组织网络正常与异常交通流模式分析

2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE) Pub Date : 2017-04-01 DOI:10.1109/CCECE.2017.7946652

Safia Rahmat, Quamar Niyaz, A. Javaid, Weiqing Sun

{"title":"组织网络正常与异常交通流模式分析","authors":"Safia Rahmat, Quamar Niyaz, A. Javaid, Weiqing Sun","doi":"10.1109/CCECE.2017.7946652","DOIUrl":null,"url":null,"abstract":"Traffic monitoring and analysis has become necessary to understand the nature of information flowing within an organization. This is particularly important due to the recent trend of increase in the percentage of anomalous traffic in the overall organizational traffic composition. In this work, we attempt to determine the typical characteristics seen in various organizational network traffic. We use simple flow analysis methods on different datasets which include normal and anomalous traffic. Results from such an analysis can play a vital role in problems ranging from feature selection for machine learning based models to help tune the rules of an intrusion detection system (IDS). Based on the analysis of number of flows, packet size, number of packets per flow, flow duration, and protocol composition present in each dataset, we present our findings in this work.","PeriodicalId":238720,"journal":{"name":"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Normal and anomalous traffic flow pattern analysis for organizational networks\",\"authors\":\"Safia Rahmat, Quamar Niyaz, A. Javaid, Weiqing Sun\",\"doi\":\"10.1109/CCECE.2017.7946652\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Traffic monitoring and analysis has become necessary to understand the nature of information flowing within an organization. This is particularly important due to the recent trend of increase in the percentage of anomalous traffic in the overall organizational traffic composition. In this work, we attempt to determine the typical characteristics seen in various organizational network traffic. We use simple flow analysis methods on different datasets which include normal and anomalous traffic. Results from such an analysis can play a vital role in problems ranging from feature selection for machine learning based models to help tune the rules of an intrusion detection system (IDS). Based on the analysis of number of flows, packet size, number of packets per flow, flow duration, and protocol composition present in each dataset, we present our findings in this work.\",\"PeriodicalId\":238720,\"journal\":{\"name\":\"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCECE.2017.7946652\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCECE.2017.7946652","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

流量监控和分析对于理解组织内信息流动的本质是必要的。由于最近异常流量在整个组织流量构成中的百分比呈上升趋势，这一点尤为重要。在这项工作中，我们试图确定在各种组织网络流量中看到的典型特征。我们使用简单的流量分析方法对不同的数据集，包括正常和异常流量。这种分析的结果可以在从基于机器学习的模型的特征选择到帮助调整入侵检测系统(IDS)规则的问题中发挥重要作用。基于对每个数据集中存在的流数、数据包大小、每个流的数据包数、流持续时间和协议组成的分析，我们提出了我们在这项工作中的发现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Normal and anomalous traffic flow pattern analysis for organizational networks

Traffic monitoring and analysis has become necessary to understand the nature of information flowing within an organization. This is particularly important due to the recent trend of increase in the percentage of anomalous traffic in the overall organizational traffic composition. In this work, we attempt to determine the typical characteristics seen in various organizational network traffic. We use simple flow analysis methods on different datasets which include normal and anomalous traffic. Results from such an analysis can play a vital role in problems ranging from feature selection for machine learning based models to help tune the rules of an intrusion detection system (IDS). Based on the analysis of number of flows, packet size, number of packets per flow, flow duration, and protocol composition present in each dataset, we present our findings in this work.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)

自引率

0.00%

发文量