Title :
Dynamic application flow cluster based on traffic behavior distance
Author :
Bichen Peng ; Wei Guo ; Daiping Liu ; Jianming Fu
Author_Institution :
Sch. of Comput., Wuhan Univ., Wuhan, China
Abstract :
New network applications as well as security threats are emerging in an endless stream. However, existing methods cannot efficiently identify and classify the new-born application traffic, which makes it difficult for network administrators to learn about the status of current network. This paper presents a method to dynamically cluster application flows. In this method, an unsupervised classification algorithm, X-means is used to dynamically analyze network traffic, and cluster flows with similar behavior to one aggregation, which may be generated by the same application or malware. In this paper, we propose the concept of traffic behavior distance which is based on Euclidean Distance, in order to compute the similarity of flows. Based on the generated traffic clusters, administrators can easily learn about what applications are running and whether there´s a new application or anomaly. The results of the experiment show good performance of our proposed method.
Keywords :
computer network security; invasive software; pattern classification; pattern clustering; Euclidean distance; X-means classification algorithm; application traffic classification; dynamic application flow cluster; malware; security threats; traffic behavior distance; unsupervised classification algorithm; X-means; application classification; flow cluster; traffic behavior distance;
Conference_Titel :
Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-6539-2
DOI :
10.1109/ICACTE.2010.5579013
