Network Behavior Analysis: Measurement, Models, and Applications

✍ Scribed by Kuai Xu

Publisher: Springer
Year: 2021
Tongue: English
Leaves: 170
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

This book provides a comprehensive overview of network behavior analysis that mines Internet traffic data in order to extract, model, and make sense of behavioral patterns in Internet “objects” such as end hosts, smartphones, Internet of things, and applications. The objective of this book is to fill the book publication gap in network behavior analysis, which has recently become an increasingly important component of comprehensive network security solutions for data center networks, backbone networks, enterprise networks, and edge networks.

The book presents fundamental principles and best practices for measuring, extracting, modeling and analyzing network behavior for end hosts and applications on the basis of Internet traffic data. In addition, it explains the concept and key elements (e.g., what, who, where, when, and why) of communication patterns and network behavior of end hosts and network applications, drawing on data mining, machine learning, information theory, probabilistic graphical and structural modeling to do so. The book also discusses the benefits of network behavior analysis for applications in cybersecurity monitoring, Internet traffic profiling, anomaly traffic detection, and emerging application detections.

The book will be of particular interest to researchers and practitioners in the fields of Internet measurement, traffic analysis, and cybersecurity, since it provides a spectrum of innovative techniques for summarizing behavior models, structural models, and graphic models of Internet traffic, and explains how to leverage the results for a broad range of real-world applications in network management, security operations, and cyber-intelligent analysis. After finishing this book, readers will 1) have learned the principles and practices of measuring, modeling, and analyzing network behavior on the basis of massive Internet traffic data; 2) be able to make sense of network behavior for a spectrum of applications ranging from cybersecurity and network monitoring to emerging application detection; and 3) understand how to explore network behavior analysis to complement traditional perimeter-based firewall and intrusion detection systems in order to detect unusual traffic patterns or zero-day security threats using data mining and machine learning techniques. To ideally benefit from this book, readers should have a basic grasp of TCP/IP protocols, data packets, network flows, and Internet applications.

✦ Table of Contents

Preface
Acknowledgements
Contents
1 Introduction
1.1 What is Network Behavior Analysis
1.2 Network Behavior Measurement and Modeling
1.3 Benefits of Network Behavior Analysis
1.4 Book Overview and Organization
References
2 Background of Network Behavior Analysis
2.1 Internet Measurement and Analysis
2.2 Data Collection for Network Behavior Analysis
2.3 Preliminaries of Network Behavior Analysis
2.3.1 Information Theory and Entropy
2.3.2 Graphical Analysis
References
3 Behavior Modeling of Network Traffic
3.1 Behavior-Oriented Network Traffic Modeling
3.1.1 What is Network Behavior
3.1.2 Traffic Features in Network Behavior
3.1.3 Behavioral Entities
3.1.4 Real-World Network Traffic Datasets
3.2 Identifying Significant Behavioral Entities
3.2.1 Significant Behavioral Entities
3.2.2 Adaptive Thresholding Algorithm
3.2.3 Extracting Significant Traffic Clusters
3.3 Network Behavior Modeling
3.3.1 Network Behavior Modeling
3.3.2 Network Behavior Classifications
3.4 Network Behavior Dynamics
3.4.1 Temporal Properties of Behavior Classes
3.4.2 Behavior Dynamics of Individual Clusters
3.5 Summary
References
4 Structural Modeling of Network Traffic
4.1 Communication Structure Analysis
4.1.1 Dominant State Analysis
4.1.2 Communication Structure of Networked Systems and Internet Applications
4.2 Exploring More Traffic Features
4.3 Summary
References
5 Graphical Modeling of Network Traffic
5.1 Cluster-Aware Network Behavior Analysis
5.2 Modeling Host Communications with Bipartite Graphs and One-Mode Projections
5.3 Similarity Matrices and Clustering Coefficient of One-Mode Projection Graphs
5.3.1 Similarity Matrices
5.3.2 Clustering Coefficients
5.4 Discovering Behavior Clusters via Clustering Algorithms
5.4.1 Partitioning Similarity Matrix with Spectral Clustering Algorithm
5.4.2 Clustering Analysis of Internet Applications
5.5 Traffic Characteristics and Similarity of Behavior Clusters
5.5.1 Making Sense of End-Host Behavior Clusters
5.5.2 Distinct Traffic Characteristics of Behavior Clusters
5.5.3 Exploring Similarity of Internet Applications
5.6 Summary
References
6 Real-Time Network Behavior Analysis
6.1 Real-Time Network Measurement and Monitoring
6.2 Real-Time System for Network Behavior Analysis
6.2.1 Design Guidelines
6.2.2 System Architecture
6.2.3 Key Implementation Details
6.3 Performance Evaluation
6.3.1 Benchmarking
6.3.2 Stress Test
6.4 Sampling and Filtering
6.4.1 Random Sampling
6.4.2 Profiling-Aware Filtering
6.5 Summary
References
7 Applications
7.1 Profiling Internet Traffic
7.1.1 Server/Service Behavior Profiles
7.1.2 Heavy-Hitter Host Behavior Profiles
7.1.3 Scan/Exploit Profiles
7.1.4 Deviant or Rare Behaviors
7.2 Reducing Unwanted Traffic on the Internet
7.2.1 Unwanted Exploit Traffic on the Internet
7.2.2 Characteristics of Unwanted Exploit Traffic
7.2.3 Strategies of Reducing Unwanted Traffic
7.2.4 Sequential Behavior Analysis
7.3 Cluster-Aware Applications of Network Behavior Analysis
7.3.1 End-Host Network Behavior Clusters
7.3.2 Network Application Behavior Clusters
7.4 Summary
References
8 Research Frontiers of Network Behavior Analysis
8.1 Network Behavior Analysis in the Cloud
8.1.1 Background
8.1.2 Profiling-as-a-Service in the Cloud
8.1.3 Architecture of Profiling-as-a-Service for Network Behavior Analysis
8.1.4 Designing the Profiling-as-a-Service Infrastructure
8.2 Network Behavior Analysis in Smart Homes
8.2.1 Background
8.2.2 Traffic Monitoring Platform for Home Networks
8.2.3 Characterizing Home Network Traffic
8.2.4 Unwanted Traffic Towards Home Networks
8.3 Network Behavior Analysis for Internet of Things
8.3.1 Background
8.3.2 IoT Traffic Measurement and Monitoring
8.3.3 An IoT Traffic Measurement Framework via Programmable Edge Routers
8.3.4 Multidimensional Behavioral Profiling of IoT Devices
8.3.5 Exploring the Applications of Multidimensional Behavioral Profiling
8.4 Summary
References

