Dynamic feature analysis and measurement for large-scale network traffic monitoring

Authors:
Xiaohong Guan;Tao Qin;Wei Li;Pinghui Wang
Affiliations:
MOE Key Laboratory for Intelligent Networks and Network Security, State Key Laboratory for Manufacturing Systems, Xi'an Jiaotong University, Xi'an, Shaanxi, China and Center for Intelligent and Ne ...;MOE Key Laboratory for Intelligent Networks and Network Security, State Key Laboratory for Manufacturing Systems, Xi'an Jiaotong University, Xi'an, Shaanxi, China;MOE Key Laboratory for Intelligent Networks and Network Security, State Key Laboratory for Manufacturing Systems, Xi'an Jiaotong University, Xi'an, Shaanxi, China;MOE Key Laboratory for Intelligent Networks and Network Security, State Key Laboratory for Manufacturing Systems, Xi'an Jiaotong University, Xi'an, Shaanxi, China
Venue:
IEEE Transactions on Information Forensics and Security
Year:
2010

Citing 31
Cited 1

Probabilistic counting algorithms for data base applications

Journal of Computer and System Sciences
End-to-end internet packet dynamics

IEEE/ACM Transactions on Networking (TON)
A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Properties and prediction of flow statistics from sampled packet streams

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Estimating flow distributions from sampled flow statistics

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Information-Theoretic Measures for Anomaly Detection

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Sketch-based change detection: methods, evaluation, and applications

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Network traffic anomaly detection based on packet bytes

Proceedings of the 2003 ACM symposium on Applied computing
Structural analysis of network traffic flows

Proceedings of the joint international conference on Measurement and modeling of computer systems
Flow sampling under hard resource constraints

Proceedings of the joint international conference on Measurement and modeling of computer systems
Combining routing and traffic data for detection of IP forwarding anomalies

Proceedings of the joint international conference on Measurement and modeling of computer systems
Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Profiling internet backbone traffic: behavior models and applications

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
The monitoring and early detection of internet worms

IEEE/ACM Transactions on Networking (TON)
Traffic classification on the fly

ACM SIGCOMM Computer Communication Review
Impact of packet sampling on anomaly detection metrics

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Observed structure of addresses in IP traffic

IEEE/ACM Transactions on Networking (TON)
Role classification of hosts within enterprise networks based on connection patterns

ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Geographic locality of IP prefixes

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
An information-theoretic approach to network monitoring and measurement

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Network anomography

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Detecting anomalies in network traffic using maximum entropy estimation

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Passive measurement of one-way and two-way flow lifetimes

ACM SIGCOMM Computer Communication Review
Analysis of internet backbone traffic and header anomalies observed

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
A Methodology for Finding Significant Network Hosts

LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
Reversible sketches: enabling monitoring and analysis over high-speed data streams

IEEE/ACM Transactions on Networking (TON)
An empirical evaluation of entropy-based traffic anomaly detection

Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Analysis of communities of interest in data networks

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Traffic classification using a statistical approach

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Anomaly detection in IP networks

IEEE Transactions on Signal Processing

Distribution-based anomaly detection via generalized likelihood ratio test: A general Maximum Entropy approach

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Measuring and monitoring the changes of network traffic patterns in large-scale networks are crucial for effective network management. In this paper, we present a framework and method for detecting and measuring the dynamic changes of the pivotal traffic patterns. A bidirectional regional flow model is established to aggregate traffic packets and extract the traffic metrics and profiles. The characteristics of the regional flows are analyzed and interesting findings are obtained. A directed graph model is applied to describe the flow metrics and six flow features are extracted to capture the dynamic changes of the flow patterns. The measurements based on Renyi entropy are developed to quantitatively monitor these changes. The experimental results based on the actual network traffic data traces show that the method presented in this paper can capture the dynamic changes of pivotal traffic patterns effectively.