DocumentCode :
3600642
Title :
MUCM: Multilevel User Cluster Mining Based on Behavior Profiles for Network Monitoring
Author :
Tao Qin ; Xiaohong Guan ; Chenxu Wang ; Zhaoli Liu
Author_Institution :
Minist. of Educ. Key Lab. for Intell. Networks & Network Security, Xi´an Jiaotong Univ., Xi´an, China
Volume :
9
Issue :
4
fYear :
2015
Firstpage :
1322
Lastpage :
1333
Abstract :
Mastering user´s behavior character is important for efficient network management and security monitoring. In this paper, we develop a novel framework named as multilevel user cluster mining (MUCM) to measure user´s behavior similarity under different network prefix levels. Focusing on aggregated traffic behavior under different network prefixes cannot only reduce the number of traffic flows but also reveal detailed patterns for a group of users sharing similar behaviors. First, we employ the bidirectional flow and bipartite graphs to model network traffic characteristics in large-scale networks. Four traffic features are then extracted to characterize the user´s behavior profiles. Second, an efficient method with adjustable weight factors is employed to calculate the user´s behavior similarity, and entropy gain is applied to select the weight factor adaptively. Using the behavior similarity metrics, a simple clustering algorithm based on κ-means is employed to perform user clustering based on behavior profiles. Finally, we examine the applications of behavior clustering in profiling network traffic patterns and detecting anomalous behaviors. The efficiency of our methods is verified with extensive experiments using actual traffic traces collected from the northwest region center of China Education and Research Network (CERNET), and the cluster results can be used for flow control and traffic security monitoring.
Keywords :
complex networks; computer network management; computer network security; data mining; graph theory; pattern clustering; CERNET; China Education and Research Network; MUCM; behavior clustering; behavior profiles; behavior similarity metrics; bidirectional flow; bipartite graphs; large-scale networks; multilevel user cluster mining; network management; network monitoring; network prefix levels; network traffic characteristics; north-west region center; profiling network traffic patterns; traffic security monitoring; user behavior character; user behavior profiles; user behavior similarity; weight factor; Communities; Feature extraction; IP networks; Monitoring; Ports (Computers); Protocols; Security; Behavior profiles; different prefix levels; regional flow model; user clustering;
fLanguage :
English
Journal_Title :
Systems Journal, IEEE
Publisher :
ieee
ISSN :
1932-8184
Type :
jour
DOI :
10.1109/JSYST.2014.2350019
Filename :
6892980
Link To Document :
بازگشت