Title :
A Flow Analysis for Mining Traffic Anomalies
Author :
Kanda, Yoshiki ; Fukuda, Kensuke ; Sugawara, Toshiharu
Author_Institution :
Grad. Sch. of Fundamental Sci. & Eng., Waseda Univ., Tokyo, Japan
Abstract :
Although analyzing anomalous network traffic behavior is a popular research topic, few studies have been undertaken on the analysis of communication pattern per host based on their flows to characterize the anomalous Internet traffic. This paper discusses the possibility of using a flow-based communication pattern per host as a metric to identify anomalies. The key idea underlining our method is that scanning worm-infected hosts reveal the intrinsic characteristics of host\´s communication pattern and such patterns are distinguishable from those of other hosts. In particular, we found that scanning of worm-infected hosts that generated a lot of flows revealed the intrinsic communication pattern and the pattern could be classified from those of other hosts by k-means clustering. We also found that our flow-based metric could isolate the anomalies that have little influence upon the volumetric information of traffic and flow as "lines", which is remarkable in that the hosts that caused the hidden anomalies were mined out.
Keywords :
Internet; data mining; pattern clustering; telecommunication traffic; Internet traffic; flow based communication pattern per host; flow-based metric; k-means clustering; mining traffic anomalies; traffic flow analysis; worm infected hosts; Communications Society; Computer networks; Computer worms; Data mining; IP networks; Informatics; Pattern analysis; Scalability; Spine; Telecommunication traffic;
Conference_Titel :
Communications (ICC), 2010 IEEE International Conference on
Conference_Location :
Cape Town
Print_ISBN :
978-1-4244-6402-9
DOI :
10.1109/ICC.2010.5502463
