Master's thesis and research paper
Automatic Rating of VPN Links
by Guido Hungerbühler
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, March 2012
Understanding VPN tunnel performance is crucial in helping to improve the quality of globally distributed networks. If we know the performance of every individual tunnel, we are able to spot problems and pin-point bottlenecks in the network. We present a novel way on analyzing and visualizing the long-term performance of VPN tunnels. By using geographical clustering of VPN endpoints, we found that tunnels which connect similar regions also show performance characteristics alike. This allows defining performance baselines with respect to specific regions.
Furthermore, it enables the detection of individual connections that constantly perform below standard. The proposed method takes advantage of globally spread networks with multiple links between distinct regions. We have developped a ready-to-use prototype which rates VPN tunnels and visualizes problems in the network.
Application-Level Network Performance Monitoring
by Manuel Stich
Master's Thesis ETH Lausanne, EPFL, School of Computer and Communication Sciences, September 2011
The end-to-end network performance, in a globally distributed company network, has an important impact on the overall performance of business critical applications. It is, therefore, of high interest to be able to continuously monitor the end-to-end network performance. This thesis proposes a distributed, passive monitoring system, capable of measuring end-to-end performance and finding out what link is responsible for how much delay.
Detection of Bad Performance in VPN Tunnels
Open PDF
Event Correlation Engine
by Andreas Müller
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2009
As modern IT systems running on distributed platforms tend to become more and more complex, the required management effort grows as well, and it is no longer economic, to manage a complete system manually. This thesis investigates the use of a correlation engine in the context of a global network offering various services, as a means to facilitate the monitoring of the network and of the individual services.
Rating Autonomous Systems
by Laurent Zimmerli
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2008
The quality of end-to-end connections over the Internet depends on the quality of the traversed Autonomous Systems. In this thesis, we developed an approach to rate Autonomous Systems by their quality. The approach is based on traceroute measurement data. Rating Autonomous Systems supports real-time Internet debugging and helps determining high quality ISPs.
Signature-based Extrusion Detection
by Cecile Luessi
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2008
An «Intrusion Detection System (IDS)» is an important component for the comprehensive protection of a company network. Unfortunately, a great number of false alarms make the application of an IDS difficult. This thesis investigates whether the outbound traffic of an infected host can be used to detect intrusion and, if so, how this can be done. Its focus lies on the distinction between attempted and successful attacks..
Security Policy Compliance at VPN Sites
by Patrik Bless
Master's Thesis ETH Lausanne, EPFL, October 2006
Computing environments continue to grow more insecure by the day. A myriad of threats of all kinds menace corporate, governmental, and even private information system infrastructures. In order to support security officers and engineers, a policy toolbox was developed for the Mission Control Security Gateway Service.
Automatic Monitoring of Internet Service Provider (ISP) Topologies
by Janneth Malibago
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2006
Manual, real-time debugging is the standard solution for solving Internet connectivity problems. In this thesis, a long-term monitoring strategy is pursued that continuously monitors Internet routing paths with traceroute. By correlating route changes and latency variations, the reason for connectivity outages, e.g., re-routing via another ISP, can be quickly determined.
Passive Measurement of Network Quality
by Dominique Giger
Project Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, May 2006
Traditionally, network latency and packet loss statistics are gathered by doing active ping probes. The passive technique proposed in this thesis calculates these statistics by analyzing the actual VPN traffic in real-time. Tests show that this is a viable method for very accurate, non-intrusive statistics measurement.
Scan Detection Based Identification of Worm Infected Hosts
by Christoph Göldi and Roman Hiestand
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, April 2005
The number of new worms on the Internet increases rapidly. Worm infections cause traffic overloads in office networks and congestions of Internet links which cost the industry yearly several billion dollars. An implementation of a generic worm detection algorithm has been done based on the analysis of worm scan traffic. Tests have shown that worms are detected in short time and with a very low false positive rate. The developed detection method enables affected companies to quickly react to worm infections and thus helps preventing major financial losses.
Smart Intrusion Detection
by Thomas Singer, Rolf Sigg
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, March 2001
Intrusion detection is the art of detecting inappropriate, incorrect, or anomalous activity on computers and computer networks. Today, the majority of intrusion detection systems try to accomplish this task by acting somehow like a virus scanner. They look at captured network packets or system logs in order to find occurrences of patterns...