Spam filtering for network traffic security on a multi-core environment

This paper presents an innovative fusion-based multi-classifier e-mail classification on a ubiquitous multicore architecture. Many previous approaches used text-based single classifiers to identify spam messages from a large e-mail corpus with some amount of false positive tradeoffs. Researchers are trying to prevent false positive in their filtering methods, but so far none of the current research has claimed zero false positive results. In e-mail classification false positive can potentially cause serious problems for the user. In this paper, we use fusion-based multi-classifier classification technique in a multi-core framework. By running each classifier process in parallel within their dedicated core, we greatly improve the performance of our multi-classifier-based filtering system in terms of running time, false positive rate, and filtering accuracy. Our proposed architecture also provides a safeguard of user mailbox from different malicious attacks. Our experimental results show that we achieved an average of 30% speedup at an average cost of 1.4 ms. We also reduced the instances of false positives, which are one of the key challenges in a spam filtering system, and increases e-mail classification accuracy substantially compared with single classification techniques.

An optimal transportation routing approach using GIS-based dynamic traffic flows

This paper examines the value of real-time traffic information gathered through Geographic Information Systems for achieving an optimal vehicle routing within a dynamically stochastic transportation network. We present a systematic approach in determining the dynamically varying parameters and implementation attributes that were used for the development of a Web-based transportation routing application integrated with real-time GIS services. We propose and implement an optimal routing algorithm by modifying Dijkstra’s algorithm in order to incorporate stochastically changing traffic flows. We describe the significant features of our Web application in making use of the real-time dynamic traffic flow information from GIS services towards achieving total costs savings and vehicle usage reduction. These features help users and vehicle drivers in improving their service levels and productivity as the Web application enables them to interactively find the optimal path and in identifying destinations effectively.

'Traffic-light' nutrition labelling and 'junk-food' tax : a modelled comparison of cost-effectiveness for obesity prevention

Introduction: Cost-effectiveness analyses are important tools in efforts to prioritise interventions for obesity prevention.
Modelling facilitates evaluation of multiple scenarios with varying assumptions. This study compares the cost-effectiveness of
conservative scenarios for two commonly proposed policy-based interventions: front-of-pack ‘traffic-light’ nutrition labelling
(traffic-light labelling) and a tax on unhealthy foods (‘junk-food’ tax).
Methods: For traffic-light labelling, estimates of changes in energy intake were based on an assumed 10% shift in consumption
towards healthier options in four food categories (breakfast cereals, pastries, sausages and preprepared meals) in 10% of adults. For the ‘junk-food’ tax, price elasticities were used to estimate a change in energy intake in response to a 10% price increase in seven food categories (including soft drinks, confectionery and snack foods). Changes in population weight and body mass index by sex were then estimated based on these changes in population energy intake, along with subsequent impacts on disability-adjusted life years (DALYs). Associated resource use was measured and costed using pathway analysis, based on a health sector perspective (with some industry costs included). Costs and health outcomes were discounted at 3%. The cost-effectiveness of each intervention was modelled for the 2003 Australian adult population.
Results: Both interventions resulted in reduced mean weight (traffic-light labelling: 1.3 kg (95% uncertainty interval (UI): 1.2;
1.4); ‘junk-food’ tax: 1.6 kg (95% UI: 1.5; 1.7)); and DALYs averted (traffic-light labelling: 45 100 (95% UI: 37 700; 60 100);
‘junk-food’ tax: 559 000 (95% UI: 459 500; 676 000)). Cost outlays were AUD81 million (95% UI: 44.7; 108.0) for traffic-light
labelling and AUD18 million (95% UI: 14.4; 21.6) for ‘junk-food’ tax. Cost-effectiveness analysis showed both interventions were
‘dominant’ (effective and cost-saving).
Conclusion: Policy-based population-wide interventions such as traffic-light nutrition labelling and taxes on unhealthy foods are
likely to offer excellent ‘value for money’ as obesity prevention measures.

An automatic application signature construction system for unknown traffic

Identifying applications and classifying network traffic flows according to their source applications are critical for a broad range of network activities. Such a decision can be based on packet header fields, packet payload content, statistical characteristics of traffic and communication patterns of network hosts. However, most present techniques rely on some sort of apriori knowledge, which means they require labor-intensive preprocessing before running and cannot deal with previously unknown applications. In this paper, we propose a traffic classification system based on application signatures, with a novel approach to fully automate the process of deriving signatures from unidentified traffic. The key idea is to integrate statistics-based flow clustering with payload-based signature matching method, so as to eliminate the requirement of pre-labeled training data sets. We evaluate the efficiency of our approach using real-world traffic trace, and the results indicate that signature classifiers built from clustered data and pre-labeled data are able to achieve similar high accuracy better than 99%.

