Efficient Learning of Communication Profiles from IP Flow Records

Christian Hammerschmidt*, Samuel Marchal, Radu State, Gaetano Pellegrino, Sicco Verwer

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

11 Citations (Scopus)

Abstract

The task of network traffic monitoring has evolved drastically with the ever-increasing amount of data flowing in large scale networks. The automated analysis of this tremendous source of information often comes with using simpler models on aggregated data (e.g. IP flow records) due to time and space constraints. A step towards utilizing IP flow records more effectively are stream learning techniques. We propose a method to collect a limited yet relevant amount of data in order to learn a class of complex models, finite state machines, in real-time. These machines are used as communication profiles to fingerprint, identify or classify hosts and services and offer high detection rates while requiring less training data and thus being faster to compute than simple models.

Original languageEnglish
Title of host publication2016 IEEE 41st Conference on Local Computer Networks (LCN)
PublisherIEEE
Pages559-562
Number of pages4
ISBN (Electronic)978-1-5090-2054-6
DOIs
Publication statusPublished - 2016
MoE publication typeA4 Article in a conference publication
EventAnnual IEEE Conference on Local Computer Networks - Dubai, United Arab Emirates
Duration: 7 Nov 201610 Nov 2016
Conference number: 41

Publication series

NameConference on Local Computer Networks
PublisherIEEE
ISSN (Print)0742-1303

Conference

ConferenceAnnual IEEE Conference on Local Computer Networks
Abbreviated titleLCN
Country/TerritoryUnited Arab Emirates
CityDubai
Period07/11/201610/11/2016

Fingerprint

Dive into the research topics of 'Efficient Learning of Communication Profiles from IP Flow Records'. Together they form a unique fingerprint.

Cite this