Please use this identifier to cite or link to this item:
Title: Packet tagging system for enhanced traffic profiling
Author: Zúquete, A.
Correia, P.
Shamalizadeh, H.
Issue Date: 2011
Publisher: IEEE
Abstract: This paper describes the design and implementation of a system for managing the tagging of traffic, in order to create detailed personal and applicational profiles. The ultimate goal of this separation is to facilitate the task of traffic auditing tools, namely in their struggle against botnets. The architecture was designed for domestic or enterprise facilities and uses the 802. IX authentication architecture as the base support infrastructure for dealing with unequivocal traffic binding to specific entities (persons or servers). Simultaneously, such binding uses virtual identities and encryption for preserving the privacy and protection of traffic originators from network eavesdroppers other than authorized traffic auditors. The traffic from each known originator is profiled with some detail, namely it includes a role tag and an application tag. Role tags are defined by originators and only partially follow a standard policy. On the contrary, application tags should follow a standard policy in order to reason about abnormal scenarios raised when correlating traffic from several instances of the same application. A first prototype was developed for Linux, using iptables and FreeRADIUS and conveying packet tagging information on a new IP option field.
Peer review: yes
DOI: 10.1109/IMSAA.2011.6156362
ISBN: 978-1-4577-1329-3
Appears in Collections:DETI - Comunicações

Files in This Item:
File Description SizeFormat 
2011-12-Packet Tagging System for Enhanced Traffic Profiling.pdfMain article335.9 kBAdobe PDFView/Open

Formato BibTex MendeleyEndnote Degois 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.