Behavioral clustering of non-stationary IP flow record data

Christian Hammerschmidt, Samuel Marchal, Radu State, Sicco Verwer

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussaConference contributionScientificvertaisarvioitu

7 Sitaatiot (Scopus)

Abstrakti

Automated network traffic analysis using machine learning techniques plays an important role in managing networks and IT infrastructure. A key challenge to the correct and effective application of machine learning is dealing with non-stationary learning data sources and concept drift. Traffic evolves overtime due to new technology, software, services being used, changes in user behavior but also due to changes in network graphs like dynamic IP address assignment. In this paper, we present an automatic online method to detect change-points in network traffic based on IP flow record analysis. This technique is used to segment an observed behavior into smaller consecutive behaviors differing one from another. The segmented traffic is used to learn small communication profile characterizing accurately the activities present between two observed change-points. We validate our method using synthetic data and outline a real-world application to botnet hosts behavior modeling.
AlkuperäiskieliEnglanti
Otsikko2016 12th International Conference on Network and Service Management (CNSM)
KustantajaIEEE
Sivut297-301
Sivumäärä5
ISBN (elektroninen)978-1-5090-3236-5
ISBN (painettu)978-1-5090-3236-5
DOI - pysyväislinkit
TilaJulkaistu - 19 tammikuuta 2017
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisuussa
TapahtumaInternational Conference on Network and Service Management - Montreal, Kanada
Kesto: 31 lokakuuta 20164 marraskuuta 2016
Konferenssinumero: 12

Julkaisusarja

NimiInternational Conference on Network and Service Management
ISSN (painettu)2165-9605
ISSN (elektroninen)2165-963X

Conference

ConferenceInternational Conference on Network and Service Management
LyhennettäCNSM
MaaKanada
KaupunkiMontreal
Ajanjakso31/10/201604/11/2016

Sormenjälki

Sukella tutkimusaiheisiin 'Behavioral clustering of non-stationary IP flow record data'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä