Collecting and characterizing a real broadband access network traffic dataset

Abstract : Broadband Internet access security relies in the implementation of perimeter policies and in the adoption of access control lists. These measures are precarious because they are based on common and not frequently updated profiles that lack residential users threat information. In this paper, we analyze and profile residential users traffic from fixed broadband Internet access networks of a large telecommunication operator for a period of one week, and we obtain the profile of security alarms generated by an intrusion detection system. The results show that the proposed characterization allows the classification of alerts with a sensitivity of 93% in the differentiation of legitimate and anomalous flows and allows a 73% reduction of the traffic directed to the traffic analyzer, thus validating the collected dataset and enabling more dynamic and efficient access network security.