Traffic flow monitoring with high temporal resolution

Detalhes bibliográficos
Autor(a) principal: Cunha, Maria Strecht Barros
Data de Publicação: 2023
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10773/41039
Resumo: The Internet has grown exponentially, connecting millions of devices for various purposes. However, this growth has led to increased malicious activities that require effective monitoring and security measures. Traditional traffic flow monitoring techniques restrain network performance optimisation and security, making high temporal resolution traffic flow monitoring more crucial for accurate issue identification, troubleshooting, and security breach prevention. To address the need for efficient and scalable monitoring systems, developing a system that can accurately track and measure the transmission of specific traffic flows over time is essential. Traditional monitoring techniques have limited temporal resolution, highlighting the need for high temporal resolution monitoring to provide a comprehensive view of network activity. This dissertation aims to create a monitoring system that can effectively and efficiently track and measure the traffic flow of filtered network data over time. The monitoring framework is divided into three modules: (1) acquiring data through packet filtering and monitoring, (2) processing data through flow identification and activity, and (3) storing the statistical information of the flows in a centralised archive system with high temporal resolution and a sampling interval that the user can customise. This dissertation explores the challenges brought about by the constantly changing and privacy-sensitive nature of the Internet and the advancements in network monitoring and security. This discussion covers the history of network monitoring, various network monitoring and measurement techniques, network flow monitoring, the traditional flow capture protocols and their limitations, and the pros and cons of flow capture with high temporal resolution. The monitoring framework was implemented in Rust, with the help of the Libpcap library, and its implementation is discussed regarding the developed methodologies to identify and quantify traffic flows over time through statistical qualification with high temporal resolution, the deployment of the framework in a network, and an overall performance evaluation.
id RCAP_e60bbdbec453a06febdc12dc3820c62b
oai_identifier_str oai:ria.ua.pt:10773/41039
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Traffic flow monitoring with high temporal resolutionFlow monitoringLibpcapNetwork monitoringPacket analysisThe Internet has grown exponentially, connecting millions of devices for various purposes. However, this growth has led to increased malicious activities that require effective monitoring and security measures. Traditional traffic flow monitoring techniques restrain network performance optimisation and security, making high temporal resolution traffic flow monitoring more crucial for accurate issue identification, troubleshooting, and security breach prevention. To address the need for efficient and scalable monitoring systems, developing a system that can accurately track and measure the transmission of specific traffic flows over time is essential. Traditional monitoring techniques have limited temporal resolution, highlighting the need for high temporal resolution monitoring to provide a comprehensive view of network activity. This dissertation aims to create a monitoring system that can effectively and efficiently track and measure the traffic flow of filtered network data over time. The monitoring framework is divided into three modules: (1) acquiring data through packet filtering and monitoring, (2) processing data through flow identification and activity, and (3) storing the statistical information of the flows in a centralised archive system with high temporal resolution and a sampling interval that the user can customise. This dissertation explores the challenges brought about by the constantly changing and privacy-sensitive nature of the Internet and the advancements in network monitoring and security. This discussion covers the history of network monitoring, various network monitoring and measurement techniques, network flow monitoring, the traditional flow capture protocols and their limitations, and the pros and cons of flow capture with high temporal resolution. The monitoring framework was implemented in Rust, with the help of the Libpcap library, and its implementation is discussed regarding the developed methodologies to identify and quantify traffic flows over time through statistical qualification with high temporal resolution, the deployment of the framework in a network, and an overall performance evaluation.A Internet tem crescido exponencialmente, ligando milhões de dispositivos para diversos fins. No entanto, este crescimento conduziu a um aumento das actividades maliciosas que exigem uma monitorização eficaz e devidas medidas de segurança. As técnicas tradicionais de monitorização do fluxo de tráfego restringem a optimização do desempenho e a segurança da rede, tornando a monitorização do fluxo de tráfego com alta resolução temporal mais crucial para a identificação precisa de problemas, a resolução de problemas e a prevenção de violações de segurança. Para responder à necessidade de sistemas de monitorização eficientes e escaláveis, é essencial desenvolver um sistema que