2016 12th International Conference on Network and Service Management (CNSM) 2016
DOI: 10.1109/cnsm.2016.7818436
|View full text |Cite
|
Sign up to set email alerts
|

Behavioral clustering of non-stationary IP flow record data

Abstract: Abstract-Automated network traffic analysis using machine learning techniques plays an important role in managing networks and IT infrastructure. A key challenge to the correct and effective application of machine learning is dealing with non-stationary learning data sources and concept drift. Traffic evolves overtime due to new technology, software, services being used, changes in user behavior but also due to changes in network graphs like dynamic IP address assignment. In this paper, we present an automatic… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
11
0
2

Year Published

2019
2019
2023
2023

Publication Types

Select...
4
2
2

Relationship

1
7

Authors

Journals

citations
Cited by 11 publications
(13 citation statements)
references
References 18 publications
0
11
0
2
Order By: Relevance
“…Discretizing sequences is typically faster and makes measuring distances easier. Pellegrino et al [43] learn state machines from discretized netflow data in order to detect bot-infected traffic, while Hammerschmidt et al [27] use it to cluster host behavior over time. Lin et al [36] detect anomalies in industrial water treatment plant by using discretized sequences from sensor readings.…”
Section: Challenges In Malware Behavior Modelingmentioning
confidence: 99%
“…Discretizing sequences is typically faster and makes measuring distances easier. Pellegrino et al [43] learn state machines from discretized netflow data in order to detect bot-infected traffic, while Hammerschmidt et al [27] use it to cluster host behavior over time. Lin et al [36] detect anomalies in industrial water treatment plant by using discretized sequences from sensor readings.…”
Section: Challenges In Malware Behavior Modelingmentioning
confidence: 99%
“…The majority of the previous works focus on the profiling network behavior of individual hosts [3,10,26], their classification [14,16] and clustering [21]. The authors of [10] use the change point detection techniques and the indicator of "freshness" to cluster the hosts according to its different activities over time. IP flow records are used as a data source, and the authors test their approach to modeling the different behavior of botnet hosts from real-world data observation.…”
Section: Related Workmentioning
confidence: 99%
“…Nevertheless, the current state-of-the-art host profiling research rarely takes the real-world temporal aspects into account. The datasets utilized for profile creation and temporal evaluation span from 15 minutes in [7] to one month period in [8]. The length of these time spans is insufficient to reflect the long-term behavior of a host reliably.…”
Section: Introductionmentioning
confidence: 99%