As the Internet continues to grow in devices, applications, services, users, and traffic, network behavior analysis has increasingly become a crucial area in research for understanding what is happening on the Internet. This chapter first introduces the definition and concept of network behavior and discusses the importance and urgent need of network behavior analysis. Subsequently, this chapter describes the common methods, infrastructure, and frameworks for collecting, monitoring, modeling and analyzing network behavior. Next, this chapter discusses the broad benefits and applications of exploring network behavior in behavioral profiling, anomaly detection, traffic engineering, and security monitoring. Finally, this chapter concludes with an overview of the topics covered in this book and the overall organization of the book chapters.
What is Network Behavior AnalysisAs the Internet continues to grow in size and complexity, the challenge of effectively provisioning, managing, and securing it has become inextricably linked to a deep understanding of Internet traffic and network behavior [1][2][3][4][5]. The imperative and urgency of understanding network behavior and traffic patterns gives rise to the field of network behavior analysis (NBA), which focuses on the study of network traffic data for providing critical insights into behavioral patterns of end systems and network applications.Throughout this book, the terms, networked systems, end hosts, and end systems, will be used interchangeably for representing all Internet-connected devices including desktops, laptops, tablets, smartphones, servers as well as Internet of Thing (IoT) devices. We will also use the terms, Internet applications, network applications, and application services interchangeably for denoting the broad range of applications and services running on the Internet infrastructure, such as e-mail, web, video and music streaming, gaming, online social media, and smartphone apps.