Machine Learning
BLOSOM: a framework for mining arbitrary boolean expressions
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
SS'08 Proceedings of the 17th conference on Security symposium
The WEKA data mining software: an update
ACM SIGKDD Explorations Newsletter
Automating network application dependency discovery: experiences, limitations, and new solutions
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
User Intention-Based Traffic Dependence Analysis for Anomaly Detection
SPW '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops
Hi-index | 0.00 |
This paper addresses the problem of reasoning about relations between network packets on a host or in a network. Our analysis approach is to discover the causal relations among network packets, and use the relational structure of network events to identify anomalous activities that cannot be attributed to a legitimate cause. The key insight that motivates our traffic-analysis approach is that higher-order information such as the underlying relations of events is useful for human experts' cognition and decision making. We design a new pairing method that produces special pairwise features, so that the discovery problem can be efficiently solved with existing binary classification methods. Preliminary experiments involving real world HTTP and DNS traffic show promising evidence of the accuracy of inferring the network traffic relations using our semantic-aware approach.