发布求助
文献互助 智能选刊 最新文献

Annual ACM Workshop on Mining Network Data最新文献

筛选
英文 中文
Building a prototype for network measurement virtual observatory 构建网络测量虚拟天文台样机
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269887
P. Mátray, I. Csabai, P. Hága, J. Stéger, L. Dobos, G. Vattay
{"title":"Building a prototype for network measurement virtual observatory","authors":"P. Mátray, I. Csabai, P. Hága, J. Stéger, L. Dobos, G. Vattay","doi":"10.1145/1269880.1269887","DOIUrl":"https://doi.org/10.1145/1269880.1269887","url":null,"abstract":"Online sharing of scientific information has accelerated the research activity in various different domains of science. This fact inspires us to initiate this kind of approach in the field of network research and review some projects pointing towards this direction. Using the experiences of similar efforts in other domains of sciences we are building a prototype node for Network Measurement Virtual Observatory. The goal of the observatory is to stimulate network research through sharing available measurement data along with analysis results and providing easy-to-use \"online\" network data analysis tools for network research and management purposes. We would also like to initiate discussion about standardization of network measurement data and to motivate other researchers to publish their own data and tools. In this paper we sketch the basic concept of Virtual Observatories and present a prototype system developed to share measurement data and tools associated with the ETOMIC measurement infrastructure.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131332820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
SIP-based VoIP traffic behavior profiling and its applications 基于sip协议的VoIP话务行为分析及其应用
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269891
Hun-Jeong Kang, Zhi-Li Zhang, Supranamaya Ranjan, A. Nucci
{"title":"SIP-based VoIP traffic behavior profiling and its applications","authors":"Hun-Jeong Kang, Zhi-Li Zhang, Supranamaya Ranjan, A. Nucci","doi":"10.1145/1269880.1269891","DOIUrl":"https://doi.org/10.1145/1269880.1269891","url":null,"abstract":"With the widespread adoption of SIP-based VoIP, understanding the characteristics of SIP traffic behavior is critical to problem diagnosis and security protection of IP Telephony. In this paper, we propose a general methodology for profiling SIP-based VoIP traffic behavior at multiple levels: SIP server host, server entity and individual user levels. Using SIP traffic traces captured in a production VoIP service, we illustrate the characteristics of SIP-based VoIP traffic behavior in an operational network and demonstrate the effectiveness of our general profiling methodology. In particular, we show how our profiling methodology can help identify performance anomalies through a case study.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"283 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123679357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
Comparison of anomaly signal quality in common detection metrics 常用检测指标中异常信号质量的比较
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269884
D. Brauckhoff, M. May, B. Plattner
{"title":"Comparison of anomaly signal quality in common detection metrics","authors":"D. Brauckhoff, M. May, B. Plattner","doi":"10.1145/1269880.1269884","DOIUrl":"https://doi.org/10.1145/1269880.1269884","url":null,"abstract":"Problems involving classification and pattern recognition can often be profitably viewed from the perspective of signal detection theory. We present ANEX (ANomaly EXposure), a simple and intuitive measure for comparing anomaly detection metrics regarding their capability to expose certain types of anomalies. ANEX is based on signal detection theory and determines the anomaly signal quality with the help of the intersection area of the metric's probability density functions in the normal and anomalous case. We illustrate the applicability of our measure by comparing 15 frequently-used detection metrics for the Blaster worm and discuss some early results by comparing NetFlow data from four different border gateway routers of a medium-sized ISP network.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127477987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Identifying and tracking suspicious activities through IP gray space analysis 通过IP灰空间分析识别和跟踪可疑活动
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269883
Yu Jin, Zhi-Li Zhang, Kuai Xu, Feng Cao, S. Sahu
