Abstract
As Internet traffic continues to grow in size and complexity, it has become an increasingly challenging task to understand behavior patterns of end-hosts and network applications. This paper presents a novel approach based on behavioral graph analysis to study the behavior similarity of Internet end-hosts. Specifically, we use bipartite graphs to model host communications from network traffic and build one-mode projections of bipartite graphs for discovering social-behavior similarity of end-hosts. By applying simple and efficient clustering algorithms on the similarity matrices and clustering coefficient of one-mode projection graphs, we perform network-aware clustering of end-hosts in the same network prefixes into different end-host behavior clusters and discover inherent clustered groups of Internet applications. Our experiment results based on real datasets show that end-host and application behavior clusters exhibit distinct traffic characteristics that provide improved interpretations on Internet traffic. Finally, we demonstrate the practical benefits of exploring behavior similarity in profiling network behaviors, discovering emerging network applications, and detecting anomalous traffic patterns.
| Original language | English (US) |
|---|---|
| Article number | 6523973 |
| Pages (from-to) | 931-942 |
| Number of pages | 12 |
| Journal | IEEE/ACM Transactions on Networking |
| Volume | 22 |
| Issue number | 3 |
| DOIs | |
| State | Published - Jun 2014 |
Keywords
- Behavior graph analysis
- bipartite graph
- clustering algorithms
- one-mode projection
- traffic profiling
ASJC Scopus subject areas
- Software
- Computer Science Applications
- Computer Networks and Communications
- Electrical and Electronic Engineering