[en] The task of network traffic monitoring has evolved drastically with the ever-increasing amount of data flowing in large scale networks. The automated analysis of this tremendous source of information often comes with using simpler models on aggregated data (e.g. IP flow records) due to time and space constraints. A step towards utilizing IP flow records more effectively are stream learning techniques. We propose a method to collect a limited yet relevant amount of data in order to learn a class of complex models, finite state machines, in real-time. These machines are used as communication profiles to fingerprint, identify or classify hosts and services and offer high detection rates while requiring less training data and thus being faster to compute than simple models.
Disciplines :
Computer science
Author, co-author :
Hammerschmidt, Christian ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Marchal, Samuel; Aalto University
Pellegrino, Gaetano; Delft Technical University
State, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Verwer, Sicco; Delft Technical University
External co-authors :
yes
Language :
English
Title :
Efficient Learning of Communication Profiles from IP Flow Records
Publication date :
November 2016
Event name :
The 41st IEEE Conference on Local Computer Networks (LCN)
