IEEE Internet Computing
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
MRTG: The Multi Router Traffic Grapher
LISA '98 Proceedings of the 12th Conference on Systems Administration
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
Survey and taxonomy of packet classification techniques
ACM Computing Surveys (CSUR)
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Traffic classification using clustering algorithms
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Unexpected means of protocol inference
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Mitigating network denial-of-service through diversity-based traffic management
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Topnet: a network-aware top(1)
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Analysis of the 1999 DARPA/Lincoln laboratory IDS evaluation data with NetADHICT
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Managing networks through context: Graph visualization and exploration
Computer Networks: The International Journal of Computer and Telecommunications Networking
Isolated virtualised clusters: testbeds for high-risk security experimentation and training
CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Computer and network administrators are often confused or uncertain about the behavior of their networks. Traditional analysis using IP ports, addresses, and protocols are insufficient to understand modern computer networks. Here we describe NetADHICT, a tool for better understanding the behavior of network traffic. The key innovation of NetADHICT is that it can identify and present a hierarchical decomposition of traffic that is based upon the learned structure of both packet headers and payloads. In particular, it decomposes traffic without the use of protocol dissectors or other application-specific knowledge. Through an AJAX-based web interface, NetADHICT allows administrators to see the high-level structure of network traffic, monitor how traffic within that structure changes over time, and analyze the significance of those changes. NetADHICT allows administrators to observe global patterns of behavior and then focus on the specific packets associated with that behavior, acting as a bridge from higher level tools to the lower level ones. From experiments we believe that NetADHICT can assist in the identification of flash crowds, rapidly propagating worms, and P2P applications.