possa acompanhar e medir com precisão a transmissão de fluxos de tráfego específicos ao longo do tempo. As técnicas de monitorização tradicionais têm uma resolução temporal limitada, o que realça a necessidade de uma monitorização de alta resolução temporal para proporcionar uma visão abrangente da actividade da rede. Esta dissertação tem como objectivo criar um sistema de monitorização que possa acompanhar e medir de forma eficaz e eficiente o fluxo de tráfego de dados de rede filtrados ao longo do tempo. A estrutura de monitorização está dividida em três módulos: (1) aquisição de dados através da filtragem e monitorização de pacotes, (2) processamento de dados através da identificação e actividade de fluxos e (3) armazenamento da informação estatística dos fluxos num sistema de arquivo centralizado com alta resolução temporal e um intervalo de amostragem que o utilizador pode personalizar. Esta dissertação explora os desafios trazidos pela natureza da Internet, em constante mudança e sensível à privacidade, e os avanços na monitorização e segurança da rede. Esta discussão abrange a história da monitorização de redes, várias técnicas de monitorização e medição de redes, monitorização de fluxos de rede, os protocolos tradicionais de captura de fluxos e as suas limitações, e os prós e contras da captura de pacotes com elevada resolução temporal. A estrutura de monitorização foi implementada em Rust, com o auxílio da biblioteca Libpcap, e a sua implementação é discutida no que respeita às metodologias desenvolvidas para identificar e quantificar fluxos de tráfego ao longo do tempo através de qualificação estatística com elevada resolução temporal, à implementação da estrutura numa rede e a uma avaliação global do desempenho.2024-03-12T11:36:31Z2023-07-11T00:00:00Z2023-07-11info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/41039engCunha, Maria Strecht Barrosinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-18T01:48:01Zoai:ria.ua.pt:10773/41039Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T04:02:08.896847Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Traffic flow monitoring with high temporal resolution
title Traffic flow monitoring with high temporal resolution
spellingShingle Traffic flow monitoring with high temporal resolution
Cunha, Maria Strecht Barros
Flow monitoring
Libpcap
Network monitoring
Packet analysis
title_short Traffic flow monitoring with high temporal resolution
title_full Traffic flow monitoring with high temporal resolution
title_fullStr Traffic flow monitoring with high temporal resolution
title_full_unstemmed Traffic flow monitoring with high temporal resolution
title_sort Traffic flow monitoring with high temporal resolution
author Cunha, Maria Strecht Barros
author_facet Cunha, Maria Strecht Barros
author_role author
dc.contributor.author.fl_str_mv Cunha, Maria Strecht Barros
dc.subject.por.fl_str_mv Flow monitoring
Libpcap
Network monitoring
Packet analysis
topic Flow monitoring
Libpcap
Network monitoring
Packet analysis
description The Internet has grown exponentially, connecting millions of devices for various purposes. However, this growth has led to increased malicious activities that require effective monitoring and security measures. Traditional traffic flow monitoring techniques restrain network performance optimisation and security, making high temporal resolution traffic flow monitoring more crucial for accurate issue identification, troubleshooting, and security breach prevention. To address the need for efficient and scalable monitoring systems, developing a system that can accurately track and measure the transmission of specific traffic flows over time is essential. Traditional monitoring techniques have limited temporal resolution, highlighting the need for high temporal resolution monitoring to provide a comprehensive view of network activity. This dissertation aims to create a monitoring system that can effectively and efficiently track and measure the traffic flow of filtered network data over time. The monitoring framework is divided into three modules: (1) acquiring data through packet filtering and monitoring, (2) processing data through flow identification and activity, and (3) storing the statistical information of the flows in a centralised archive system with high temporal resolution and a sampling interval that the user can customise. This dissertation explores the challenges brought about by the constantly changing and privacy-sensitive nature of the Internet and the advancements in network monitoring and security. This discussion covers the history of network monitoring, various network monitoring and measurement techniques, network flow monitoring, the traditional flow capture protocols and their limitations, and the pros and cons of flow capture with high temporal resolution. The monitoring framework was implemented in Rust, with the help of the Libpcap library, and its implementation is discussed regarding the developed methodologies to identify and quantify traffic flows over time through statistical qualification with high temporal resolution, the deployment of the framework in a network, and an overall performance evaluation.
publishDate 2023
dc.date.none.fl_str_mv 2023-07-11T00:00:00Z
2023-07-11
2024-03-12T11:36:31Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/41039
url http://hdl.handle.net/10773/41039
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799138193892704256

Registros relacionados