Profiling internet backbone traffic: Behavior models and applications

Kuai Xu, Zhi Li Zhang, Supratik Bhattacharyya

Research output: Chapter in Book/Report/Conference proceedingConference contribution

158 Citations (Scopus)

Abstract

Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.

Original languageEnglish (US)
Title of host publicationComputer Communication Review
Pages169-180
Number of pages12
Volume35
Edition4
DOIs
StatePublished - Oct 2005
Externally publishedYes

Fingerprint

Internet
Communication
Data mining

Keywords

  • Behavior profiles
  • Network monitoring
  • Traffic measurement

ASJC Scopus subject areas

  • Information Systems

Cite this

Xu, K., Zhang, Z. L., & Bhattacharyya, S. (2005). Profiling internet backbone traffic: Behavior models and applications. In Computer Communication Review (4 ed., Vol. 35, pp. 169-180) https://doi.org/10.1145/1090191.1080112

Profiling internet backbone traffic : Behavior models and applications. / Xu, Kuai; Zhang, Zhi Li; Bhattacharyya, Supratik.

Computer Communication Review. Vol. 35 4. ed. 2005. p. 169-180.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Xu, K, Zhang, ZL & Bhattacharyya, S 2005, Profiling internet backbone traffic: Behavior models and applications. in Computer Communication Review. 4 edn, vol. 35, pp. 169-180. https://doi.org/10.1145/1090191.1080112
Xu K, Zhang ZL, Bhattacharyya S. Profiling internet backbone traffic: Behavior models and applications. In Computer Communication Review. 4 ed. Vol. 35. 2005. p. 169-180 https://doi.org/10.1145/1090191.1080112
Xu, Kuai ; Zhang, Zhi Li ; Bhattacharyya, Supratik. / Profiling internet backbone traffic : Behavior models and applications. Computer Communication Review. Vol. 35 4. ed. 2005. pp. 169-180
@inproceedings{c2f93bcee143461683eb8918789f47e0,
title = "Profiling internet backbone traffic: Behavior models and applications",
abstract = "Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.",
keywords = "Behavior profiles, Network monitoring, Traffic measurement",
author = "Kuai Xu and Zhang, {Zhi Li} and Supratik Bhattacharyya",
year = "2005",
month = "10",
doi = "10.1145/1090191.1080112",
language = "English (US)",
volume = "35",
pages = "169--180",
booktitle = "Computer Communication Review",
edition = "4",

}

TY - GEN

T1 - Profiling internet backbone traffic

T2 - Behavior models and applications

AU - Xu, Kuai

AU - Zhang, Zhi Li

AU - Bhattacharyya, Supratik

PY - 2005/10

Y1 - 2005/10

N2 - Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.

AB - Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.

KW - Behavior profiles

KW - Network monitoring

KW - Traffic measurement

UR - http://www.scopus.com/inward/record.url?scp=33750711125&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750711125&partnerID=8YFLogxK

U2 - 10.1145/1090191.1080112

DO - 10.1145/1090191.1080112

M3 - Conference contribution

AN - SCOPUS:33750711125

VL - 35

SP - 169

EP - 180

BT - Computer Communication Review

ER -