Abstract
Campus networks consist of a rich diversity of end hosts including wired desktops, servers, and wireless BYOD devices such as laptops and smartphones, which are often compromised in insecure networks. Making sense of traffic behaviors of end hosts in campus networks is a daunting task due to the open nature of the network, heterogeneous devices, high mobility of end users, and a wide range of applications. To address these challenges, this paper applies a combination of graphical approaches and spectral clustering to group the Internet traffic of campus networks into distinctive traffic clusters in a divide-and-conquer manner. Specifically, we first model the data communication between a particular subnet of campus networks and the Internet on a specific application port via bipartite graphs, and subsequently use the one-mode projection to capture behavior similarity of end hosts in the same subnet for the same network applications. Finally we apply a spectral clustering algorithm to explore the behavior similarity to identify distinctive application clusters within each subnet. Our experimental results have demonstrated the benefits of our proposed method for analyzing Internet traffic of a large university town to discover anomalous behaviors and to uncover distinctive temporal and spatial traffic patterns.
L. Kai—This work has been financially supported by Shenzhen General Research project No: JCYJ20150626111057728 and Key Research Project No: JCYJ20151014093505032, JSGG20140516162852628 and JCYJ20151030154330711.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Borgnat, P., Dewaele, G., Fukuda, K., Abry, P., Cho, K.: Seven years and one day: sketching the evolution of internet traffic. In: Proceedings of IEEE INFOCOM, pp. 711–719 (2009)
Labovitz, C., Iekel-Johnson, S., McPherson, D., Oberheide, J., Jahanian, F.: Internet inter-domain traffic. ACM SIGCOMM Comput. Commun. Rev. 41(4), 75–86 (2011)
Kihl, M., Odling, P., Lagerstedt, C., Aurelius, A.: Traffic analysis and characterization of internet user behavior. In: Proceedings of ICUMT, pp. 224–231 (2010)
Xu, K., Zhang, Z.L., Bhattacharyya, S.: Profiling internet backbone traffic: behavior models and applications. ACM SIGCOMM Comput. Commun. Rev. 35(4), 169–180 (2005)
Strogatz, S.H.: Exploring complex networks. Nature 410(6825), 268–276 (2001)
Borgatti, S.P., Halgin, D.S.: Analyzing affiliation networks. In: Carrington, P., Scott, J. (eds.) The Sage Handbook of Social Network Analysis, pp. 417–433. Sage Publications, Thousand Oaks (2011)
Ng, A.Y., Jordan, M.I., Weiss, Y., et al.: On spectral clustering: analysis and an algorithm. Adv. Neural Inf. Process. Syst. 2, 849–856 (2002)
Xu, K., Wang, F., Gu, L.: Behavior analysis of internet traffic via bipartite graphs and one-mode projections. IEEE/ACM Trans. Netw. 22(3), 931–942 (2014)
McKeown, N., Anderson, T., Balakrishnan, H., et al.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Zink, M., Suh, K., Gu, Y., Kurose, J.: Characteristics of youtube network traffic at a campus network-measurements, models, and implications. Comput. Netw. 53(4), 501–514 (2009)
Lee, C., Lee, D.K., Moon, S.: Unmasking the growing UDP traffic in a campus network. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 1–10. Springer, Heidelberg (2012)
Henderson, T., Kotz, D., Abyzov, I.: The changing usage of a mature campus-wide wireless network. Comput. Netw. 52(14), 2690–2712 (2008)
Olsen, F.: The growing vulnerability of campus networks. Chron. High. Educ. 48(27), A35 (2002)
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of ACM SIGCOMM Workshop on Internet Measurment, pp. 71–82 (2002)
Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: Proceedings of ACM SIGCOMM Conference on Internet Measurement, pp. 32–32 (2005)
Bernaille, L., Teixeira, R., Akodkenou, I., Soule, A., Salamatian, K.: Traffic classification on the fly. ACM SIGCOMM Comput. Commun. Rev. 36(2), 23–26 (2006)
Qin, T., Guan, X., Wang, C., Liu, Z.: MUCM: multilevel user cluster mining based on behavior profiles for network monitoring. IEEE Syst. J. PP(99), 1–12 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Weng, W., Lei, K., Xu, K., Liu, X., Sun, T. (2016). Internet Traffic Analysis in a Large University Town: A Graphical and Clustering Approach. In: Cui, B., Zhang, N., Xu, J., Lian, X., Liu, D. (eds) Web-Age Information Management. WAIM 2016. Lecture Notes in Computer Science(), vol 9658. Springer, Cham. https://doi.org/10.1007/978-3-319-39937-9_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-39937-9_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-39936-2
Online ISBN: 978-3-319-39937-9
eBook Packages: Computer ScienceComputer Science (R0)