Profiling-By-Association: a resilient traffic profiling solution for the internet backbone

Proceedings of The 6th International Conference on Innovation in Science and Technology Pub Date : 2010-11-30 DOI:10.1145/1921168.1921171

Marios Iliofotou, Brian Gallagher, Tina Eliassi-Rad, Guowu Xie, M. Faloutsos

{"title":"Profiling-By-Association: a resilient traffic profiling solution for the internet backbone","authors":"Marios Iliofotou, Brian Gallagher, Tina Eliassi-Rad, Guowu Xie, M. Faloutsos","doi":"10.1145/1921168.1921171","DOIUrl":null,"url":null,"abstract":"Profiling Internet backbone traffic is becoming an increasingly hard problem since users and applications are avoiding detection using traffic obfuscation and encryption. The key question addressed here is: Is it possible to profile traffic at the backbone without relying on its packet and flow level information, which can be obfuscated? We propose a novel approach, called Profiling-By-Association (PBA), that uses only the IP-to-IP communication graph and information about some applications used by few IP-hosts (a.k.a. seeds). The key insight is that IP-hosts tend to communicate more frequently with hosts involved in the same application forming communities (or clusters). Profiling few members within a cluster can \"give away\" the whole community. Following our approach, we develop different algorithms to profile Internet traffic and evaluate them on real-traces from four large backbone networks. We show that PBA's accuracy is on average around 90% with knowledge of only 1% of all the hosts in a given data set and its runtime is on the order of minutes (≈ 5).","PeriodicalId":20688,"journal":{"name":"Proceedings of The 6th International Conference on Innovation in Science and Technology","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of The 6th International Conference on Innovation in Science and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1921168.1921171","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 42

Abstract

Profiling Internet backbone traffic is becoming an increasingly hard problem since users and applications are avoiding detection using traffic obfuscation and encryption. The key question addressed here is: Is it possible to profile traffic at the backbone without relying on its packet and flow level information, which can be obfuscated? We propose a novel approach, called Profiling-By-Association (PBA), that uses only the IP-to-IP communication graph and information about some applications used by few IP-hosts (a.k.a. seeds). The key insight is that IP-hosts tend to communicate more frequently with hosts involved in the same application forming communities (or clusters). Profiling few members within a cluster can "give away" the whole community. Following our approach, we develop different algorithms to profile Internet traffic and evaluate them on real-traces from four large backbone networks. We show that PBA's accuracy is on average around 90% with knowledge of only 1% of all the hosts in a given data set and its runtime is on the order of minutes (≈ 5).

查看原文本刊更多论文

关联分析:针对互联网骨干网的弹性流量分析解决方案

由于用户和应用程序使用流量混淆和加密来避免检测，对互联网骨干流量进行分析已成为越来越困难的问题。这里要解决的关键问题是:是否有可能在不依赖于可能被混淆的分组和流级信息的情况下对骨干网络的流量进行分析?我们提出了一种新的方法，称为关联分析(PBA)，它只使用ip到ip通信图和关于少数ip主机(又名种子)使用的一些应用程序的信息。关键是ip主机倾向于更频繁地与组成社区(或集群)的相同应用程序中的主机进行通信。分析集群中的少数成员可能会“泄露”整个社区。根据我们的方法，我们开发了不同的算法来分析互联网流量，并在四个大型骨干网的真实轨迹上对其进行评估。我们表明，PBA的准确率平均约为90%，仅了解给定数据集中所有主机的1%，其运行时间约为分钟(≈5)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of The 6th International Conference on Innovation in Science and Technology

自引率

0.00%

发文量