Academic literature on the topic 'Encrypted domain traffic classification'

Traffic classification is essential in network management for a wide range of operations. Recently, it has become increasingly challenging with the widespread adoption of encryption in the Internet, for example, as a de facto in HTTP/2 and QUIC protocols. In the current state of encrypted traffic classification using deep learning (DL), we identify fundamental issues in the way it is typically approached. For instance, although complex DL models with millions of parameters are being used, these models implement a relatively simple logic based on certain header fields of the TLS handshake, limiting model robustness to future versions of encrypted protocols. Furthermore, encrypted traffic is often treated as any other raw input for DL, while crucial domain-specific considerations are commonly ignored. In this paper, we design a novel feature engineering approach used for encrypted Web protocols, and develop a neural network architecture based on stacked long short-term memory layers and convolutional neural networks. We evaluate our approach on a real-world Web traffic dataset from a major Internet service provider and mobile network operator. We achieve an accuracy of 95% in service classification with less raw traffic and a smaller number of parameters, outperforming a state-of-the-art method by nearly 50% fewer false classifications. We show that our DL model generalizes for different classification objectives and encrypted Web protocols. We also evaluate our approach on a public QUIC dataset with finer application-level granularity in labeling, achieving an overall accuracy of 99%.

Traffic classification is essential in network management for operations ranging from capacity planning, performance monitoring, volumetry, and resource provisioning, to anomaly detection and security. Recently, it has become increasingly challenging with the widespread adoption of encryption in the Internet, e.g., as a de-facto in HTTP/2 and QUIC protocols. In the current state of encrypted traffic classification using Deep Learning (DL), we identify fundamental issues in the way it is typically approached. For instance, although complex DL models with millions of parameters are being used, these models implement a relatively simple logic based on certain header fields of the TLS handshake, limiting model robustness to future versions of encrypted protocols. Furthermore, encrypted traffic is often treated as any other raw input for DL, while crucial domain-specific considerations are commonly ignored. In this paper, we design a novel feature engineering approach that generalizes well for encrypted web protocols, and develop a neural network architecture based on Stacked Long Short-Term Memory (LSTM) layers and Convolutional Neural Networks (CNN). We evaluate our approach on a real-world web traffic dataset from a major Internet service provider and Mobile Network Operator. We achieve an accuracy of 95% in service classification with less raw traffic and smaller number of parameters, out-performing a state-of-the-art method by nearly 50% fewer false classifications. We show that our DL model generalizes for different classification objectives and encrypted web protocols. We also evaluate our approach on a public QUIC dataset with finer application-level granularity in labeling, achieving an overall accuracy of 99%.

Traffic classification is essential in network management for operations ranging from capacity planning, performance monitoring, volumetry, and resource provisioning, to anomaly detection and security. Recently, it has become increasingly challenging with the widespread adoption of encryption in the Internet, e.g., as a de-facto in HTTP/2 and QUIC protocols. In the current state of encrypted traffic classification using Deep Learning (DL), we identify fundamental issues in the way it is typically approached. For instance, although complex DL models with millions of parameters are being used, these models implement a relatively simple logic based on certain header fields of the TLS handshake, limiting model robustness to future versions of encrypted protocols. Furthermore, encrypted traffic is often treated as any other raw input for DL, while crucial domain-specific considerations exist that are commonly ignored. In this paper, we design a novel feature engineering approach that generalizes well for encrypted web protocols, and develop a neural network architecture based on Stacked Long Short-Term Memory (LSTM) layers and Convolutional Neural Networks (CNN) that works very well with our feature design. We evaluate our approach on a real-world traffic dataset from a major ISP and Mobile Network Operator. We achieve an accuracy of 95% in service classification with less raw traffic and smaller number of parameters, out-performing a state-of-the-art method by nearly 50% fewer false classifications. We show that our DL model generalizes for different classification objectives and encrypted web protocols. We also evaluate our approach on a public QUIC dataset with finer and application-level granularity in labeling, achieving an overall accuracy of 99%.

