A real-time network traffic profiling system

Kuai Xu, Feng Wang, Supratik Bhattacharyya, Zhi Li Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)

Abstract

This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.

Original languageEnglish (US)
Title of host publicationProceedings of the International Conference on Dependable Systems and Networks
Pages595-604
Number of pages10
DOIs
StatePublished - 2007
Externally publishedYes
Event37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007 - Edinburgh, United Kingdom
Duration: Jun 25 2007Jun 28 2007

Other

Other37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007
CountryUnited Kingdom
CityEdinburgh
Period6/25/076/28/07

Fingerprint

Program processors
Internet
Data storage equipment
Benchmarking
Telecommunication traffic
Data mining
Costs
Monitoring
Communication
Denial-of-service attack

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Computer Networks and Communications

Cite this

Xu, K., Wang, F., Bhattacharyya, S., & Zhang, Z. L. (2007). A real-time network traffic profiling system. In Proceedings of the International Conference on Dependable Systems and Networks (pp. 595-604). [4273010] https://doi.org/10.1109/DSN.2007.10

A real-time network traffic profiling system. / Xu, Kuai; Wang, Feng; Bhattacharyya, Supratik; Zhang, Zhi Li.

Proceedings of the International Conference on Dependable Systems and Networks. 2007. p. 595-604 4273010.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Xu, K, Wang, F, Bhattacharyya, S & Zhang, ZL 2007, A real-time network traffic profiling system. in Proceedings of the International Conference on Dependable Systems and Networks., 4273010, pp. 595-604, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007, Edinburgh, United Kingdom, 6/25/07. https://doi.org/10.1109/DSN.2007.10
Xu K, Wang F, Bhattacharyya S, Zhang ZL. A real-time network traffic profiling system. In Proceedings of the International Conference on Dependable Systems and Networks. 2007. p. 595-604. 4273010 https://doi.org/10.1109/DSN.2007.10
Xu, Kuai ; Wang, Feng ; Bhattacharyya, Supratik ; Zhang, Zhi Li. / A real-time network traffic profiling system. Proceedings of the International Conference on Dependable Systems and Networks. 2007. pp. 595-604
@inproceedings{2e3af26db80d4364b3dd4b4745175bbe,
title = "A real-time network traffic profiling system",
abstract = "This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.",
author = "Kuai Xu and Feng Wang and Supratik Bhattacharyya and Zhang, {Zhi Li}",
year = "2007",
doi = "10.1109/DSN.2007.10",
language = "English (US)",
isbn = "0769528554",
pages = "595--604",
booktitle = "Proceedings of the International Conference on Dependable Systems and Networks",

}

TY - GEN

T1 - A real-time network traffic profiling system

AU - Xu, Kuai

AU - Wang, Feng

AU - Bhattacharyya, Supratik

AU - Zhang, Zhi Li

PY - 2007

Y1 - 2007

N2 - This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.

AB - This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.

UR - http://www.scopus.com/inward/record.url?scp=36048955492&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=36048955492&partnerID=8YFLogxK

U2 - 10.1109/DSN.2007.10

DO - 10.1109/DSN.2007.10

M3 - Conference contribution

AN - SCOPUS:36048955492

SN - 0769528554

SN - 9780769528557

SP - 595

EP - 604

BT - Proceedings of the International Conference on Dependable Systems and Networks

ER -