USENIX Conference Policies
A Statistical Method for Profiling Network Traffic
Two clustering methods are described and applied to network data. These allow the clustering of machines into "activity groups", which consist of machines which tend to have similar activity profiles. In addition, these methods allow the user to determine whether current activity matches these profiles, and hence to determine when there is "abnormal" activity on the network. A method for visualizing the clusters is described, and the approaches are applied to a data set consisting of a months worth of data from 993 machines.
BibTeX
@inproceedings {271730,
author = {David Marchette},
title = {A Statistical Method for Profiling Network Traffic},
booktitle = {1st Workshop on Intrusion Detection and Network Monitoring (ID 99)},
year = {1999},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/id-99/statistical-method-profiling-network-traffic},
publisher = {USENIX Association},
month = apr
}
author = {David Marchette},
title = {A Statistical Method for Profiling Network Traffic},
booktitle = {1st Workshop on Intrusion Detection and Network Monitoring (ID 99)},
year = {1999},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/id-99/statistical-method-profiling-network-traffic},
publisher = {USENIX Association},
month = apr
}