A statistical method for profiling network traffic

Authors:
David Marchette
Affiliations:
Naval Surface Warfare Center, Dahlgren, VA
Venue:
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Year:
1999

Citing 2
Cited 0

Computer immunology

Communications of the ACM
Regular Article: Randomized Nonlinear Projections Uncover High-Dimensional Structure

Advances in Applied Mathematics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Two clustering methods are described and applied to network data. These allow the clustering of machines into "activity groups", which consist of machines which tend to have similar activity profiles. In addition, these methods allow the user to determine whether current activity matches these profiles, and hence to determine when there is "abnormal" activity on the network. A method for visualizing the clusters is described, and the approaches are applied to a data set consisting of a months worth of data from 993 machines.