[Back]


Publications in Scientific Journals:

F. Iglesias Vazquez, T. Zseby:
"Time-activity footprints in IP traffic";
Computer Networks, 107 (2016), 1; 64 - 75.



English abstract:
This paper studies the temporal behavior of communication flows in the Internet. Characterization of flows by temporal patterns supports traffic classification and filtering for network management and network security in situations where full packet data is not accessible (e.g. obfuscated or encrypted traffic) or cannot be analyzed due to privacy concerns or resource limitations. In this paper we define a time activity feature vector that describes the temporal behavior of flows. Later, we use cluster analysis to capture the most common time activity patterns in real Internet traffic using traces from the MAWI dataset. We discovered a set of 7 time-activity footprints and show that 95.3% of the analyzed flows can be characterized based on such footprints, which represent different behaviors for the three main protocols (4 in TCP, 1 in ICMP and 2 in UDP). In addition, we found that the majority of the observed flows consisted of short, one-time bursts. An in-depth inspection revealed, besides some DNS traffic, the preponderance of a large number of scanning, probing, DoS attacks and backscatter traffic in the network. Flows transmitting meaningful data became outliers among short, one-time bursts of unwanted traffic.

Keywords:
communication networks, traffic characterization, time domain analysis, cluster analysis


"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1016/j.comnet.2016.03.012

Electronic version of the publication:
http://www.sciencedirect.com/science/article/pii/S1389128616300767


Created from the Publication Database of the Vienna University of Technology.