Article

Network monitoring using traffic dispersion graphs (tdgs)

Authors:
Marios Iliofotou

University of California: Riverside, Riverside, CA

University of California: Riverside, Riverside, CA
View Profile

,
Prashanth Pappu

Rinera Networks, San Mateo, CA

Rinera Networks, San Mateo, CA
View Profile

,
Michalis Faloutsos

University of California: Riverside, Riverside, CA

University of California: Riverside, Riverside, CA
View Profile

,
Michael Mitzenmacher

Harvard University, Boston, MA

Harvard University, Boston, MA
View Profile

,
Sumeet Singh

Cisco Systems: Inc., San Jose, CA

Cisco Systems: Inc., San Jose, CA
View Profile

,
George Varghese

University of California: San Diego, San Diego, CA

University of California: San Diego, San Diego, CA
View Profile

IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurementOctober 2007Pages 315–320https://doi.org/10.1145/1298306.1298349

Published:24 October 2007Publication History

IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

Pages 315–320

ABSTRACT

Monitoring network traffic and detecting unwanted applications has become a challenging problem, since many applications obfuscate their traffic using unregistered port numbers or payload encryption. Apart from some notable exceptions, most traffic monitoring tools use two types of approaches: (a) keeping traffic statistics such as packet sizes and interarrivals, flow counts, byte volumes, etc., or (b) analyzing packet content. In this paper, we propose the use of Traffic Dispersion Graphs (TDGs) as a way to monitor, analyze, and visualize network traffic. TDGs model the social behavior of hosts ("who talks to whom"), where the edges can be defined to represent different interactions (e.g. the exchange of a certain number or type of packets). With the introduction of TDGs, we are able to harness a wealth of tools and graph modeling techniques from a diverse set of disciplines.

References

W. Aiello, C. Kalmanek, P. McDaniel, S. Sen, O. Spatscheck, and J. Merwe. Analysis of Communities of Interest in Data Networks. In Passive and Active Measurement Conference (PAM), 2005. Google ScholarDigital Library
S. Cheung et al. The Design of GrIDS: A Graph-Based Intrusion Detection System. UCD TR-CSE-99-2, 1999.Google Scholar
M. Crovella and B. Krishnamurthy. Internet Measurement: Infrastructure, Traffic and Applications. John Wiley and Sons, Inc, 2006. Google ScholarDigital Library
D. Ellis, J. Aiken, A. McLeod, and D. Keppler. Graph-based Worm Detection on Operational Enterprise Networks. Technical Report MITRE Corporation, 2006.Google Scholar
P. Haffner, S. Sen, O. Spatscheck, and D. Wang. ACAS: Automated Construction of Application Signatures. In ACM SIGCOMM MineNet Workshop, 2005. Google ScholarDigital Library
T. Karagiannis, K. Papagiannaki, and M. Faloutsos. BLINC: Multi-level Traffic Classification in the Dark. In ACM SIGCOMM, 2005. Google ScholarDigital Library
J. Ma, K. Levchenko, C. Kreibich, S. Savage, and G. M. Voelker. Unexpected means of Protocol Inference. In ACM Internet Measurement Conference (IMC), 2006. Google ScholarDigital Library
P. Mahadevan, D. Krioukov, K. Fall, and A. Vahdat. Systematic Topology Analysis and Generation Using Degree Correlations. In ACM SIGCOMM, 2006. Google ScholarDigital Library
A. Moore and D. Zuev. Internet Traffic Classification using Bayesian Analysis Techniques. In ACM SIGMETRICS, 2005. Google ScholarDigital Library
M. Newman, A. Barabasi, and D. J. Watt. The Structure and Dynamics of Networks. Princeton Press, 2006. Google ScholarDigital Library
G. Tan, M. Poletto, J. Guttag, and F. Kaashoek. Role Classification of Hosts Within Enterprise Networks based on Connection Patterns. In USENIX Annual Technical Conference, 2003. Google ScholarDigital Library
K. Xu, Z. Zhang, and S. Bhattacharyya. Profiling Internet Backbone Traffic: Behavior Models and Applications. In ACM SIGCOMM, 2005. Google ScholarDigital Library
H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman. Sybilguard: Defending Against Sybil Attacks via Social Networks. In ACM SIGCOMM, 2006. Google ScholarDigital Library

Index Terms

Network monitoring using traffic dispersion graphs (tdgs)
1. Networks

Recommendations

Exploiting dynamicity in graph-based traffic analysis: techniques and applications
CoNEXT '09: Proceedings of the 5th international conference on Emerging networking experiments and technologies

Network traffic can be represented by a Traffic Dispersion Graph (TDG) that contains an edge between two nodes that send a particular type of traffic (e.g., DNS) to one another. TDGs have recently been proposed as an alternative way to interpret and ...
Read More
Neural visualization of network traffic data for intrusion detection

This study introduces and describes a novel intrusion detection system (IDS) called MOVCIDS (mobile visualization connectionist IDS). This system applies neural projection architectures to detect anomalous situations taking place in a computer network. ...
Read More
Study on Advanced Visualization Tools In Network Monitoring Platform
EMS '09: Proceedings of the 2009 Third UKSim European Symposium on Computer Modeling and Simulation

Visualization tools have emerged as a critical component, especially in medical, education, engineering, military and environmental management. These fields have applied the visualization techniques to improve decision making and organization management ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
October 2007
390 pages
ISBN:9781595939081
DOI:10.1145/1298306
Program Chairs:
Constantine Dovrolis
Georgia Institute of Technology
,
Matthew Roughan
University of Adelaide, Australia
Copyright © 2007 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2007
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
behavioral approach
hosts' connection graphs
network monitoring
network traffic visualization
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate277of1,083submissions,26%
Upcoming Conference
IMC '24

Sponsor:

sigcomm

sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 128
  Total Citations
  View Citations
- 1,456
  Total Downloads
- Downloads (Last 12 months)40
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Network monitoring using traffic dispersion graphs (tdgs)

IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

ABSTRACT

References

Cited By

Index Terms

Recommendations

Exploiting dynamicity in graph-based traffic analysis: techniques and applications

Neural visualization of network traffic data for intrusion detection

Study on Advanced Visualization Tools In Network Monitoring Platform