Network traffic classification is significant for task such as Quality of Services (QoS) provisioning, resource usage planning, pricing as well as in the context of security such as in Intrusion detection systems. The field has received considerable attention in the industry as well as research communities where approaches such as Port based, Deep packet Inspection (DPI), and Classical machine learning techniques were thoroughly studied. However, the emergence of new applications and encryption protocols as a result of continuous transformation of Internet has led to the rise of new challenges. Recently, researchers have employed deep learning techniques in the domain of network traffic classification in order to leverage the inherent advantages offered by deep learning models such as the ability to capture complex pattern as well as automatic feature learning. This paper reviews deep learning based encrypted traffic classification techniques, as well as highlights the current research gap in the literature. Index Terms : Traffic classification, Encrypted traffic, Deep learning, Machine learning.

An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.

Artificial neural network (ANN) is powerful in the artificial intelligence field and has been successfully applied to interpret complex image data in the real world. Since the majority of images are commonly known as private with the information intended to be used by the owner, such as handwritten characters and face, the private constraints form a major obstacle in developing high-precision image classifiers which require access to a large amount of image data belonging to multiple users. State-of-the-art privacy-preserving ANN schemes often use full homomorphic encryption which result in a substantial overhead of computation and data traffic for the data owners, and are restricted to approximation models by low-degree polynomials which lead to a large accuracy loss of the trained model compared to the original ANN model in the plain domain. Consequently, it is still a huge challenge to train an ANN model in the encrypted-domain. To mitigate this problem, we propose a privacy-preserving ANN system for secure constructing image classifiers, named IPPNN, where the server is able to train an ANN-based classifier on the combined image data of all data owners without being able to observe any images using primitives, such as randomization and functional encryption. Our system achieves faster training time and supports lossless training. Moreover, IPPNN removes the need for multiple communications among data owners and servers. We analyze the security of the protocol and perform experiments on a large scale image recognition task. The results show that the IPPNN is feasible to use in practice while achieving high accuracy.

It has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend to focus on active attacks; therefore, the reliability of attack conditions and validity of test results cannot be fully verified. Hence, it is necessary to reexamine hidden service attacks from the perspective of fingerprinting attacks. In this paper, we propose a novel Website Response Fingerprinting (WRFP) Attack based on response time feature and extremely randomized tree algorithm to analyze the hidden information of the response fingerprint. The objective is to monitor hidden service website pages, service types, and mounted servers. WRFP relies on the hidden service response fingerprinting dataset. In addition to simulated website mirroring, two different mounting modes are taken into account, the same-source server and multisource server. A total of 300,000 page instances within 30,000 domain sites are collected, and we comprehensively evaluate the classification performance of the proposed WRFP. Our results show that the TPR of webpages and server classification remain greater than 93% in the small-scale closed-world performance test, and it is capable of tolerating up to 10% fluctuations in response time. WRFP also provides a higher accuracy and computational efficiency than traditional website fingerprinting classifiers in the challenging open-world performance test. This also indicates the importance of response time feature. Our results also suggest that monitoring website types improves the judgment effect of the classifier on subpages.

With the rapid increase in encrypted traffic in the network environment and the increasing proportion of encrypted traffic, the study of encrypted traffic classification has become increasingly important as a part of traffic analysis. At present, in a closed environment, the classification of encrypted traffic has been fully studied, but these classification models are often only for labeled data and difficult to apply in real environments. To solve these problems, we propose a transferable model called CBD with generalization abilities for encrypted traffic classification in real environments. The overall structure of CBD can be generally described as a of one-dimension CNN and the encoder of Transformer. The model can be pre-trained with unlabeled data to understand the basic characteristics of encrypted traffic data, and be transferred to other datasets to complete the classification of encrypted traffic from the packet level and the flow level. The performance of the proposed model was evaluated on a public dataset. The results showed that the performance of the CBD model was better than the baseline methods, and the pre-training method can improve the classification ability of the model.

