Visible to the public Biblio

Found 126 results

Filters: Keyword is Communication networks  [Clear All Filters]
2021-06-30
Xu, Hui, Zhang, Wei, Gao, Man, Chen, Hongwei.  2020.  Clustering Analysis for Big Data in Network Security Domain Using a Spark-Based Method. 2020 IEEE 5th International Symposium on Smart and Wireless Systems within the Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS). :1—4.
Considering the problem of network security under the background of big data, the clustering analysis algorithms can be utilized to improve the correctness of network intrusion detection models for security management. As a kind of iterative clustering analysis algorithm, K-means algorithm is not only simple but also efficient, so it is widely used. However, the traditional K-means algorithm cannot well solve the network security problem when facing big data due to its high complexity and limited processing ability. In this case, this paper proposes to optimize the traditional K-means algorithm based on the Spark platform and deploy the optimized clustering analysis algorithm in the distributed architecture, so as to improve the efficiency of clustering algorithm for network intrusion detection in big data environment. The experimental result shows that, compared with the traditional K-means algorithm, the efficiency of the optimized K-means algorithm using a Spark-based method is significantly improved in the running time.
Biroon, Roghieh A., Pisu, Pierluigi, Abdollahi, Zoleikha.  2020.  Real-time False Data Injection Attack Detection in Connected Vehicle Systems with PDE modeling. 2020 American Control Conference (ACC). :3267—3272.
Connected vehicles as a promising concept of Intelligent Transportation System (ITS), are a potential solution to address some of the existing challenges of emission, traffic congestion as well as fuel consumption. To achieve these goals, connectivity among vehicles through the wireless communication network is essential. However, vehicular communication networks endure from reliability and security issues. Cyber-attacks with purposes of disrupting the performance of the connected vehicles, lead to catastrophic collision and traffic congestion. In this study, we consider a platoon of connected vehicles equipped with Cooperative Adaptive Cruise Control (CACC) which are subjected to a specific type of cyber-attack namely "False Data Injection" attack. We developed a novel method to model the attack with ghost vehicles injected into the connected vehicles network to disrupt the performance of the whole system. To aid the analysis, we use a Partial Differential Equation (PDE) model. Furthermore, we present a PDE model-based diagnostics scheme capable of detecting the false data injection attack and isolating the injection point of the attack in the platoon system. The proposed scheme is designed based on a PDE observer with measured velocity and acceleration feedback. Lyapunov stability theory has been utilized to verify the analytically convergence of the observer under no attack scenario. Eventually, the effectiveness of the proposed algorithm is evaluated with simulation study.
2021-06-02
Guerrero-Bonilla, Luis, Saldaña, David, Kumar, Vijay.  2020.  Dense r-robust formations on lattices. 2020 IEEE International Conference on Robotics and Automation (ICRA). :6633—6639.
Robot networks are susceptible to fail under the presence of malicious or defective robots. Resilient networks in the literature require high connectivity and large communication ranges, leading to high energy consumption in the communication network. This paper presents robot formations with guaranteed resiliency that use smaller communication ranges than previous results in the literature. The formations can be built on triangular and square lattices in the plane, and cubic lattices in the three-dimensional space. We support our theoretical framework with simulations.
Xu, Yizheng.  2020.  Application Research Based on Machine Learning in Network Privacy Security. 2020 International Conference on Computer Information and Big Data Applications (CIBDA). :237—240.
As the hottest frontier technology in the field of artificial intelligence, machine learning is subverting various industries step by step. In the future, it will penetrate all aspects of our lives and become an indispensable technology around us. Among them, network security is an area where machine learning can show off its strengths. Among many network security problems, privacy protection is a more difficult problem, so it needs more introduction of new technologies, new methods and new ideas such as machine learning to help solve some problems. The research contents for this include four parts: an overview of machine learning, the significance of machine learning in network security, the application process of machine learning in network security research, and the application of machine learning in privacy protection. It focuses on the issues related to privacy protection and proposes to combine the most advanced matching algorithm in deep learning methods with information theory data protection technology, so as to introduce it into biometric authentication. While ensuring that the loss of matching accuracy is minimal, a high-standard privacy protection algorithm is concluded, which enables businesses, government entities, and end users to more widely accept privacy protection technology.
2021-06-01
Zhang, Han, Song, Zhihua, Feng, Boyu, Zhou, Zhongliang, Liu, Fuxian.  2020.  Technology of Image Steganography and Steganalysis Based on Adversarial Training. 2020 16th International Conference on Computational Intelligence and Security (CIS). :77–80.
