Atypical behavior identification in large-scale network traffic
Cyber analysts are faced with the daunting challenge of identifying exploits and threats within potentially billions of daily records of network traffic. Enterprise-wide cyber traffic involves hundreds of millions of distinct IP addresses and results in data sets ranging from terabytes to petabytes...
Uloženo v:
| Vydáno v: | 2011 IEEE Symposium on Large Data Analysis and Visualization s. 15 - 22 |
|---|---|
| Hlavní autoři: | , , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.10.2011
|
| Témata: | |
| ISBN: | 9781467301565, 1467301566 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Cyber analysts are faced with the daunting challenge of identifying exploits and threats within potentially billions of daily records of network traffic. Enterprise-wide cyber traffic involves hundreds of millions of distinct IP addresses and results in data sets ranging from terabytes to petabytes of raw data. Creating behavioral models and identifying trends based on those models requires data intensive architectures and techniques that can scale as data volume increases. Analysts need scalable visualization methods that foster interactive exploration of data and enable identification of behavioral anomalies. Developers must carefully consider application design, storage, processing, and display to provide usability and interactivity with large-scale data. We present an application that highlights atypical behavior in enterprise network flow records. This is accomplished by utilizing data intensive architectures to store the data, aggregation techniques to optimize data access, statistical techniques to characterize behavior, and a visual analytic environment to render the behavioral trends, highlight atypical activity, and allow for exploration. |
|---|---|
| AbstractList | Cyber analysts are faced with the daunting challenge of identifying exploits and threats within potentially billions of daily records of network traffic. Enterprise-wide cyber traffic involves hundreds of millions of distinct IP addresses and results in data sets ranging from terabytes to petabytes of raw data. Creating behavioral models and identifying trends based on those models requires data intensive architectures and techniques that can scale as data volume increases. Analysts need scalable visualization methods that foster interactive exploration of data and enable identification of behavioral anomalies. Developers must carefully consider application design, storage, processing, and display to provide usability and interactivity with large-scale data. We present an application that highlights atypical behavior in enterprise network flow records. This is accomplished by utilizing data intensive architectures to store the data, aggregation techniques to optimize data access, statistical techniques to characterize behavior, and a visual analytic environment to render the behavioral trends, highlight atypical activity, and allow for exploration. |
| Author | Hafen, R. P. Best, D. M. Pike, W. A. Olsen, B. K. |
| Author_xml | – sequence: 1 givenname: D. M. surname: Best fullname: Best, D. M. email: daniel.best@pnnl.gov organization: Pacific Northwest Nat. Lab., Richland, WA, USA – sequence: 2 givenname: R. P. surname: Hafen fullname: Hafen, R. P. email: ryan.hafen@pnnl.gov organization: Pacific Northwest Nat. Lab., Richland, WA, USA – sequence: 3 givenname: B. K. surname: Olsen fullname: Olsen, B. K. email: bryan.olsen@pnnl.gov organization: Pacific Northwest Nat. Lab., Richland, WA, USA – sequence: 4 givenname: W. A. surname: Pike fullname: Pike, W. A. email: william.pike@pnnl.gov organization: Pacific Northwest Nat. Lab., Richland, WA, USA |
