University of Luxembourg [Luxembourg] (Campus Kirchberg
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Campus de Limpertsberg
162a, avenue de la Faïencerie
L-1511 Luxembourg
Campus de Belval
2, avenue de l'Université
L-4365 Esch-sur-Alzette - Luxembourg)
Abstract : Current monitoring of IP flow records is challenged by the required analysis of large volume of flow records. Finding essential information is equivalent to searching for a needle in a haystack. This analysis can reach from simple counting of basic flow level statistics to complex data mining techniques. Some key target objectives are for instance the identification of malicious traffic as well as tracking the cause of observed flow related events. This paper investigates the usage of link analysis based methods for ranking IP flow records. We leverage the well known HITS algorithm in the context of flow level dependency graphs. We assume a simple dependency model that can be build in the context of large scale IP flow record data. We apply our approach on several datasets, ranging from ISP captured flow records up to forensic packet captures from a real world intrusion.
https://hal.inria.fr/hal-01056635 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Wednesday, August 20, 2014 - 12:20:44 PM Last modification on : Friday, November 8, 2019 - 3:06:02 PM Long-term archiving on: : Thursday, November 27, 2014 - 11:37:41 AM
Shaonan Wang, Radu State, Mohamed Ourdane, Thomas Engel. Mining NetFlow Records for Critical Network Activities. 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2010, Zurich, Switzerland. pp.135-146, ⟨10.1007/978-3-642-13986-4_20⟩. ⟨hal-01056635⟩