Steganography has made great progress over the past few years due to the advancement of deep convolutional neural networks (DCNN), which has caused severe problems in the network security field. Ensuring the accuracy of steganalysis is becoming increasingly difficult. In this paper, we designed a two-channel generative adversarial network (TGAN), inspired by the idea of adversarial training that is based on our previous work. The TGAN consisted of three parts: The first hiding network had two input channels and one output channel. For the second extraction network, the input was a hidden image embedded with the secret image. The third detecting network had two input channels and one output channel. Experimental results on two independent image data sets showed that the proposed TGAN performed well and had better detecting capability compared to other algorithms, thus having important theoretical significance and engineering value.
2021-05-13
Wenhui, Sun, Kejin, Wang, Aichun, Zhu.  2020.  The Development of Artificial Intelligence Technology And Its Application in Communication Security. 2020 International Conference on Computer Engineering and Application (ICCEA). :752—756.
Artificial intelligence has been widely used in industries such as smart manufacturing, medical care and home furnishings. Among them, the value of the application in communication security is very important. This paper makes a further exploration of the artificial intelligence technology and its application, and gives a detailed analysis of its development, standardization and the application.
Shu, Fei, Chen, Shuting, Li, Feng, Zhang, JianYe, Chen, Jia.  2020.  Research and implementation of network attack and defense countermeasure technology based on artificial intelligence technology. 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC). :475—478.
Using artificial intelligence technology to help network security has become a major trend. At present, major countries in the world have successively invested R & D force in the attack and defense of automatic network based on artificial intelligence. The U.S. Navy, the U.S. air force, and the DOD strategic capabilities office have invested heavily in the development of artificial intelligence network defense systems. DARPA launched the network security challenge (CGC) to promote the development of automatic attack system based on artificial intelligence. In the 2016 Defcon final, mayhem (the champion of CGC in 2014), an automatic attack team, participated in the competition with 14 human teams and once defeated two human teams, indicating that the automatic attack method generated by artificial intelligence system can scan system defects and find loopholes faster and more effectively than human beings. Japan's defense ministry also announced recently that in order to strengthen the ability to respond to network attacks, it will introduce artificial intelligence technology into the information communication network defense system of Japan's self defense force. It can be predicted that the deepening application of artificial intelligence in the field of network attack and defense may bring about revolutionary changes and increase the imbalance of the strategic strength of cyberspace in various countries. Therefore, it is necessary to systematically investigate the current situation of network attack and defense based on artificial intelligence at home and abroad, comprehensively analyze the development trend of relevant technologies at home and abroad, deeply analyze the development outline and specification of artificial intelligence attack and defense around the world, and refine the application status and future prospects of artificial intelligence attack and defense, so as to promote the development of artificial intelligence attack and Defense Technology in China and protect the core interests of cyberspace, of great significance
Li, Yizhi.  2020.  Research on Application of Convolutional Neural Network in Intrusion Detection. 2020 7th International Forum on Electrical Engineering and Automation (IFEEA). :720–723.
At present, our life is almost inseparable from the network, the network provides a lot of convenience for our life. However, a variety of network security incidents occur very frequently. In recent years, with the continuous development of neural network technology, more and more researchers have applied neural network to intrusion detection, which has developed into a new research direction in intrusion detection. As long as the neural network is provided with input data including network data packets, through the process of self-learning, the neural network can separate abnormal data features and effectively detect abnormal data. Therefore, the article innovatively proposes an intrusion detection method based on deep convolutional neural networks (CNN), which is used to test on public data sets. The results show that the model has a higher accuracy rate and a lower false negative rate than traditional intrusion detection methods.
Sheng, Mingren, Liu, Hongri, Yang, Xu, Wang, Wei, Huang, Junheng, Wang, Bailing.  2020.  Network Security Situation Prediction in Software Defined Networking Data Plane. 2020 IEEE International Conference on Advances in Electrical Engineering and Computer Applications( AEECA). :475–479.
Software-Defined Networking (SDN) simplifies network management by separating the control plane from the data forwarding plane. However, the plane separation technology introduces many new loopholes in the SDN data plane. In order to facilitate taking proactive measures to reduce the damage degree of network security events, this paper proposes a security situation prediction method based on particle swarm optimization algorithm and long-short-term memory neural network for network security events on the SDN data plane. According to the statistical information of the security incident, the analytic hierarchy process is used to calculate the SDN data plane security situation risk value. Then use the historical data of the security situation risk value to build an artificial neural network prediction model. Finally, a prediction model is used to predict the future security situation risk value. Experiments show that this method has good prediction accuracy and stability.
2021-05-05
Tabiban, Azadeh, Jarraya, Yosr, Zhang, Mengyuan, Pourzandi, Makan, Wang, Lingyu, Debbabi, Mourad.  2020.  Catching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.

