Abstract
Profiling is emerging as a useful tool for a variety of diagnosis and security applications. Existing profiles are often narrowly focused in terms of the data they capture or the application they target. In this paper, we seek to design general end-host profiles capable of capturing and representing a broad range of user activity and behavior. We first present a novel methodology to profiling that uses a graph-based structure to represent and distill flow level information at the transport layer. Second, we develop mechanisms to: (a) summarize the information, and (b) adaptively evolve it over time. We conduct an initial study of our profiles on real user data, and observe that our method generates a compact, robust and intuitive description of user behavior.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Intrusion Detection Systems (IDS) Part 2 - Classification; methods; techniques (2004), http://www.windowsecurity.com/articles/IDS-Part2-Classification-methods-techniques.html
Arbor Networks. http://www.arbor.net/
Graphviz. http://www.graphviz.org/
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for cdns and web sites. In: Proceedings of the 11th International World Wide Web Conference, May 2002 (2002)
Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: Multi-level Traffic Classification in the Dark. In: ACM SIGCOMM, August 2005, ACM Press, New York (2005)
Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proc. of ACM SIGCOMM, August 2005, ACM Press, New York (2005)
McDaniel, P., Sen, S., Spatscheck, O., Van der Merwe, J., Aiello, B., Kalmanek, C.: Enterprise Security: A Community of Interest Based Approach. In: Proc. of Network and Distributed System Security (NDSS), Feburary 2006 (2006)
Padmanabhan, V., Ramabhadran, S., Padhye, J.: NetProfiler: Wide-Area Networks Using Peer Cooperation. In: Proceedings of the Fourth International Workshop on Peer-to-Peer Systems (IPTPS), February 2005 (2005)
The CoMo Project. http://como.intel-research.net/
Theocharous, G., Mannor, S., Shah, N., Kveton, B., Siddiqi, S., Yu, C.-H.: Machine Learning for Adaptive Power Management. Intel Technology Journal (2006)
Xie, M., Tabatabai, K., Wang, H.: Identifying Low-Profile Web Server’s IP Fingerprint. In: IEEE QEST, IEEE Computer Society Press, Los Alamitos (2006)
Xu, K., Zhang, Z.-L., Bhattacharyya, S.: Profiling Internet Backbone Traffic: Behavior Models and Applications. In: ACM Sigcomm, August 2005, ACM Press, New York (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Karagiannis, T., Papagiannaki, K., Taft, N., Faloutsos, M. (2007). Profiling the End Host. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds) Passive and Active Network Measurement. PAM 2007. Lecture Notes in Computer Science, vol 4427. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71617-4_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-71617-4_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71616-7
Online ISBN: 978-3-540-71617-4
eBook Packages: Computer ScienceComputer Science (R0)