{"title":"Identifying and tracking suspicious activities through IP gray space analysis","authors":"Yu Jin, Zhi-Li Zhang, Kuai Xu, Feng Cao, S. Sahu","doi":"10.1145/1269880.1269883","DOIUrl":"https://doi.org/10.1145/1269880.1269883","url":null,"abstract":"Campus or enterprise networks often have many unassigned IP addresses that collectively form IP gray space within the address blocks of such networks. Using one-month traffic data collected in a large campus network, we have monitored a significant amount of unwanted traffic towards IP gray space in various forms, such as worms, port scanning, and denial of service attacks. In this paper, we apply a heuristic algorithm to extract the IP gray space in our campus network. Subsequently, we analyze the behavioral patterns such as dominant activities and target randomness, of the gray space traffic for individual outside hosts. By correlating and contrasting the traffic towards IP gray addresses and live end hosts, we find the gray space traffic provides unique insight for uncovering the behavior, and intention,of anomalous traffic towards live end hosts. Finally, we demonstrate the applications of gray space traffic for identifying SPAM behavior, detecting malicious scanning and worm activities that successfully compromise end hosts.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129851749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Real-time monitoring of SIP infrastructure using message classification 使用消息分类对SIP基础设施进行实时监控
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269892
A. Acharya, Xiping Wang, Charles P. Wright, N. Banerjee, Bikram Sengupta
{"title":"Real-time monitoring of SIP infrastructure using message classification","authors":"A. Acharya, Xiping Wang, Charles P. Wright, N. Banerjee, Bikram Sengupta","doi":"10.1145/1269880.1269892","DOIUrl":"https://doi.org/10.1145/1269880.1269892","url":null,"abstract":"Session Initiation Protocol (SIP) is a control-plane protocol for multiple services such as VoIP, Instant Messaging and Presence, and in addition, is key to IP Multimedia Subsystem (IMS). A SIP message consists of plain-text headers and their corresponding values, which are used to route the message between one or more endpoints, resulting in a media session. These headers and values are often transformed/re-written at intermediate SIP servers (\"proxies\"). It is important to monitor the flow and transformation of such messages in real-time, for functional testing of a SIP overlay network containing malfunctioning or ill-configured SIP entities, or for efficient run-time SIP network operation, including problem determination and load balancing. Towards that end, we have designed and implemented a programmable in-kernel Linux SIP message classification engine. The classifier can be configured to intercept incoming and outgoing SIP messages from a server, extract appropriate message meta-data including distinguishing header-value pairs and their transformations, and forward the same to a monitoring engine. The engine collates this information from different classifiers across the network, to infer the state of a SIP call on individual servers on the call path as well as aggregated call-state.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114661564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A markovian signature-based approach to IP traffic classification 基于马尔可夫签名的IP流分类方法
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269889
H. Dahmouni, Sandrine Vaton, D. Rossé
{"title":"A markovian signature-based approach to IP traffic classification","authors":"H. Dahmouni, Sandrine Vaton, D. Rossé","doi":"10.1145/1269880.1269889","DOIUrl":"https://doi.org/10.1145/1269880.1269889","url":null,"abstract":"In this paper we present a real-time automatic process to traffic classification and to the detection of abnormal behaviors in IP traffic. The proposed method aims to detect anomalies in the traffic associated to a particular service, or to automatically recognize the service associated to a given sequence of packets at the transport layer. Service classification is becoming a central issue because of the emergence of new services (P2P, VoIP, Streaming video, etc...) which raises new challenges in resource reservation, pricing, network monitoring, etc... In order to identify a specific signature to an application, we first of all model the sequence of its packets at the transport layer by means of a first order Markov chain. Then, we decide which service should be associated to any new sequence by means of standard decision techniques (Maximum Likelihood criterion, Neyman-Pearson test). The evaluation of our automatic recognition procedure using live GPRS Orange France traffic traces demonstrates the feasibility and the excellent performance of this approach.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130116876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Authentication anomaly detection: a case study on a virtual private network 认证异常检测:以虚拟私网为例
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269886
M. Chapple, N. Chawla, A. Striegel
{"title":"Authentication anomaly detection: a case study on a virtual private network","authors":"M. Chapple, N. Chawla, A. Striegel","doi":"10.1145/1269880.1269886","DOIUrl":"https://doi.org/10.1145/1269880.1269886","url":null,"abstract":"The authentication logs on a network can provide a trove of information for discovering potential anomalies in login attempts. Using such logs collected by a production Virtual Private Network device over a period of 15 months, we generate a diurnal model of network accesses. These models are used to detect anomalous authentications, which merit further investigation by a security analyst. We intend that this work will dramatically reduce the amount time spent by analysts identifying anomalous events and allow them to focus on in-depth analysis of these anomalies. Our work makes two contributions: a novel approach of mining authentication data, and the use of geographic distance as a metric to evaluate Virtual Private Network connections. We demonstrate the success of our model using real-world case analysis.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117137787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Byte me: a case for byte accuracy in traffic classification 字节me:流量分类中字节准确性的一个案例