The dynamicity and complexity of clouds highlight the importance of automated root cause analysis solutions for explaining what might have caused a security incident. Most existing works focus on either locating malfunctioning clouds components, e.g., switches, or tracing changes at lower abstraction levels, e.g., system calls. On the other hand, a management-level solution can provide a big picture about the root cause in a more scalable manner. In this paper, we propose DOMINOCATCHER, a novel provenance-based solution for explaining the root cause of security incidents in terms of management operations in clouds. Specifically, we first define our provenance model to capture the interdependencies between cloud management operations, virtual resources and inputs. Based on this model, we design a framework to intercept cloud management operations and to extract and prune provenance metadata. We implement DOMINOCATCHER on OpenStack platform as an attached middleware and validate its effectiveness using security incidents based on real-world attacks. We also evaluate the performance through experiments on our testbed, and the results demonstrate that DOMINOCATCHER incurs insignificant overhead and is scalable for clouds.

2021-04-29
Hayes, J. Huffman, Payne, J., Essex, E., Cole, K., Alverson, J., Dekhtyar, A., Fang, D., Bernosky, G..  2020.  Towards Improved Network Security Requirements and Policy: Domain-Specific Completeness Analysis via Topic Modeling. 2020 IEEE Seventh International Workshop on Artificial Intelligence for Requirements Engineering (AIRE). :83—86.

Network security policies contain requirements - including system and software features as well as expected and desired actions of human actors. In this paper, we present a framework for evaluation of textual network security policies as requirements documents to identify areas for improvement. Specifically, our framework concentrates on completeness. We use topic modeling coupled with expert evaluation to learn the complete list of important topics that should be addressed in a network security policy. Using these topics as a checklist, we evaluate (students) a collection of network security policies for completeness, i.e., the level of presence of these topics in the text. We developed three methods for topic recognition to identify missing or poorly addressed topics. We examine network security policies and report the results of our analysis: preliminary success of our approach.

Engram, S., Ligatti, J..  2020.  Through the Lens of Code Granularity: A Unified Approach to Security Policy Enforcement. 2020 IEEE Conference on Application, Information and Network Security (AINS). :41—46.

A common way to characterize security enforcement mechanisms is based on the time at which they operate. Mechanisms operating before a program's execution are static mechanisms, and mechanisms operating during a program's execution are dynamic mechanisms. This paper introduces a different perspective and classifies mechanisms based on the granularity of program code that they monitor. Classifying mechanisms in this way provides a unified view of security mechanisms and shows that all security mechanisms can be encoded as dynamic mechanisms that operate at different levels of program code granularity. The practicality of the approach is demonstrated through a prototype implementation of a framework for enforcing security policies at various levels of code granularity on Java bytecode applications.

