The contents of this legacy page are no longer maintained nor supported, and are made available only for historical purposes.

Bibliography Details

M. Iliofotou, P. Pappu, M. Faloutsos, M. Mitzenmacher, S. Singh, and G. Varghese, "Network Traffic Analysis using Traffic Dispersion Graphs (TDGs): Techniques and Hardware Implementation", Tech. rep., University of California, Riverside, 2007.

Network Traffic Analysis using Traffic Dispersion Graphs (TDGs): Techniques and Hardware Implementation
Authors: M. Iliofotou
P. Pappu
M. Faloutsos
M. Mitzenmacher
S. Singh
G. Varghese
Published: University of California, Riverside, 2007
URL: http://www.cs.ucr.edu/~marios/Papers/UCR-CS-2007-05001.pdf
Entry Dates: 2009-02-11
Abstract: Monitoring network traffic and detecting unwanted applications has become a challenging problem, since many applications obfuscate their traffic using arbitrary port numbers or payload encryption. Apart from some notable exceptions, most traffic monitoring tools follow two types of approaches: (a) keeping traffic statistics such as packet sizes and inter-arrivals, flow counts, byte volumes, etc., or (b) analyzing packet content. In this work, we propose the use of Traffic Dispersion Graphs (TDGs) as a powerful way to monitor, analyze, and visualize network traffic. TDGs model the social behavior of hosts ("who talks to whom"), while the edges can be defined to represent different interactions (e.g. the exchange of a certain number or type of packets). With the introduction of TDGs, we are able to harness the wealth of tools and graph modeling techniques from a diverse set of disciplines. First, we fully explore the abilities of TDGs as an intuitive and visually powerful tool. Second, we demonstrate their usefulness in application classification and intrusion detection solutions. Finally, we provide a hardware-aware design and implementation for TDG-based techniques. We conclude that TDGs are powerful, useful, and can be implemented efficiently in hardware. They constitute a promising new chapter for network monitoring techniques.
Results:
  • datasets: 1) WIDE: backbone, 2006, 2h; 2) AUCK: access link, 2003, 1h; 3) OC48: backbone, 2003, 1.02h; 4) UCSD: Lan, controlled honeypot, 5min;
  • TDG