Abstract
Studying IP traffic is crucial for many applications. We focus here on the detection of (structurally and temporally) dense sequences of interactions that may indicate botnets or coordinated network scans. More precisely, we model a MAWI capture of IP traffic as a link streams, i.e., a sequence of interactions \((t_1,t_2,u,v)\) meaning that devices u and v exchanged packets from time \(t_1\) to time \(t_2\). This traffic is captured on a single router and so has a bipartite structure: Links occur only between nodes in two disjoint sets. We design a method for finding interesting bipartite cliques in such link streams, i.e., two sets of nodes and a time interval such that all nodes in the first set are linked to all nodes in the second set throughout the time interval. We then explore the bipartite cliques present in the considered trace. Comparison with the MAWILab classification of anomalous IP addresses shows that the found cliques succeed in detecting anomalous network activity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
A Linux machine with 24 cores at 2.9 GHz and 256 GB of RAM.
References
Latapy, M., Magnien, C., Vecchio, N.: Basic notions for the analysis of large two-mode networks. Soc. Netw. 30(1), 31–48 (2008)
Latapy, M., Viard, T., Magnien, C.: Stream graphs and link streams for the modeling of interactions over time (2017). https://arxiv.org/abs/arXiv:1710.04073
Viard, T., Latapy, M., Magnien, C.: Computing maximal cliques in link streams. Theor. Comput. Sci. 609, 245–252 (2016)
Himmel, A., Molter, H., Niedermeier, R., Sorge, M.: Enumerating maximal cliques in tem- poral graphs. In: IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. ASONAM (2016)
Fontugne, R., Borgnat, P., Abry, P., Fukuda, K.: Mawilab: Combining diverse anomaly de- tectors for automated anomaly labeling and performance benchmarking. In: ACM CoNext ’10. (2010)
Himura, Y., Fukuda, K., Cho, K., Borgnat, P., Abry, P., Esaki, H.: Synoptic graphlet: bridg- ing the gap between supervised and unsupervised profiling of host-level network traffic. IEEE/ACM Trans. Netw. 21(4), 1284–1297 (2013)
Asai, H., Fukuda, K., Abry, P., Borgnat, P., Esaki, H.: Network application profiling with traffic causality graphs. Int. J. Netw. Manag. 24(4), 289–303 (2014)
Xu, K., Wang, F., Gu, L.: Behavior analysis of internet traffic via bipartite graphs and one- mode projections. IEEE/ACM Trans. Netw. 22(3), 931–942 (2014)
Jakalan, A., Jian, G., Zhang, W., Qi, S.: Clustering and profiling ip hosts based on traffic behavior. J. Netw. 10(2), 99–107 (2015)
Latapy, M., Hamzaoui, A., Magnien, C.: Detecting events in the dynamics of ego-centred measurements of the internet topology. J. Complex Netw. 2(1), 38–59 (2014)
Leo, Y., Crespelle, C., Fleury, E.: Non-altering time scales for aggregation of dynamic net- works into series of graphs. In: Proceedings of the ACM Conference on Emerging Networking Experiments and Technologies CoNEXT. (2015)
Wehmuth, K., Ziviani, A., Fleury, E.: A unifying model for representing time-varying graphs. In: 2015 IEEE International Conference on Data Science and Advanced Analytics, DSAA 2015, Campus des Cordeliers, pp. 1–10. Paris, France, 19–21 Oct 2015
Holme, P.: Modern temporal network theory: a colloquium. Eur. Phys. J. B 88(9), 1–30 (2015)
Acknowledgements
This work is funded in part by the European Commission H2020 FETPROACT 2016-2017 program under grant 732942 (ODYCCEUS), by the ANR (French National Agency of Research) under grants ANR-15-CE38-0001 (AlgoDiv) and ANR-13-CORD-0017-01 (CODDDE), and by the Ile-de-France program FUI21 under grant 16010629 (iTRAC).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Viard, T., Fournier-S’niehotta, R., Magnien, C., Latapy, M. (2018). Discovering Patterns of Interest in IP Traffic Using Cliques in Bipartite Link Streams. In: Cornelius, S., Coronges, K., Gonçalves, B., Sinatra, R., Vespignani, A. (eds) Complex Networks IX. CompleNet 2018. Springer Proceedings in Complexity. Springer, Cham. https://doi.org/10.1007/978-3-319-73198-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-73198-8_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73197-1
Online ISBN: 978-3-319-73198-8
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)