EvoSec 2025W Lecture 17: Difference between revisions
| Line 8: | Line 8: | ||
* What does it mean for an attacker to "defeat" (p,n)-gram based traffic clustering? | * What does it mean for an attacker to "defeat" (p,n)-gram based traffic clustering? | ||
* What do high frequency (p,n)-grams reveal about network traffic? Does this include anything that might compromise user privacy? | * What do high frequency (p,n)-grams reveal about network traffic? Does this include anything that might compromise user privacy? | ||
* Is ADHIC an anomaly detection algorithm? | * Is ADHIC an anomaly detection algorithm? Can it be used to detect anomalies? | ||
* How fast is ADHIC compared to other standard clustering algorithms? | * How fast is ADHIC compared to other standard clustering algorithms? | ||
* Is diversity-based traffic management feasible today given that so much traffic is encrypted? | * Is diversity-based traffic management feasible today given that so much traffic is encrypted? | ||
==Notes== | ==Notes== | ||
Revision as of 14:58, 13 March 2025
Readings
- Matrawy, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." (ACNS 2005)
- Inoue, "NetADHICT: A Tool for Understanding Network Traffic." (LISA 2007)
Discussion Questions
- What does it mean for an attacker to "defeat" (p,n)-gram based traffic clustering?
- What do high frequency (p,n)-grams reveal about network traffic? Does this include anything that might compromise user privacy?
- Is ADHIC an anomaly detection algorithm? Can it be used to detect anomalies?
- How fast is ADHIC compared to other standard clustering algorithms?
- Is diversity-based traffic management feasible today given that so much traffic is encrypted?