Traffic flow monitoring with high temporal resolution
Autor(a) principal: | |
---|---|
Data de Publicação: | 2023 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10773/41039 |
Resumo: | The Internet has grown exponentially, connecting millions of devices for various purposes. However, this growth has led to increased malicious activities that require effective monitoring and security measures. Traditional traffic flow monitoring techniques restrain network performance optimisation and security, making high temporal resolution traffic flow monitoring more crucial for accurate issue identification, troubleshooting, and security breach prevention. To address the need for efficient and scalable monitoring systems, developing a system that can accurately track and measure the transmission of specific traffic flows over time is essential. Traditional monitoring techniques have limited temporal resolution, highlighting the need for high temporal resolution monitoring to provide a comprehensive view of network activity. This dissertation aims to create a monitoring system that can effectively and efficiently track and measure the traffic flow of filtered network data over time. The monitoring framework is divided into three modules: (1) acquiring data through packet filtering and monitoring, (2) processing data through flow identification and activity, and (3) storing the statistical information of the flows in a centralised archive system with high temporal resolution and a sampling interval that the user can customise. This dissertation explores the challenges brought about by the constantly changing and privacy-sensitive nature of the Internet and the advancements in network monitoring and security. This discussion covers the history of network monitoring, various network monitoring and measurement techniques, network flow monitoring, the traditional flow capture protocols and their limitations, and the pros and cons of flow capture with high temporal resolution. The monitoring framework was implemented in Rust, with the help of the Libpcap library, and its implementation is discussed regarding the developed methodologies to identify and quantify traffic flows over time through statistical qualification with high temporal resolution, the deployment of the framework in a network, and an overall performance evaluation. |
id |
RCAP_e60bbdbec453a06febdc12dc3820c62b |
---|---|
oai_identifier_str |
oai:ria.ua.pt:10773/41039 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Traffic flow monitoring with high temporal resolutionFlow monitoringLibpcapNetwork monitoringPacket analysisThe Internet has grown exponentially, connecting millions of devices for various purposes. However, this growth has led to increased malicious activities that require effective monitoring and security measures. Traditional traffic flow monitoring techniques restrain network performance optimisation and security, making high temporal resolution traffic flow monitoring more crucial for accurate issue identification, troubleshooting, and security breach prevention. To address the need for efficient and scalable monitoring systems, developing a system that can accurately track and measure the transmission of specific traffic flows over time is essential. Traditional monitoring techniques have limited temporal resolution, highlighting the need for high temporal resolution monitoring to provide a comprehensive view of network activity. This dissertation aims to create a monitoring system that can effectively and efficiently track and measure the traffic flow of filtered network data over time. The monitoring framework is divided into three modules: (1) acquiring data through packet filtering and monitoring, (2) processing data through flow identification and activity, and (3) storing the statistical information of the flows in a centralised archive system with high temporal resolution and a sampling interval that the user can customise. This dissertation explores the challenges brought about by the constantly changing and privacy-sensitive nature of the Internet and the advancements in network monitoring and security. This discussion covers the history of network monitoring, various network monitoring and measurement techniques, network flow monitoring, the traditional flow capture protocols and their limitations, and the pros and cons of flow capture with high temporal resolution. The monitoring framework was implemented in Rust, with the help of the Libpcap library, and its implementation is discussed regarding the developed methodologies to identify and quantify traffic flows over time through statistical qualification with high temporal resolution, the deployment of the framework in a network, and an overall performance evaluation.A Internet tem crescido exponencialmente, ligando milhões de dispositivos para diversos fins. No entanto, este crescimento conduziu a um aumento das actividades maliciosas que exigem uma monitorização eficaz e devidas medidas de segurança. As técnicas tradicionais de monitorização do fluxo de tráfego restringem a optimização do desempenho e a segurança da rede, tornando a monitorização do fluxo de tráfego com alta resolução temporal mais crucial para a identificação precisa de problemas, a resolução de problemas e a prevenção de violações de segurança. Para responder à necessidade de sistemas de monitorização eficientes e escaláveis, é essencial desenvolver um sistema que possa acompanhar e medir com precisão