| Summary: | 碩士 === 國立臺灣大學 === 電信工程學研究所 === 107 === Network traffic identification technique plays an important role in modern network security and management architectures. It can help the network manager to find out the anomalies in the network. Some large scale servers have become the targets of security attacks, and the behaviors of the servers may become abnormal. In previous works, network identification requires payload inspection and flow-based features collecting. Payload inspection cannot function when the payload is encrypted and may incur the privacy issue because the content should be scanned. Furthermore, it usually imposes heavy overhead to construct the rules. In the flow-based feature identification technique, the computation overhead to collect multiple packets and calculate the statistic features is very high and time-consuming. Therefore, we proposed a mechanism to determine whether the Internet traffics from large scale servers are normal or not by using the packet header information. Furthermore, because it only requires the information of one packet for detection, the detection time and the computation overhead can be reduced.
|
|---|
