FlowRank: ranking NetFlow records

This paper describes a new approach to identify relevant flow records in large scale flow dataset. We propose a method that leverages the well known page rank algorithm in order to extract the most relevant flows. We introduce a dependency relation that uses a simple and efficient causal relationship. The strength of this dependency is determined by time related information. We have tested our method on datasets coming from our campus network.

[1]  Stefano Bistarelli,et al.  Augmented Risk Analysis , 2007, Electron. Notes Theor. Comput. Sci..

[2]  Franco Scarselli,et al.  Inside PageRank , 2005, TOIT.

[3]  Taher H. Haveliwala Efficient Computation of PageRank , 1999 .

[4]  Xindong Wu,et al.  The Top Ten Algorithms in Data Mining , 2009 .

[5]  Michael I. Jordan,et al.  Link Analysis, Eigenvectors and Stability , 2001, IJCAI.

[6]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[7]  Xinming Ou,et al.  Identifying Critical Attack Assets in Dependency Attack Graphs , 2008, ESORICS.

[8]  Ranveer Chandra,et al.  What's going on?: learning communication rules in edge networks , 2008, SIGCOMM '08.

[9]  Richard Mortier,et al.  Constellation: automated discovery of service and host dependencies in networked systems , 2008 .

[10]  Qiang Fu,et al.  Mining dependency in distributed systems through unstructured logs analysis , 2010, OPSR.

[11]  Taher H. Haveliwala Topic-sensitive PageRank , 2002, IEEE Trans. Knowl. Data Eng..

[12]  Marcos K. Aguilera,et al.  Performance debugging for distributed systems of black boxes , 2003, SOSP '03.

[13]  Ashish Gehani,et al.  RheoStat: Real-Time Risk Management , 2004, RAID.

[14]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[15]  Marcos K. Aguilera,et al.  WAP5: black-box performance debugging for wide-area systems , 2006, WWW '06.

[16]  Xu Chen,et al.  Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions , 2008, OSDI.

[17]  George Varghese,et al.  Network monitoring using traffic dispersion graphs (tdgs) , 2007, IMC '07.

[18]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.