2021-04-27
Harada, T., Tanaka, K., Ogasawara, R., Mikawa, K..  2020.  A Rule Reordering Method via Pairing Dependent Rules. 2020 IEEE Conference on Communications and Network Security (CNS). :1–9.
Packet classification is used to determine the behavior of incoming packets to network devices. Because it is achieved using a linear search on a classification rule list, a larger number of rules leads to a longer communication latency. To decrease this latency, the problem is generalized as Optimal Rule Ordering (ORO), which aims to identify the order of rules that minimizes the classification latency caused by packet classification while preserving the classification policy. Because ORO is known to be NP-complete by Hamed and Al-Shaer [Dynamic rule-ordering optimization for high-speed firewall filtering, ASIACCS (2006) 332-342], various heuristics for ORO have been proposed. Sub-graph merging (SGM) by Tapdiya and Fulp [Towards optimal firewall rule ordering utilizing directed acyclical graphs, ICCCN (2009) 1-6] is the state of the art heuristic algorithm for ORO. In this paper, we propose a novel heuristic method for ORO. Although most heuristics try to recursively determine the maximum-weight rule and move it as far as possible to an upper position, our algorithm pairs rules that cause policy violations until there are no such rules to simply sort the rules by these weights. Our algorithm markedly decreases the classification latency and reordering time compared with SGM in experiments. The sets consisting of thousands of rules that require one or more hours for reordering by SGM can be reordered by the proposed method within one minute.
Saganowski, S..  2020.  A Three-Stage Machine Learning Network Security Solution for Public Entities. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1097–1104.
In the era of universal digitization, ensuring network and data security is extremely important. As a part of the Regional Center for Cybersecurity initiative, a three-stage machine learning network security solution is being developed and will be deployed in March 2021. The solution consists of prevention, monitoring, and curation stages. As prevention, we utilize Natural Language Processing to extract the security-related information from social media, news portals, and darknet. A deep learning architecture is used to monitor the network in real-time and detect any abnormal traffic. A combination of regular expressions, pattern recognition, and heuristics are applied to the abuse reports to automatically identify intrusions that passed other security solutions. The lessons learned from the ongoing development of the system, alongside the results, extensive analysis, and discussion is provided. Additionally, a cybersecurity-related corpus is described and published within this work.
Li, Y., Zhou, Y., Hu, K., Sun, N., Ke, K..  2020.  A Security Situation Prediction Method Based on Improved Deep Belief Network. 2020 IEEE 2nd International Conference on Civil Aviation Safety and Information Technology (ICCASIT. :594–598.
With the rapid development of smart grids and the continuous deepening of informatization, while realizing remote telemetry and remote control of massive data-based grid operation, electricity information network security problems have become more serious and prominent. A method for electricity information network security situation prediction method based on improved deep belief network is proposed in this paper. Firstly, the affinity propagation clustering algorithm is used to determine the depth of the deep belief network and the number of hidden layer nodes based on sample parameters. Secondly, continuously adjust the scaling factor and crossover probability in the differential evolution algorithm according to the population similarity. Finally, a chaotic search method is used to perform a second search for the best individuals and similarity centers of each generation of the population. Simulation experiments show that the proposed algorithm not only enhances the generalization ability of electricity information network security situation prediction, but also has higher prediction accuracy.
2021-03-29
Tang, C., Fu, X., Tang, P..  2020.  Policy-Based Network Access and Behavior Control Management. 2020 IEEE 20th International Conference on Communication Technology (ICCT). :1102—1106.

Aiming at the requirements of network access control, illegal outreach control, identity authentication, security monitoring and application system access control of information network, an integrated network access and behavior control model based on security policy is established. In this model, the network access and behavior management control process is implemented through abstract policy configuration, network device and application server, so that management has device-independent abstraction, and management simplification, flexibility and automation are improved. On this basis, a general framework of policy-based access and behavior management control is established. Finally, an example is given to illustrate the method of device connection, data drive and fusion based on policy-based network access and behavior management control.

2021-03-17
Wang, W., Zhang, X., Dong, L., Fan, Y., Diao, X., Xu, T..  2020.  Network Attack Detection based on Domain Attack Behavior Analysis. 2020 13th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI). :962—965.