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269890
Jeffrey Erman, A. Mahanti, M. Arlitt
{"title":"Byte me: a case for byte accuracy in traffic classification","authors":"Jeffrey Erman, A. Mahanti, M. Arlitt","doi":"10.1145/1269880.1269890","DOIUrl":"https://doi.org/10.1145/1269880.1269890","url":null,"abstract":"Numerous network traffic classification approaches have recently been proposed. In general, these approaches have focused on correctly identifying a high percentage of total flows. However, on the Internet a small number of \"elephant\" flows contribute a significant amount of the traffic volume. In addition, some application types like Peer-to-Peer (P2P) and FTP contribute more elephant flows than other applications types like Chat. In this opinion piece, we discuss how evaluating a classifier on flow accuracy alone can bias the classification results. By not giving special attention to these traffic classes and their elephant flows in the evaluation of traffic classification approaches we might obtain significantly different performance when these approaches are deployed in operational networks for typical traffic classification tasks such as traffic shaping. We argue that byte accuracy must also be used when evaluating the accuracy of traffic classification algorithms.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134131969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
A three-tier IDS via data mining approach 通过数据挖掘方法的三层IDS
Annual ACM Workshop on Mining Network Data Pub Date : 2007-06-12 DOI: 10.1145/1269880.1269882
Tsong Song Hwang, Tsung-Ju Lee, Yuh-Jye Lee
{"title":"A three-tier IDS via data mining approach","authors":"Tsong Song Hwang, Tsung-Ju Lee, Yuh-Jye Lee","doi":"10.1145/1269880.1269882","DOIUrl":"https://doi.org/10.1145/1269880.1269882","url":null,"abstract":"We introduced a three-tier architecture of intrusion detection system which consists of a blacklist, a whitelist and a multi-class support vector machine classifier. The first tier is the blacklist that will filter out the known attacks from the traffic and the whitelist identifies the normal traffics. The rest traffics, the anomalies detected by the whitelist, were then be classified by a multi-class SVM classifier into four categories: PROBE, DoS, R2L and U2R. Many data mining and machine learning techniques were applied here. We design this three-tier IDS based on the KDD'99 benchmark dataset. Our system has 94.71% intrusion detection rate and 93.52% diagnosis rate. The averag cost for each connection is 0.1781. All of these results are better than those of KDD'99 winner's. Our three-tier architecture design also provides the flexibility for the practical usage. The network system administrator can add the new patterns into the blacklist and allows to do fine tuning of the whitelist according to the environment of their network system and security policy.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134010034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 50
Minerals: using data mining to detect router misconfigurations 矿物质:使用数据挖掘来检测路由器的错误配置
Annual ACM Workshop on Mining Network Data Pub Date : 2006-09-11 DOI: 10.1145/1162678.1162681
Franck Le, Sihyung Lee, Tina Wong, Hyong S. Kim, Darrell Newcomb
{"title":"Minerals: using data mining to detect router misconfigurations","authors":"Franck Le, Sihyung Lee, Tina Wong, Hyong S. Kim, Darrell Newcomb","doi":"10.1145/1162678.1162681","DOIUrl":"https://doi.org/10.1145/1162678.1162681","url":null,"abstract":"Recent studies have shown that router misconfigurations are common and have dramatic consequences for the operations of networks. Not only can misconfigurations compromise the security of a single network, they can even cause global disruptions in Internet connectivity. Several solutions have been proposed that can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are rule-based. Rules are assumed to be known beforehand, and violations of these rules are deemed misconfigurations. As policies typically differ among networks, rule-based approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network, and found promising results. We discovered a number of errors that were confirmed and later corrected by the network engineers. These errors would have been difficult to detect with current rule-based approaches.","PeriodicalId":216113,"journal":{"name":"Annual ACM Workshop on Mining Network Data","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125633652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信