Identifying roles in an IP network with temporal and structural density

Captures of IP traffic contain much information on very different kinds of activities like file transfers, users interacting with remote systems, automatic backups, or distributed computations. Identifying such activities is crucial for an appropriate analysis, modeling and monitoring of the traffic. We propose here a notion of density that captures both temporal and structural features of interactions, and generalizes the classical notion of clustering coefficient. We use it to point out important differences between distinct parts of the traffic, and to identify interesting nodes and groups of nodes in terms of roles in the network.

[1]  Matthieu Latapy,et al.  Basic notions for the analysis of large two-mode networks , 2008, Soc. Networks.

[2]  Richard G. Baraniuk,et al.  Multiscale nature of network traffic , 2002, IEEE Signal Process. Mag..

[3]  Geoff Hulten,et al.  Mining time-changing data streams , 2001, KDD '01.

[4]  Chase Cotton,et al.  Packet-level traffic measurements from the Sprint IP backbone , 2003, IEEE Netw..

[5]  LindemannChristoph,et al.  Modeling IP traffic using the batch Markovian arrival process , 2003 .

[6]  Jaideep Srivastava,et al.  Event detection from time series data , 1999, KDD '99.

[7]  Ram Ramanathan,et al.  Modeling and Analysis of Time-Varying Graphs , 2010, ArXiv.

[8]  Jean-Yves Le Boudec,et al.  Power Law and Exponential Decay of Intercontact Times between Mobile Devices , 2010, IEEE Trans. Mob. Comput..

[9]  Jean-Loup Guillaume,et al.  Multi-Step Community Detection and Hierarchical Time Segmentation in Evolving Networks , 2011, KDD 2011.

[10]  Yingjie Zhou,et al.  Using graph to detect network traffic anomaly , 2009, 2009 International Conference on Communications, Circuits and Systems.

[11]  Lamia Benamara,et al.  Estimating Properties in Dynamic Systems: The Case of Churn in P2P Networks , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[12]  kc claffy,et al.  Internet topology: connectivity of IP graphs , 2001, SPIE ITCom.

[13]  Arshad Iqbal,et al.  Network Traffic Analysis and Intrusion Detection Using Packet Sniffer , 2010, 2010 Second International Conference on Communication Software and Networks.

[14]  Mark Crovella,et al.  Graph wavelets for spatial traffic analysis , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[15]  Lawrence B. Holder,et al.  Anomaly detection in data represented as graphs , 2007, Intell. Data Anal..

[16]  Duncan J. Watts,et al.  Collective dynamics of ‘small-world’ networks , 1998, Nature.

[17]  Michalis Faloutsos,et al.  Exploiting dynamicity in graph-based traffic analysis: techniques and applications , 2009, CoNEXT '09.

[18]  J. Lee,et al.  MULTISCALE ANALYSIS OF TIME SERIES OF GRAPHS , 2010 .

[19]  Kensuke Fukuda,et al.  Uncovering Relations between Traffic Classifiers and Anomaly Detectors via Graph Theory , 2010, TMA.