EvoSec 2025W Lecture 17: Difference between revisions
Created page with "==Readings== * [https://homeostasis.scs.carleton.ca/~soma/pubs/amatrawy-acns-05.pdf Matrawy, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." (ACNS 2005)] * [https://homeostasis.scs.carleton.ca/~soma/pubs/inoue-lisa2007.pdf Inoue, "NetADHICT: A Tool for Understanding Network Traffic." (LISA 2007)] ==Discussion Questions== ==Notes==" |
|||
| Line 5: | Line 5: | ||
==Discussion Questions== | ==Discussion Questions== | ||
* What does it mean for an attacker to "defeat" (p,n)-gram based traffic clustering? | |||
* What do high frequency (p,n)-grams reveal about network traffic? Does this include anything that might compromise user privacy? | |||
* Is ADHIC an anomaly detection algorithm? | |||
* How fast is ADHIC compared to other standard clustering algorithms? | |||
* Is diversity-based traffic management feasible today given that so much traffic is encrypted? | |||
==Notes== | ==Notes== | ||
Revision as of 14:57, 13 March 2025
Readings
- Matrawy, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." (ACNS 2005)
- Inoue, "NetADHICT: A Tool for Understanding Network Traffic." (LISA 2007)
Discussion Questions
- What does it mean for an attacker to "defeat" (p,n)-gram based traffic clustering?
- What do high frequency (p,n)-grams reveal about network traffic? Does this include anything that might compromise user privacy?
- Is ADHIC an anomaly detection algorithm?
- How fast is ADHIC compared to other standard clustering algorithms?
- Is diversity-based traffic management feasible today given that so much traffic is encrypted?