Title: Real-time behaviour profiling for network monitoring

Authors: Kuai Xu, Feng Wang, Supratik Bhattacharyya, Zhi-Li Zhang

Addresses: Arizona State University, 4701 W. Thunderbird Road, Glendale, AZ 85306, USA. ' Arizona State University, 4701 W. Thunderbird Road, Glendale, AZ 85306, USA. ' SnapTell Inc., Palo Alto, CA 94306, USA. ' Department of Computer Science and Engineering, University of Minnesota, 4-192 EE/CS Building, 200 Union Street SE, Minneapolis, MN 55416, USA

Abstract: This paper presents the design and implementation of a real-time behaviour profiling system for internet links. The system uses flow-level information, and applies data mining and information-theoretic techniques to automatically discover significant events based on communication patterns. We demonstrate the operational feasibility of the system by implementing it and performing benchmarking of CPU and memory costs using packet traces from backbone links. To improve the robustness of this system against sudden traffic surges, we propose a novel filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy. Finally, we devise and evaluate simple yet effective blocking strategies to reduce prevalent exploit traffic, and build a simple event analysis engine to generate ACL rules for filtering unwanted traffic.

Keywords: real-time traffic monitoring; behaviour profiling; profiling-aware filtering algorithms; network traffic; internet links; data mining; information theory; communication patterns.

DOI: 10.1504/IJIPT.2010.032616

International Journal of Internet Protocol Technology, 2010 Vol.5 No.1/2, pp.65 - 80

Published online: 09 Apr 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article