Challenges in security and traffic management in enterprise networks

Management of enterprise networks is a challenging problem because of their continued growth in size and functionality. In this thesis, we propose and evaluate a framework, Godai, which addresses the challenges in (i) setthing thresholds in end host anomaly detectors, (ii) hierarchical summarization in data and (iii) application traffic classification. Godai enables IT operators to identify the end hosts that have been enslaved by an attacker to launch attacks and Godai achieves it by diversifying anomaly detector configuration. The general policies in Godai framework are holistic and achieve two goals: (a) balance the trade-offs between false alarm and mis-detection rates and (b) show that the benefits of full diversity can be attained at reduced complexity, by clustering the end hosts and treating a cluster homogeneously.The underlying principle of attack detection is to identify the traffic samples that change significantly from normal traffic. Godai generalizes the concept for data with hierarchical identifiers, e.g., IP prefixes, URLs. The main motivation of using a parsimonious hierarchical summarization of the measure attributes (e.g., total bytes or website hits) is that it eases the burden on IT operators to interprete analysis reports. Godai proposes efficient and provable algorithms to produce parsimonious explanations from the output of any statistical model that provides predictions and confidence intervals, making it widely applicable.Finally, Godai takes a step towards associating applications to traffic flows and enable the operators to understand the profile of the end hosts. Godai critically re-visits the existing ad hoc techniques of traffic classification approaches based on transport layer ports [83], host behavior [68], and flow features [105] and analyzes the effectiveness of different approaches. The results allow us to answer questions about the best available traffic classification approach, the conditions under which it performs well, and the strengths and limitations of each approach. The multifarious functionalities allow Godai to be a viable solution in enterprise network management.