product iamge

Network Behavior Analysis: Measurement, Models, and Applications

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

This book provides a comprehensive overview of network behavior analysis that mines Internet traffic data in order to extract, model, and make sense of behavioral patterns in Internet “objects” such as end hosts, smartphones, Internet of things, and applications. The objective of this book is to fill the book publication gap in network behavior analysis, which has recently become an increasingly important component of comprehensive network security solutions for data center networks, backbone networks, enterprise networks, and edge networks.

The book presents fundamental principles and best practices for measuring, extracting, modeling and analyzing network behavior for end hosts and applications on the basis of Internet traffic data. In addition, it explains the concept and key elements (e.g., what, who, where, when, and why) of communication patterns and network behavior of end hosts and network applications, drawing on data mining, machine learning, information theory, probabilistic graphical and structural modeling to do so. The book also discusses the benefits of network behavior analysis for applications in cybersecurity monitoring, Internet traffic profiling, anomaly traffic detection, and emerging application detections.

The book will be of particular interest to researchers and practitioners in the fields of Internet measurement, traffic analysis, and cybersecurity, since it provides a spectrum of innovative techniques for summarizing behavior models, structural models, and graphic models of Internet traffic, and explains how to leverage the results for a broad range of real-world applications in network management, security operations, and cyber-intelligent analysis. After finishing this book, readers will 1) have learned the principles and practices of measuring, modeling, and analyzing network behavior on the basis of massive Internet traffic data; 2) be able to make sense of network behavior for a spectrum of applications ranging from cybersecurity and network monitoring to emerging application detection; and 3) understand how to explore network behavior analysis to complement traditional perimeter-based firewall and intrusion detection systems in order to detect unusual traffic patterns or zero-day security threats using data mining and machine learning techniques. To ideally benefit from this book, readers should have a basic grasp of TCP/IP protocols, data packets, network flows, and Internet applications.

Author(s): Kuai Xu
Publisher: Springer
Year: 2021

Language: English
Pages: 174
City: Singapore

Preface
Acknowledgements
Contents
1 Introduction
1.1 What is Network Behavior Analysis
1.2 Network Behavior Measurement and Modeling
1.3 Benefits of Network Behavior Analysis
1.4 Book Overview and Organization
References
2 Background of Network Behavior Analysis
2.1 Internet Measurement and Analysis
2.2 Data Collection for Network Behavior Analysis
2.3 Preliminaries of Network Behavior Analysis
2.3.1 Information Theory and Entropy
2.3.2 Graphical Analysis
References
3 Behavior Modeling of Network Traffic
3.1 Behavior-Oriented Network Traffic Modeling
3.1.1 What is Network Behavior
3.1.2 Traffic Features in Network Behavior
3.1.3 Behavioral Entities
3.1.4 Real-World Network Traffic Datasets
3.2 Identifying Significant Behavioral Entities
3.2.1 Significant Behavioral Entities
3.2.2 Adaptive Thresholding Algorithm
3.2.3 Extracting Significant Traffic Clusters
3.3 Network Behavior Modeling
3.3.1 Network Behavior Modeling
3.3.2 Network Behavior Classifications
3.4 Network Behavior Dynamics
3.4.1 Temporal Properties of Behavior Classes
3.4.2 Behavior Dynamics of Individual Clusters
3.5 Summary
References
4 Structural Modeling of Network Traffic
4.1 Communication Structure Analysis
4.1.1 Dominant State Analysis
4.1.2 Communication Structure of Networked Systems and Internet Applications
4.2 Exploring More Traffic Features
4.3 Summary
References
5 Graphical Modeling of Network Traffic
5.1 Cluster-Aware Network Behavior Analysis
5.2 Modeling Host Communications with Bipartite Graphs and One-Mode Projections
5.3 Similarity Matrices and Clustering Coefficient of One-Mode Projection Graphs
5.3.1 Similarity Matrices
5.3.2 Clustering Coefficients
5.4 Discovering Behavior Clusters via Clustering Algorithms
5.4.1 Partitioning Similarity Matrix with Spectral Clustering Algorithm
5.4.2 Clustering Analysis of Internet Applications
5.5 Traffic Characteristics and Similarity of Behavior Clusters
5.5.1 Making Sense of End-Host Behavior Clusters
5.5.2 Distinct Traffic Characteristics of Behavior Clusters
5.5.3 Exploring Similarity of Internet Applications
5.6 Summary
References
6 Real-Time Network Behavior Analysis
6.1 Real-Time Network Measurement and Monitoring
6.2 Real-Time System for Network Behavior Analysis
6.2.1 Design Guidelines
6.2.2 System Architecture
6.2.3 Key Implementation Details
6.3 Performance Evaluation
6.3.1 Benchmarking
6.3.2 Stress Test
6.4 Sampling and Filtering
6.4.1 Random Sampling
6.4.2 Profiling-Aware Filtering
6.5 Summary
References
7 Applications
7.1 Profiling Internet Traffic
7.1.1 Server/Service Behavior Profiles
7.1.2 Heavy-Hitter Host Behavior Profiles
7.1.3 Scan/Exploit Profiles
7.1.4 Deviant or Rare Behaviors
7.2 Reducing Unwanted Traffic on the Internet
7.2.1 Unwanted Exploit Traffic on the Internet
7.2.2 Characteristics of Unwanted Exploit Traffic
7.2.3 Strategies of Reducing Unwanted Traffic
7.2.4 Sequential Behavior Analysis
7.3 Cluster-Aware Applications of Network Behavior Analysis
7.3.1 End-Host Network Behavior Clusters
7.3.2 Network Application Behavior Clusters
7.4 Summary
References
8 Research Frontiers of Network Behavior Analysis
8.1 Network Behavior Analysis in the Cloud
8.1.1 Background
8.1.2 Profiling-as-a-Service in the Cloud
8.1.3 Architecture of Profiling-as-a-Service for Network Behavior Analysis
8.1.4 Designing the Profiling-as-a-Service Infrastructure
8.2 Network Behavior Analysis in Smart Homes
8.2.1 Background
8.2.2 Traffic Monitoring Platform for Home Networks
8.2.3 Characterizing Home Network Traffic
8.2.4 Unwanted Traffic Towards Home Networks
8.3 Network Behavior Analysis for Internet of Things
8.3.1 Background
8.3.2 IoT Traffic Measurement and Monitoring
8.3.3 An IoT Traffic Measurement Framework via Programmable Edge Routers
8.3.4 Multidimensional Behavioral Profiling of IoT Devices
8.3.5 Exploring the Applications of Multidimensional Behavioral Profiling
8.4 Summary
References