research-article

A survey on traffic-behavioral profiling of network end-target

Authors:

Guangmin HuAuthors Info & Claims

ACM TURC '19: Proceedings of the ACM Turing Celebration Conference - China

Article No.: 125, Pages 1 - 7

https://doi.org/10.1145/3321408.3326653

Published: 17 May 2019 Publication History

Abstract

The traffic-behavioral profiling of end-targets can provide the network administrators with user information both depictive and precise for better decision-making. Based on the enumerated researches, this paper summarized the basic conceptions for traffic-behavioral profiling of end-targets, as well as the prevailing frameworks of these techniques. Meanwhile, existing methods are carefully categorized, and the respective performances and features are contrasted, and potential future researches are introduced.

References

[1]

Jennifer Rihn and Jonathan James Oliver. Detection of abusive user accounts in social networks. U.S. Patent Application 10/116,614, Filed Oct. 30th, 2018.

[2]

Stanley Wasserman and Katherine Faust. 1994. Social network analysis: Methods and applications (Vol. 8). Cambridge university press.

[3]

Pamela J. Wisniewski, Bart P. Knijnenburg, and Heather Richter Lipford. 2017. Making privacy personal: Profiling social network users to inform privacy education and nudging. International Journal of Human-Computer Studies 98 (2017), 95--108.

Digital Library

[4]

Jian Su, Zheng-guo Sheng, Liang-bo Xie, Gang Li, Alex X. Liu. 2019. Fast splitting based tag identification algorithm for anti-collision in UHF RFID system. IEEE Transactions on Communications, 67, 3, 2527--2538.

[5]

Jian Su, Zheng-guo Sheng, Victor C.M. Leung, Yong-rui Chen. 2019. Energy efficient tag identification algorithms for RFID: survey, motivation and new design. IEEE Wireless Communications.

Digital Library

[6]

Dilip Singh Sisodia, Shrish Verma, and Om Prakash Vyas. 2017. A subtractive relational fuzzy c-medoids clustering approach to cluster web user sessions from web server logs. International Journal of Applied Engineering Research 12, 7 (2017), 1142--1150.

[7]

Julius Onyancha, Valentina Plekhanova, and David Nelson. 2017. Noise Web Data Learning from a Web User Profile: Position Paper. In Proceedings of the World Congress on Engineering (WCE 2017). London, U.K., 608--611.

[8]

Godfrey Tan, Massimiliano Poletto, John V. Guttag, and M. Frans Kaashoek. 2003. Role Classification of Hosts Within Enterprise Networks Based on Connection Patterns. In USENIX Annual Technical Conference. 15--28.

Digital Library

[9]

Thomas Karagiannis, Konstantina Papagiannaki, Nina Taft, and Michalis Faloutsos. 2007. Profiling the end host. In International Conference on Passive and Active Network Measurement. Springer, Berlin, Heidelberg, 186--196.

Digital Library

[10]

Thomas Karagiannis, Konstantina Papagiannaki, and Michalis Faloutsos. 2005. BLINC: multilevel traffic classification in the dark. In ACM SIGCOMM computer communication review 35, 4 (2005), 229--240.

Digital Library

[11]

Marios Iliofotou, Prashanth Pappu, Michalis Faloutsos, Michael Mitzenmacher, Sumeet Singh, and George Varghese. 2007. Network monitoring using traffic dispersion graphs (tdgs). In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, ACM, 315--320.

Digital Library

[12]

Yosuke Himura, Kensuke Fukuda, Kenjiro Cho, Pierre Borgnat, Patrice Abry, and Hiroshi Esaki. 2013. Synoptic graphlet: Bridging the gap between supervised and unsupervised profiling of host-level network traffic. IEEE/ACM Transactions on Networking 21, 4 (2013), 1284--1297.

Digital Library

[13]

John McHugh, Ron McLeod, and Vagishwari Nagaonkar. 2008. Passive network forensics: behavioural classification of network hosts based on connection patterns. ACM SIGOPS Operating Systems Review 42, 3 (2008), 99--111.

Digital Library

[14]

Mark Thomas, Leigh Metcalf, Jonathan Spring, Paul Krystosek, and Katherine Prevost. 2014. SiLK: A tool suite for unsampled network flow analysis at scale. In 2014 IEEE International Congress on Big Data, IEEE, 184--191.

