Digital Signature of Network Segment using Flow Analysis

Alexandro M. Zacaron, Luiz F. Carvalho, Mario H. A. C. Adaniya, Taufik Abrão, Mario Lemes Proença Jr.

Abstract

This paper presents two models for building Digital Signature of Network Segment using flow analysis (DSNSF). The DSNSF can be classified as a characterization of the traffic or as a baseline of the analyzed network segment. In this work two types of signatures of network segment are presented. The first is built applying K-means clustering algorithm and the second using optimized clustering by metaheuristic Ant Colony Optimization (ACO). The signatures provide characterization of the traffic segments analyzed using NetFlow v9 protocols TCP and UDP. The results achieved show that the two models presented using k-means Clustering and metaheuristic Ant Colony Optimization obtained good results for the creation of DSNSF or traffic characterization of the segments analyzed.

References

  1. Chang, S., Qiu, X., Gao, Z., Liu, K., and Qi, F. (2010). A flow-based anomaly detection method using sketch and combinations of traffic features. In Network and Service Management (CNSM), 2010 International Conference on, pages 302 -305.
  2. Claise, B. (2004). Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational).
  3. Claise, B. (2008). Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC 5101 (Proposed Standard).
  4. Deneubourg, J.-L., Aron, S., and Goss, S. (1990a). The selforganizing exploratory pattern of the argentine ant. Journal of Insect Behavior, 3:159-169.
  5. Deneubourg, J. L., Goss, S., Franks, N., Sendova-Franks, A., Detrain, C., and Chrétien, L. (1990b). The dynamics of collective sorting robot-like ants and ant-like robots. In Proceedings of the first international conference on simulation of adaptive behavior on From animals to animats, pages 356-363, Cambridge, MA, USA. MIT Press.
  6. Denning, D. (1987). An intrusion-detection model. Software Engineering, IEEE Transactions on, SE13(2):222 - 232.
  7. Dorigo, M., Birattari, M., and Stutzle, T. (2006). Ant colony optimization. Computational Intelligence Magazine, IEEE, 1(4):28 -39.
  8. Fatemipour, F. and Yaghmaee, M. (2007). Design and implementation of a monitoring system based on ipfix protocol. In Telecommunications, 2007. AICT 2007. The Third Advanced International Conference on, page 22.
  9. Fu, H. (2008). A novel clustering algorithm with ant colony optimization. In Computational Intelligence and Industrial Application, 2008. PACIIA 7808. Pacific-Asia Workshop on, volume 2, pages 66 -69.
  10. Haag, P. (2004). NFDUMP - NetFlow processing tools.
  11. Haag, P. (2005). NetFlow visualisation and investigation tool.
  12. Lima, M., Zarpelao, B., Sampaio, L., Rodrigues, J., Abrao, T., and Proenca, M. (2010). Anomaly detection using baseline and k-means clustering. In Software, Telecommunications and Computer Networks (SoftCOM), 2010 International Conference on, pages 305 -309.
  13. MacQueen, J. B. (1967). Some methods for classification and analysis of multivariate observations. In Cam, L. M. L. and Neyman, J., editors, Proc. of the fifth Berkeley Symposium on Mathematical Statistics and Probability, volume 1, pages 281-297. University of California Press.
  14. Miller, D. (2010). Softflowd - traffic flow monitoring. [Online; accessed 28-May-2011].
  15. Patcha, A. and Park, J.-M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12):3448 - 3470.
  16. Proenca, M., Coppelmans, C., Bottoli, M., and Souza Mendes, L. (2006). Baseline to help with network management. In e-Business and Telecommunication Networks, pages 158-166. Springer Netherlands.
  17. Quittek, J., Zseby, T., Claise, B., and Zander, S. (2004). Requirements for IP Flow Information Export (IPFIX). RFC 3917 (Informational).
  18. Trammell, B. and Boschi, E. (2011). An introduction to ip flow information export (ipfix). Communications Magazine, IEEE, 49(4):89 -95.
Download


Paper Citation


in Harvard Style

M. Zacaron A., F. Carvalho L., H. A. C. Adaniya M., Abrão T. and Lemes Proença Jr. M. (2012). Digital Signature of Network Segment using Flow Analysis . In Proceedings of the International Conference on Data Communication Networking, e-Business and Optical Communication Systems - Volume 1: DCNET, (ICETE 2012) ISBN 978-989-8565-23-5, pages 35-40. DOI: 10.5220/0004048100350040


in Bibtex Style

@conference{dcnet12,
author={Alexandro M. Zacaron and Luiz F. Carvalho and Mario H. A. C. Adaniya and Taufik Abrão and Mario Lemes Proença Jr.},
title={Digital Signature of Network Segment using Flow Analysis},
booktitle={Proceedings of the International Conference on Data Communication Networking, e-Business and Optical Communication Systems - Volume 1: DCNET, (ICETE 2012)},
year={2012},
pages={35-40},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004048100350040},
isbn={978-989-8565-23-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Data Communication Networking, e-Business and Optical Communication Systems - Volume 1: DCNET, (ICETE 2012)
TI - Digital Signature of Network Segment using Flow Analysis
SN - 978-989-8565-23-5
AU - M. Zacaron A.
AU - F. Carvalho L.
AU - H. A. C. Adaniya M.
AU - Abrão T.
AU - Lemes Proença Jr. M.
PY - 2012
SP - 35
EP - 40
DO - 10.5220/0004048100350040