学术论文信息

 题名:   IP backbone trafc behavior characteristic spectrum composing and role mining 
 作者:   臧小东,龚俭,黄思逸,胡晓艳,杨云 
 杂志/会议:   CCF Transactions on Networking 
 卷、期、页码:   2(3):153-171 
 时间:   2019-10 
 关键词:    
 摘要:  The discovery and description of the IP trafc behavior is of great signifcance for both network operation management and network security monitoring. Researches demonstrate that there are some similarities of the trafc behavior among diferent IPs, hence, they can be clustered based on the behavior similarity. These similar trafc behaviors can be depicted by a specifc behavior pattern called IP address role in our work. Towards this end, a unidirectional IP fow record is used to represent an independent IP activity. The trafc behavior metrics are defned in four dimensions including the duration time, the peer address, the application types and the number of packets and bytes contained in the fow, which corresponds to temporal dimension, spatial dimension, category dimension and intensity dimension, respectively. Nine single-attribute and thirty-nine dual-attribute metrics are extracted from four dimensions to compose the IP address trafc characteristic spectrum, which is used to profle the behavior of all IPs in the observed network and provide the data for the behavior description of each class of IP. These classes are established by a characteristic spectrum matched IP address role mining algorithm designed in this paper. NetFlow data collected from some border routers of China Education Research Network backbone (CERNET) is used to verify the method. Experimental results demonstrate that our approach can be applied to anomaly behavior detection and mainstream behavioral habits analysis.
 索引:   
 全文链接        导出