A typical flow monitoring architecture is shown in Fig. A widely used manner of monitoring traffic, especially in high-speed networks, is by means of passively measuring flows. For example, in data centers deadlines may be assigned to flows. A recent survey of media articles, in , revealed evidence of 49 outages in 20 providers worldwide during the 6-year period ending in The 4TU Cyber Security partners bring together expertise in the key areas that together provide the necessary foundation for addressing the problems mentioned below.
However, packet capturing is neither operationally nor financially scalable when considering high-speed links or large networking infrastructure.
The main goal of these two works is to inherit the accuracy from the provisioning approach from  while minimizing efforts on traffic measurements. In the next section we argue how cloud providers can monitor their networks as a first step towards ensuring the performance of their cloud services.
As mentioned in Section III, dependability of cloud services rely directly on the performance of the cloud data center network.
Others include terms to make it harder for customers to request refunds, for example. It is often assumed that customers are backed by SLAs. Considering the generic topology presented in Fig.
Also, some flow export devices were found to export no flag information about TCP flows . When TCP flags are not present in the monitoring data, however, this cannot be observed by network managers and signals of performance problems might remain unseen.
And as a last example, smart grids provide ample opportunity for fraud, and even social disruption if the privacy and security issues of such systems are not well addressed.
First, we obtained ground-truth infor-mation for flow-based intrusion detection by manually creating it. We know that the root cause of all these incidents is a combination of technological failure and human error or malicious behavior, but we are largely unable to prevent such incidents. In the case of flow measurements, we have researched how implementation details and protocol design choices might lead to artifacts that affect the accuracy of monitoring data.
Although alternative provisioning approaches, such as our proposal in , are much more accurate because they can capture short-term traffic fluctuations, they often require continuous packet capturing.
For example,  proposes a congestion control mechanism for data centers that focuses, among others, on high utilization of network links to maximize throughput of flows with deadlines. We believe that the detection problem is a key component in the field of intrusion detection.
To this threat, the research community has answered with a growing interest in intrusion detection, aiming to timely detect intruders and prevent damage.
Hence, it behaves quite similarly to the above mentioned rules-of-thumb.
As a result, a large spectrum of monitoring applications has been developed in the field of performance, security, and accounting, among others. Besides providing great advantages in terms of processing requirements and low hardware costs, flow export technologies are widely available in packet forwarding devices such as routers and switches as they may be used in data center networks — Fig.
A flow is defined in  as a set of IP packets passing an observation point in the network during a certain time interval; All packets belonging to a particular flow have a set of common properties. In all current projects there is strong cooperation with government and industry.
Cyber security raises a number of fundamental questions such as: We developed an optimization procedure that aims to mathematically treat such trade-off in a systematic manner, by automatically tuning the system parameters. Given that this study has only considered events that received media attention, the frequency of such problems is likely to be much higher.
In this method, traffic flows are exported, collected, and analyzed, rather than individual packets. However, current SLAs of cloud services are weak at best and, in general, written to protect the providers. To allow for more flexibility on the allocation of network resources, efficient and practical provisioning approaches from, for example, our proposals ,  could be brought into the context of data center networks.
As a result, no meaningful conclusions can be derived about the response time of cloud services, which should normally be in the order of tens of milliseconds . However, our experience in the area of flowbased measurements also has shown that flow data should always be considered with great care, before deriving any potentially misleading or even invalid conclusions from it.
The widespread use of cloud services puts even higher constraints on uninterrupted availability of both the service as a whole, and the facilitating networks. This makes flow monitoring a relatively simple and cost-effective solution for large-scale monitoring of cloud networks.
An interesting approach to validation is the creation of appropriate testbeds, or ground-truth data sets, for which it is known when an attack has taken place.
Cloud providers have been involved in numerous performance incidents. At the same time, we have also observed increasingly frequent and widely diversified attacks. If congested links are found at any tier of the cloud data center network, they may cause performance degradation and, consequently, flows deadlines may be missed.
Furthermore, with the advent of Software Defined Networks SDN and the increasing adoption of tools such as OpenFlow, we envision that scalable per-flow-based traffic measurements will be feasible even at large network infrastructures.
However, once monitoring systems have been calibrated and set up properly, the monitoring data — flow data in our case — can be used for many more applications, such as intrusion detection  and link provisioning. Considering that the loss of turnover in case of failure can be remarkable, dependability has become a key issue for cloud providers.Detection of APT Malware through External and Internal Network Tra c Correlation Author: Terence Slot Terence Slot, declare that this thesis titled, ’Detection of APT Malware through External and Internal Network Tra c Correlation’ and the work presented in it are my Many special thanks go to Anna Sperotto for bringing the.
View Anna Sperotto’s professional profile on LinkedIn. LinkedIn is the world's largest business network, helping professionals like Anna Sperotto discover inside connections to recommended job Title: Assistant Professor at University.
Master Thesis: “Automatic Deployment of Specification-based Intrusion Dr. Andreas Peter Dr. Anna Sperotto. Automatic Deployment of Speci cation-based Intrusion Detection in the BACnet Protocol Herson Tob as Esquivel Vargas Faculty of Electrical Engineering, Mathematics and Computer Science.
Contact details of mint-body.com A. Pras (Aiko), phone number, email address, visiting address, working days and more. Anna Sperotto. Distributed Denial of Service (DDoS) attacks are an increasing threat on the Internet.
This research is still in its initial phase and will contribute to a Ph.D. thesis. View Olivier van der Toorn’s profile on LinkedIn, the world's largest professional community. Olivier has 1 job listed on their profile. See the complete profile on LinkedIn and discover Olivier’s connections and jobs at similar companies.Download