Internet traffic analysis in a large university town: A graphical and clustering approach

Weitao Weng; Kai Lei; Kuai Xu; Xiaoyou Liu; Tao Sun

doi:10.1007/978-3-319-39937-9_29

Internet traffic analysis in a large university town: A graphical and clustering approach

Weitao Weng, Kai Lei, Kuai Xu, Xiaoyou Liu, Tao Sun

Mathematical and Natural Sciences, School of (SMNS)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Campus networks consist of a rich diversity of end hosts including wired desktops, servers, and wireless BYOD devices such as laptops and smartphones, which are often compromised in insecure networks. Making sense of traffic behaviors of end hosts in campus networks is a daunting task due to the open nature of the network, heterogeneous devices, high mobility of end users, and a wide range of applications. To address these challenges, this paper applies a combination of graphical approaches and spectral clustering to group the Internet traffic of campus networks into distinctive traffic clusters in a divide-and-conquer manner. Specifically, we first model the data communication between a particular subnet of campus networks and the Internet on a specific application port via bipartite graphs, and subsequently use the one-mode projection to capture behavior similarity of end hosts in the same subnet for the same network applications. Finally we apply a spectral clustering algorithm to explore the behavior similarity to identify distinctive application clusters within each subnet. Our experimental results have demonstrated the benefits of our proposed method for analyzing Internet traffic of a large university town to discover anomalous behaviors and to uncover distinctive temporal and spatial traffic patterns.

Original language	English (US)
Title of host publication	Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings
Editors	Jianliang Xu, Nan Zhang, Dexi Liu, Bin Cui, Xiang Lian
Publisher	Springer Verlag
Pages	378-389
Number of pages	12
ISBN (Print)	9783319399362
DOIs	https://doi.org/10.1007/978-3-319-39937-9_29
State	Published - 2016
Event	17th International Conference on Web-Age Information Management, WAIM 2016 - Nanchang, China Duration: Jun 3 2016 → Jun 5 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9658
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	17th International Conference on Web-Age Information Management, WAIM 2016
Country/Territory	China
City	Nanchang
Period	6/3/16 → 6/5/16

Keywords

Bipartite graph
Campus network
Spectral clustering
Traffic analysis

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-39937-9_29

Cite this

Weng, W., Lei, K., Xu, K., Liu, X., & Sun, T. (2016). Internet traffic analysis in a large university town: A graphical and clustering approach. In J. Xu, N. Zhang, D. Liu, B. Cui, & X. Lian (Eds.), Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings (pp. 378-389). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9658). Springer Verlag. https://doi.org/10.1007/978-3-319-39937-9_29

Internet traffic analysis in a large university town: A graphical and clustering approach. / Weng, Weitao; Lei, Kai; Xu, Kuai et al.
Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings. ed. / Jianliang Xu; Nan Zhang; Dexi Liu; Bin Cui; Xiang Lian. Springer Verlag, 2016. p. 378-389 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9658).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Weng, W, Lei, K, Xu, K, Liu, X & Sun, T 2016, Internet traffic analysis in a large university town: A graphical and clustering approach. in J Xu, N Zhang, D Liu, B Cui & X Lian (eds), Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9658, Springer Verlag, pp. 378-389, 17th International Conference on Web-Age Information Management, WAIM 2016, Nanchang, China, 6/3/16. https://doi.org/10.1007/978-3-319-39937-9_29

Weng W, Lei K, Xu K, Liu X, Sun T. Internet traffic analysis in a large university town: A graphical and clustering approach. In Xu J, Zhang N, Liu D, Cui B, Lian X, editors, Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings. Springer Verlag. 2016. p. 378-389. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-39937-9_29

Weng, Weitao ; Lei, Kai ; Xu, Kuai et al. / Internet traffic analysis in a large university town : A graphical and clustering approach. Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings. editor / Jianliang Xu ; Nan Zhang ; Dexi Liu ; Bin Cui ; Xiang Lian. Springer Verlag, 2016. pp. 378-389 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0df3b494eeb34d8eaeb2d945b71e3881,

title = "Internet traffic analysis in a large university town: A graphical and clustering approach",

abstract = "Campus networks consist of a rich diversity of end hosts including wired desktops, servers, and wireless BYOD devices such as laptops and smartphones, which are often compromised in insecure networks. Making sense of traffic behaviors of end hosts in campus networks is a daunting task due to the open nature of the network, heterogeneous devices, high mobility of end users, and a wide range of applications. To address these challenges, this paper applies a combination of graphical approaches and spectral clustering to group the Internet traffic of campus networks into distinctive traffic clusters in a divide-and-conquer manner. Specifically, we first model the data communication between a particular subnet of campus networks and the Internet on a specific application port via bipartite graphs, and subsequently use the one-mode projection to capture behavior similarity of end hosts in the same subnet for the same network applications. Finally we apply a spectral clustering algorithm to explore the behavior similarity to identify distinctive application clusters within each subnet. Our experimental results have demonstrated the benefits of our proposed method for analyzing Internet traffic of a large university town to discover anomalous behaviors and to uncover distinctive temporal and spatial traffic patterns.",

