Abstract : Current monitoring of IP flow records is challenged by the required analysis of large volume of flow records. Finding essential information is equivalent to searching for a needle in a haystack. This analysis can reach from simple counting of basic flow level statistics to complex data mining techniques. Some key target objectives are for instance the identification of malicious traffic as well as tracking the cause of observed flow related events. This paper investigates the usage of link analysis based methods for ranking IP flow records. We leverage the well known HITS algorithm in the context of flow level dependency graphs. We assume a simple dependency model that can be build in the context of large scale IP flow record data. We apply our approach on several datasets, ranging from ISP captured flow records up to forensic packet captures from a real world intrusion.
Type de document :
Communication dans un congrès
Burkhard Stiller; Filip Turck. 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2010, Zurich, Switzerland. Springer, Lecture Notes in Computer Science, LNCS-6155, pp.135-146, 2010, Mechanisms for Autonomous Management of Networks and Services. 〈10.1007/978-3-642-13986-4_20〉
https://hal.inria.fr/hal-01056635
Contributeur : Hal Ifip
<>
Soumis le : mercredi 20 août 2014 - 12:20:44
Dernière modification le : vendredi 11 août 2017 - 16:20:17
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 11:37:41
Shaonan Wang, Radu State, Mohamed Ourdane, Thomas Engel. Mining NetFlow Records for Critical Network Activities. Burkhard Stiller; Filip Turck. 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2010, Zurich, Switzerland. Springer, Lecture Notes in Computer Science, LNCS-6155, pp.135-146, 2010, Mechanisms for Autonomous Management of Networks and Services. 〈10.1007/978-3-642-13986-4_20〉. 〈hal-01056635〉
