Abstract
Profiling network traffic pattern is an important approach for tackling network security problem. Based on campus network infrastructure, we propose a new method to identify randomly generated domain names and pinpoint the potential victim groups. We characterize normal domain names with the so called popular 2gram (2 consecutive characters in a word) to distinguish between active and nonexistent domain names. We also track the destination IPs of sources IPs and analyze their similarity of connection pattern to uncover potential anomalous group network behaviors. We apply the Hadoop technique to deal with the big data of network traffic and classify the clients as victims or not with the spectral clustering method.
Original language | English |
---|---|
Pages (from-to) | 1757-1770 |
Number of pages | 14 |
Journal | Soft Computing |
Volume | 18 |
Issue number | 9 |
DOIs | |
State | Published - Sep 2014 |
Keywords
- Big data
- Clustering
- Denial of service
- Jaccard similarity
- Machine learning
- ROC curve