Host Behavior in Computer Network: One-Year Study

Logo poskytovatele
Logo poskytovatele

Varování

Publikace nespadá pod Filozofickou fakultu, ale pod Ústav výpočetní techniky. Oficiální stránka publikace je na webu muni.cz.
Autoři

JIRSÍK Tomáš VELAN Petr

Rok publikování 2021
Druh Článek v odborném periodiku
Časopis / Zdroj IEEE Transactions on Network and Service Management
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www
Doi http://dx.doi.org/10.1109/TNSM.2020.3036528
Klíčová slova Stability analysis;Security;Labeling;Business;Tools;IP networks;Computer science;Network measurement;Host profiling;Netflow;Clustering;Temporal patterns
Popis An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. Hence, host profiling methods attract the interest of many researchers, and novel methods for host profiling are being introduced. However, these methods are frequently developed on preprocessed and small datasets. Therefore, they do not reflect the real-world artifacts of the host profiling, such as missing observations, temporal patterns, or variability in the profile characteristics in time. To provide the needed insight into the artifacts of host profiling in real-world settings, we present a study of the host behavior in a network conducted on a one-year-long real-world network dataset. In the study, we inspect the availability of the data for host profiling, identify the temporal patterns in host behavior, introduce a method for stable labeling of the hosts, and assess the variability of the host characteristics in the course of the year using the coefficient of variance. Moreover, we make the one-year dataset containing nine characteristics used for host behavior analysis available for public use and further research, including selected use cases representing host profiling caveats. We also share the record of analyses presented in the paper.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.