|
" Challenges in Security and Traffic Management in Enterprise Networks "
Barman, Dhiman
Faloutsos, Michalis
| Document Type
|
:
|
Latin Dissertation
|
| Language of Document
|
:
|
English
|
| Record Number
|
:
|
902958
|
| Doc. No
|
:
|
TL33z1292p
|
| Main Entry
|
:
|
Barman, Dhiman
|
| Title & Author
|
:
|
Challenges in Security and Traffic Management in Enterprise Networks\ Barman, DhimanFaloutsos, Michalis
|
| College
|
:
|
UC Riverside
|
| Date
|
:
|
2008
|
| student score
|
:
|
2008
|
| Abstract
|
:
|
Management of enterprise networks is a challenging problem because of their continued growth in size and functionality. We propose and evaluate a framework, <i> Godai </i>, which addresses the challenges in (i) setting thresholds in end host anomaly detectors,(ii) hierarchical summarization in data and (ii) application traffic classification. Godai enables IT operators to identify the end hosts that have been enslaved by an attacker to launch attacks and <i> Godai </i> achieves it by diversifying anomaly detector configuration. The general policies in the framework are holistic and achieve two goals: (a)balance the trade-offs between false alarm and mis-detection rates and (b) show that the benefits of full diversity can be attained at reduced complexity, by clustering the end hosts and treating a cluster homogeneously.The underlying principle of attack detection is to identify changes in data. <i> Godai </i> generalizes the concept for data with hierarchical identifiers, e.g., IP prefixes, URLs. A parsimonious hierarchical summarization eases the burden on IT operators to interprete analysis reports. <i> Godai </i> proposes efficient and provable algorithms to produce parsimonious explanations from the output of any statistical model that provides predictions and confidence intervals, making it widely applicable. Finally, <i> Godai </i> takes a step towards associating applications to traffic flows. It critically re-visits the existing ad hoc techniques of traffic classification approaches based on transport layer ports, host behavior and flow features and analyzes the effectiveness of different approaches. The results allow us to answer questions about the best available traffic classification approach, the conditions under which it performs well, and the strengths and limitations of each approach. The multifarious functionalities allow <i> Godai </i> to be a viable solution in enterprise network management.
|
| Added Entry
|
:
|
Faloutsos, Michalis
|
| Added Entry
|
:
|
UC Riverside
|
| |