| BookMark | eNo1j89KxDAYxCMq6K59APGSF-iaL2nT5CRlXf9AwYt6XZLmi0ZruqRB2be34DqXYYYfA7MgJ3GMSMglsBUA09fdbfu64gxgJZnmAvgRWUAlG8GgrtUxKXSj_rOsz0gxTR9slpRaKXlObtq834XeDNTiu_kOY6LBYczBz2UOY6Qh0sGkNyynmUIaMf-M6ZPmZPzMXJBTb4YJi4Mvycvd5nn9UHZP94_rtisDKJHLvmq4tMCVF2CdcLrSsgdnK2-l4w1TYJz3CnyjsTEADi1TzHvfS-udcWJJrv52AyJudyl8mbTfHj6LX7pgTWE |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/LDAV.2011.6092312 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 1467301558 9781467301558 |
| EndPage | 22 |
| ExternalDocumentID | 6092312 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR AAWTH ADFMO ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK IERZE OCL RIE RIL |
| ID | FETCH-LOGICAL-i183t-c4726b128f31bd3d9496c1db4fb6d27081adff81f79e7a11deb080fffc6bfdad3 |
| IEDL.DBID | RIE |
| ISBN | 9781467301565 1467301566 |
| IngestDate | Wed Aug 27 03:10:02 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i183t-c4726b128f31bd3d9496c1db4fb6d27081adff81f79e7a11deb080fffc6bfdad3 |
| PageCount | 8 |
| ParticipantIDs | ieee_primary_6092312 |
| PublicationCentury | 2000 |
| PublicationDate | 2011-10 |
| PublicationDateYYYYMMDD | 2011-10-01 |
| PublicationDate_xml | – month: 10 year: 2011 text: 2011-10 |
| PublicationDecade | 2010 |
| PublicationTitle | 2011 IEEE Symposium on Large Data Analysis and Visualization |
| PublicationTitleAbbrev | LDAV |
| PublicationYear | 2011 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0000669886 |
| Score | 1.5014502 |
| Snippet | Cyber analysts are faced with the daunting challenge of identifying exploits and threats within potentially billions of daily records of network traffic.... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 15 |
| SubjectTerms | Analytical models cyber analytics Data models Data visualization IP networks large-scale data Measurement Time series Visual analytics |
| Title | Atypical behavior identification in large-scale network traffic |
| URI | https://ieeexplore.ieee.org/document/6092312 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEB5q8eBJpRXf5ODR2GZ3m8dJilo8SOlBpbeSxwQWZFvareC_N9ndrghevGVDCJvH7jeTfN8MwI0ceeWSzFFjFNKAeEglpp7a6F1nKmxrrJNNiOlUzudq1oHbVguDiBX5DO9isbrLd0u7jUdlAz6M5kj44e4JwWutVnueEqAz9Mwr7RaP2zbYKbuQTs3zqLnVZEM1eHkcv9cBPJtOf2VXqcBlcvi_1zqC_o9Kj8xa_DmGDhY9uB-XX6s48WQnwCe5axhB1SKQvCAfkf5NN6EVkqLmgZNyrWM0iT68TZ5eH55pkySB5uFrLKnNRMJNQBmfMuNSpzLFLXMm84a7RATE1857ybxQKDRjDk0wEr33lhvvtEtPoFssCzwFkkiUo6GWVmmWGSV0cF69N05JHfwOVGfQi4NfrOo4GItm3Od_V1_AQbLjy7FL6JbrLV7Bvv0s8836ulq8b77KmAc |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA5jCnpS2cTf5uDRuKZN0-QkQx0T59hhym4jaV6gIN3oOsH_3qTtJoIXb2kIofnRfu8l3_ceQjcittKEzBCtJRCHeEAERJak3rtm0m1rqJNNJOOxmM3kpIVut1oYAKjIZ3Dni9Vdvlmka39U1uOBN0fcD3cnZiwMarXW9kTFgafrm1fqLe43rrNUNkGdmue4udekgeyNHvvvdQjPpttf-VUqeBkc_O_FDlH3R6eHJ1sEOkItyDvovl9-Lf3U440EH2em4QRVy4CzHH94AjhZuVaA85oJjstC-XgSXfQ2eJo-DEmTJoFk7nssScqSkGuHMzai2kRGMslTajSzmpswcZivjLWC2kRCoig1oJ2ZaK1NubZGmegYtfNFDicIhwJEHCiRSkWZloly7qu12kihnOcB8hR1_ODnyzoSxrwZ99nf1ddobzh9Hc1Hz-OXc7Qfbthz9AK1y2INl2g3_SyzVXFVLeQ325ObTg |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2011+IEEE+Symposium+on+Large+Data+Analysis+and+Visualization&rft.atitle=Atypical+behavior+identification+in+large-scale+network+traffic&rft.au=Best%2C+D.+M.&rft.au=Hafen%2C+R.+P.&rft.au=Olsen%2C+B.+K.&rft.au=Pike%2C+W.+A.&rft.date=2011-10-01&rft.pub=IEEE&rft.isbn=9781467301565&rft.spage=15&rft.epage=22&rft_id=info:doi/10.1109%2FLDAV.2011.6092312&rft.externalDocID=6092312 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781467301565/lc.gif&client=summon&freeimage=true |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781467301565/mc.gif&client=summon&freeimage=true |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781467301565/sc.gif&client=summon&freeimage=true |