Profiling internet backbone traffic: Behavior models and applications

Kuai Xu; Zhi Li Zhang; Supratik Bhattacharyya

doi:10.1145/1090191.1080112

Profiling internet backbone traffic: Behavior models and applications

Kuai Xu, Zhi Li Zhang, Supratik Bhattacharyya

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

188 Scopus citations

Abstract

Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.

Original language	English (US)
Title of host publication	Computer Communication Review
Pages	169-180
Number of pages	12
Volume	35
Edition	4
DOIs	https://doi.org/10.1145/1090191.1080112
State	Published - Oct 2005
Externally published	Yes

Keywords

Behavior profiles
Network monitoring
Traffic measurement

ASJC Scopus subject areas

Information Systems

Access to Document

10.1145/1090191.1080112

Cite this

@inproceedings{c2f93bcee143461683eb8918789f47e0,

title = "Profiling internet backbone traffic: Behavior models and applications",

abstract = "Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.",

keywords = "Behavior profiles, Network monitoring, Traffic measurement",

author = "Kuai Xu and Zhang, {Zhi Li} and Supratik Bhattacharyya",

year = "2005",

month = oct,

doi = "10.1145/1090191.1080112",

language = "English (US)",

volume = "35",

pages = "169--180",

booktitle = "Computer Communication Review",

edition = "4",

}

TY - GEN

T1 - Profiling internet backbone traffic

T2 - Behavior models and applications

AU - Xu, Kuai

AU - Zhang, Zhi Li

AU - Bhattacharyya, Supratik

PY - 2005/10

Y1 - 2005/10

N2 - Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.

AB - Recent spates of cyber-attacks and frequent emergence of applications affecting Internet traffic dynamics have made it imperative to develop effective techniques that can extract, and make sense of, significant communication patterns from Internet traffic data for use in network operations and security management. In this paper, we present a general methodology for building comprehensive behavior profiles of Internet backbone traffic in terms of communication patterns of end-hosts and services. Relying on data mining and information-theoretic techniques, the methodology consists of significant cluster extraction, automatic behavior classification and structural modeling for in-depth interpretive analyses. We validate the methodology using data sets from the core of the Internet. The results demonstrate that it indeed can identify common traffic profiles as well as anomalous behavior patterns that are of interest to network operators and security analysts.

KW - Behavior profiles

KW - Network monitoring

KW - Traffic measurement

UR - http://www.scopus.com/inward/record.url?scp=33750711125&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750711125&partnerID=8YFLogxK

U2 - 10.1145/1090191.1080112

DO - 10.1145/1090191.1080112

M3 - Conference contribution

AN - SCOPUS:33750711125

VL - 35

SP - 169

EP - 180

BT - Computer Communication Review

ER -

Profiling internet backbone traffic: Behavior models and applications

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this