Analyzing the Number of Varieties in Frequently Found Flows

Yusuke SHOMURA, Yoshinori WATANABE, Kenichi YOSHIDA

Idea

Idea

Clustering of Flows

Clustering of Flows

Abnormal traffic that causes various problems on the Internet, such as P2P flows, DDoS attacks, and Internet worms, is increasing; therefore, the importance of methods that identify and control abnormal traffic is also increasing. Though the application of frequent-itemset-mining techniques is a promising way to analyze Internet traffic, the huge amount of data on the Internet prevents such techniques from being effective.

To overcome this problem, we have developed a simple frequent-itemset-mining method that uses only a small amount of memory but is effective even with the large volumes of data associated with broadband Internet traffic. Using our method also involves analyzing the number of distinct elements in the itemsets found, which helps identify abnormal traffic.

We have developed a method that uses an extremely small amount of memory to analyze the number of varieties in frequently found flows. The most important characteristic of the method is that it can be used to analyze the number of varieties in frequently found flows. In experiments with actual Internet traffic, we demonstrated the following:

  1. The proposed method can find P2P software, Internet worms, and scans in Internet traffic.
  2. The performance of the proposed method enables on-line analysis of Internet backbone lines with bandwidths up to 10 Gbps.
Typical examples of analysis indicate the advantages of our proposed method. Studying the best uses of the method and making full use of its potential remain as future work.
References
  1. Y. Shoumura, Y. Watanabe, K. Yoshida, "Analyzing the Number of Varieties in Frequently Found Flows". IEICE TRANSACTIONS on Communications (2008)
  2. K. Yoshida, Y. Shoumura, Y. Watanabe, "Visualizing Network Status", International Conference on Machine Learning and Cybernetics (2007/08)