Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Abstract - Technical Program - ID 99

A Statistical Method for Profiling Network Traffic

David Marchette, Naval Surface Warfare Center B10

Abstract

Two clustering methods are described and applied to network data. These allow the clustering of machines into "activity groups", which consist of machines which tend to have similar activity profiles. In addition, these methods allow the user to determine whether current activity matches these profiles, and hence to determine when there is "abnormal" activity on the network. A method for visualizing the clusters is described, and the approaches are applied to a data set consisting of a months worth of data from 993 machines.
  • View the full text of this paper in HTML form and PDF form.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 21 Mar 2002 ml
Technical Program
Conference Index
USENIX home