Using Collaborative Filtering in a new domain: traffic analysis

The importance of information systems is increasing every day. In order to ensure their right operation, it is necessary to analyze a huge amount of traffic generated by different devices. However, classical techniques for operation and management are reactive and not proactive, what can evolve in a failure in the system. In this work we propose a new approach where we analyze network traffic using Collaborative Filtering. In other domains, these systems have proved to filter thousands of items according to user needs and tastes. They can predict user preferences and recommend relevant items for the user. In this sense, in this new domain, relevant items are data flows, so our goal is to recommend flows which are related to the traffic already captured.

[1]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[2]  John Riedl,et al.  GroupLens: an open architecture for collaborative filtering of netnews , 1994, CSCW '94.

[3]  Aiko Pras,et al.  Towards real-time intrusion detection for NetFlow and IPFIX , 2013, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).

[4]  James Bennett,et al.  The Netflix Prize , 2007 .

[5]  George Karypis,et al.  Item-based top-N recommendation algorithms , 2004, TOIS.

[6]  Douglas B. Terry,et al.  Using collaborative filtering to weave an information tapestry , 1992, CACM.

[7]  Qiang Yang,et al.  One-Class Collaborative Filtering , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[9]  Christie I. Ezeife,et al.  SensorWebIDS: a web mining intrusion detection system , 2008, Int. J. Web Inf. Syst..

[10]  Dennis Schwerdel,et al.  Describing and selecting communication services in a service oriented network architecture , 2010, 2010 ITU-T Kaleidoscope: Beyond the Internet? - Innovations for Future Networks and Services.

[11]  Gediminas Adomavicius,et al.  Toward the next generation of recommender systems: a survey of the state-of-the-art and possible extensions , 2005, IEEE Transactions on Knowledge and Data Engineering.

[12]  Georgia Koutrika,et al.  FlexRecs: expressing and combining flexible recommendations , 2009, SIGMOD Conference.

[13]  Filip Radlinski,et al.  Evaluating the accuracy of implicit feedback from clicks and query reformulations in Web search , 2007, TOIS.

[14]  Robert H. Deng,et al.  Models and algorithms for network fault detection and identification: a review , 1992, [Proceedings] Singapore ICCS/ISITA `92.

[15]  Myung-Ki Shin,et al.  Software-defined networking (SDN): A reference architecture and open APIs , 2012, 2012 International Conference on ICT Convergence (ICTC).

[16]  Elsayed A. Sallam,et al.  A hybrid network intrusion detection framework based on random forests and weighted k-means , 2013 .

[17]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[18]  Juan E. Tapiador,et al.  Measuring normality in HTTP traffic for anomaly-based intrusion detection , 2004, Comput. Networks.

[19]  Lars Schmidt-Thieme,et al.  MyMediaLite: a free recommender system library , 2011, RecSys '11.

[20]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[21]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[22]  Daqing He,et al.  Analysing Web Search Logs to Determine Session Boundaries for User-Oriented Learning , 2000, AH.

[23]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[24]  Greg Linden,et al.  Amazon . com Recommendations Item-to-Item Collaborative Filtering , 2001 .

[25]  Anja Feldmann,et al.  Performance of Web proxy caching in heterogeneous bandwidth environments , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[26]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[27]  George Varghese,et al.  Building a better NetFlow , 2004, SIGCOMM.

[28]  David Heckerman,et al.  Empirical Analysis of Predictive Algorithms for Collaborative Filtering , 1998, UAI.

[29]  John Keeney,et al.  A recommender-system for telecommunications network management actions , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[30]  Monika Henzinger,et al.  Analysis of a very large web search engine query log , 1999, SIGF.

[31]  Francesco Ricci,et al.  Improving recommender systems with adaptive conversational strategies , 2009, HT '09.

[32]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[33]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[34]  Georgios Kambourakis,et al.  Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset , 2016, IEEE Communications Surveys & Tutorials.

[35]  Kensuke Fukuda,et al.  Seven Years and One Day: Sketching the Evolution of Internet Traffic , 2009, IEEE INFOCOM 2009.

[36]  Victor Carneiro,et al.  Using profile expansion techniques to alleviate the new user problem , 2013, Inf. Process. Manag..

[37]  Jonathan L. Herlocker,et al.  Evaluating collaborative filtering recommender systems , 2004, TOIS.

[38]  Upendra Shardanand Social information filtering for music recommendation , 1994 .

[39]  D. Martin Swany,et al.  PerfSONAR: A Service Oriented Architecture for Multi-domain Network Monitoring , 2005, ICSOC.