Home > Research > Publications & Outputs > The Time-Varying Dependency Patterns of NetFlow...

Research

Associated organisational units

Electronic data

  • dependency_netflow

    Rights statement: ©2016 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 470 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

The Time-Varying Dependency Patterns of NetFlow Statistics

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Close
More...
Publication date1/12/2016
Host publication2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW)
PublisherIEEE
Pages288-294
Number of pages7
ISBN (electronic)9781509059102
ISBN (print)9781509059119
<mark>Original language</mark>English

Publication series

Name2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW)
PublisherIEEE
ISSN (electronic)2375-9259

Abstract

We investigate where and how key dependency structure between measures of network activity change throughout the course of daily activity. Our approach to data-mining is probabilistic in nature, we formulate the identification of dependency patterns as a regularised statistical estimation problem. The resulting model can be interpreted as a set of time-varying graphs and provides a useful visual interpretation of network activity. We believe this is the first application of dynamic graphical modelling to network traffic of this kind. Investigations are performed on 9 days of real-world network traffic across a subset of IP's. We demonstrate that dependency between features may change across time and discuss how these change at an intra and inter-day level. Such variation in feature dependency may have important consequences for the design and implementation of probabilistic intrusion detection systems.

Bibliographic note

©2016 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.