Real-time behaviour profiling for network monitoring

Kuai Xu, Feng Wang, Supratik Bhattacharyya, Zhi Li Zhang

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

This paper presents the design and implementation of a real-time behaviour profiling system for internet links. The system uses flow-level information, and applies data mining and information-theoretic techniques to automatically discover significant events based on communication patterns. We demonstrate the operational feasibility of the system by implementing it and performing benchmarking of CPU and memory costs using packet traces from backbone links. To improve the robustness of this system against sudden traffic surges, we propose a novel filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy. Finally, we devise and evaluate simple yet effective blocking strategies to reduce prevalent exploit traffic, and build a simple event analysis engine to generate ACL rules for filtering unwanted traffic.

Original languageEnglish (US)
Pages (from-to)65-80
Number of pages16
JournalInternational Journal of Internet Protocol Technology
Volume5
Issue number1-2
DOIs
StatePublished - Apr 2010

Fingerprint

Program processors
Data storage equipment
Monitoring
Benchmarking
Data mining
Costs
Internet
Engines
Communication

Keywords

  • Behaviour profiling
  • Profiling-aware filtering algorithms
  • Real-time traffic monitoring

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Real-time behaviour profiling for network monitoring. / Xu, Kuai; Wang, Feng; Bhattacharyya, Supratik; Zhang, Zhi Li.

In: International Journal of Internet Protocol Technology, Vol. 5, No. 1-2, 04.2010, p. 65-80.

Research output: Contribution to journalArticle

Xu, Kuai ; Wang, Feng ; Bhattacharyya, Supratik ; Zhang, Zhi Li. / Real-time behaviour profiling for network monitoring. In: International Journal of Internet Protocol Technology. 2010 ; Vol. 5, No. 1-2. pp. 65-80.
@article{57e68cabb80b4080bb3af18427e93bff,
title = "Real-time behaviour profiling for network monitoring",
abstract = "This paper presents the design and implementation of a real-time behaviour profiling system for internet links. The system uses flow-level information, and applies data mining and information-theoretic techniques to automatically discover significant events based on communication patterns. We demonstrate the operational feasibility of the system by implementing it and performing benchmarking of CPU and memory costs using packet traces from backbone links. To improve the robustness of this system against sudden traffic surges, we propose a novel filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy. Finally, we devise and evaluate simple yet effective blocking strategies to reduce prevalent exploit traffic, and build a simple event analysis engine to generate ACL rules for filtering unwanted traffic.",
keywords = "Behaviour profiling, Profiling-aware filtering algorithms, Real-time traffic monitoring",
author = "Kuai Xu and Feng Wang and Supratik Bhattacharyya and Zhang, {Zhi Li}",
year = "2010",
month = "4",
doi = "10.1504/IJIPT.2010.032616",
language = "English (US)",
volume = "5",
pages = "65--80",
journal = "International Journal of Internet Protocol Technology",
issn = "1743-8209",
publisher = "Inderscience Enterprises Ltd",
number = "1-2",

}

TY - JOUR

T1 - Real-time behaviour profiling for network monitoring

AU - Xu, Kuai

AU - Wang, Feng

AU - Bhattacharyya, Supratik

AU - Zhang, Zhi Li

PY - 2010/4

Y1 - 2010/4

N2 - This paper presents the design and implementation of a real-time behaviour profiling system for internet links. The system uses flow-level information, and applies data mining and information-theoretic techniques to automatically discover significant events based on communication patterns. We demonstrate the operational feasibility of the system by implementing it and performing benchmarking of CPU and memory costs using packet traces from backbone links. To improve the robustness of this system against sudden traffic surges, we propose a novel filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy. Finally, we devise and evaluate simple yet effective blocking strategies to reduce prevalent exploit traffic, and build a simple event analysis engine to generate ACL rules for filtering unwanted traffic.

AB - This paper presents the design and implementation of a real-time behaviour profiling system for internet links. The system uses flow-level information, and applies data mining and information-theoretic techniques to automatically discover significant events based on communication patterns. We demonstrate the operational feasibility of the system by implementing it and performing benchmarking of CPU and memory costs using packet traces from backbone links. To improve the robustness of this system against sudden traffic surges, we propose a novel filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy. Finally, we devise and evaluate simple yet effective blocking strategies to reduce prevalent exploit traffic, and build a simple event analysis engine to generate ACL rules for filtering unwanted traffic.

KW - Behaviour profiling

KW - Profiling-aware filtering algorithms

KW - Real-time traffic monitoring

UR - http://www.scopus.com/inward/record.url?scp=77950964456&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77950964456&partnerID=8YFLogxK

U2 - 10.1504/IJIPT.2010.032616

DO - 10.1504/IJIPT.2010.032616

M3 - Article

AN - SCOPUS:77950964456

VL - 5

SP - 65

EP - 80

JO - International Journal of Internet Protocol Technology

JF - International Journal of Internet Protocol Technology

SN - 1743-8209

IS - 1-2

ER -