keywords = "Bipartite graph, Campus network, Spectral clustering, Traffic analysis",

author = "Weitao Weng and Kai Lei and Kuai Xu and Xiaoyou Liu and Tao Sun",

note = "Funding Information: L. Kai—This work has been financially supported by Shenzhen General Research project No: JCYJ20150626111057728 and Key Research Project No: JCYJ20151014093505032, JSGG20140516162852628 and JCYJ20151030154330711. Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 17th International Conference on Web-Age Information Management, WAIM 2016 ; Conference date: 03-06-2016 Through 05-06-2016",

year = "2016",

doi = "10.1007/978-3-319-39937-9_29",

language = "English (US)",

isbn = "9783319399362",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "378--389",

editor = "Jianliang Xu and Nan Zhang and Dexi Liu and Bin Cui and Xiang Lian",

booktitle = "Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings",

}

TY - GEN

T1 - Internet traffic analysis in a large university town

T2 - 17th International Conference on Web-Age Information Management, WAIM 2016

AU - Weng, Weitao

AU - Lei, Kai

AU - Xu, Kuai

AU - Liu, Xiaoyou

AU - Sun, Tao

N1 - Funding Information: L. Kai—This work has been financially supported by Shenzhen General Research project No: JCYJ20150626111057728 and Key Research Project No: JCYJ20151014093505032, JSGG20140516162852628 and JCYJ20151030154330711. Publisher Copyright: © Springer International Publishing Switzerland 2016.

PY - 2016

Y1 - 2016

N2 - Campus networks consist of a rich diversity of end hosts including wired desktops, servers, and wireless BYOD devices such as laptops and smartphones, which are often compromised in insecure networks. Making sense of traffic behaviors of end hosts in campus networks is a daunting task due to the open nature of the network, heterogeneous devices, high mobility of end users, and a wide range of applications. To address these challenges, this paper applies a combination of graphical approaches and spectral clustering to group the Internet traffic of campus networks into distinctive traffic clusters in a divide-and-conquer manner. Specifically, we first model the data communication between a particular subnet of campus networks and the Internet on a specific application port via bipartite graphs, and subsequently use the one-mode projection to capture behavior similarity of end hosts in the same subnet for the same network applications. Finally we apply a spectral clustering algorithm to explore the behavior similarity to identify distinctive application clusters within each subnet. Our experimental results have demonstrated the benefits of our proposed method for analyzing Internet traffic of a large university town to discover anomalous behaviors and to uncover distinctive temporal and spatial traffic patterns.

AB - Campus networks consist of a rich diversity of end hosts including wired desktops, servers, and wireless BYOD devices such as laptops and smartphones, which are often compromised in insecure networks. Making sense of traffic behaviors of end hosts in campus networks is a daunting task due to the open nature of the network, heterogeneous devices, high mobility of end users, and a wide range of applications. To address these challenges, this paper applies a combination of graphical approaches and spectral clustering to group the Internet traffic of campus networks into distinctive traffic clusters in a divide-and-conquer manner. Specifically, we first model the data communication between a particular subnet of campus networks and the Internet on a specific application port via bipartite graphs, and subsequently use the one-mode projection to capture behavior similarity of end hosts in the same subnet for the same network applications. Finally we apply a spectral clustering algorithm to explore the behavior similarity to identify distinctive application clusters within each subnet. Our experimental results have demonstrated the benefits of our proposed method for analyzing Internet traffic of a large university town to discover anomalous behaviors and to uncover distinctive temporal and spatial traffic patterns.

KW - Bipartite graph

KW - Campus network

KW - Spectral clustering

KW - Traffic analysis

UR - http://www.scopus.com/inward/record.url?scp=84976644746&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84976644746&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-39937-9_29

DO - 10.1007/978-3-319-39937-9_29

M3 - Conference contribution

AN - SCOPUS:84976644746

SN - 9783319399362

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 378

EP - 389

BT - Web-Age Information Management - 17th International Conference, WAIM 2016, Proceedings

A2 - Xu, Jianliang

A2 - Zhang, Nan

A2 - Liu, Dexi

A2 - Cui, Bin

A2 - Lian, Xiang

PB - Springer Verlag

Y2 - 3 June 2016 through 5 June 2016

ER -

Internet traffic analysis in a large university town: A graphical and clustering approach

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this