Traffic Behaviour Characterization Using NetMate

Authors:
Annie Montigny-Leboeuf;Mathieu Couture;Frederic Massicotte
Affiliations:
Communications Research Centre Canada (CRC), Ottawa, Canada;Communications Research Centre Canada (CRC), Ottawa, Canada;Communications Research Centre Canada (CRC), Ottawa, Canada
Venue:
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Year:
2009

Citing 3
Cited 0

A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification

ACM SIGCOMM Computer Communication Review
Detecting backdoors

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Internet traffic classification demystified: myths, caveats, and the best practices

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Previous studies have shown the feasibility of deriving simple indicators of file transfers, human-interactivity, and other important behavioural characteristics. We are proposing a practical implementation and use of such indicators with NetMate. In its current state as a work in progress, our extended version of NetMate will already be of interest to network security practitioners conducting incident analysis. The tool can be used to post-process traffic traces containing suspicious flows in order to obtain a behavioural description of the incident and surrounding traffic activities. With further development, the approach has great potential for other use cases such as intrusion detection, insider threat detection, and traffic classification.