Network-aware behavior clustering of Internet end hosts

Kuai Xu; Feng Wang; Lin Gu

doi:10.1109/INFCOM.2011.5935017

Network-aware behavior clustering of Internet end hosts

Kuai Xu, Feng Wang, Lin Gu

Mathematical and Natural Sciences, School of (SMNS)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

40 Scopus citations

Abstract

This paper explores the behavior similarity of Internet end hosts in the same network prefixes. We use bipartite graphs to model network traffic, and then construct one-mode projection graphs for capturing social-behavior similarity of end hosts. By applying a simple and efficient spectral clustering algorithm, we perform network-aware clustering of end hosts in the same prefixes into different behavior clusters. Based on information-theoretical measures, we find that the clusters exhibit distinct traffic characteristics which provides improved interpretations of the separated traffic compared with the aggregated traffic of the prefixes. Finally, we demonstrate the applications of exploring behavior similarity in profiling network behaviors and detecting anomalous behaviors through synthetic traffic that combines Internet backbone traffic and packet traces from real scenarios of worm propagations and denial of service attacks.

Original language	English (US)
Title of host publication	2011 Proceedings IEEE INFOCOM
Pages	2078-2086
Number of pages	9
DOIs	https://doi.org/10.1109/INFCOM.2011.5935017
State	Published - Aug 2 2011
Event	IEEE INFOCOM 2011 - Shanghai, China Duration: Apr 10 2011 → Apr 15 2011

Publication series

Name	Proceedings - IEEE INFOCOM
ISSN (Print)	0743-166X

Other

Other	IEEE INFOCOM 2011
Country/Territory	China
City	Shanghai
Period	4/10/11 → 4/15/11

ASJC Scopus subject areas

Computer Science(all)
Electrical and Electronic Engineering

Access to Document

10.1109/INFCOM.2011.5935017

Cite this

@inproceedings{ed9dc152e2cb4663b04d186476dc2b29,

title = "Network-aware behavior clustering of Internet end hosts",

abstract = "This paper explores the behavior similarity of Internet end hosts in the same network prefixes. We use bipartite graphs to model network traffic, and then construct one-mode projection graphs for capturing social-behavior similarity of end hosts. By applying a simple and efficient spectral clustering algorithm, we perform network-aware clustering of end hosts in the same prefixes into different behavior clusters. Based on information-theoretical measures, we find that the clusters exhibit distinct traffic characteristics which provides improved interpretations of the separated traffic compared with the aggregated traffic of the prefixes. Finally, we demonstrate the applications of exploring behavior similarity in profiling network behaviors and detecting anomalous behaviors through synthetic traffic that combines Internet backbone traffic and packet traces from real scenarios of worm propagations and denial of service attacks.",

author = "Kuai Xu and Feng Wang and Lin Gu",

year = "2011",

month = aug,

day = "2",

doi = "10.1109/INFCOM.2011.5935017",

language = "English (US)",

isbn = "9781424499212",

series = "Proceedings - IEEE INFOCOM",

pages = "2078--2086",

booktitle = "2011 Proceedings IEEE INFOCOM",

note = "IEEE INFOCOM 2011 ; Conference date: 10-04-2011 Through 15-04-2011",

}

TY - GEN

T1 - Network-aware behavior clustering of Internet end hosts

AU - Xu, Kuai

AU - Wang, Feng

AU - Gu, Lin

PY - 2011/8/2

Y1 - 2011/8/2

N2 - This paper explores the behavior similarity of Internet end hosts in the same network prefixes. We use bipartite graphs to model network traffic, and then construct one-mode projection graphs for capturing social-behavior similarity of end hosts. By applying a simple and efficient spectral clustering algorithm, we perform network-aware clustering of end hosts in the same prefixes into different behavior clusters. Based on information-theoretical measures, we find that the clusters exhibit distinct traffic characteristics which provides improved interpretations of the separated traffic compared with the aggregated traffic of the prefixes. Finally, we demonstrate the applications of exploring behavior similarity in profiling network behaviors and detecting anomalous behaviors through synthetic traffic that combines Internet backbone traffic and packet traces from real scenarios of worm propagations and denial of service attacks.

AB - This paper explores the behavior similarity of Internet end hosts in the same network prefixes. We use bipartite graphs to model network traffic, and then construct one-mode projection graphs for capturing social-behavior similarity of end hosts. By applying a simple and efficient spectral clustering algorithm, we perform network-aware clustering of end hosts in the same prefixes into different behavior clusters. Based on information-theoretical measures, we find that the clusters exhibit distinct traffic characteristics which provides improved interpretations of the separated traffic compared with the aggregated traffic of the prefixes. Finally, we demonstrate the applications of exploring behavior similarity in profiling network behaviors and detecting anomalous behaviors through synthetic traffic that combines Internet backbone traffic and packet traces from real scenarios of worm propagations and denial of service attacks.

UR - http://www.scopus.com/inward/record.url?scp=79960853919&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79960853919&partnerID=8YFLogxK

U2 - 10.1109/INFCOM.2011.5935017

DO - 10.1109/INFCOM.2011.5935017

M3 - Conference contribution

AN - SCOPUS:79960853919

SN - 9781424499212

T3 - Proceedings - IEEE INFOCOM

SP - 2078

EP - 2086

BT - 2011 Proceedings IEEE INFOCOM

T2 - IEEE INFOCOM 2011

Y2 - 10 April 2011 through 15 April 2011

ER -

Network-aware behavior clustering of Internet end hosts

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this