 Working with Sampled Traffic A. Kuzmanovic Google-based Traffic Classification

8 I. Trestian Unconstrained Endpoint Profiling (Googling the Internet) Summary Shift research focus from mining operational network traces to harnessing information that is already available on the web Deep packet inspection and legal issues: –Federal Wiretap Act: thou shalt not intercept the contents of communications. Violations can result in civil and criminal penalties. The worst offenses may be investigated by the FBI, Secret Service, DEA, and IRS as felony prosecutions. –Only 2 exceptions: The provider protection exception Consent 8 A. Kuzmanovic Google-based Traffic Classification

Download ppt "Google-based Traffic Classification Aleksandar Kuzmanovic Northwestern University IEEE Computer Communications Workshop (CCW 08) October 23, 2008"

Similar presentations

Skynet: A Cloud-Hopping Data Transfer Architecture Aleksandar Kuzmanovic

Skynet: A Cloud-Hopping Data Transfer Architecture Aleksandar Kuzmanovic
The Internet Unit Information Systems, Higher. The Internet HTML Two sets of notes.

The Internet Unit Information Systems, Higher. The Internet HTML Two sets of notes.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Taming User-Generated Content in Mobile Networks via Drop Zones Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Taming User-Generated Content in Mobile Networks via Drop Zones Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Measuring Serendipity: Connecting People, Locations and Interests in a Mobile 3G Network Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio.

Measuring Serendipity: Connecting People, Locations and Interests in a Mobile 3G Network Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio.
® Microsoft Office 2010 Browser and Email Basics.

® Microsoft Office 2010 Browser and Basics.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
SYSTEM ADMINISTRATION Chapter 19

SYSTEM ADMINISTRATION Chapter 19
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
The process of increasing the amount of visitors to a website by ranking high in the search results of a search engine.

The process of increasing the amount of visitors to a website by ranking high in the search results of a search engine.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Internet Technologies Networking / Internet Protocols (TCP/IP) Server/Client Software Communication via Ports Web Page Technology Recipe of Web Page Development.

Internet Technologies Networking / Internet Protocols (TCP/IP) Server/Client Software Communication via Ports Web Page Technology Recipe of Web Page Development.
Words & Definitions By: Naftaly Garcia Birruete. Address Bar  The space provided on a web browser that shows the addresses of websites.

Words & Definitions By: Naftaly Garcia Birruete. Address Bar  The space provided on a web browser that shows the addresses of websites.
SEO PACKAGES. Types of Plans Starter Plan Business Plan Enterprises Plan.

SEO PACKAGES. Types of Plans Starter Plan Business Plan Enterprises Plan.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Department Of Computer Engineering

Department Of Computer Engineering
Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

Similar presentations

Ads by Google