Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Packet classification on multiple fields
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Charging from sampled network usage
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
New directions in traffic measurement and accounting
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Discovery of Multiple-Level Association Rules from Large Databases
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
An analysis of internet content delivery systems
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
INTERMON: complex QoS/SLA analysis in large scale Internet environment
WISICT '04 Proceedings of the winter international synposium on Information and communication technologies
Diamond in the rough: finding Hierarchical Heavy Hitters in multi-dimensional data
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Home-centric visualization of network traffic for security administration
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Maintaining Implicated Statistics in Constrained Environments
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Space complexity of hierarchical heavy hitters in multi-dimensional data streams
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Manifold learning visualization of network traffic data
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Fast payload-based flow estimation for traffic monitoring and network security
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Secure distributed data-mining and its application to large-scale network measurements
ACM SIGCOMM Computer Communication Review
What's new: finding significant differences in network data streams
IEEE/ACM Transactions on Networking (TON)
A measurement study of correlations of internet flow characteristics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Profiling over Adaptive Ranges
Proceedings of the International Symposium on Code Generation and Optimization
IEEE Transactions on Dependable and Secure Computing
Polymorphic worm detection and defense: system design, experimental methodology, and data resources
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Data streams: algorithms and applications
Foundations and Trends® in Theoretical Computer Science
Cluster analysis of traffic flows on a campus network
AIA'06 Proceedings of the 24th IASTED international conference on Artificial intelligence and applications
One step ahead to multisensor data fusion for DDoS detection
Journal of Computer Security - Special issue on security track at ACM symposium on applied computing 2004
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Fisher information of sampled packets: an application to flow size estimation
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Finding hierarchical heavy hitters in network measurement system
Proceedings of the 2007 ACM symposium on Applied computing
Sparse approximations for high fidelity compression of network traffic data
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Interactive traffic analysis and visualization with Wisconsin Netpy
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
NetViewer: a network traffic visualization and analysis tool
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Contract-based load management in federated distributed systems
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Efficient and effective explanation of change in hierarchical summaries
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
ProgME: towards programmable network measurement
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Reversible sketches: enabling monitoring and analysis over high-speed data streams
IEEE/ACM Transactions on Networking (TON)
Finding hierarchical heavy hitters in streaming data
ACM Transactions on Knowledge Discovery from Data (TKDD)
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
NetADHICT: a tool for understanding network traffic
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
A generic language for application-specific flow sampling
ACM SIGCOMM Computer Communication Review
A scalable sampling scheme for clustering in network traffic analysis
Proceedings of the 2nd international conference on Scalable information systems
Formulating and implementing profiling over adaptive ranges
ACM Transactions on Architecture and Code Optimization (TACO)
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
What's going on?: learning communication rules in edge networks
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Design of an IP Flow Record Query Language
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Context-aware clustering of DNS query traffic
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A data mining approach for analysis of worm activity through automatic signature generation
Proceedings of the 1st ACM workshop on Workshop on AISec
A programmable architecture for scalable and real-time network traffic measurements
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
An Efficient Approach for Analyzing Multidimensional Network Traffic
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Topnet: a network-aware top(1)
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Robust network monitoring in the presence of non-cooperative traffic queries
Computer Networks: The International Journal of Computer and Telecommunications Networking
Internet traffic behavior profiling for network security monitoring
IEEE/ACM Transactions on Networking (TON)
Decentralized multi-dimensional alert correlation for collaborative intrusion detection
Journal of Network and Computer Applications
Entropy based adaptive flow aggregation
IEEE/ACM Transactions on Networking (TON)
Towards automated performance diagnosis in a large IPTV network
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Automating rendezvous and proxy selection in sensornets
IPSN '09 Proceedings of the 2009 International Conference on Information Processing in Sensor Networks
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
TCP revisited: a fresh look at TCP in the wild
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A measurement study of correlations of Internet flow characteristics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Exploiting dynamicity in graph-based traffic analysis: techniques and applications
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Design of a Stream-Based IP Flow Record Query Language
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
A heuristic method of finding heavy hitter prefix pairs in IP traffic
IEEE Communications Letters
Journal of Network and Computer Applications
Network traffic monitoring based on mining frequent patterns
FSKD'09 Proceedings of the 6th international conference on Fuzzy systems and knowledge discovery - Volume 7
URCA: pulling out anomalies by their root causes
INFOCOM'10 Proceedings of the 29th conference on Information communications
Detecting DDoS attack towards DNS server using a neural network classifier
ICANN'10 Proceedings of the 20th international conference on Artificial neural networks: Part III
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
Properties and Evolution of Internet Traffic Networks from Anonymized Flow Data
ACM Transactions on Internet Technology (TOIT)
ProgME: towards programmable network measurement
IEEE/ACM Transactions on Networking (TON)
Online measurement of large traffic aggregates on commodity switches
Hot-ICE'11 Proceedings of the 11th USENIX conference on Hot topics in management of internet, cloud, and enterprise networks and services
Internet-scale visualization and detection of performance events
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Predictive resource management of multiple monitoring applications
IEEE/ACM Transactions on Networking (TON)
Echidna: efficient clustering of hierarchical data for network traffic analysis
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Mitigating network denial-of-service through diversity-based traffic management
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Towards software-based signature detection for intrusion prevention on the network card
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Adaptive spatial partitioning for multidimensional data streams
ISAAC'04 Proceedings of the 15th international conference on Algorithms and Computation
PISA: automatic extraction of traffic signatures
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
PCAV: internet attack visualization on parallel coordinates
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Optimal source-based filtering of malicious traffic
IEEE/ACM Transactions on Networking (TON)
CR-PRECIS: a deterministic summary structure for update data streams
ESCAPE'07 Proceedings of the First international conference on Combinatorics, Algorithms, Probabilistic and Experimental Methodologies
Streaming algorithms for data in motion
ESCAPE'07 Proceedings of the First international conference on Combinatorics, Algorithms, Probabilistic and Experimental Methodologies
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
FaRNet: fast recognition of high multi-dimensional network traffic patterns
Proceedings of the ACM SIGMETRICS/international conference on Measurement and modeling of computer systems
An integrated framework for optimizing automatic monitoring systems in large IT infrastructures
Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining
K-sparse approximation for traffic histogram dimensionality reduction
Proceedings of the 8th International Conference on Network and Service Management
Hi-index | 0.00 |
The Internet service model emphasizes flexibility -- any node can send any type of traffic at any time. While this design has allowed new applications and usage models to flourish, it also makes the job of network management significantly more challenging. This paper describes a new method of traffic characterization that automatically groups traffic into minimal clusters of conspicuous consumption. Rather than providing a static analysis specialized to capture flows, applications, or network-to-network traffic matrices, our approach dynamically produces hybrid traffic definitions that match the underlying usage. For example, rather than report five hundred small flows, or the amount of TCP traffic to port 80, or the "top ten hosts", our method might reveal that a certain percent of traffic was used by TCP connections between AOL clients and a particular group of Web servers. Similarly, our technique can be used to automatically classify new traffic patterns, such as network worms or peer-to-peer applications, without knowing the structure of such traffic a priori. We describe a series of algorithms for constructing these traffic clusters and minimizing their representation. In addition, we describe the design of our prototype system, AutoFocus and our experiences using it to discover the dominant and unusual modes of usage on several different production networks.