The wide application of encryption technology has made traffic classification gradually become a major challenge in the field of network security. Traditional methods such as machine learning, which rely heavily on feature engineering and others, can no longer fully meet the needs of encrypted traffic classification. Therefore, we propose an Inception-LSTM(ICLSTM) traffic classification method in this paper to achieve encrypted traffic service identification. This method converts traffic data into common gray images, and then uses the constructed ICLSTM neural network to extract key features and perform effective traffic classification. To alleviate the problem of category imbalance, different weight parameters are set for each category separately in the training phase to make it more symmetrical for different categories of encrypted traffic, and the identification effect is more balanced and reasonable. The method is validated on the public ISCX 2016 dataset, and the results of five classification experiments show that the accuracy of the method exceeds 98% for both regular encrypted traffic service identification and VPN encrypted traffic service identification. At the same time, this deep learning-based classification method also greatly simplifies the difficulty of traffic feature extraction work.

The increased usage of encrypted application layer traffic is making it harder for traditional traffic categorization methods like deep packet inspection to function. Without ways of categorizing traffic, network service providers have a hard time optimizing traffic flows, resulting in worse quality of experience for the end user. Recent solutions to this problem typically apply some statistical measurements on network flows and use the resulting values as features in a machine learning model. However, by utilizing recent advances in multi-fractal analysis, multi-fractal features can be extracted from time-series via wavelet leaders, which can be used as features instead. In this thesis, these features are used exclusively, together with support vector machines, to build a model that categorizes encrypted network traffic into six categories that, according to a report, accounts for over 80% of the mobile traffic composition. The resulting model achieved a F1-score of 0.958 on synthetic traffic while only using multi-fractal features, leading to the conclusion that incorporating multi-fractal features in a traffic categorization framework, implemented at a base station, would be beneficial for the categorization score for such a framework.

Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.

The video streaming applications contribute to a major share of the Internet traffic. Consequently, monitoring and management of video streaming quality has gained a significant importance in the recent years. The disturbances in the video, such as, amount of buffering and bitrate adaptations affect user Quality of Experience (QoE). Network operators usually monitor such events from network traffic with the help of Deep Packet Inspection (DPI). However, it is becoming difficult to monitor such events due to the traffic encryption. To address this challenge, this thesis work makes two key contributions. First, it presents a test-bed, which performs automated video streaming tests under controlled time-varying network conditions and measures performance at network and application level. Second, it develops and evaluates machine learning models for the detection of video buffering and bitrate adaptation events, which rely on the information extracted from packets headers. The findings of this work suggest that buffering and bitrate adaptation events within 60 second intervals can be detected using Random Forest model with an accuracy of about 70%. Moreover, the results show that the features based on time-varying patterns of downlink throughput and packet inter-arrival times play a distinctive role in the detection of such events.

