Jump to content

EvoSec 2025W Lecture 17

From Soma-notes

Revision as of 14:57, 13 March 2025 by Soma (talk | contribs) (→‎Discussion Questions)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Readings

Matrawy, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." (ACNS 2005)
Inoue, "NetADHICT: A Tool for Understanding Network Traffic." (LISA 2007)

Discussion Questions

What does it mean for an attacker to "defeat" (p,n)-gram based traffic clustering?
What do high frequency (p,n)-grams reveal about network traffic? Does this include anything that might compromise user privacy?
Is ADHIC an anomaly detection algorithm?
How fast is ADHIC compared to other standard clustering algorithms?
Is diversity-based traffic management feasible today given that so much traffic is encrypted?

Notes

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=EvoSec_2025W_Lecture_17&oldid=25038"