Title :
Bayesian topic models for describing computer network behaviors
Author :
Cramer, Christopher ; Carin, Lawrence
Author_Institution :
Signal Innovations Group, Inc., Durham, NC, USA
Abstract :
We consider the use of Bayesian topic models in the analysis of computer network traffic. Our approach utilizes latent Dirichlet allocation and time-varying dynamic latent Dirichlet allocation, with the goal of identifying significant co-occurrences of types of network traffic, these forming topics of user behavior. In our experiments, these topics of user behavior included: (i) web traffic, (ii) email client and instant messaging, (iii) Microsoft file access, (iv) email server, and (v) other miscellaneous traffic. Each identified behavior topic included a variety of different, but related, protocols without using any a priori knowledge of the purpose of the protocol. We believe that the techniques presented in this paper can be used to form more complex topics through the use of deep packet inspection, and that such topic models could prove useful in the identification of zero-day exploits or other network threats.
Keywords :
Bayes methods; Internet; client-server systems; computer network performance evaluation; computer network security; protocols; telecommunication traffic; Bayesian topic model; Microsoft file access; Web traffic; computer network behavior description; computer network traffic; deep packet inspection; email client; email server; instant messaging; protocols; time-varying dynamic latent Dirichlet allocation; user behavior; Bayesian methods; Indexes; Neodymium; Bayesian statistics; intrusion detection; network analysis; topic models;
Conference_Titel :
Acoustics, Speech and Signal Processing (ICASSP), 2011 IEEE International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4577-0538-0
Electronic_ISBN :
1520-6149
DOI :
10.1109/ICASSP.2011.5946875