De nos jours, Internet est devenu indispensable dans le quotidien des humains. Aujourd’hui, ce réseau sert entre autres de plate-forme de communication, de système transactions et de divertissement. Ces activités sont possibles grâce à des composants satellites qui gèrent les flux d'informations. Dans ce contexte, l'intérêt des fournisseurs de communications satellites est d'améliorer la satisfaction des clients à travers d'utilisation optimale de ces ressources. La qualité de service (QDS) est utilisée pour accomplir cet objectif. Améliorer la QDS permet la réduction des erreurs liées à la perte et la latence paquets; par conséquent “la qualité de service” (QDS) aide à optimiser le trafic internet. En fonction du trafic internet (Streaming, VoIP, Transfert de fichiers, etc.) et de ses erreurs, le flux de paquet peut être classé parmi plusieurs catégories. En suivant cette idée, ce projet de thèse vise à trouver des nouvelles approches de classification du trafic Internet pour améliorer la QDS.Pour classifier le trafic Internet, l'apprentissage automatique sera étudié et déployé. Les composants qui permettront de coupler une solution d'apprentissage automatique avec une architecture satellite et de qualité de service seront évalués. Dans cette architecture, un ou plusieurs points de surveillance capteront le trafic Internet. Des techniques de classifications marqueront le trafic capté en classes qui seront interprétées par l'architecture de la qualité de service.Pour développer notre solution, une base de données riche et complète sera requise; toutefois, les données historiques labellisées sont difficilement disponibles pour le public. Dans ce contexte, des paquets binaires seront extraits et stockées pour générer un historique de données. Par conséquent, une plate-forme d'émulation du trafic Internet sur le cloud pour générer des flux de communication a été proposée. Cela sera aussi implanté sur une plateforme d'émulation de communication Satellite. En outre, des flux IP devront être construits avec les paquets et quelques caractéristiques statistiques pour discriminer et décrire le trafic Internet correctement seront présentées. Ensuite, un système de classification sera capable de gérer différentes communications sur Internet (cryptées, non cryptées et en tunnel). Ce système traitera le trafic entrant de manière hiérarchique pour atteindre une performance de classification élevée. Par ailleurs, pour faire face à l'évolution des applications Internet, une nouvelle méthode est présentée pour induire des mises à jour au système de classification initiale. Finalement, des expériences sur la plate-forme émulée dans le cloud seront mises en place pour valider notre proposition et définir des directives pour son déploiement sur l’architecture Satellite
The Internet has become indispensable for the daily activities of human beings. Nowadays, this network system serves as a platform for communication, transaction, and entertainment, among others. This communication system is characterized by terrestrial and Satellite components that interact between themselves to provide transmission paths of information between endpoints. Particularly, Satellite Communication providers’ interest is to improve customer satisfaction by optimally exploiting on demand available resources and offering Quality of Service (QoS). Improving the QoS implies to reduce errors linked to information loss and delays of Internet packets in Satellite Communications. In this sense, according to Internet traffic (Streaming, VoIP, Browsing, etc.) and those error conditions, the Internet flows can be classified into different sensitive and non-sensitive classes. Following this idea, this thesis project aims at finding new Internet traffic classification approaches to improving customer satisfaction by improving the QoS.Machine Learning (ML) algorithms will be studied and deployed to classify Internet traffic. All the necessary elements, to couple an ML solution over a well-known Satellite Communication and QoS management architecture, will be evaluated. In this architecture, one or more monitoring points will intercept Satellite Internet traffic, which in turn will be treated and marked with predefined classes by ML-based classification techniques. The marked traffic will be interpreted by a QoS management architecture that will take actions according to the class type.To develop this ML-based solution, a rich and complete set of Internet traffic is required; however, historical labeled data is hardly publicly available. In this context, binary packets should be monitored and stored to generate historical data. To do so, an emulated cloud platform will serve as a data generation environment in which different Internet communications will be launched and captured. This study is escalated to a Satellite Communication architecture. Moreover, statistical-based features are extracted from the packet flows. Some statistical-based computations will be adapted to achieve accurate Internet traffic classification for encrypted and unencrypted packets in the historical data. Afterward, a proposed classification system will deal with different Internet communications (encrypted, unencrypted, and tunneled). This system will process the incoming traffic hierarchically to achieve a high classification performance. Besides, to cope with the evolution of Internet applications, a new method is presented to induce updates over the original classification system. Finally, some experiments in the cloud emulated platform validate our proposal and set guidelines for its deployment over a Satellite architecture

碩士
逢甲大學
資訊工程學系
101
In recent years, users have begun using encrypted tunnels to transport data in order to protect transmitted messages. However, it is very difficult for network engineers to manage the quality of network traffic in encrypted tunnels. Therefore, the issue of how to classify encrypted tunnels becomes more important and it has been studied so far. However, these studies are usually based on the assumption that encrypted tunnels include only one application traffic. In fact, encrypted tunnels may include more than one kind of application traffic. Therefore, this paper proposes a solution to identify whether encrypted tunnels include one specific P2P application traffic or more. In addition, our proposed system can be trained by plain-text traffic. In the experimental results, the system can accurately classify encrypted tunnels when they include more than one kinds of application traffic.

