一种VoIP流量识别的新方法*

目前传统的基于端口的流量识别方法不适合VoIP流量识别,基于载荷分析的流量识别方法应用于实时监测存在开销过大的问题,基于统计模型的流量识别方法也不适合实时监测。为此,针对VoIP的传输特性,提出并实现了一种新的VoIP流量识别方法。实验表明,只根据传输层信息,该方法的误报率在10%左右。     

加密MANET端到端流的推断与识别研究

根据数据流的帧发送时序特性, 提出一种基于时序匹配和关联分析的端到端流推断算法。采用时序匹配、关联分析、流追踪与回溯等机制, 分析与追踪探测区域内的所有端到端流。该算法能够在无须解密报文的前提下进行流量分析, 推断出端到端流的源、目的节点、流路径、流开始时间和流持续时长等信息。仿真实验表明, 算法可以有效识别网络中的端到端流。     

A machine learning approach to classifying YouTube QoE based on encrypted network traffic

Multimedia Tools and Applications - Due to the widespread use of encryption in Over-The-Top video streaming traffic, network operators generally lack insight into application-level quality...     

加密网络流量类型识别研究

针对传统的检测方法无法识别加密网络流量类型的问题,对加密网络流量类型的识别进行了研究。从加密后保持不变的网络流量特征着手,提出了通过统计数据包长度、数据包到达时间间隔以及流的方向等方法可以正确地识别加密网络流量类型,最后设计出加密网络流量类型识别的模型和相应的加密网络流量实时识别方案,通过对该方案的验证表明采用该方案能够获得较好的效果。     

An SVD audio watermarking approach using chaotic encrypted images

This paper presents a new approach for audio watermarking using the Singular Value Decomposition (SVD) mathematical technique. The proposed approach can be used for data hiding in the audio signals transmitted over wireless networks and for multi-level security systems as will be stated in the applications section. This approach is based on embedding a chaotic encrypted watermark in the singular values of the audio signal after transforming it into a 2-D format. The selection of the chaotic encryption algorithm for watermark encryption is attributed to its permutation nature, which resists noise, filtering, and compression attacks. After watermark embedding, the audio signal is transformed again into a 1-D format. The transformation between the 1-D and 2-D formats is performed in the well-known lexicographic ordering method used in image processing. The proposed approach can be implemented on the audio signal as a whole or on a segment-by-segment basis. The segment-by-segment implementation allows embedding the same watermark several times in the audio signal, which enhances the detectability of the watermark in the presence of severe attacks. Experimental results show that the proposed audio watermarking approach maintains the high quality of the audio signal and that the watermark extraction and decryption are possible even in the presence of attacks.     

An efficient CNN based encrypted Iris recognition approach in cognitive-IoT system

Multimedia Tools and Applications - Recently, biometric-based security plays a vital role in the success of the Cognitive Internet of Things (C-IoT) based security framework. The iris trait solves...     

网络加密流量侧信道攻击研究综述

网络加密流量侧信道攻击通过分析、提取网络应用通信过程中泄露的数据包长度、时间等侧信道信息,能够识别用户的身份和行为,甚至还原用户输入的原始数据.基于信息论建立了网络加密流量侧信道攻击模型,使用统一的模型框架分析了代表性的指纹攻击、击键攻击和语音攻击的方法和效果,讨论了基于隐藏数据包长度和时间信息的防御方法,结合技术发展...     

Software reuse: An empirical approach

Software reuse is widely believed to be the most promising technology for significantly improving software quality and productivity. In this paper, we discuss software reuse from an empirical perspective. We examine factors that affect reuse, reuse measurement, and techniques for tailoring a reuse program to a given organization via a failure modes model.     

An empirical comparison of generators for self similar simulated traffic

It is generally recognised that aggregated network traffic is self similar and that self similar traffic models should be used in simulation experiments when assessing the performance of a network. Many generators have been proposed to synthetically produce self similar simulation input; however most of them require the trace length to be known a priori. Four generators that allow continuous generation of self similar time series are evaluated in this work with respect to their ability to reproduce the desired level of self similarity. This extensive investigation uses ten times as many traces and twice the number of parameter values as previously reported. Three of the tested generators perform well but surprisingly the generator supplied with a widely used commercial network simulator is unusable. The reported results indicate that the generator based on multiplexing strictly alternating ON/OFF sources may perform better than generators based on chaotic maps, provided that more than 100 ON/OFF sources can be used. Three estimators for the degree of self similarity of a time series have been evaluated as part of the process, and the only acceptable one is based on a Wavelet decomposition of the traffic trace.     

An empirical approach to the characterization of background signatures in the thermal infrared spectral region

The detectability of an object in the infrared spectral region is, next to its own thermal characteristics, determined by the thermal behaviour of the background, that is, the thermodynamics of various elements, such as grass, trees and soil. In this sense, the temperature and emissivity variation of these background elements as a function of position, viewing angle and time is of major importance.

To determine the feasibility of empirical background temperature models, apparent temperatures of various background elements and meteorological parameters were recorded at 15-minute intervals over a period of one year, at the Gilze-Rijen air force base in the Netherlands (51°32°N, 5°51′E). Subsequently, this data was used to generate an empirical background temperature model.     

A survey on analyzing encrypted network traffic of mobile devices

International Journal of Information Security - Over the years, use of smartphones has come to dominate several areas, improving our lives, offering us convenience, and reshaping our daily work...     

