{"title":"低秩矩阵逼近监控交通活动图","authors":"Yang Liu, Wenji Chen, Y. Guan","doi":"10.1109/LCN.2012.6423680","DOIUrl":null,"url":null,"abstract":"Recently, Traffic Activity Graphs (TAGs) have been proposed to understand, analyze, and model network-wide communication patterns. The topological properties of the TAGs have been shown to be very helpful for malware analysis, anomaly detection, and attack attribution. In a TAG, nodes represent hosts in the network and edges are observed flows that indicate certain communication relations or interactions of interest among the hosts. The challenge is how to capture and analyze TAGs which are usually large, sparse and complex and often have overly-large space and computation requirements. In this paper, we present a new sampling-based low-rank approximation method for monitoring TAGs. The resulted solution can reduce the computation complexity for the communication pattern analysis from O(mn) to O(m+n), where m and n denote the number of sources and destinations, respectively. The experimental results with real-world traffic traces show that our method outperform existing solutions in terms of efficiency and the capability of processing and identifying unknown TAGs.","PeriodicalId":209071,"journal":{"name":"37th Annual IEEE Conference on Local Computer Networks","volume":"18 9","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Monitoring Traffic Activity Graphs with low-rank matrix approximation\",\"authors\":\"Yang Liu, Wenji Chen, Y. Guan\",\"doi\":\"10.1109/LCN.2012.6423680\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, Traffic Activity Graphs (TAGs) have been proposed to understand, analyze, and model network-wide communication patterns. The topological properties of the TAGs have been shown to be very helpful for malware analysis, anomaly detection, and attack attribution. In a TAG, nodes represent hosts in the network and edges are observed flows that indicate certain communication relations or interactions of interest among the hosts. The challenge is how to capture and analyze TAGs which are usually large, sparse and complex and often have overly-large space and computation requirements. In this paper, we present a new sampling-based low-rank approximation method for monitoring TAGs. The resulted solution can reduce the computation complexity for the communication pattern analysis from O(mn) to O(m+n), where m and n denote the number of sources and destinations, respectively. The experimental results with real-world traffic traces show that our method outperform existing solutions in terms of efficiency and the capability of processing and identifying unknown TAGs.\",\"PeriodicalId\":209071,\"journal\":{\"name\":\"37th Annual IEEE Conference on Local Computer Networks\",\"volume\":\"18 9\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"37th Annual IEEE Conference on Local Computer Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN.2012.6423680\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"37th Annual IEEE Conference on Local Computer Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2012.6423680","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Monitoring Traffic Activity Graphs with low-rank matrix approximation
Recently, Traffic Activity Graphs (TAGs) have been proposed to understand, analyze, and model network-wide communication patterns. The topological properties of the TAGs have been shown to be very helpful for malware analysis, anomaly detection, and attack attribution. In a TAG, nodes represent hosts in the network and edges are observed flows that indicate certain communication relations or interactions of interest among the hosts. The challenge is how to capture and analyze TAGs which are usually large, sparse and complex and often have overly-large space and computation requirements. In this paper, we present a new sampling-based low-rank approximation method for monitoring TAGs. The resulted solution can reduce the computation complexity for the communication pattern analysis from O(mn) to O(m+n), where m and n denote the number of sources and destinations, respectively. The experimental results with real-world traffic traces show that our method outperform existing solutions in terms of efficiency and the capability of processing and identifying unknown TAGs.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
