Unsupervised host behavior classification from connection patterns

International Journal of Network Management

Volumn 20, Issue 5, 2010, Pages 317-337

  Dewaele, Guillaume ^a   Himura, Yosuke ^b   Borgnat, Pierre ^a   Fukuda, Kensuke ^c   Abry, Patrice ^a   Michel, Olivier ^d   Fontugne, Romain ^e   Cho, Kenjiro ^f   Esaki, Hiroshi ^b  

^a UNIVERSITÉ DE LYON   (France)

^b UNIVERSITY OF TOKYO   (Japan)

^c JAPAN SCIENCE AND TECHNOLOGY AGENCY   (Japan)

^d CNRS   (France)

^e GRADUATE UNIVERSITY FOR ADVANCED STUDIES   (Japan)

^f Internet Initiative Japan and Core Member of the KAME Project   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTION; BIDIRECTIONALITY; CLUSTERING TECHNIQUES; CONNECTION PATTERNS; CROSS VALIDATION; DATA SHARING; FEATURE SPACE; HOST BEHAVIORS; IN-NETWORK MANAGEMENT; INTERNET CONNECTIVITY; MINIMUM SPANNING TREES; NETWORK COMMUNICATIONS; OPERATIONAL CONSTRAINTS; PACKET PAYLOADS; STATE-OF-THE-ART METHODS; STATISTICAL CLASSIFICATION; TRAFFIC CLASSIFICATION; TRAFFIC MONITORING; UNSUPERVISED CLASSIFICATION;

TELECOMMUNICATION TRAFFIC;

EID: 77956384873     PISSN: 10557148     EISSN: 10991190     Source Type: Journal    
DOI: 10.1002/nem.750     Document Type: Article

References (36)

