Discovering Patterns of Interest in IP Traffic Using Cliques in Bipartite Link Streams
| Autor: | Matthieu Latapy, Clémence Magnien, Raphaël Fournier-S'niehotta, Tiphaine Viard |
|---|---|
| Přispěvatelé: | ComplexNetworks, LIP6, Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS) |
| Rok vydání: | 2018 |
| Předmět: |
FOS: Computer and information sciences
Router Sequence Network packet Computer science 02 engineering and technology Link (geometry) Disjoint sets Internet traffic [INFO.INFO-SI]Computer Science [cs]/Social and Information Networks [cs.SI] Combinatorics [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI] 020204 information systems Computer Science - Data Structures and Algorithms 0202 electrical engineering electronic engineering information engineering Bipartite graph Interval (graph theory) Data Structures and Algorithms (cs.DS) [INFO]Computer Science [cs] 020201 artificial intelligence & image processing |
| Zdroj: | Complex Networks IX ISBN: 9783319731971 Springer Proceedings in Complexity International Conference on Complex Networks (COMPLENET 2018) International Conference on Complex Networks (COMPLENET 2018), Mar 2018, Boston, United States. pp.233-241, ⟨10.1007/978-3-319-73198-8_20⟩ |
| DOI: | 10.1007/978-3-319-73198-8_20 |
| Popis: | International audience; Studying IP traffic is crucial for many applications. We focus here on the detection of (structurally and temporally) dense sequences of interactions, that may indicate botnets or coordinated network scans. More precisely, we model a MAWI capture of IP traffic as a link streams, i.e. a sequence of interactions (t1, t2, u, v) meaning that devices u and v exchanged packets from time t1 to time t2. This traffic is captured on a single router and so has a bipartite structure: links occur only between nodes in two disjoint sets. We design a method for finding interesting bipartite cliques in such link streams, i.e. two sets of nodes and a time interval such that all nodes in the first set are linked to all nodes in the second set throughout the time interval. We then explore the bipartite cliques present in the considered trace. Comparison with the MAWILab classification of anomalous IP addresses shows that the found cliques succeed in detecting anomalous network activity. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|