Browse Prior Art Database

Method and system to generate profiles of network traffic behavior

IP.com Disclosure Number: IPCOM000236149D
Publication Date: 2014-Apr-09
Document File: 2 page(s) / 59K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a system and technique to automatically generate network traffic behavior without in-depth analysis of traffic and with minimal human intervention. The approach uses machine learning clustering techniques to automatically derive typical patterns of behavior of a node in the network or a group of nodes in the network subnet.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Method and system to generate profiles of network traffic behavior

In the domain of network traffic analysis, detecting the inherent behavior of network traffic (i.e. inflow traffic, outflow traffic) when the network comprises various elements such machines, servers, routers is a difficult problem, due to the variety of usage and users. Typical methods require an in-depth analysis of traffic patterns or the study of user behaviors.

The novel contribution is a system and technique to automatically generate network traffic behavior without in-depth analysis of traffic and with minimal human intervention . The approach uses machine learning clustering techniques to automatically derive typical patterns of behavior of a node in the network or a group of nodes in the network subnet.

The system analyzes traffic behavior at each node or at group of nodes . Traffic is described as inbound and outbound traffic at each node in the network , consisting of the number of packets received and sent out , number of bytes received and sent out, the number of other nodes sending into or receiving from , or the number ports receiving or sending out. The traffic information is segmented into pre -defined time-bins of traffic data and put into a vector. Thus analysis can be performed could done daily (daily profile), weekly (weekly profiles), or monthly (monthly profiles). All vectors representing all daily traffic for all nodes are clustered by machine learning clustering techniques . Clustering techniques can be a simple k-means algorithm or any other automatic non-interventionist clustering algorithms. The clustering algorithm automatically groups together nodes that display similar behavior. The result of the clustering algorithms is the generation of typical profiles for daily, weekly, or monthly behavior.

Data collected at a point in a network (e.g., number of packet, number of bytes) is gathered and arranged within specified time-bins (e.g., every hour, every minute, etc.). In a typical implementation, the system creates a time-bin for an entire day. The same technique is also applicable to weekly time-bins. Time-bin data for an entire day (or

week) are assembled in a vector, yielding a set of vectors representing the entire network information per day or week. Machine learning clustering algorithms are applied to these vectors to generate clusters (groups). A network profile is given by computing the center (average)...