In addition to the wireless network providers’ need for traffic classification, the need is more and more common in the Cloud Computing environment. A data center hosting Cloud Computing services needs to apply priority policies and Service Level Agreement (SLA) rules at the edge of its network. Overwhelming requirements about user privacy protection and the trend of IPv6 adoption will contribute to the significant growth of encrypted Cloud Computing traffic. This report presents experiments focusing on application of data mining based Internet traffic classification methods to classify encrypted Cloud Computing service traffic. By combining TCP session level attributes, client and host connection patterns and Cloud Computing service Message Exchange Patterns (MEP), the best method identified in this report yields 89% overall accuracy.
text

碩士
國立中正大學
通訊工程研究所
94
With the rapid growth of Internet, various applications and information has developed dramatically in the last couple of years. VoIP, being a significant portion of the network traffic today, constitutes a highly desirable class for identification. Accurate classification of proprietary VoIP traffic is a challenging problem, and becomes even more challenging when we are constrained to use only transport-layer header information and encrypted packets. In this paper, we present a new approach for proprietary VoIP traffic identification that uses fundamental characteristics of proprietary VoIP protocols, such as constant bandwidth consumption and frequent sending rate. We do not use any application specific information and still could identify proprietary VoIP protocols in a simple and efficient way. A bandwidth management system is also built to handle the traffic and guarantee the QoS in bandwidth limited network environment. Finally, this mechanism is implemented and evaluated on a network processor board. Based on the network traffic of department electrical engineering of Chung Cheng University, the evolution result shows our system can recognize 90% Skype sessions. It could be transplanted to identify other encrypted Internet voice traffic easily.

Dissertação de Mestrado Integrado em Engenharia Electrotécnica e de Computadores apresentada à Faculdade de Ciências e Tecnologia
Over the past decade, traffic surveillance systems development have attracted the interest of many in the computer vision community. Mainly due to possible improvement of drivers security such as implementations in systems capable of predict real-time accidents, detection of infractions on roads or even time and fuel reduction by selecting the right way of traveling. The use of computer vision techniques to monitoring traffic as proven to be a non-invasive, cost effective, automated option when it comes to traffic surveillance. The challenge today is to efficiently develop an Intelligent Transportation System capable of real-time detecting roads with high affluence of traffic and for example, sending that information so that drivers can choose another way in advance, make an efficient and autonomous management of traffic lights, or in extreme scenarios, like a car accident, a system that automatically notifies authorities to provide quicker medical assistance.\\The purpose of this work is to implement some visual domain adaptation based approaches when it comes to identify the existence or not of a vehicle in an intersection. To accomplish the purpose of adapting dynamic events on traffic surveillance, or similar tasks, we conducted along this thesis several approaches with holistic classification exploring domain adaptation of evolutionary events to some GIST features extracted from the dataset images and also apply the same approaches on AlexNet neural networks features of the same dataset images. This approaches are being implemented in order to be used on situations where a dynamic evolution of domains is needed and where we have an unlabeled target data.
Durante a última decada, o desenvolvimento de sistemas direcionados para controlo e manutenção de trafego tem desplotado imenso interesse na comunidade de visão por computadores. Isto deve-se muito ao facto do grande número de oportunidades no melhoramento de técnicas para segurança dos condutores, como por exemplo, predição em tempo real de acidentes, deteção de comportamentos ilegais nas estradas ou até aplicar estas técnicas a aplicações que permitam poupar tempo e combustível ao escolher o melhor caminho. A utilização destas técnicas para monitorização de trafego tem provado ser uma opção não invasiva, barata e autonoma. Hoje em dia é bastante desejado um sistema inteligente capaz de monitorizar em tempo real densidade de tráfego para que com antecedência se possam calcular novas rotas para que condutores evitem tráfego indesejado, outra aplicação será a gestão automática de semáforos, ou até em casos mais extremos, fazer a predição de acidentes e em caso de acidente notifique as autoridades para que possam as pessoas envolvidas possam receber cuidados médicos o mais rápido possível.\\Este trabalho tem como propósito a implementação de abordagens de adaptação de domínios visuais para a detecção de veículos em imagens na aproximação de um cruzamento. Para atingir os nossos objectivo de adaptar dinamicamente eventos relacionados com monitorização de trafego, implementámos algumas abordagens baseadas em classificação holística para explicar a adaptação evolutiva de domínios, inicialmente aplicadas a caracteristicas GIST extraídas das imagens incluídas no dataset utilizado. Posteriormente aplicamos as mesmas abordagens a características extraídas com a ajuda da rede neuronal AlexNet. Estas abordagens que estamos a implementar pretendem ser aplicadas em situações onde se seja necessária uma evolução dinâmica de domínios e onde temos dados sem labels no treino.