Digital Library

[15]

Guillaume Dewaele, Yosuke Himura, Pierre Borgnat, Kensuke Fukuda, Patrice Abry, Olivier Michel, Romain Fontugne, Kenjiro Cho, and Hiroshi Esaki. 2010. Unsupervised host behavior classification from connection patterns. International Journal of Network Management 20, 5 (2010), 317--337.

Digital Library

[16]

Marios Iliofotou, Hyun-chul Kim, Michalis Faloutsos, Michael Mitzenmacher, Prashanth Pappu, and George Varghese. 2009. Graph-based p2p traffic classification at the internet backbone. In IEEE INFOCOM Workshops 2009, IEEE, 1--6.

Digital Library

[17]

Yu Jin, Esam Sharafuddin, and Zhi-Li Zhang. 2009. Unveiling core network-wide communication patterns through application traffic activity graph decomposition. ACM SIGMETRICS Performance Evaluation Review 37, 1 (2009), 49--60.

Digital Library

[18]

Thota, Harsha Sai, V. Saradhi, and T. Venkatesh. 2013. Network Traffic Analysis Using Principal Component Graphs. In 11th Workshop on Mining and Learning with Graphs.

[19]

Kuai Xu, Feng Wang, and Lin Gu. 2011. Network-aware behavior clustering of Internet end hosts. In 2011 Proceedings IEEE INFOCOM, IEEE, 2078--2086.

[20]

Li Qiao, He Hui, Fang Binxing, Zhang Hongli, and Wang Ya-Shan. 2014. Awareness of the network group anomalous behaviors based on network trust. Chinese Journal of Computers 37, 1 (2014), 1--14.

[21]

Songjie Wei, Jelena Mirkovic, and Ezra Kissel. 2006. Profiling and Clustering Internet Hosts. DMIN 6 (2006), 269--75.

[22]

James Lewis. 2003. Cyber terror: Missing in action. Knowledge, Technology & Policy 16, 2 (2003), 34--41.

[23]

Andrew Moore, Denis Zuev, and Michael Crogan. 2005. Discriminators for use in flow-based classification. Intel Research Technical Report.

[24]

Robin Berthier, Michel Cukier, Matti Hiltunen, Dave Kormann, Gregg Vesonder, and Dan Sheleheda. 2010. Nfsight: netflow-based network awareness tool. In Proceedings of LISA'10: 24th Large Installation System Administration Conference, 119.

Digital Library

[25]

Carrie Gates, Michael P. Collins, Michael Duggan, Andrew Kompanek, and Mark Thomas. 2004. More Netflow Tools for Performance and Security. In LISA, 4, 121--132.

Digital Library

[26]

Bingdong Li, Mehmet Hadi Gunes, George Bebis, and Jeff Springer. 2013. A supervised machine learning approach to classify host roles on line using sflow. In Proceedings of the first edition workshop on High performance and programmable networking, ACM, 53--60.

Digital Library

[27]

Bernhard Scholkopf and Alexander J. Smola. 2001. Learning with kernels: support vector machines, regularization, optimization, and beyond. MIT press.

Digital Library

[28]

Tao Qin, Xiaohong Guan, Chenxu Wang, and Zhaoli Liu. 2015. MUCM: multilevel user cluster mining based on behavior profiles for network monitoring. IEEE Systems Journal 9, 4 (2015), 1322--1333.

[29]

Tadayoshi Kohno, Andre Broido, and Kimberly C. Claffy. 2005. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing 2, 2 (2005), 93--108.

Digital Library

[30]

Nathan Clarke, Fudong Li, and Steven Furnell. 2017. A novel privacy preserving user identification approach for network traffic. computers & security 70 (2017), 335--350.

[31]

David Plonka and Paul Barford. 2011. Flexible traffic and host profiling via DNS rendezvous. In Workshop Satin.

[32]

Mohamad Jaber, Roberto G. Cascella, and Chadi Barakat. 2012. Using host profiling to refine statistical application identification. In 2012 Proceedings IEEE INFOCOM, IEEE, 2746--2750.

[33]

Marcin Pietrzyk, Louis Plissonneau, Guillaume Urvoy-Keller, and Taoufik En-Najjary. 2011. On profiling residential customers. In International Workshop on Traffic Monitoring and Analysis, Springer, Berlin, Heidelberg, 1--14.

