Multivariate network traffic analysis using clustered patterns

被引：0

作者：

Jinoh Kim

Alex Sim

Brian Tierney

Sang Suh

Ikkyun Kim

机构：

[1] Texas A&M University,

[2] Lawrence Berkeley National Laboratory,undefined

[3] ESnet,undefined

[4] ETRI,undefined

来源：

Computing | 2019年 / 101卷

关键词：

Network traffic analysis; Clustered patterns; Change detection; Anomaly detection; Multivariate analysis; 68Uxx Computing methodologies and applications;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Traffic analysis is a core element in network operations and management for various purposes including change detection, traffic prediction, and anomaly detection. In this paper, we introduce a new approach to online traffic analysis based on a pattern-based representation for high-level summarization of the traffic measurement data. Unlike the past online analysis techniques limited to a single variable to summarize (e.g., sketch), the focus of this study is on capturing the network state from the multivariate attributes under consideration. To this end, we employ clustering with its benefit of the aggregation of multidimensional variables. The clustered result represents the state of the network with regard to the monitored variables, which can also be compared with the observed patterns from previous time windows enabling intuitive analysis. We demonstrate the proposed method with two popular use cases, one for estimating state changes and the other for identifying anomalous states, to confirm its feasibility. Our extensive experimental results with public traces and collected monitoring measurements from ESnet traffic traces show that our pattern-based approach is effective for multivariate analysis of online network traffic with visual and quantitative tools.

引用

页码：339 / 361

页数：22

共 57 条

[1] Tong D(2016)High throughput sketch based online heavy hitter detection on FPGA ACM SIGARCH Comput Archit News 43 70-75
[2] Prasanna V(2013)Review: a survey of network flow applications J Netw Comput Appl 36 567-581
[3] Li B(2007)A new intrusion detection system using support vector machines and hierarchical clustering VLDB J 16 507-521
[4] Springer J(2009)Anomaly-based network intrusion detection: techniques, systems and challenges Comput Secur 28 18-28
[5] Bebis G(2005)Blinc: multilevel traffic classification in the dark SIGCOMM Comput Commun Rev 35 229-240
[6] Gunes MH(2011)Netramark: a network traffic classification benchmark SIGCOMM Comput Commun Rev 41 22-30
[7] Khan L(2007)Dimensionality reduction and forecasting on streams Data Streams Models Algorithms 31 261-288
[8] Awad M(2016)Network anomaly detection using ip flows with principal component analysis and ant colony optimization J Netw Comput Appl 64 1-11
[9] Thuraisingham B(2016)A survey of network anomaly detection techniques J Netw Comput Appl 60 19-31
[10] Garcia-Teodoro P(2011)Monitoring abnormal network traffic based on blind source separation approach J Netw Comput Appl 34 1732-1742

← 1 2 3 4 5 6 →