Discovering Patterns of Interest in IP Traffic Using Cliques in Bipartite Link Streams - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2018

Discovering Patterns of Interest in IP Traffic Using Cliques in Bipartite Link Streams

Tiphaine Viard
Raphaël Fournier-S 'Niehotta
Clémence Magnien
Matthieu Latapy

Résumé

Studying IP traffic is crucial for many applications. We focus here on the detection of (structurally and temporally) dense sequences of interactions, that may indicate botnets or coordinated network scans. More precisely, we model a MAWI capture of IP traffic as a link streams, i.e. a sequence of interactions (t1, t2, u, v) meaning that devices u and v exchanged packets from time t1 to time t2. This traffic is captured on a single router and so has a bipartite structure: links occur only between nodes in two disjoint sets. We design a method for finding interesting bipartite cliques in such link streams, i.e. two sets of nodes and a time interval such that all nodes in the first set are linked to all nodes in the second set throughout the time interval. We then explore the bipartite cliques present in the considered trace. Comparison with the MAWILab classification of anomalous IP addresses shows that the found cliques succeed in detecting anomalous network activity.
Fichier principal
Vignette du fichier
complenet18.pdf (572.8 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01665089 , version 1 (30-03-2019)

Identifiants

Citer

Tiphaine Viard, Raphaël Fournier-S 'Niehotta, Clémence Magnien, Matthieu Latapy. Discovering Patterns of Interest in IP Traffic Using Cliques in Bipartite Link Streams. International Conference on Complex Networks (COMPLENET ​2018), Mar 2018, Boston, United States. pp.233-241, ⟨10.1007/978-3-319-73198-8_20⟩. ⟨hal-01665089⟩
60 Consultations
61 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More