Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
Bibliography Details
G. Tan, M. Poletto, J. Guttag, and F. Kaashoek, "Role Classification of Hosts within Enterprise Networks based on Connection Patterns", in USENIX 2003, Jun 2003.
Role Classification of Hosts within Enterprise Networks based on Connection Patterns
Authors: G. Tan
M. Poletto
J. Guttag
F. Kaashoek
Published: USENIX, 2003
URL:http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.57.6218
Entry Dates: 2009-02-11
Abstract: Role classification involves grouping hosts into related roles. It exposes the logical structure of a network, simplifies network management tasks such as policy checking and network segmentation, and can be used to improve the accuracy of networkmonitoring and analysis algorithms such as intrusion detection. This paper defines the role classification problem and introduces two practical algorithms that group hosts based on observed connection patterns while dealing with changes in these patterns over time. The algorithms have been implemented in a commercial network monitoring and analysis product for enterprise networks. Results from grouping two enterprise networks show that the number of groups identified by our algorithms can be two orders of magnitude smaller than the number of hosts and that the way our algorithms group hosts highly reflect the logical structure of the networks.
Results:
  • datasets: collected over a day at two corporate networks (Mazu and BigCompany) 1) Mazu: part of the corporate network at Mazu Networks, Inc., in Cambridge, MA, It consists of 110 hosts; 2) BigCompany: consists of 3638 hosts, including workstations, servers, and many IP phones;
  • two practical algorithms: grouping and correlation;
  • automatically group hosts on an enterprise network into roles according to their observed connection patterns;
  Last Modified: Wed Jun-13-2018 11:38:22 PDT
  Page URL: http://www.caida.org/publications/bib/networking/entries/tan03role.xml