Pipeline Publishing, Volume 6, Issue 6
This Month's Issue:
True Convergence
download article in pdf format
last page next page

Exposing the Dark Side
of the Cyber World
back to cover

article page | 1 | 2 | 3 |

legitimate or malicious -- of any single bit of information flowing through their pipes. Furthermore, as the application classification process might still be prone to classification errors, these techniques are not reliable for content billing or for robust application security.

Exploring the feasibility of bringing together the benefits of the two families has not attracted much attention in the research community. The only framework available is called ACAS, aimed at automatically extracting application-specific signatures by processing the first 200 bytes of the first few packets. Although this work is novel from a pure conceptual perspective, the practicality of such a framework is still questionable in many aspects. First, it has been tested on only a very few well-known applications such as FTP, POP3, IMAP, HTTPS, HTTP, SMTP and SSH. Thus, it is not clear how well it will perform in a more application-enriched environment.

The cyber infrastructure is about protocols, applications and services being used to enable communications among any number of users.

classifying application-specific traffic, while providing the robustness to detect zero-day applications and couple them with ability to work with both packets and flow characteristics of the flow-based behavioral analysis techniques.

A New Way to Think About
the Cyber World
While the cyber world is seen as a “dark” space and governments have increasingly expressed their concern about the cyber world’s role in public safety and national security, we still have not done enough to shed light on the cyber world and its users.

Click this ad for more information
.

Second, its underlying algorithms require offline training on the set of applications that the operator is interested in detecting. Thus, it is not capable of recognizing “zero day” applications but it is still based on the network operator’s knowledge of which applications are on the wire. Most importantly, the network operator is still required to go over this manual and tedious process of generating traffic with the set of applications he is interested in to properly train ACAS. The ultimate training of ACAS on these “never seen” applications must be executed in a controlled and clean lab environment. ACAS may suffer high false-positive rates for these new applications due to the discrepancy in environments, (i.e., a clean and controlled lab for offline training and an enriched and more complicated real network for online application classification).

The ideal solution would leverage the merits of the packet content inspection techniques by guaranteeing the high-accuracy in

.

To do so, we must first understand it. The cyber infrastructure must not be thought of as just the physical infrastructure made of optical fibers, servers and routers. Rather, the cyber infrastructure is also about protocols, applications and services being used to enable communications among any number of end points (users). We must discover who is behind the nickname, Mac or IP address, or VoIP number – perhaps by using novel biometric techniques to profile users’ communication as they access the cyber world. Reconstructing today’s missing links between the cyber ID and the real person would make the cyber world a safer place to visit.

article page | 1 | 2 | 3 |
last page back to top of page next page
 

© 2009, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding
the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.