Discriminating DDoS attack traffic from flash crowd through packet arrival patterns

Current DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission strategies and various forms of attack packets to beat defense systems. These problems lead to defense systems requiring various detection methods in order to identify attacks. Moreover, DDoS attacks can mix their traffics during flash crowds. By doing this, the complex defense system cannot detect the attack traffic in time. In this paper, we propose a behavior based detection that can discriminate DDoS attack traffic from traffic generated by real users. By using Pearson's correlation coefficient, our comparable detection methods can extract the repeatable features of the packet arrivals. The extensive simulations were tested for the accuracy of detection. We then performed experiments with several datasets and our results affirm that the proposed method can differentiate traffic of an attack source from legitimate traffic with a quick response. We also discuss approaches to improve our proposed methods at the conclusion of this paper.

Internet traffic classification using machine learning : a token-based approach

Due to the increasing unreliability of traditional port-based methods, Internet traffic classification has attracted a lot of research efforts in recent years. Quite a lot of previous papers have focused on using statistical characteristics as discriminators and applying machine learning techniques to classify the traffic flows. In this paper, we propose a novel machine learning based approach where the features are extracted from packet payload instead of flow statistics. Specifically, every flow is represented by a feature vector, in which each item indicates the occurrence of a particular token, i.e.; a common substring, in the payload. We have applied various machine learning algorithms to evaluate the idea and used different feature selection schemes to identify the critical tokens. Experimental result based on a real-world traffic data set shows that the approach can achieve high accuracy with low overhead.

A novel semi-supervised approach for network traffic clustering

Network traffic classification is an essential component for network management and security systems. To address the limitations of traditional port-based and payload-based methods, recent studies have been focusing on alternative approaches. One promising direction is applying machine learning techniques to classify traffic flows based on packet and flow level statistics. In particular, previous papers have illustrated that clustering can achieve high accuracy and discover unknown application classes. In this work, we present a novel semi-supervised learning method using constrained clustering algorithms. The motivation is that in network domain a lot of background information is available in addition to the data instances themselves. For example, we might know that flow ƒ1 and ƒ2 are using the same application protocol because they are visiting the same host address at the same port simultaneously. In this case, ƒ1 and ƒ2 shall be grouped into the same cluster ideally. Therefore, we describe these correlations in the form of pair-wise must-link constraints and incorporate them in the process of clustering. We have applied three constrained variants of the K-Means algorithm, which perform hard or soft constraint satisfaction and metric learning from constraints. A number of real-world traffic traces have been used to show the availability of constraints and to test the proposed approach. The experimental results indicate that by incorporating constraints in the course of clustering, the overall accuracy and cluster purity can be significantly improved.

Reliable aggregation on network traffic for web based knowledge discovery

The web is a rich resource for information discovery, as a result web mining is a hot topic. However, a reliable mining result depends on the reliability of the data set. For every single second, the web generate huge amount of data, such as web page requests, file transportation. The data reflect human behavior in the cyber space and therefore valuable for our analysis in various disciplines, e.g. social science, network security. How to deposit the data is a challenge. An usual strategy is to save the abstract of the data, such as using aggregation functions to preserve the features of the original data with much smaller space. A key problem, however is that such information can be distorted by the presence of illegitimate traffic, e.g. botnet recruitment scanning, DDoS attack traffic, etc. An important consideration in web related knowledge discovery then is the robustness of the aggregation method , which in turn may be affected by the reliability of network traffic data. In this chapter, we first present the methods of aggregation functions, and then we employe information distances to filter out anomaly data as a preparation for web data mining.

Hierarchical summarization techniques for network traffic

In today’s high speed networks it is becoming increasingly challenging for network managers to understand the nature of the traffic that is carried in their network. A major problem for traffic analysis in this context is how to extract a concise yet accurate summary of the relevant aggregate traffic flows that are present in network traces. In this paper, we present two summarization techniques to minimize the size of the traffic flow report that is generated by a hierarchical cluster analysis tool. By analyzing the accuracy and compaction gain of our approach on a standard benchmark dataset, we demonstrate that our approach achieves more accurate summaries than those of an existing tool that is based on frequent itemset mining.

Number plate survey methodology for long-distance traffic flows

The lack of comprehensive data on transport operations is a long- standing problem in transport research. Information on road transport in particular has proved difficult to obtain. This Paper documents a study which was aimed at developing and testing a technique to estimate long-distance passenger and freight movements based on direct observation of vehicle movements.

Predicted packet padding for anonymous web browsing against traffic analysis attacks

Anonymous communication has become a hot research topic in order to meet the increasing demand for web privacy protection. However, there are few such systems which can provide high level anonymity for web browsing. The reason is the current dominant dummy packet padding method for anonymization against traffic analysis attacks. This method inherits huge delay and bandwidth waste, which inhibits its use for web browsing. In this paper, we propose a predicted packet padding strategy to replace the dummy packet padding method for anonymous web browsing systems. The proposed strategy mitigates delay and bandwidth waste significantly on average. We formulated the traffic analysis attack and defense problem, and defined a metric, cost coefficient of anonymization (CCA), to measure the performance of anonymization. We thoroughly analyzed the problem with the characteristics of web browsing and concluded that the proposed strategy is better than the current dummy packet padding strategy in theory. We have conducted extensive experiments on two real world data sets, and the results confirmed the advantage of the proposed method.

Network and traffic engineering in emerging distributed computing applications

This book focuses on network management and traffic engineering for Internet and distributed computing technologies, as well as present emerging technology trends and advanced platform