YAMA : a system for marking network traffic
Author(s)
Hernández González, Néstor Felipe
DownloadFull printable version (8.197Mb)
Alternative title
System for marking network traffic
Other Contributors
Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Advisor
Robert K. Cunningham.
Terms of use
Metadata
Show full item recordAbstract
Computer security performance analysis requires precise labeling of traffic as either background or attack traffic. When an experiment is performed on-line, it may also be important to identify traffic from the security system. Today this is tedious and difficult, requiring personnel with a deep understanding of multiple protocols. YAMA (Your Able Marking Aide) is a tool that labels sessions and packets associated with a set of user actions given those actions, the traffic, and a network configuration (host information and web page corpus). An evaluation of a version that processes web traffic is performed using data from Alexas Top 100 Sites. YAMA 1.0 correctly associates the action of visiting a specific site with 90% of all HTTP packets, and 99% of both HTTP GET and DNS packets. Furthermore, YAMA 1.0 produces zero false positives when given a high-level event indicating a user visited one web site and packets from a different site.
Description
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006. Includes bibliographical references (p. 105-108).
Date issued
2006Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.