1. Kim H, Claffy KC, Fomenkov M, Barman D, Faloutsos M, Lee KY. Internet traffic classification demystified: myths, caveats, and the best practices. In ACM CoNEXT 2008, December 2008.
2. Bernaille L, Teixeira R. Early recognition of encrypted applications. In PAM 2007, April 2007;165-175.
3. Moore AW, Zuev D. Internet traffic classification using Bayesian analysis techniques. In ACM SIGMETRICS 05, June 2005;50-60.
4. Sadoddin R, Ghorbani AA. A comparative study of unsupervised machine learning and data mining techniques for intrusion detection. In MLDM 07, 2007;404-418.
5. Lazarevic A, Ozgur A, Ertoz L, Srivastava J, Kumar V. A comparative study of anomaly detection schemes in network intrusion detection. In SIAM 03, 2003.
6. Erman J, Arlitt M, Mahanti A. Traffic classification using clustering algorithms. In ACM SIGCOMM 06 Minenet Workshop, September 2006;281-286.
7. Cho K, Mitsuya K, Kato A. Traffic data repository at the WIDE Project. In USENIX 2000 FREENIX Track, June 2000.
8. Roesch M. Snort: lightweight intrusion detection for networks. In LISA 99: Proceedings of the 13th USENIX Conference on System Administration, November 1999;229-238.
9. Karagiannis T, Papagiannaki K, Faloutsos M. BLINC: multilevel traffic classification in the dark. In ACM SIGCOMM 05, August 2005;229-240.
10. Szabo G, Szabo I, Orincasy D. Accurate traffic classification. In IEEE Conference: WoWMoM, 2007.
11. John W, Tafvelin S. Heuristics to classify Internet backbone traffic based on connection patterns. In ICOIN 08, January 2008.
12. Trestian I, Ranjan S, Kuzmanovic A, Nucci A. Unconstrained endpoint profiling (Googling the Internet). In ACM SIGCOMM 08, August 2008;279-290.
13. Borgnat P, Dewaele G, Fukuda K, Abry P, Cho K. Seven years and one day: sketching the evolution of Internet traffic. In IEEE INFOCOM 2009, April 2009;711-719.
14. McHugh J, McLeod R, Nagaonkar V. Passive network forensics: behavioural classification of network hosts based on connection patterns. ACM SIGOPS Operating Systems Review 2008;42(3):99-111.
15. Xu K, Zhang Z-L, Bhattacharyya S. Profiling Internet backbone traffic: behavior models and applications. In ACM SIGCOMM 05, 2005;169-180.
16. Cover T, Thomas J. Elements of Information Theory. Wiley: Chichester; 1991.
17. Lakhina A, Crovella M, Diot C. Mining anomalies using traffic feature distributions. In ACM SIGCOMM 05, August 2005;217-228.
18. John W, Tafvelin S. Analysis of Internet backbone traffic and header anomalies observed. In ACM IMC 07, October 2007.
19. Lin Y-D, Lu C-N, Lai Y-C, Peng W-H, Lin P-C. Application classification using packet size distribution and port association. Journal of Network and Computer Applications 2009;32:1023-1030.
20. Chen A, Li LE, Cao J. Tracking cardinality distributions in network traffic. In IEEE INFOCOM 2009, April 2009;819-827.
21. Kumar A, Xu J. Sketch guided sampling: using on-line estimates of flow size for adaptive data collection. In IEEE INFOCOM 2006, April 2006.
22. Marchette DJ, Random Graphs for Statistical Pattern Recognition. Wiley: Chichester; 2004.
23. Graham RL, Hell P. On the history of the minimum spanning tree problem. Annals of the History of Computing 1985;7(1):43-57.
24. Grikschat S, Costa JA, Hero AO, Michel O. Dual rooted-diffusions for clustering and classification on manifolds. In IEEE ICASSP 06, May 2006.
25. Galluccio L, Michel O, Comon P, Hero AO, Kliger M. Combining multiple partitions created with a graph-based construction for data clustering. In IEEE International Workshop on Machine Learning for Signal Processing, September 2009.
26. Hero AO, Michel O. theory of greedy approximations to minimal k-point random graphs. IEEE Transactions on Information Theory 1999;45:1921-1939.
27. Michel O, Flandrin P, Hero AO. Entropie conditionnelle de Rènyi et segmentation. In Proceedings of the Colloque GRETSI, Toulouse, France, 2001;665-668.
28. Golshani L, Pasha E, Yari G. Some properties of Rènyi entropy and Rènyi entropy rate. Information Sciences 2009;179:2426-2433.
29. Olman V, Xu D, Xu Y. Identification of regulatory binding sites using minimum spanning trees. In Proceedings of the 8th Pacific Symposium on Biocomputing, Vol. 3, Lihue, HI, 2003;327-338.
30. Ng AY, Jordan MI, Weiss Y. On spectral clustering: analysis and an algorithm. In Advances in Neural Information Processing Systems 2001;14:849-856.
31. Lafon S, Lee AB. Diffusion maps and coarse-graining: a unified framework for dimensionality reduction, graph partitioning and data set parameterization. IEEE Transactions on Pattern Analysis and Machine Intelligence 2006;28(9):1393-1403.
32. Galluccio L, Michel O, Comon P, Slezak E, Hero AO. Initialization free graph based clustering. Tech. Rep. I3S/RR-2009-08-FR, Laboratoire I3S, CNRS, Universitè de Nice-Sophia Antipolis, France, 2009.
33. John W, Dusi M, Claffy KC. Estimating Routing Symmetry on Single Links by Passive Flow Measurements. In Wireless Communications and Mobile Computing Conference, IWCMC, 2010.
34. Dewaele G, Fukuda K, Borgnat P, Abry P, Cho K. Extracting hidden anomalies using Sketch and non Gaussian multiresolution statistical detection procedure. In ACM SIGCOMM LSAD 07, August 2007;145-152.
35. Akerman R. 2007. Ports for Internet services. Available: http://www.chebucto.ns.ca/~rakerman/porttable.html [17 July 2020].
36. Karagiannis T, Broido A, Brownlee N, Claffy KC, Faloutsos M. Is P2P dying or just hiding? In IEEE GLOBECOM 04, November-December 2004;1532-1538.