Proceedings of the First Edition Workshop on High Performance and Programmable Networking 2013
DOI: 10.1145/2465839.2465847
|View full text |Cite
|
Sign up to set email alerts
|

A supervised machine learning approach to classify host roles on line using sFlow

Abstract: Classifying host roles based on network traffic behavior is valuable for network security analysis and detecting security policy violation. Behavior-based network security analysis has advantages over traditional approaches such as code patterns or signatures. Modeling host roles based on network flow data is challenging because of the huge volume of network traffic and overlap among host roles. Many studies of network traffic classification have focused on classifying applications such as web, peer-to-peer, a… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
10
0

Year Published

2017
2017
2022
2022

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 21 publications
(10 citation statements)
references
References 19 publications
0
10
0
Order By: Relevance
“…We performed multiple grid searches, then gradually refined the grid parameters according to the accuracy of the results. Initial grid search parameters were: minPts = [25,50,100,200,400], ϵ = [1,2,4,8,16,32,64,128]. The grid search settled with minPts set to 40 and ϵ set to 5.…”
Section: Network Segment Discovery 31 Model Trainingmentioning
confidence: 99%
See 1 more Smart Citation
“…We performed multiple grid searches, then gradually refined the grid parameters according to the accuracy of the results. Initial grid search parameters were: minPts = [25,50,100,200,400], ϵ = [1,2,4,8,16,32,64,128]. The grid search settled with minPts set to 40 and ϵ set to 5.…”
Section: Network Segment Discovery 31 Model Trainingmentioning
confidence: 99%
“…The majority of the previous works focus on the profiling network behavior of individual hosts [3,10,26], their classification [14,16] and clustering [21]. The authors of [10] use the change point detection techniques and the indicator of "freshness" to cluster the hosts according to its different activities over time.…”
Section: Related Workmentioning
confidence: 99%
“…They study several use-cases and show the applicability and benefits of adopting the machine learning paradigm to the networking field. Following this trend, anomaly detection in the cloud with machine learning is studied in [10], VNF anomaly detection in [11], traffic control with deep learning in [12], and identification of host roles with supervised learning with sFlow in [13].…”
Section: Related Workmentioning
confidence: 99%
“…It evaluates the results of the countermeasures. A CSIRT loops from (6) to (9) until the situation is judged that incident handling operations are not necessary. If a new incident is discovered, return to (2).…”
Section: Operation Flowmentioning
confidence: 99%
“…Therefore, predicting role change is suitable to grasp communication-flow changes in a local network. Li et al [9] studied a classification method to separate internal-device roles into Client or Server. Their method applies a statistical classifier to long-term flow data.…”
Section: Step 1: Calculate Role-change Scorementioning
confidence: 99%