📜 SIMILAR VOLUMES

Clinical and Organizational Applications

📁 Clinical and Organizational Applications of Applied Behavior Analysis

✍ Henry S. Roane (editor), Joel E. Ringdahl (editor), Terry S. Falcomata (editor) 📂 Library 📅 2015 🏛 Academic Press 🌐 English

Applied behavior analysts use applied research to create and implement effective evidence-based procedures in schools, homes, and the community, which have proved effective in addressing behaviors associated with autism and other developmental disorders. The principles underlying this therapeuti

Clinical and Organizational Applications

📁 Clinical and Organizational Applications of Applied Behavior Analysis

✍ Henry S. Roane, Joel E. Ringdahl, Terry S. Falcomata 📂 Library 📅 2015 🏛 Academic Press 🌐 English

Clinical and Organizational Applications of Applied Behavior Analysis uses data-based decision making to inform treatment selection for behavior change across various populations and contexts. Each chapter addresses considerations related to data collection, single-case research design met

Model Neural Networks and Behavior

📁 Model Neural Networks and Behavior

✍ Peter A. Getting, Michael S. Dekin (auth.), Allen I. Selverston (eds.) 📂 Library 📅 1985 🏛 Springer US 🌐 English

The most conspicuous function of the nervous system is to control animal behav ior. From the complex operations of learning and mentation to the molecular con figuration of ionic channels, the nervous system serves as the interface between an animal and its environment. To study and understand

Resilience Of Networked Infrastructure S

📁 Resilience Of Networked Infrastructure Systems, The: Analysis And Measurement: Analysis and Measurement

✍ Mayada Omer 📂 Library 📅 2009 🏛 World Scientific Publishing Company 🌐 English

This volume elaborates on both the qualitative and quantitative aspects of resilience. Reviewing the literature exploring the concept of resilience in engineering, it discusses resilience in terms of the various definitions used, the methodologies proposed to characterize resilience, and the metrics

Ultra-Dense Networks for 5G and Beyond:

📁 Ultra-Dense Networks for 5G and Beyond: Modelling, Analysis, and Applications

✍ Trung Q. Duong; Xiaoli Chu; Himal A. Suraweera 📂 Library 📅 2019 🏛 Wiley 🌐 English

Offers comprehensive insight into the theory, models, and techniques of ultra-dense networks and applications in 5G and other emerging wireless networks The need for speed--and power--in wireless communications is growing exponentially. Data rates are projected to increase by a fac

Ultra-dense networks for 5G and beyond :

📁 Ultra-dense networks for 5G and beyond : modelling, analysis, and applications

✍ Chu, Xiaoli; Duong, Trung Q.; Suraweera, Himal A 📂 Library 📅 2019 🏛 Wiley 🌐 English

"A comprehensive insight into the theory, models and techniques of ultra-dense networks and applications in 5G and other emerging wireless networks -Ultra-dense networks and communications systems are emerging topics, having many applications that have potential to solve varieties of real-life probl