Three Statistical Approaches to Sessionizing Network Flow Data

Author

Rubin-Delanchy, Patrick ; Lawson, Daniel J. ; Turcotte, Melissa J. ; Heard, Nick ; Adams, Niall M.

Author_Institution

Sch. of Math., Univ. of Bristol, Bristol, UK

fYear

2014

fDate

24-26 Sept. 2014

Firstpage

244

Lastpage

247

Abstract

The network traffic generated by a computer, or a pair of computers, is often well modelled as a series of sessions. These are, roughly speaking, intervals of time during which a computer is engaging in the same, continued, activity. This article explores a variety of statistical approaches to re-discovering sessions from network flow data using timing alone. Solutions to this problem are essential for network monitoring and cyber-security. For example overlapping sessions on a computer network can be evidence of an intruder ´tunnelling´.

Keywords

computer network management; computer network reliability; computer network security; computers; cyber security; intruder tunnelling; network flow data; network monitoring; network traffic; statistical approaches; Bayes methods; Computational modeling; Computers; Data models; Educational institutions; Mathematical model; Stochastic processes; clustering; network flow; point process; sessionization;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint

Conference_Location

The Hague

Print_ISBN

978-1-4799-6363-8

Type

conf

DOI

10.1109/JISIC.2014.46

Filename

6975583

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=175394