Doctoral thesis (Dissertations and theses)
Security and Network monitoring based on Internet flow measurements
WAGNER, Cynthia


Full Text
WagnerC- Thesis.pdf
Author postprint (5.15 MB)

All documents in ORBilu are protected by a user license.

Send to


Keywords :
network monitoring; flow analysis; anomaly detection; anonymity; tor security; game theory; data mining
Abstract :
[en] Today's networks face continuously arising new threats, making analysis of network data for the detection of anomalies in current operational networks essential. Network operators have to deal with the analysis of huge volumes of data. To counter this main issue, dealing with IP flows (also known as Netflows) records is common in network management. However in modern networks, even Netflow records still represent a high volume of data. Interest in traffic classification as well as attack and anomaly detection in network monitoring and security related activities has become very strong. This thesis addresses the topic of Netflow record analysis by introducing simple mechanisms for the evaluation of large quantities of data. The mechanisms are based on spatially aggregated Netflow records. These records are evaluated by the use of a kernel function. This similarity function analyses aggregated data on quantitative and topological pattern changes. By the use of machine learning techniques the aim is to use the aggregated data and classify it into benign traffic and anomalies. Besides the detection of anomalies in network traffic, traffic is analyzed from the perspective of an attacker and a network operator by using a game-theoretical model in order to define strategies for attack and defence. To extend the evaluation models, information from the application layer has been analyzed. An occurring problem with application flows is that in some cases, network flows cannot be clearly attributed to sessions or users, as for example in anonymous overlay networks. A model for the attribution of flows to sessions or users has been defined and related to this, the behaviour of attack and defence mechanisms is studied in the framework of a game.
Disciplines :
Computer science
Author, co-author :
WAGNER, Cynthia ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
Title :
Security and Network monitoring based on Internet flow measurements
Defense date :
30 March 2012
Institution :
Unilu - University of Luxembourg, Luxembourg, Luxembourg
Degree :
Docteur en Informatique
Promotor :
Available on ORBilu :
since 11 February 2014


Number of views
186 (13 by Unilu)
Number of downloads
894 (16 by Unilu)


Similar publications

Contact ORBilu