Digital Library

[34]

Françoise Fessant, Vincent Lemaire, and Fabrice Clérot. 2008. Combining several SOM approaches in data mining: application to ADSL customer behaviours analysis. In Data Analysis, Machine Learning and Applications, Springer, Berlin, Heidelberg, 343--354.

[35]

Tao Qin, Wei Li, Xiaohong Guan, and Zhaoli Liu. 2012. Behavior spectrum: An effective method for user's web access behavior monitoring and measurement. In 2012 IEEE Global Communications Conference (GLOBECOM), IEEE, 961--966.

[36]

Diana Zeaiter Joumblatt, Renata Teixeira, Jaideep Chandrashekar, and Nina Taft. 2010. HostView: Annotating end-host performance measurements with user feedback. In ACM HotMetrics Workshop.

[37]

Francesco Gringoli, Luca Salgarelli, Maurizio Dusi, Niccolo Cascarano, and Fulvio Risso. 2009. Gt: picking up the truth from the ground for internet traffic. ACM SIGCOMM Computer Communication Review 39, 5 (2009), 12--18.

Digital Library

[38]

Guo, Danhua, Guangdeng Liao, Laxmi N. Bhuyan, Bin Liu, and Jianxun Jason Ding. 2008. A scalable multithreaded 17-filter design for multi-core servers. In Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ACM, 60--68.

Digital Library

[39]

Andrey Finkelstein, Ron Biton, Rami Puzis, and Asaf Shabtai. 2017. Classification of smartphone users using internet traffic. arXiv:1701.00220. Retrieved from https://arxiv.org/pdf/1701.00220

[40]

Ning Xia, Han Hee Song, Yong Liao, Marios Iliofotou, Antonio Nucci, Zhi-Li Zhang, and Aleksandar Kuzmanovic. 2013. Mosaic: Quantifying privacy leakage in mobile networks. In ACM SIGCOMM Computer Communication Review, 43, 4, 279--290.

Digital Library

[41]

Roberto Gonzalez, Claudio Soriente, and Nikolaos Laoutaris. 2016. User profiling in the time of https. In Proceedings of the 2016 Internet Measurement Conference, ACM.

Digital Library

[42]

Huaxin Li, Zheyu Xu, Haojin Zhu, Di Ma, Shuai Li, and Kai Xing. 2016. Demographics inference through Wi-Fi network traffic analysis. In IEEE INFOCOM 2016, IEEE, 1--9.

Digital Library

Cited By

Pekarcik PKekenak TSokol PMezesova T(2019)Real-time processing of cybersecurity system data for attacker profiling2019 IEEE 15th International Scientific Conference on Informatics10.1109/Informatics47936.2019.9119254(000207-000212)Online publication date: Nov-2019
https://doi.org/10.1109/Informatics47936.2019.9119254

Index Terms

A survey on traffic-behavioral profiling of network end-target

Recommendations

Performance characterization and profiling of chained CPU-bound Virtual Network Functions
Abstract
The increased demand for high-quality Internet connectivity resulting from the growing number of connected devices and advanced services has put significant strain on telecommunication networks. In response, cutting-edge technologies ...
Listener latency profiling: Measuring the perceptible performance of interactive Java applications

When developers need to improve the performance of their applications, they usually use one of the many existing profilers. These profilers generally capture a profile that represents the execution time spent in each method. The developer can thus focus ...
Instant profiling: Instrumentation sampling for profiling datacenter applications
CGO '13: Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)

Profile-guided optimization possesses huge potential to save costs for datacenters. Hardware performance monitoring units enable profiling with negligible overhead and they have been proven to be effective to help programmers find code regions to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACM TURC '19: Proceedings of the ACM Turing Celebration Conference - China

May 2019

963 pages

ISBN:9781450371582

DOI:10.1145/3321408

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACM TURC 2019

ACM TURC 2019: ACM Turing Celebration Conference - China

May 17 - 19, 2019

Chengdu, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
151
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pekarcik PKekenak TSokol PMezesova T(2019)Real-time processing of cybersecurity system data for attacker profiling2019 IEEE 15th International Scientific Conference on Informatics10.1109/Informatics47936.2019.9119254(000207-000212)Online publication date: Nov-2019
https://doi.org/10.1109/Informatics47936.2019.9119254

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten