Title :
Network Digest analysis by means of association rules
Author :
Apiletti, Daniele ; Baralis, Elena ; Cerquitelli, Tania ; Elia, Vincenzo D.
Author_Institution :
Dipt. di Autom. e Inf., Politec. di Torino, Turin
Abstract :
The continuous growth in connection speed allows huge amounts of data to be transferred through a network. An important issue in this context is network traffic analysis to profile communications and detect security threats. Association rule extraction is a widely used exploratory technique which has been exploited in different contexts (e.g., network traffic characterization). However, to discover (potentially relevant) knowledge a very low support threshold needs to be enforced hence generating a large number of unmanageable rules. To address this issue in network traffic analysis, an efficient technique to reduce traffic volume is needed. This paper presents a network digest framework, which performs network traffic analysis by means of data mining techniques to characterize traffic data and detect anomalies. NED exploits continuous queries to efficiently perform real-time aggregation of captured network data and supports filtering operations to further reduce traffic volume focusing on relevant data. Furthermore, NED provides an efficient algorithm to perform refinement analysis by means of association rules to discover traffic features. Extracted rules allow traffic data characterization in terms of correlation and recurrence of feature patterns. Preliminary experimental results performed on different network dumps showed the efficiency and effectiveness of the NED framework to characterize traffic data.
Keywords :
data mining; security of data; telecommunication computing; telecommunication traffic; NED framework; association rule extraction; data mining techniques; detect anomaly detection; network digest analysis; network traffic analysis; refinement analysis; security threat detection; Association rules; Clustering algorithms; Context; Data analysis; Data mining; Data security; Filtering; Intrusion detection; Performance analysis; Telecommunication traffic; Association rules; Continuous queries; Network traffic analysis; Stream analysis;
Conference_Titel :
Intelligent Systems, 2008. IS '08. 4th International IEEE Conference
Conference_Location :
Varna
Print_ISBN :
978-1-4244-1739-1
Electronic_ISBN :
978-1-4244-1740-7
DOI :
10.1109/IS.2008.4670505