Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Multivariate network traffic analysis using clustered patterns

Journal Article · · Computing: Archiv fuer Informatik und Numerik
 [1];  [2];  [3];  [1];  [4]
  1. Texas A & M Univ., Commerce, TX (United States)
  2. Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
  3. Energy Sciences Network, Berkeley, CA (United States)
  4. Electronics and Telecommunications Research Inst., Daejon (Korea, Republic of)
+ Show Author Affiliations

Traffic analysis is a core element in network operations and management for various purposes including change detection, traffic prediction, and anomaly detection. In this paper, we introduce a new approach to online traffic analysis based on a pattern-based representation for high-level summarization of the traffic measurement data. Unlike the past online analysis techniques limited to a single variable to summarize (e.g., sketch), the focus of this study is on capturing the network state from the multivariate attributes under consideration. To this end, we employ clustering with its benefit of the aggregation of multidimensional variables. The clustered result represents the state of the network with regard to the monitored variables, which can also be compared with the observed patterns from previous time windows enabling intuitive analysis. Finally, we demonstrate the proposed method with two popular use cases, one for estimating state changes and the other for identifying anomalous states, to confirm its feasibility. Our extensive experimental results with public traces and collected monitoring measurements from ESnet traffic traces show that our pattern-based approach is effective for multivariate analysis of online network traffic with visual and quantitative tools.

Research Organization:
Lawrence Berkeley National Laboratory (LBNL), Berkeley, CA (United States)
Sponsoring Organization:
USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR) (SC-21)
Grant/Contract Number:
AC02-05CH11231
OSTI ID:
1498687
Journal Information:
Computing: Archiv fuer Informatik und Numerik, Journal Name: Computing: Archiv fuer Informatik und Numerik Journal Issue: 4 Vol. 101; ISSN 0010-485X
Publisher:
Springer NatureCopyright Statement
Country of Publication:
United States
Language:
English

References (35)

Network Anomaly Detection Using Co-clustering book January 2014
Network Anomaly Detection Using Co-clustering book January 2017
Randomized Algorithms book January 2020
A new intrusion detection system using support vector machines and hierarchical clustering journal August 2006
A multivariate Kolmogorov-Smirnov test of goodness of fit journal October 1997
Measuring IP and TCP behavior on edge nodes with Tstat journal January 2005
Anomaly-based network intrusion detection: Techniques, systems and challenges journal February 2009
Monitoring abnormal network traffic based on blind source separation approach journal September 2011
A survey of network flow applications journal March 2013
A survey of network anomaly detection techniques journal January 2016
Network anomaly detection using IP flows with Principal Component Analysis and Ant Colony Optimization journal April 2016
Finite population corrections for the Kolmogorov–Smirnov tests journal June 2012
Network Anomaly Detection Using Co-clustering
  • Papalexakis, E. E.; Beutel, A.; Steenkiste, P.
  • 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012), 2012 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining https://doi.org/10.1109/ASONAM.2012.72
conference August 2012
A Cluster-Based Intrusion Detection Framework for Monitoring the Traffic of Cloud Environments conference June 2016
Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks conference June 2017
Using GMM and SVM-Based Techniques for the Classification of SSH-Encrypted Traffic conference June 2009
CoTS: A Scalable Framework for Parallelizing Frequency Counting over Data Streams conference March 2009
Maintaining Stream Statistics over Sliding Windows journal January 2002
BLINC: multilevel traffic classification in the dark
  • Karagiannis, Thomas; Papagiannaki, Konstantina; Faloutsos, Michalis
  • Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '05 https://doi.org/10.1145/1080091.1080119
conference January 2005
BLINC: multilevel traffic classification in the dark journal October 2005
Network monitoring using traffic dispersion graphs (tdgs) conference January 2007
Observing slow crustal movement in residential user traffic conference January 2008
GT: picking up the truth from the ground for internet traffic journal October 2009
NeTraMark: a network traffic classification benchmark journal January 2011
Randomized algorithms journal March 1996
The Science DMZ: a network design pattern for data-intensive science
  • Dart, Eli; Rotman, Lauren; Tierney, Brian
  • Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis on - SC '13 https://doi.org/10.1145/2503210.2503245
conference January 2013
Visualizing Traffic Causality for Analyzing Network Anomalies
  • Zhang, Hao; Sun, Maoyuan; Yao, Danfeng (Daphne)
  • Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics - IWSPA '15 https://doi.org/10.1145/2713579.2713583
conference January 2015
High Throughput Sketch Based Online Heavy Hitter Detection on FPGA journal April 2016
One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon conference January 2016
Heavy-Hitter Detection Entirely in the Data Plane conference January 2017
Data-streams and histograms conference January 2001
Sketch-based change detection: methods, evaluation, and applications conference January 2003
Sketch-based change detection: methods, evaluation, and applications conference January 2003
Scalable k-means++ journal March 2012
Heavy-Hitter Detection Entirely in the Data Plane text January 2016

Similar Records

A New Approach to Multivariate Network Traffic Analysis
Journal Article · 2019 · Journal of Computer Science and Technology · OSTI ID:1526584
An approach to online network monitoring using clustered patterns
Journal Article · 2017 · 2017 International Conference on Computing, Networking and Communications, ICNC 2017 · OSTI ID:1379769
Peeking Network States with Clustered Patterns
Technical Report · 2015 · OSTI ID:1237063

Related Subjects

97 MATHEMATICS AND COMPUTING
Anomaly detection
Change detection
Clustered patterns
Multivariate analysis
Network traffic analysis