基于机器自学习的互联网加密业务流早期识别

为精确高效地识别加密类业务流,给出了一种基于机器自学习的互联网加密业务流早期识别方法.该方法利用加密前后变化不明显的流量统计特征结合机器自学习方法进行识别.首先基于特征与业务类型的互熵来遴选出最优特征用于分类;然后利用所选特征给出了加密业务流总体识别模型,并对模型中的自学习阶段及识别阶段进行了创新,仅选取最能反映协议特点的每条业务流的前几个数据包进行早期识别,达到了对加密业务流高效识别的效果;最后对识别方法进行了性能分析和实验,实验结果表明,基于所选取的最优特征,仅利用每务流前5个数据包即可得到90%以上的流识别精确度.     

基于深度学习的加密恶意流量检测研究

随着网络安全防范意识增强,加密通信占据主流,加密流量快速增长。流量加密在保护隐私的同时,也掩饰非法企图,改变威胁形式。深度学习作为机器学习领域的重要分支,是流量分类的有力工具。近年来,将深度学习方法应用于入侵检测的研究不断深入,取得良好效果。在深入调研文献的基础上,将加密恶意流量检测的步骤总结归纳为“六步法”的一般检测框架模型,结合模型对数据处理及检测算法进行回顾总结,指出各类算法模型的优缺点,并对未来研究方向进行展望,以期为下一步研究提供帮助。     

An oblique-extrema-based approach for empirical mode decomposition

It has been found that envelopes established by extrema in the empirical mode decomposition cannot always depict the local characteristics of a signal very well. This is due in part to the slight oscillations characterized as hidden scales which are almost left untreated during the sifting process. When involving hidden scales, the intrinsic mode function usually contains at a given instance multiple oscillation modes. In view of this, based on inflection points this paper presents a new decomposition algorithm called ‘oblique-extrema empirical mode decomposition’ to settle these problems. With this algorithm, any signal can be decomposed into a finite number of ‘oblique-extrema intrinsic mode functions’ which may possess better-behaved Hilbert transforms and produce more accurate instantaneous frequencies. It can suppress the effect of hidden scales and gets one step further in extracting finer scales. Experimental results demonstrate good performances of this new method.     

An empirical approach to studying software evolution

With the approach of the new millennium, a primary focus in software engineering involves issues relating to upgrading, migrating, and evolving existing software systems. In this environment, the role of careful empirical studies as the basis for improving software maintenance processes, methods, and tools is highlighted. One of the most important processes that merits empirical evaluation is software evolution. Software evolution refers to the dynamic behaviour of software systems as they are maintained and enhanced over their lifetimes. Software evolution is particularly important as systems in organizations become longer-lived. However, evolution is challenging to study due to the longitudinal nature of the phenomenon in addition to the usual difficulties in collecting empirical data. We describe a set of methods and techniques that we have developed and adapted to empirically study software evolution. Our longitudinal empirical study involves collecting, coding, and analyzing more than 25000 change events to 23 commercial software systems over a 20-year period. Using data from two of the systems, we illustrate the efficacy of flexible phase mapping and gamma sequence analytic methods, originally developed in social psychology to examine group problem solving processes. We have adapted these techniques in the context of our study to identify and understand the phases through which a software system travels as it evolves over time. We contrast this approach with time series analysis. Our work demonstrates the advantages of applying methods and techniques from other domains to software engineering and illustrates how, despite difficulties, software evolution can be empirically studied     

An architectural approach towards Future Media Internet

Internet is the most important information exchange means nowadays and has become the core communication environment, not only for business relations, but also for social and human interaction. Yet, the immense success of Internet has created even higher hopes and expectations for new immersive and real-time applications and services. However, there are no guarantees that the current Internet will be able to support them. To face the new requirements coming from these new applications and services, several architectural approaches have been proposed. Evolutionary and clean-slate approaches, based on content-centric architectures, have been proposed for meeting new requirements regarding media. This paper highlights the main architectural functions and presents a revolutionary protocol stack and a holistic architectural approach that targets Future Media Internet (FMI). Among the architectural functions and the holistic approach, the paper presents solutions to overcome the current content delivery limitations, moving intelligence in the network and converting it into a content oriented/centric network, that goes well beyond current CDNs; supporting the functionalities for producing, publishing, caching, finding and consuming content; and a novel Future Media Internet protocol stack and network architecture.     

An anomaly-based approach to the analysis of the social behavior of VoIP users

In this paper we present the results of a study we recently conducted by analyzing a large data set of VoIP Call Detail Records (CDRs), provided by an Italian telecom operator. The objectives of this study were twofold: (i) first, to provide a representation of users behavior, as well as of their mutual interaction and communication patterns, allowing to identify certain easily separable user categories; and (ii) second, to design and implement a framework calculating such a representation starting from CDR, capable of operating within certain time constraints, and grouping users using unsupervised techniques.The paper shows how we can reliably identify behavioral patterns associated with the most common anomalous behaviors of VoIP users. It also exploits the expressive power of relational graphs in order to both validate the results of the unsupervised analysis and ease their interpretation by human operators.     

An iterative approach to enhanced traffic signal optimization

Recent advances in Intelligent Transportation Systems (ITS) provide large quantities of data that can be exploited for the development of improved traffic management systems. However, mining this data to extract useful patterns and information also presents significant challenges. In an earlier presentation we presented a novel method for optimising traffic timing plans via the use of clustering algorithms to automatically generate Time-Of-Day (TOD) intervals. By detecting time intervals which share common traffic conditions, it was possible to obtain TOD intervals which better reflect the underlying generators of traffic patterns. However, the above-mentioned procedure suffers from a problem: the data that is used to find the clusters was generated using the original traffic patterns, which means that the estimates of the true underlying TOD intervals could be inaccurate. In this paper, we present a refinement of the method which is based on iteratively re-estimating the TOD intervals. Experiments have been conducted to test the usefulness of this additional step and the results are presented and discussed in detail.