By
Dr. Antonio Nucci
The Internet has become the central nervous system for our networked life. As a global network of loosely connected IP-based networks, it reaches into every country and provides governments, businesses and consumers worldwide with a common platform for communication. And now, a new kind of criminal has emerged.
As the 21st century criminal has moved into new realms and dimensions, law enforcement agencies and government organizations are in hot pursuit. The pervasive nature of cyber crime ranges from loss of proprietary corporate information to the loss of life, from national security to cyber warfare. From predators exchanging child porn and scammers stealing identities to countries attacking countries, cyber crime does not discriminate.
Quantifying the Spread and Impact of Cyber Crime and Cyber Terrorism
The FBI estimates that all types of computer crime in the U.S. now cost industry about $400 billion, while officials in the Department of Trade and Industry in Britain say computer crime has risen by 50 percent from 2005 to 2006. It is estimated that only 5 percent of cybercriminals are ever arrested or convicted because the anonymity associated with Web activity makes them hard to catch, and the trail of evidence needed to link them to a cyber crime is hard to unravel. CERT/CC estimates that as much as 80 percent of all computer security incidents remain unreported (according to Marcia Savage of SearchSecurity.com).
There are certain steps to be taken before we can successfully combat cyber crime. First, and foremost, it is time to increase our understanding of the language and the many dialects (i.e. protocols, applications and services) being spoken in the cyber world. Network traffic monitoring and measurement is increasingly regarded as an essential function for understanding and improving the performance and security of our cyber
|
|
The FBI estimates that all types of computer crime in the U.S. now cost industry about $400 billion. |
|
infrastructure. With networking technologies and services evolving rapidly, as witnessed by the explosive growth of the Web, peer-to-peer networks, multimedia, gaming, etc., accurate network traffic monitoring is required to ensure the security and optimize the efficiency of our cyber world.
Second, it is time to promptly identify cyber users and communities of cyber users whose activity and content may harm the safety and transparency of the cyber world.
Third, it is important to gain visibility into who is the real person behind an alias or cyber-identifier used to enter the cyber world. A critical problem in this digital world is knowing with whom you are interacting.
Current Approaches –
and Their Weaknesses
Network traffic monitoring and measurement is increasingly regarded as an essential function for understanding and improving the performance and security of our cyber infrastructure. With networking technologies and services evolving rapidly, as seen with the explosive growth of the Web, peer-to-peer (P2P) networks and the GRID, accurate network traffic monitoring is required to ensure the security and optimize the efficiency of our cyber world.
Critical to the success of any such tool is its ability to accurately -- and in real time -- identify and categorize each flow (i.e., sequence of packets associated with the same cyber world transaction/connection) by the application responsible for it. Identifying network traffic using port numbers was the standard in the recent past. This approach was successful because many traditional applications use port numbers assigned by or registered with the Internet Assigned Numbers Authority (IANA). The accuracy of this approach, however, has been questioned because of the evolution of applications that do not communicate on standardized ports.
article page
| 1
| 2
| 3 |
|
|
|