In der heutigen Zeit ist die effiziente Nutzung aller verfügbaren Ressourcen von zentralem Interesse. Im Bereich der Flugführung hat die Fernüberwachung von Flughäfen aus diesem Grund über die letzten 10 Jahre immer mehr Bedeutung erlangt. Die größten Vorteile der Fernüberwachung liegen in der geringeren Abhängigkeit von Flughafengebäuden und deren Instandhaltung, einer vereinfachten Personalplanung (vor allem bei kleinen Flughäfen) sowie dem möglichen Hinzufügen von zusätzlichen Informationen beim Arbeitsplatz zur Fernüberwachung. Insbesondere das Designen eines Arbeitsplatzes zur Fernüberwachung hat in diesem Zusammenhang eine Schlüsselrolle eingenommen. Die größte Herausforderung bei dieser Umsetzung ist ein Mensch-Computer-Interaktionsmodell, das die Verlagerung der Arbeitsplätze unterstützt, indem es die Einflüsse auf den Operateur und dessen Aufgaben beschreibt. Die vorliegende Dissertation fokussiert sich auf die Anwendung und Verbesserung eines Mensch-Computer-Interfacemodells zur Umwandlung eines Arbeitsplatzinterfaces ohne Beeinflussung der Aufgabe des Operateurs. Das präsentierte Modell konzentriert sich auf den Informationsfluss am Arbeitsplatz, anstatt technisch machbare Konzepte zu präsentieren. Es besteht aus 3 Teilen, welche sich separat mit dem Einfluss des veränderten Interfaces auf den Informationsfluss auseinandersetzen. Das Modell wird für die Thematik der Fernüberwachung spezifiziert und angewendet. Nur wenige Publikationen beschäftigten sich bisher mit Strategien, mit denen Towerlotsen Flugführung durchführen. Daher ist das Ziel dieser Arbeit, einen soliden Beitrag zur Entwicklung der Psychologie im Bereich Mensch-Computer-Interaktion zu leisten, welcher durch praktische Anwendungen und Erweiterungen der Methodik untermauert wird. Der Hauptunterschied zwischen dem konventionellen Arbeitsplatz und dem Arbeitsplatz zur Fernüberwachung ist der Verlust der Außensicht und des Fernglases und deren Ersatz durch Kamerasysteme. Neue Systeme in der Flugsicherung können die menschliche Leistung beeinflussen. Daher hat die Fernüberwachung besonderen Einfluss auf die Bereiche Ausrüstung des Arbeitsplatzes, das Benutzerinterface und menschliche Leistungsfähigkeit. Die Herausforderung für die Ausrüstung des Arbeitsplatzes besteht darin, Informationen zu identifizieren, welche durch die Fernüberwachung reduziert wurden und diese durch zusätzliche Informationensysteme bzw. Assistenzsysteme zu ergänzen. Für den Faktor Benutzerinterface ist das Ermitteln und Analysieren von dynamischen Informationen besonders wichtig. Für die menschliche Leistungsfähigkeit besteht hier die Frage, wie sich Arbeitslast und Situationsbewusstsein kombiniert auf die Leistung auswirken und welche Konsequenzen das auf die Arbeit an einem Arbeitsplatz zur Fernüberwachung hat. Alle Herausforderungen wurden im Detail analysiert. Für den Faktor Ausrüstung des Arbeitsplatzes zeigen zwei Analysen die große Vielzahl an Indikatoren, welche verwendet werden können, um die Veränderung des Informationsflusses zu bestimmen. Die detaillierte Analyse des Windsack Indikators liefert ein Beispiel, wie die verschiedenen Indikatoren angewendet werden können. Die zweite Analyse zeigt, wie die bestehenden Indikatoren zur Lotsenaufgabe um spezielle Wetterindikatoren erweitert werden, um den Aspekt der Überwachung des Luftraums vollständig abzudecken. Für den Faktor Benutzerinterface wurde eine besondere Blickanalyse mit dem Namen Integration Guideline for Dynamic Areas of Interest (IGDAI) entwickelt. Diese erlaubt, die dynamischen Informationen innerhalb des Interfaces eines Arbeitsplatzes zu analysieren. Sie wird auf den Arbeitsplatz zur Fernüberwachung angewendet. Für den Faktor menschliche Leistungsfähigkeit zeigt eine detaillierte Analyse, wie Arbeitslast und Situationsbewusstsein die Leistung bei niedriger und hoher Aufgabenlast beeinflussen. Durch das Anwenden von