Network security has become an important issue in our work and life. Hackers' attack mode has been upgraded from normal attack to APT( Advanced Persistent Threat, APT) attack. The key of APT attack chain is the penetration and intrusion of active directory, which can not be completely detected via the traditional IDS and antivirus software. Further more, lack of security protection of existing solutions for domain control aggravates this problem. Although researchers have proposed methods for domain attack detection, many of them have not yet been converted into effective market-oriented products. In this paper, we analyzes the common domain intrusion methods, various domain related attack behavior characteristics were extracted from ATT&CK matrix (Advanced tactics, techniques, and common knowledge) for analysis and simulation test. Based on analyzing the log file generated by the attack, the domain attack detection rules are established and input into the analysis engine. Finally, the available domain intrusion detection system is designed and implemented. Experimental results show that the network attack detection method based on the analysis of domain attack behavior can analyze the log file in real time and effectively detect the malicious intrusion behavior of hackers , which could facilitate managers find and eliminate network security threats immediately.

2021-03-09
Idhom, M., Wahanani, H. E., Fauzi, A..  2020.  Network Security System on Multiple Servers Against Brute Force Attacks. 2020 6th Information Technology International Seminar (ITIS). :258—262.

Network security is critical to be able to maintain the information, especially on servers that store a lot of information; several types of attacks can occur on servers, including brute force and DDoS attacks; in the case study in this research, there are four servers used so that a network security system that can synchronize with each other so that when one server detects an attack, another server can take precautions before the same attack occurs on another server.fail2ban is a network security tool that uses the IDPS (Intrusion Detection and Prevention System) method which is an extension of the IDS (Intrusion Detection System) combined with IP tables so that it can detect and prevent suspicious activities on a network, fail2ban automatically default can only run on one server without being able to synchronize on other servers. With a network security system that can run on multiple servers, the attack prevention process can be done faster because when one server detects an attack, another server will take precautions by retrieving the information that has entered the collector database synchronizing all servers other servers can prevent attacks before an attack occurs on that server.

2021-02-23
Hartpence, B., Kwasinski, A..  2020.  Combating TCP Port Scan Attacks Using Sequential Neural Networks. 2020 International Conference on Computing, Networking and Communications (ICNC). :256—260.

Port scans are a persistent problem on contemporary communication networks. Typically used as an attack reconnaissance tool, they can also create problems with application performance and throughput. This paper describes an architecture that deploys sequential neural networks (NNs) to classify packets, separate TCP datagrams, determine the type of TCP packet and detect port scans. Sequential networks allow this lengthy task to learn from the current environment and to be broken up into component parts. Following classification, analysis is performed in order to discover scan attempts. We show that neural networks can be used to successfully classify general packetized traffic at recognition rates above 99% and more complex TCP classes at rates that are also above 99%. We demonstrate that this specific communications task can successfully be broken up into smaller work loads. When tested against actual NMAP scan pcap files, this model successfully discovers open ports and the scan attempts with the same high percentage and low false positives.

