Bibliography Details

T. Karagiannis, K. Papgiannaki, N. Taft, and M. Faloutso, "Profiling the End Host", in Passive and Active Measurement Conference (PAM), Apr 2007.

Profiling the End Host
Authors:	T. Karagiannis K. Papgiannaki N. Taft M. Faloutso
Published:	Passive and Active Measurement Conference (PAM), 2007
URL:	http://www.cs.ucr.edu/~michalis/PAPERS/PAM07-thomas-PRINT.pdf
Entry Dates:	2009-02-09
Abstract:	Profiling is emerging as a useful tool for a variety of diagnosis and security applications. Existing profiles are often narrowly focused in terms of the data they capture or the application they target. In this paper, we seek to design general end-host profiles capable of capturing and representing a broad range of user activity and behavior. We first present a novel methodology to profiling that uses a graph-based structure to represent and distill flow level information at the transport layer. Second, we develop mechanisms to: (a) summarize the information, and (b) adaptively evolve it over time.We conduct an initial study of our profiles on real user data, and observe that our method generates a compact, robust and intuitive description of user behavior.
Results:	datasets: collected packet header traces within a secure enterprise network environment; Using the CoMo monitoring tool; Two traces were collected; one spans the entire month of October 2005, and the other a two week period in November 2005; use a graph-baesed structure to represent and distill flow level information at the transport layer; the graph-baesed structure called graphlet;