Real-Time Representation of Network Traffic Behavior for Enhanced Security

This paper presents a model for real-time network monitoring and anomaly detection that provides a holistic view of network conversation exchanges. We argue that monitoring and anomaly detection are necessary mechanisms for ensuring secure and dependable network computing infrastructure. The model for network traffic exchange is based on a modified Ehrenfest urn model and combines statistical physics and queuing theory to provide macrostate descriptions of complex networked systems when the exact microstate parameters of each element in the system precludes global understanding from first principles. The conversation exchange dynamics model for real-time network monitoring and anomaly detection is formally presented in this context as a system-driven data reduction model. The model induces a unique real-time visualization capability for network monitoring and detection of anomalous events. An implementation of the model and visualization capability is presented along with laboratory tests and successful detection of computer network attacks