A Statistical Method for Profiling Network Traffic

David Marchette

A Statistical Method for Profiling Network Traffic

Abstract:

Two clustering methods are described and applied to network data. These allow the clustering of machines into "activity groups", which consist of machines which tend to have similar activity profiles. In addition, these methods allow the user to determine whether current activity matches these profiles, and hence to determine when there is "abnormal" activity on the network. A method for visualizing the clusters is described, and the approaches are applied to a data set consisting of a months worth of data from 993 machines.

David Marchette, Naval Surface Warfare Center, Dahlgren Division

BibTeX

@inproceedings {271730,
author = {David Marchette},
title = {A Statistical Method for Profiling Network Traffic},
booktitle = {1st Workshop on Intrusion Detection and Network Monitoring (ID 99)},
year = {1999},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/id-99/statistical-method-profiling-network-traffic},
publisher = {USENIX Association},
month = apr
}

Download

Links

Paper:

http://www.usenix.org/publications/library/proceedings/detection99/full_papers/marchette/marchette.pdf

Paper (HTML):

http://www.usenix.org/publications/library/proceedings/detection99/full_papers/marchette/marchette_html/index.html

connect with us

twitter

usenix conference policies

A Statistical Method for Profiling Network Traffic

David Marchette, Naval Surface Warfare Center, Dahlgren Division

Links

connect with us

twitter

usenix conference policies

You are here

connect with us

A Statistical Method for Profiling Network Traffic

David Marchette, Naval Surface Warfare Center, Dahlgren Division

Links