Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Automating Network Node Behavior Characterization by Mining Communication Patterns

Conference ·
; ; ;

Enterprise networks of scale are complex, dynamic computing environments that respond to evolv- ing business objectives and requirements. Characteriz- ing system behaviors in these environments is essential for network management and cyber security operations. Characterization of system’s communication is typical and is supported using network flow information (NetFlow). Related work has characterized behavior using theoretical graph metrics; results are often difficult to interpret by enterprise staff. We propose a different approach, where flow information is mapped to sets of tags that contextualize the data in terms of network principals and enterprise concepts. Frequent patterns are then extracted and are expressed as behaviors. Behaviors can be com- pared, identifying systems expressing similar behaviors. We evaluate the approach using flow information collected by a third party.

Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (US)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-76RL01830
OSTI ID:
1440649
Report Number(s):
PNNL-SA-122293; 453060031
Country of Publication:
United States
Language:
English

Similar Records

Discrete Mathematical Approaches to Graph-Based Traffic Analysis
Conference · Tue Apr 01 00:00:00 EDT 2014 · OSTI ID:1222143
Atypical Behavior Identification in Large Scale Network Traffic
Conference · Sun Oct 23 00:00:00 EDT 2011 · OSTI ID:1042556
Directory Enabled Policy Based Networking
Technical Report · Mon Oct 01 00:00:00 EDT 2001 · OSTI ID:789255

Related Subjects

cyber system modeling
frequent itemsets