a transmissão de fluxos de tráfego específicos ao longo do tempo. As técnicas de monitorização tradicionais têm uma resolução temporal limitada, o que realça a necessidade de uma monitorização de alta resolução temporal para proporcionar uma visão abrangente da actividade da rede. Esta dissertação tem como objectivo criar um sistema de monitorização que possa acompanhar e medir de forma eficaz e eficiente o fluxo de tráfego de dados de rede filtrados ao longo do tempo. A estrutura de monitorização está dividida em três módulos: (1) aquisição de dados através da filtragem e monitorização de pacotes, (2) processamento de dados através da identificação e actividade de fluxos e (3) armazenamento da informação estatística dos fluxos num sistema de arquivo centralizado com alta resolução temporal e um intervalo de amostragem que o utilizador pode personalizar. Esta dissertação explora os desafios trazidos pela natureza da Internet, em constante mudança e sensível à privacidade, e os avanços na monitorização e segurança da rede. Esta discussão abrange a história da monitorização de redes, várias técnicas de monitorização e medição de redes, monitorização de fluxos de rede, os protocolos tradicionais de captura de fluxos e as suas limitações, e os prós e contras da captura de pacotes com elevada resolução temporal. A estrutura de monitorização foi implementada em Rust, com o auxílio da biblioteca Libpcap, e a sua implementação é discutida no que respeita às metodologias desenvolvidas para identificar e quantificar fluxos de tráfego ao longo do tempo através de qualificação estatística com elevada resolução temporal, à implementação da estrutura numa rede e a uma avaliação global do desempenho.2024-03-12T11:36:31Z2023-07-11T00:00:00Z2023-07-11info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/41039engCunha, Maria Strecht Barrosinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-18T01:48:01Zoai:ria.ua.pt:10773/41039Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T04:02:08.896847Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Traffic flow monitoring with high temporal resolution |
title |
Traffic flow monitoring with high temporal resolution |
spellingShingle |
Traffic flow monitoring with high temporal resolution Cunha, Maria Strecht Barros Flow monitoring Libpcap Network monitoring Packet analysis |
title_short |
Traffic flow monitoring with high temporal resolution |
title_full |
Traffic flow monitoring with high temporal resolution |
title_fullStr |
Traffic flow monitoring with high temporal resolution |
title_full_unstemmed |
Traffic flow monitoring with high temporal resolution |
title_sort |
Traffic flow monitoring with high temporal resolution |
author |
Cunha, Maria Strecht Barros |
author_facet |
Cunha, Maria Strecht Barros |
author_role |
author |
dc.contributor.author.fl_str_mv |
Cunha, Maria Strecht Barros |
dc.subject.por.fl_str_mv |
Flow monitoring Libpcap Network monitoring Packet analysis |
topic |
Flow monitoring Libpcap Network monitoring Packet analysis |
description |
The Internet has grown exponentially, connecting millions of devices for various purposes. However, this growth has led to increased malicious activities that require effective monitoring and security measures. Traditional traffic flow monitoring techniques restrain network performance optimisation and security, making high temporal resolution traffic flow monitoring more crucial for accurate issue identification, troubleshooting, and security breach prevention. To address the need for efficient and scalable monitoring systems, developing a system that can accurately track and measure the transmission of specific traffic flows over time is essential. Traditional monitoring techniques have limited temporal resolution, highlighting the need for high temporal resolution monitoring to provide a comprehensive view of network activity. This dissertation aims to create a monitoring system that can effectively and efficiently track and measure the traffic flow of filtered network data over time. The monitoring framework is divided into three modules: (1) acquiring data through packet filtering and monitoring, (2) processing data through flow identification and activity, and (3) storing the statistical information of the flows in a centralised archive system with high temporal resolution and a sampling interval that the user can customise. This dissertation explores the challenges brought about by the constantly changing and privacy-sensitive nature of the Internet and the advancements in network monitoring and security. This discussion covers the history of network monitoring, various network monitoring and measurement techniques, network flow monitoring, the traditional flow capture protocols and their limitations, and the pros and cons of flow capture with high temporal resolution. The monitoring framework was implemented in Rust, with the help of the Libpcap library, and its implementation is discussed regarding the developed methodologies to identify and quantify traffic flows over time through statistical qualification with high temporal resolution, the deployment of the framework in a network, and an overall performance evaluation. |
publishDate |
2023 |
dc.date.none.fl_str_mv |
2023-07-11T00:00:00Z 2023-07-11 2024-03-12T11:36:31Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10773/41039 |
url |
http://hdl.handle.net/10773/41039 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799138193892704256 |