Unauthorized Network Services Detection by Flow Analysis
Electronics and Electrical Engineering 2008
Mārtiņš Ekmanis, Vladimirs Novikovs, Andris Ruško

There is no strong semantic structure in network traffic behavior so the most general abstraction query-by-example can be used to identify particular application. Automatic traffic grouping is also possible according to some similarity or dissimilarity distance, if such is defined. We propose a new distinction distance as a method to define the distance between network flows. Cluster analysis is done using distinction distance matrix calculated from real traffic flow dumps. The experiment shows the ability of algorithm to identify a traffic source by example and group similar sources together. Ill. 5, bibl. 13 (in English; summaries in English, Russian and Lithuanian).


Keywords
Unwanted Traffic, Flow Analysis, Distinction Distance
Hyperlink
http://eejournal.ktu.lt/index.php/elt/article/view/11161

Ekmanis, M., Novikovs, V., Ruško, A. Unauthorized Network Services Detection by Flow Analysis. Electronics and Electrical Engineering, 2008, Vol. 85, No. 5, pp.53-56. ISSN 1392-1215. e-ISSN 2029-5731.

Publication language
English (en)
The Scientific Library of the Riga Technical University.
E-mail: uzzinas@rtu.lv; Phone: +371 28399196