| HAL-Inria | Publications, software ... of Inria's scientists |
Conference papers
Mining NetFlow Records for Critical Network Activities
Abstract : Current monitoring of IP flow records is challenged by the required analysis of large volume of flow records. Finding essential information is equivalent to searching for a needle in a haystack. This analysis can reach from simple counting of basic flow level statistics to complex data mining techniques. Some key target objectives are for instance the identification of malicious traffic as well as tracking the cause of observed flow related events. This paper investigates the usage of link analysis based methods for ranking IP flow records. We leverage the well known HITS algorithm in the context of flow level dependency graphs. We assume a simple dependency model that can be build in the context of large scale IP flow record data. We apply our approach on several datasets, ranging from ISP captured flow records up to forensic packet captures from a real world intrusion.
Cited literature [15 references]
https://hal.inria.fr/hal-01056635
Contributor : Hal Ifip <>
Submitted on : Wednesday, August 20, 2014 - 12:20:44 PM
Last modification on : Friday, November 8, 2019 - 3:06:02 PM
Long-term archiving on: : Thursday, November 27, 2014 - 11:37:41 AM
Contributor : Hal Ifip <>
Submitted on : Wednesday, August 20, 2014 - 12:20:44 PM
Last modification on : Friday, November 8, 2019 - 3:06:02 PM
Long-term archiving on: : Thursday, November 27, 2014 - 11:37:41 AM
File
61550135.pdf
Files produced by the author(s)
Licence
Distributed under a Creative Commons Attribution 4.0 International License