IGDAI konnten zwei Kontrollstrategien in Abhängigkeit zur Aufgabenlast identifiziert werden. Das bereitgestellte Model für die Veränderung des Interfaces ohne Beeinflussung der Operatoraufgabe stellt einen Sonderfall in Bereich der Mensch-Computer-Interaktion dar. Der Übergang vom konventionellen zum Fernüberwachungsarbeitsplatz ist ein sich immer noch fortsetzender Prozess. Weitere Entwicklungen im Bereich der Fernüberwachung von Flughäfen sind notwendig, um den zukünftigen Herausforderungen an die Flugführung zu begegnen. Deshalb stellen die in dieser Dissertation dargestellten Konstrukte, erarbeiteten Methoden sowie Ergebnisse eine solide Basis für zukünftige Forschungsarbeiten bereit.:Table of Contents I Synopsis 1 1 Introduction 2 2 Research framework and goals 4 2.1 Human-computer interaction 4 2.2 Remote Tower Operations 4 2.3 Remote Tower Research 6 2.4 Embedding into HCI 7 2.5 Research goals of the dissertation 8 3 The development of a new workplace 9 3.1 Redesign of a workplace 9 3.2 Design factors in Aviation 10 3.3 Remote Tower Metrics 11 3.4 Dynamic Areas of Interests 11 3.5 Adaptation and strategy shifts 11 4 Methodological aspects of the dissertation 13 4.1 Identify and evaluate remote tower metrics 13 4.2 Evaluate dynamic areas of interest 13 4.3 Measuring Situation Awareness 14 5 Discussion and implications 16 5.1 Summarising the findings 16 5.2 Theoretical implications 17 5.3 Implications for the application 19 5.4 Critical reflection of the methodology 20 5.5 Revenue for psychological research 22 6 Literature 24 II Article 1: How to Evaluate Remote Tower Metrics in Connection to Weather Observations. An Extension of the Existing Metrics 28 III Article 2: A Guideline for Integrating Dynamic Areas of Interests in Existing Set-up for Capturing Eye Movement: Looking at Moving Aircraft 53 IV Article 3: The Influence of Task Load on Situation Awareness and Control Strategy in the ATC Tower Environment. 84 V Contributions to conferences 116 VI Curriculum vitae and publications 117
The efficient usage of all available resources is a central interest of our time. In air traffic management, the topic of remote tower operations has increased in importance over the last 10 years. Herein, the design of a remote tower workplace plays a key role in the successful implementation of remote tower operations. Less dependency on building and maintaining airport control towers, an improved human research planning (especially for small airports) and an increase in available information to the conventional tower workplace are central advantages of remote tower operations. However, a potential challenge for this approach is an HCI model that supports the transition by describing the influence on the operator task. This dissertation focuses on the application and improvement of an HCI approach to redesign a workplace by changing the interface without influencing the task of the operator. The presented model focuses on the flow of information rather than the presentation of technical possibilities. It consists of three parts that each individually measure and analyse the influence that a redesigned interface has on the flow in information. This model is specified and applied to remote tower operations. Prior to this dissertation, there were only a few publications connected to the strategies that air traffic control officers (ATCO) in the tower use to control traffic and virtually no publications connected to the practical implications for working at a remote tower workplace. Therefore, the goal was to provide a well-founded contribution to the development of psychology in the area of human-computer interaction by applying the psychological theories and extension of the methodology. The main difference between the conventional and the remote tower workplaces is the replacement of out-the-window view and binoculars by camera systems. Based