A real-time network traffic profiling system

Kuai Xu; Feng Wang; Supratik Bhattacharyya; Zhi-Li Zhang

doi:10.1109/DSN.2007.10

A real-time network traffic profiling system

Kuai Xu, Feng Wang, Supratik Bhattacharyya, Zhi-Li Zhang

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Scopus citations

Abstract

This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.

Original language	English (US)
Title of host publication	Proceedings - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007
Pages	595-604
Number of pages	10
DOIs	https://doi.org/10.1109/DSN.2007.10
State	Published - 2007
Event	37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007 - Edinburgh, United Kingdom Duration: Jun 25 2007 → Jun 28 2007

Publication series

Name	Proceedings of the International Conference on Dependable Systems and Networks

Other

Other	37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007
Country/Territory	United Kingdom
City	Edinburgh
Period	6/25/07 → 6/28/07

Publisher link

10.1109/DSN.2007.10

Find It

Find It at U of M Libraries

Cite this

A real-time network traffic profiling system. / Xu, Kuai; Wang, Feng; Bhattacharyya, Supratik et al.

Proceedings - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007. 2007. p. 595-604 4273010 (Proceedings of the International Conference on Dependable Systems and Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Xu, K, Wang, F, Bhattacharyya, S & Zhang, Z-L 2007, A real-time network traffic profiling system. in Proceedings - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007., 4273010, Proceedings of the International Conference on Dependable Systems and Networks, pp. 595-604, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007, Edinburgh, United Kingdom, 6/25/07. https://doi.org/10.1109/DSN.2007.10

@inproceedings{dd2825bcbc8d48b6adc5088064f1a212,

title = "A real-time network traffic profiling system",

abstract = "This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.",

author = "Kuai Xu and Feng Wang and Supratik Bhattacharyya and Zhi-Li Zhang",

note = "Copyright: Copyright 2011 Elsevier B.V., All rights reserved.; 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007 ; Conference date: 25-06-2007 Through 28-06-2007",

year = "2007",

doi = "10.1109/DSN.2007.10",

language = "English (US)",

isbn = "0769528554",

series = "Proceedings of the International Conference on Dependable Systems and Networks",

pages = "595--604",

booktitle = "Proceedings - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007",

}

TY - GEN

T1 - A real-time network traffic profiling system

AU - Xu, Kuai

AU - Wang, Feng

AU - Bhattacharyya, Supratik

AU - Zhang, Zhi-Li

PY - 2007

Y1 - 2007

N2 - This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.

AB - This paper presents the design and implementation of a real-time behavior profiling system for high-speed Internet links. The profiling system uses flow-level information from continuous packet or flow monitoring systems, and uses data mining and information-theoretic techniques to automatically discover significant events based on the communication patterns of end-hosts. We demonstrate the operational feasibility of the system by implementing it and performing extensive benchmarking of CPU and memory costs using a variety of packet traces from OC-48 links in an Internet backbone network. To improve the robustness of this system against sudden traffic surges such as those caused by denial of service attacks or worm outbreaks, we propose a simple yet effective filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.

UR - http://www.scopus.com/inward/record.url?scp=36048955492&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=36048955492&partnerID=8YFLogxK

U2 - 10.1109/DSN.2007.10

DO - 10.1109/DSN.2007.10

M3 - Conference contribution

AN - SCOPUS:36048955492

SN - 0769528554

SN - 9780769528557

T3 - Proceedings of the International Conference on Dependable Systems and Networks

SP - 595

EP - 604

BT - Proceedings - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007

T2 - 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007

Y2 - 25 June 2007 through 28 June 2007

ER -

A real-time network traffic profiling system

Abstract

Publication series

Other

Publisher link

Find It

Other files and links

Fingerprint

Cite this