Documenti full-text disponibili:
|
Documento PDF (Thesis)
Disponibile con Licenza: Salvo eventuali più ampie autorizzazioni dell'autore, la tesi può essere liberamente consultata e può essere effettuato il salvataggio e la stampa di una copia per fini strettamente personali di studio, di ricerca e di insegnamento, con espresso divieto di qualunque utilizzo direttamente o indirettamente commerciale. Ogni altro diritto sul materiale è riservato
Download (2MB)
|
Abstract
In the last years the number of devices connected to the Internet has been increasing exponentially and it has reached huge numbers, just days ago the RIPE Network Coordination Center announced it run out of IPv4 addresses.
As a consequence, it's extremely complex to control what is happening on the network and what, or whom, a device is communicating with. We are losing control over many of our devices. It's becoming everyday more difficult to know what the device is doing and what is it sharing on the Internet.
Luckily, in the last years the attention to security, privacy and awareness is ever increasing: the users pay more attention to what their devices are doing and care about it.
While big software (like the operative systems and most mobile devices) make available an increasing number of tools to monitor the device traffic, some devices cannot be inspected or those same tools may be forged in a way that makes it impossible to detect some specific malicious behaviours.
Until now every successful method to detect or filter the behaviour of the devices has been trying to only detect anomalies or manually lock some specific behaviours; this means nobody ever tried to understand at a discrete
level of accuracy what the device does relying only on the analysis of the metadata of the traffic intercepted.
That’s why in this thesis I defined a model able to detect the behaviour which is occurring on the device by the mere observation of its network traffic. In doing so, I first defined a model that takes the raw low-level information regarding the communications occurring, process them and return information about the high-level operations occurring on the device. I then built a demo that uses that model and demonstrates its feasibility. The data used are low-level information on the traffic without ever inspecting its payload.
To improve the efficiency of the algorithm, I also use a form of Recurrent Neural Networks to finally infer the device behaviour.
Abstract
In the last years the number of devices connected to the Internet has been increasing exponentially and it has reached huge numbers, just days ago the RIPE Network Coordination Center announced it run out of IPv4 addresses.
As a consequence, it's extremely complex to control what is happening on the network and what, or whom, a device is communicating with. We are losing control over many of our devices. It's becoming everyday more difficult to know what the device is doing and what is it sharing on the Internet.
Luckily, in the last years the attention to security, privacy and awareness is ever increasing: the users pay more attention to what their devices are doing and care about it.
While big software (like the operative systems and most mobile devices) make available an increasing number of tools to monitor the device traffic, some devices cannot be inspected or those same tools may be forged in a way that makes it impossible to detect some specific malicious behaviours.
Until now every successful method to detect or filter the behaviour of the devices has been trying to only detect anomalies or manually lock some specific behaviours; this means nobody ever tried to understand at a discrete
level of accuracy what the device does relying only on the analysis of the metadata of the traffic intercepted.
That’s why in this thesis I defined a model able to detect the behaviour which is occurring on the device by the mere observation of its network traffic. In doing so, I first defined a model that takes the raw low-level information regarding the communications occurring, process them and return information about the high-level operations occurring on the device. I then built a demo that uses that model and demonstrates its feasibility. The data used are low-level information on the traffic without ever inspecting its payload.
To improve the efficiency of the algorithm, I also use a form of Recurrent Neural Networks to finally infer the device behaviour.
Tipologia del documento
Tesi di laurea
(Laurea magistrale)
Autore della tesi
Pierfederici, Eugenio
Relatore della tesi
Scuola
Corso di studio
Ordinamento Cds
DM270
Parole chiave
network security,network analysis,neural network,lstm,behaviour recognition
Data di discussione della Tesi
12 Dicembre 2019
URI
Altri metadati
Tipologia del documento
Tesi di laurea
(NON SPECIFICATO)
Autore della tesi
Pierfederici, Eugenio
Relatore della tesi
Scuola
Corso di studio
Ordinamento Cds
DM270
Parole chiave
network security,network analysis,neural network,lstm,behaviour recognition
Data di discussione della Tesi
12 Dicembre 2019
URI
Statistica sui download
Gestione del documento: