Network security management with traffic pattern clustering

Tao Wei Chiou, Shi-Chun Tsai*, Yi-Bing Lin

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

13 Scopus citations

Abstract

Profiling network traffic pattern is an important approach for tackling network security problem. Based on campus network infrastructure, we propose a new method to identify randomly generated domain names and pinpoint the potential victim groups. We characterize normal domain names with the so called popular 2gram (2 consecutive characters in a word) to distinguish between active and nonexistent domain names. We also track the destination IPs of sources IPs and analyze their similarity of connection pattern to uncover potential anomalous group network behaviors. We apply the Hadoop technique to deal with the big data of network traffic and classify the clients as victims or not with the spectral clustering method.

Original languageEnglish
Pages (from-to)1757-1770
Number of pages14
JournalSoft Computing
Volume18
Issue number9
DOIs
StatePublished - Sep 2014

Keywords

  • Big data
  • Clustering
  • Denial of service
  • Jaccard similarity
  • Machine learning
  • ROC curve

Fingerprint

Dive into the research topics of 'Network security management with traffic pattern clustering'. Together they form a unique fingerprint.

Cite this