Semi-automated discovery of application session structure
作者: Jayanthkumar Kannan , Jaeyeon Jung , Vern Paxson , Can Emre Koksal
关键词:
摘要: While the problem of analyzing network traffic at granularity individual connections has seen considerable previous work and tool development, understanding a higher level - structure user-initiated sessions comprised groups related remains much less explored. Some types session structure, such as coupling between an FTP control connection data it spawns, have prespecified forms, though specifications do not guarantee how forms appear in practice. Other sessions, user reading email with browser, only manifest empirically. Still other might exist without us even knowing their presence, botnet zombie receiving instructions from its master proceeding turn to carry them out. We present algorithms rooted statistics Poisson processes that can mine large corpus logs extract apparent application embedded connections. Our methods are semi-automated we aim analyst high-quality information (expressed regular expressions) reflecting different possible abstractions application's structure. develop test our using traces Internet site, finding diversity number applications manifest, structures, presence abnormal behavior. characterization monitoring, source models for synthesizing traffic, anomaly detection.
acm.org
core.ac.uk
sigcomm.org 参考文章(35)
Jon Crowcroft, Antony Rowstron, Miguel Castro, Manuel Costa, Can we contain Internet worms Association for Computing Machinery, Inc.. pp. 7- ,(2004)
Vern Paxson, Yin Zhang, Detecting stepping stones usenix security symposium. pp. 13- 13 ,(2000)
Peter B. Danzig, Danny J. Mitzel, Deborah Estrin, Ramón Cáceres, Sugih Jamin, An Empirical Workload Model for Driving Wide-Area TCP/IP Network Simulations ,(2001)
Vern Paxson, Weidong Cui, Nicholas Weaver, Randy H. Katz, Protocol-Independent Adaptive Replay of Application Dialog. network and distributed system security symposium. ,(2006)
Kunikazu Yoda, Hiroaki Etoh, Finding a Connection Chain for Tracing Intruders european symposium on research in computer security. pp. 191- 205 ,(2000) , 10.1007/10722599_12
Avrim Blum, Dawn Song, Shobha Venkataraman, Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds recent advances in intrusion detection. pp. 258- 277 ,(2004) , 10.1007/978-3-540-30143-1_14
Sheldon M. Ross, Introduction to Probability Models, Eighth Edition ,(1972)
Vern Paxson, Nicholas Weaver, Abhishek Kumar, Exploiting underlying structure for detailed reconstruction of an internet-scale event internet measurement conference. pp. 33- 33 ,(2005) , 10.5555/1251086.1251119
K.C. Claffy, H.-W. Braun, G.C. Polyzos, A parameterizable methodology for Internet traffic flow profiling IEEE Journal on Selected Areas in Communications. ,vol. 13, pp. 1481- 1494 ,(1995) , 10.1109/49.464717
Carl Nuzman, Iraj Saniee, Wim Sweldens, Alan Weiss, A compound model for TCP connection arrivals for LAN and WAN applications Computer Networks. ,vol. 40, pp. 319- 337 ,(2002) , 10.1016/S1389-1286(02)00298-0