Profiling and Clustering Internet Hosts

12 years 3 months ago
Profiling and Clustering Internet Hosts
Identifying groups of Internet hosts with a similar behavior is very useful for many applications of Internet security control, such as DDoS defense, worm and virus detection, detection of botnets, etc. There are two major difficulties for modeling host behavior correctly and efficiently: the huge number of overall entities, and the dynamics of each individual. In this paper, we present and formulate the Internet host profiling problem using the header data from public packet traces to select relevant features of frequently-seen hosts for profile creation, and using hierarchical clustering techniques on the profiles to build a dendrogram containing all the hosts. The well-known agglomerative algorithm is used to discover and combine similarly-behaved hosts into clusters, and domain-knowledge is used to analyze and evaluate clustering results. In this paper, we show the results of applying the proposed clustering approach to a data set from NLANRPMA Internet traffic archive with more th...
Songjie Wei, Jelena Mirkovic, Ezra Kissel
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2006
Where DMIN
Authors Songjie Wei, Jelena Mirkovic, Ezra Kissel
Comments (0)