Geza Szabo

Bio: Geza Szabo is an academic researcher from Ericsson. The author has contributed to research in topics: Traffic generation model & Deep packet inspection. The author has an hindex of 15, co-authored 75 publications receiving 1262 citations.

A Survey on Internet Traffic Identification

Abstract: The area of Internet traffic measurement has advanced enormously over the last couple of years. This was mostly due to the increase in network access speeds, due to the appearance of bandwidth-hungry applications, due to the ISPs' increased interest in precise user traffic profile information and also a response to the enormous growth in the number of connected users. These changes greatly affected the work of Internet service providers and network administrators, which have to deal with increasing resource demands and abrupt traffic changes brought by new applications. This survey explains the main techniques and problems known in the field of IP traffic analysis and focuses on application detection. First, it separates traffic analysis into packet-based and flow-based categories and details the advantages and problems for each approach. Second, this work cites the techniques for traffic analysis accessible in the literature, along with the analysis performed by the authors. Relevant techniques include signature-matching, sampling and inference. Third, this work shows the trends in application classification analysis and presents important and recent references in the subject. Lastly, this survey draws the readers' interest to open research topics in the area of traffic analysis and application detection and makes some final remarks.

Technique for classifying network traffic and for validating a mechanism for calassifying network traffic

Abstract: A technique for classifying network traffic in the form of data packets generated by multiple applications installed on a device (400) is provided. A method implementation of this technique performed by the device (400) comprises the steps of receiving data packets belonging to one or more data flows, wherein each data flow includes the data packets generated by a specific one of the multiple applications, analyzing the received data packets to identify the application associated with each analyzed data packet, and classifying at least one data flow by including an application identifier in at least one of the analyzed data packets of this data flow.

On the validation of traffic classification algorithms

Abstract: Detailed knowledge of the traffic mixture is essential for network operators and administrators, as it is a key input for numerous network management activities. Traffic classification aims at identifying the traffic mixture in the network. Several different classification approaches can be found in the literature. However, the validation of these methods is weak and ad hoc, because neither a reliable and widely accepted validation technique nor reference packet traces with well-defined content are available. In this paper, a novel validation method is proposed for characterizing the accuracy and completeness of traffic classification algorithms. The main advantages of the new method are that it is based on realistic traffic mixtures, and it enables a highly automated and reliable validation of traffic classification. As a proof-of-concept, it is examined how a state-of-the-art traffic classification method performs for the most common application types.

Accurate Traffic Classification

Abstract: The analysis of network traffic can provide important information for network operators and administrators. One of the main purposes of traffic analysis is to identify the traffic mixture the network carries. A couple of different approaches have been proposed in the literature, but none of them performs well for all different application traffic types present in the Internet. Thus, a combined method that includes the advantages of different approaches is needed, in order to provide a high level of classification completeness and accuracy. According to our best knowledge, this study is the first attempt where the currently known traffic classification methods are benchmarked on network traces captured in operational mobile networks. The pros and cons of the classification methods are analyzed, based on the experienced accuracy for different types of applications. Using the gained knowledge about the strengths and weaknesses of the existing approaches, a novel traffic classification method is proposed. The novel method is based on a complex decision mechanism, in order to provide an appropriate identification mode for each different application type. As a consequence, the ratio of the unclassified traffic becomes significantly lower. Further, the reliability of the classification improves, as the various methods validate the results of each other. The novel method is tested on several network traces, and it is shown that the proposed solution improves both the completeness and the accuracy of the traffic classification, when compared to existing methods.

Methods and nodes for congestion control

Abstract: The disclosure relates to a method (20) for handling congestion performed in a source node (2) of a communication network (1). The communication network (1) provides a communication path for traffic streams between the source node (2) and a destination node (3), wherein the source node (2) multiplexes two or more different types of traffic streams onto a single connection. The method (20) comprises detecting (21) congestion in the communication network (1)along the communication path,determining (22) whether there is a traffic differentiation in a network node along the communication path, and applying (23) a connection-level congestion control for the case of determining that there is no network node performing traffic differentiation. The disclosure also relates to a source node, computer program and computer program product.

Network Anomaly Detection: Methods, Systems and Tools

Abstract: Network anomaly detection is an important and dynamic research area. Many network intrusion detection methods and systems (NIDS) have been proposed in the literature. In this paper, we provide a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomaly detection. We present attacks normally encountered by network intrusion detection systems. We categorize existing network anomaly detection methods and systems based on the underlying computational techniques used. Within this framework, we briefly describe and compare a large number of network anomaly detection methods and systems. In addition, we also discuss tools that can be used by network defenders and datasets that researchers in network anomaly detection can use. We also highlight research directions in network anomaly detection.

Characterization of Encrypted and VPN Traffic using Time-related Features

Abstract: Traffic characterization is one of the major challenges in today’s security industry. The continuous evolution and generation of new applications and services, together with the expansion of encrypted communications makes it a difficult task. Virtual Private Networks (VPNs) are an example of encrypted communication service that is becoming popular, as method for bypassing censorship as well as accessing services that are geographically locked. In this paper, we study the effectiveness of flow-based time-related features to detect VPN traffic and to characterize encrypted traffic into different categories, according to the type of traffic e.g., browsing, streaming, etc. We use two different well-known machine learning techniques (C4.5 and KNN) to test the accuracy of our features. Our results show high accuracy and performance, confirming that time-related features are good classifiers for encrypted traffic characterization.

Issues and future directions in traffic classification

Abstract: Traffic classification technology has increased in relevance this decade, as it is now used in the definition and implementation of mechanisms for service differentiation, network design and engineering, security, accounting, advertising, and research. Over the past 10 years the research community and the networking industry have investigated, proposed and developed several classification approaches. While traffic classification techniques are improving in accuracy and efficiency, the continued proliferation of different Internet application behaviors, in addition to growing incentives to disguise some applications to avoid filtering or blocking, are among the reasons that traffic classification remains one of many open problems in Internet research. In this article we review recent achievements and discuss future directions in traffic classification, along with their trade-offs in applicability, reliability, and privacy. We outline the persistently unsolved challenges in the field over the last decade, and suggest several strategies for tackling these challenges to promote progress in the science of Internet traffic classification.

Automated Device Provisioning and Activation

Abstract: A method comprising providing a plurality of links to a plurality of end-user devices communicatively coupled to a network system, a particular link of the plurality of links supporting control-plane communications between the network system and a particular end-user device of the plurality of end-user devices over one or more wireless access networks; receiving a message from a server communicatively coupled to the network system, the message comprising payload for delivery to the particular end-user device; generating an encrypted message comprising the payload and an identifier identifying a particular device agent of a plurality of device agents on the particular end-user device, the identifier configured to assist in delivering at least a portion of the payload to the particular device agent on the particular end-user device; and sending the encrypted message to the particular end-user device over the particular link.