Zheng, L., Jiang, J., Pan, W., Liu, H..  2020.  High-Performance and Range-Supported Packet Classification Algorithm for Network Security Systems in SDN. 2020 IEEE International Conference on Communications Workshops (ICC Workshops). :1—6.
Packet classification is a key function in network security systems in SDN, which detect potential threats by matching the packet header bits and a given rule set. It needs to support multi-dimensional fields, large rule sets, and high throughput. Bit Vector-based packet classification methods can support multi-field matching and achieve a very high throughput, However, the range matching is still challenging. To address issue, this paper proposes a Range Supported Bit Vector (RSBV) algorithm for processing the range fields. RSBV uses specially designed codes to store the pre-computed results in memory, and the result of range matching is derived through pipelined Boolean operations. Through a two-dimensional modular architecture, the RSBV can operate at a high clock frequency and line-rate processing can be guaranteed. Experimental results show that for a 1K and 512-bit OpenFlow rule set, the RSBV can sustain a throughput of 520 Million Packets Per Second.
Adat, V., Parsamehr, R., Politis, I., Tselios, C., Kotsopoulos, S..  2020.  Malicious user identification scheme for network coding enabled small cell environment. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1—6.
Reliable communication over the wireless network with high throughput is a major target for the next generation communication technologies. Network coding can significantly improve the throughput efficiency of the network in a cooperative environment. The small cell technology and device to device communication make network coding an ideal candidate for improved performance in the fifth generation of communication networks. However, the security concerns associated with network coding needs to be addressed before any practical implementations. Pollution attacks are considered one of the most threatening attacks in the network coding environment. Although there are different integrity schemes to detect polluted packets, identifying the exact adversary in a network coding environment is a less addressed challenge. This paper proposes a scheme for identifying and locating adversaries in a dense, network coding enabled environment of mobile nodes. It also discusses a non-repudiation protocol that will prevent adversaries from deceiving the network.
2021-02-16
Jin, Z., Yu, P., Guo, S. Y., Feng, L., Zhou, F., Tao, M., Li, W., Qiu, X., Shi, L..  2020.  Cyber-Physical Risk Driven Routing Planning with Deep Reinforcement-Learning in Smart Grid Communication Networks. 2020 International Wireless Communications and Mobile Computing (IWCMC). :1278—1283.
In modern grid systems which is a typical cyber-physical System (CPS), information space and physical space are closely related. Once the communication link is interrupted, it will make a great damage to the power system. If the service path is too concentrated, the risk will be greatly increased. In order to solve this problem, this paper constructs a route planning algorithm that combines node load pressure, link load balance and service delay risk. At present, the existing intelligent algorithms are easy to fall into the local optimal value, so we chooses the deep reinforcement learning algorithm (DRL). Firstly, we build a risk assessment model. The node risk assessment index is established by using the node load pressure, and then the link risk assessment index is established by using the average service communication delay and link balance degree. The route planning problem is then solved by a route planning algorithm based on DRL. Finally, experiments are carried out in a simulation scenario of a power grid system. The results show that our method can find a lower risk path than the original Dijkstra algorithm and the Constraint-Dijkstra algorithm.
He, J., Tan, Y., Guo, W., Xian, M..  2020.  A Small Sample DDoS Attack Detection Method Based on Deep Transfer Learning. 2020 International Conference on Computer Communication and Network Security (CCNS). :47—50.
When using deep learning for DDoS attack detection, there is a general degradation in detection performance due to small sample size. This paper proposes a small-sample DDoS attack detection method based on deep transfer learning. First, deep learning techniques are used to train several neural networks that can be used for transfer in DDoS attacks with sufficient samples. Then we design a transferability metric to compare the transfer performance of different networks. With this metric, the network with the best transfer performance can be selected among the four networks. Then for a small sample of DDoS attacks, this paper demonstrates that the deep learning detection technique brings deterioration in performance, with the detection performance dropping from 99.28% to 67%. Finally, we end up with a 20.8% improvement in detection performance by deep transfer of the 8LANN network in the target domain. The experiment shows that the detection method based on deep transfer learning proposed in this paper can well improve the performance deterioration of deep learning techniques for small sample DDoS attack detection.
Yeom, S., Kim, K..  2020.  Improving Performance of Collaborative Source-Side DDoS Attack Detection. 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS). :239—242.
Recently, as the threat of Distributed Denial-of-Service attacks exploiting IoT devices has spread, source-side Denial-of-Service attack detection methods are being studied in order to quickly detect attacks and find their locations. Moreover, to mitigate the limitation of local view of source-side detection, a collaborative attack detection technique is required to share detection results on each source-side network. In this paper, a new collaborative source-side DDoS attack detection method is proposed for detecting DDoS attacks on multiple networks more correctly, by considering the detecting performance on different time zone. The results of individual attack detection on each network are weighted based on detection rate and false positive rate corresponding to the time zone of each network. By gathering the weighted detection results, the proposed method determines whether a DDoS attack happens. Through extensive evaluation with real network traffic data, it is confirmed that the proposed method reduces false positive rate by 35% while maintaining high detection rate.
Grashöfer, J., Titze, C., Hartenstein, H..  2020.  Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.
Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has proven to be complex, as isolated characteristics, like port numbers, are not sufficient to reliably determine the application layer protocol. In this paper, we analyze the Dynamic Protocol Detection mechanisms employed by popular and widespread open-source network monitoring tools. On the example of HTTP, we show that all analyzed detection mechanisms are vulnerable to evasion attacks. This poses a serious threat to real-world monitoring operations. We find that the underlying fundamental problem of protocol disambiguation is not adequately addressed in two of three monitoring systems that we analyzed. To enable adequate operational decisions, this paper highlights the inherent trade-offs within Dynamic Protocol Detection.