Analyzing network behaviors with knowledge acquisition and data warehousing

  • Authors:

  • Shun-Chieh Lin;Po-Chih Huang;Shian-Shyong Tseng;Nien-Yi Jan

  • Affiliations:

  • Department of Computer Science, National Chiao Tung University, Hsinchu;Department of Computer Science, National Chiao Tung University, Hsinchu;Department of Computer Science, National Chiao Tung University, Hsinchu and Department of Information Science and Applications, Asia University, Wufeng, Taichung;Department of Computer Science and Information Engineering, Tamkang University, Taipei, Taiwan, R.O.C.

  • Venue:
  • ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

As the growth of network environment dramatically increases, the network-based applications and services become more important. Many researches have developed different systematic approaches to analyze different network traffic sources. However, the data sources used in these approaches are flat without using concept hierarchy of data dimension. In this paper, we propose Network Intrusion Monitoring System (NIMS) architecture based upon the concept hierarchy with different concept level of each dimension to analyze network traffic data. Besides, in order to reduce the effort of administrators to analyze the network behaviors, the expertise of analyzing network behaviors need to be acquired first. Therefore, a Knowledge Acquisition of Behavior Model Construction (KABMC) schema which consists of Acquisition Flow Transformation (AFT) and Behavior Model Acquisition (BMA) processes is firstly proposed. The AFT is used to generate a basic knowledge model for acquiring knowledge and reducing the effort of experts during knowledge acquisition process. The BMA is used to acquire the knowledge of network behaviors from experts. The knowledge of network behavior models acquired is used to enhance the NIMS to reduce the analyzing effort of administrators.