on what influences the human performance in connection with new systems developed in air traffic control, most changes afflict the general workstation and equipment, the user interface, and human resource management. The challenge for the factor workstation and equipment is to identify the information decrease at the remote tower workplace and its replacement with additional information whilst simultaneously ensuring that this information can be tested in a standardised manor throughout a variety of research projects and several different prototypes. The challenge for the factor user interface was the analysis of the dynamic information presented at the remote tower workplace. The challenge for the human resource management is to identify how workload and situation awareness influence performance. In sum, all challenges are analysed in detail. For the factor workstation and equipment, two analyses showed a large variety of indicators that are applicable to evaluate the difference in the flow of information between the conventional and the remote tower workplace. The first analysis of the windsock indicator provided an example of how the different metrics can be applied. The second analysis showed that the weather remote tower metrics extend the existing remote tower metrics and thereby complete the aspects of the monitoring that an ATCO has to perform. For the factor user interface an advanced gaze analysis, called Integration Guideline for Dynamic Areas of Interest (IGDAI) was developed. This allows for a detailed analysis of the dynamic information presented at the remote tower workplace. For the factor human resource management, a detailed analysis shows how situation awareness and workload influence performance within low and high task load phases. By applying IGDAI, the existence of two control strategies for the Air Traffic Control (ATC) environment that are each related to the task load phases could be identified as well as the extent to which these might afflict remote tower operations. The provided model of redesigning only the interface presents a detailed approach for a special case in HCI. The transition from the conventional to the remote tower operations is an ongoing process that will be continued. The development in the domain of remote tower operations seems to be stable and necessary to keep up with the challenges of future air traffic management. Therefore, the analysed constructs, developed methodologies and presented results from this dissertation provide a seminal basis for the necessary future research.:Table of Contents I Synopsis 1 1 Introduction 2 2 Research framework and goals 4 2.1 Human-computer interaction 4 2.2 Remote Tower Operations 4 2.3 Remote Tower Research 6 2.4 Embedding into HCI 7 2.5 Research goals of the dissertation 8 3 The development of a new workplace 9 3.1 Redesign of a workplace 9 3.2 Design factors in Aviation 10 3.3 Remote Tower Metrics 11 3.4 Dynamic Areas of Interests 11 3.5 Adaptation and strategy shifts 11 4 Methodological aspects of the dissertation 13 4.1 Identify and evaluate remote tower metrics 13 4.2 Evaluate dynamic areas of interest 13 4.3 Measuring Situation Awareness 14 5 Discussion and implications 16 5.1 Summarising the findings 16 5.2 Theoretical implications 17 5.3 Implications for the application 19 5.4 Critical reflection of the methodology 20 5.5 Revenue for psychological research 22 6 Literature 24 II Article 1: How to Evaluate Remote Tower Metrics in Connection to Weather Observations. An Extension of the Existing Metrics 28 III Article 2: A Guideline for Integrating Dynamic Areas of Interests in Existing Set-up for Capturing Eye Movement: Looking at Moving Aircraft 53 IV Article 3: The Influence of Task Load on Situation Awareness and Control Strategy in the ATC Tower Environment. 84 V Contributions to conferences 116 VI Curriculum vitae and publications 117