자료유형  

 학위논문

Control Number  

0017162953

International Standard Book Number  

9798384338048

Dewey Decimal Classification Number  

500

Main Entry-Personal Name  

Wan, Gerry.

Publication, Distribution, etc. (Imprint  

[S.l.] : Stanford University., 2024

Publication, Distribution, etc. (Imprint  

Ann Arbor : ProQuest Dissertations & Theses, 2024

Physical Description  

131 p.

General Note  

Source: Dissertations Abstracts International, Volume: 86-03, Section: A.

General Note  

Advisor: Durumeric, Zakir.

Dissertation Note  

Thesis (Ph.D.)--Stanford University, 2024.

Summary, Etc.  

요약Network traffic analysis is essential for understanding and securing production networks. It is routinely used by both operators and researchers to investigate network behaviors, identify security threats, and monitor performance. However, network traffic has grown increasingly opaque. The rise of end-to-end encryption and the rapid growth in network speeds have outpaced the capabilities of traditional analysis methods, hindering visibility into modern networks.Despite recent progress in the development of specialized tools for high-speed networks and machine learning (ML) techniques for analyzing encrypted traffic, such tools and techniques remain difficult to deploy in practice. Many systems built on advanced networking hardware are performant, but cannot accommodate complex analysis tasks involving reassembled or parsed network data. ML-based solutions can infer information from encrypted traffic but often do not meet the performance demands of running in real-world networks.Traffic analysis systems should be practical: versatile enough to enable diverse and complex use cases, performant enough to operate in real-time against high-speed network traffic, and straightforward to deploy in standard computing environments.This dissertation presents frameworks and algorithms that enable practical systems for traffic analysis on modern networks. We first describe Retina, a software framework that supports 100+ Gbps traffic analysis on a single commodity server. Retina strategically discards unneeded traffic and defers expensive processing operations to efficiently perform complex analysis tasks without specialized hardware. We highlight several case studies that demonstrate Retina's versatility and performance.Next, we describe CATO, an optimization framework for ML-based traffic analysis. With the widespread adoption of end-to-end encryption, many network traffic characteristics can only be inferred through statistical or machine learning-based techniques. However, existing ML-based solutions tend to overlook the practical challenges of running models against high-speed traffic. CATO combines multi-objective Bayesian optimization with direct end-to-end measurements to jointly optimize and validate the in-network performance of ML-based traffic analysis pipelines. We show how CATO can be implemented on top of Retina to construct ML-based traffic analysis applications that can be deployed in real-world networks on a single server.

Subject Added Entry-Topical Term  

Decomposition.

Subject Added Entry-Topical Term  

Behavior.

Subject Added Entry-Topical Term  

Malware.

Subject Added Entry-Topical Term  

Streaming media.

Subject Added Entry-Topical Term  

Intrusion detection systems.

Subject Added Entry-Topical Term  

Protocol.

Subject Added Entry-Topical Term  

Optimization techniques.

Subject Added Entry-Topical Term  

Retina.

Subject Added Entry-Topical Term  

Computer science.

Subject Added Entry-Topical Term  

Film studies.

Subject Added Entry-Topical Term  

Web studies.

Added Entry-Corporate Name  

Stanford University.

Host Item Entry  

Dissertations Abstracts International. 86-03A.

Electronic Location and Access  

로그인을 한후 보실 수 있는 자료입니다.

Control Number  

joongbu:655435