Discovering patterns of interest in ip traffic using cliques in bipartite link streams

Tiphaine Viard; Raphaël Fournier-S’niehotta; Clémence Magnien; Matthieu Latapy

doi:10.1007/978-3-319-73198-8_20

Discovering patterns of interest in ip traffic using cliques in bipartite link streams

Tiphaine Viard
, Raphaël Fournier-S’niehotta
, Clémence Magnien
, Matthieu Latapy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Studying IP traffic is crucial for many applications. We focus here on the detection of (structurally and temporally) dense sequences of interactions that may indicate botnets or coordinated network scans. More precisely, we model a MAWI capture of IP traffic as a link streams, i.e., a sequence of interactions (t₁, t₂, u, v) meaning that devices u and v exchanged packets from time t₁ to time t₂ . This traffic is captured on a single router and so has a bipartite structure: Links occur only between nodes in two disjoint sets. We design a method for finding interesting bipartite cliques in such link streams, i.e., two sets of nodes and a time interval such that all nodes in the first set are linked to all nodes in the second set throughout the time interval. We then explore the bipartite cliques present in the considered trace. Comparison with the MAWILab classification of anomalous IP addresses shows that the found cliques succeed in detecting anomalous network activity.

Original language	English
Title of host publication	Springer Proceedings in Complexity
Editors	Sean Cornelius, Kate Coronges, Bruno Goncalves, Roberta Sinatra, Alessandro Vespignani
Publisher	Springer Science and Business Media B.V.
Pages	233-241
Number of pages	9
ISBN (Print)	9783319731971
DOIs	https://doi.org/10.1007/978-3-319-73198-8_20
Publication status	Published - 1 Jan 2018
Externally published	Yes
Event	9th International Conference on Complex Networks, CompleNet 2018 - Boston, United States Duration: 5 Mar 2018 → 8 Mar 2018

Publication series

Name	Springer Proceedings in Complexity
Volume	0
ISSN (Print)	2213-8684
ISSN (Electronic)	2213-8692

Conference

Conference	9th International Conference on Complex Networks, CompleNet 2018
Country/Territory	United States
City	Boston
Period	5/03/18 → 8/03/18

Access to Document

10.1007/978-3-319-73198-8_20

Cite this

Viard, T., Fournier-S’niehotta, R., Magnien, C., & Latapy, M. (2018). Discovering patterns of interest in ip traffic using cliques in bipartite link streams. In S. Cornelius, K. Coronges, B. Goncalves, R. Sinatra, & A. Vespignani (Eds.), Springer Proceedings in Complexity (pp. 233-241). (Springer Proceedings in Complexity; Vol. 0). Springer Science and Business Media B.V.. https://doi.org/10.1007/978-3-319-73198-8_20

Viard, Tiphaine ; Fournier-S’niehotta, Raphaël ; Magnien, Clémence et al. / Discovering patterns of interest in ip traffic using cliques in bipartite link streams. Springer Proceedings in Complexity. editor / Sean Cornelius ; Kate Coronges ; Bruno Goncalves ; Roberta Sinatra ; Alessandro Vespignani. Springer Science and Business Media B.V., 2018. pp. 233-241 (Springer Proceedings in Complexity).

@inproceedings{476a3ce7911a4f6f87887a46fb9162b5,

title = "Discovering patterns of interest in ip traffic using cliques in bipartite link streams",

abstract = "Studying IP traffic is crucial for many applications. We focus here on the detection of (structurally and temporally) dense sequences of interactions that may indicate botnets or coordinated network scans. More precisely, we model a MAWI capture of IP traffic as a link streams, i.e., a sequence of interactions (t1, t2, u, v) meaning that devices u and v exchanged packets from time t1 to time t2 . This traffic is captured on a single router and so has a bipartite structure: Links occur only between nodes in two disjoint sets. We design a method for finding interesting bipartite cliques in such link streams, i.e., two sets of nodes and a time interval such that all nodes in the first set are linked to all nodes in the second set throughout the time interval. We then explore the bipartite cliques present in the considered trace. Comparison with the MAWILab classification of anomalous IP addresses shows that the found cliques succeed in detecting anomalous network activity.",

author = "Tiphaine Viard and Rapha{\"e}l Fournier-S{\textquoteright}niehotta and Cl{\'e}mence Magnien and Matthieu Latapy",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2018.; 9th International Conference on Complex Networks, CompleNet 2018 ; Conference date: 05-03-2018 Through 08-03-2018",

year = "2018",

month = jan,

day = "1",

doi = "10.1007/978-3-319-73198-8\_20",

language = "English",

isbn = "9783319731971",

series = "Springer Proceedings in Complexity",

publisher = "Springer Science and Business Media B.V.",

pages = "233--241",

editor = "Sean Cornelius and Kate Coronges and Bruno Goncalves and Roberta Sinatra and Alessandro Vespignani",

booktitle = "Springer Proceedings in Complexity",

}

Viard, T, Fournier-S’niehotta, R, Magnien, C & Latapy, M 2018, Discovering patterns of interest in ip traffic using cliques in bipartite link streams. in S Cornelius, K Coronges, B Goncalves, R Sinatra & A Vespignani (eds), Springer Proceedings in Complexity. Springer Proceedings in Complexity, vol. 0, Springer Science and Business Media B.V., pp. 233-241, 9th International Conference on Complex Networks, CompleNet 2018, Boston, United States, 5/03/18. https://doi.org/10.1007/978-3-319-73198-8_20

Discovering patterns of interest in ip traffic using cliques in bipartite link streams. / Viard, Tiphaine; Fournier-S’niehotta, Raphaël; Magnien, Clémence et al.
Springer Proceedings in Complexity. ed. / Sean Cornelius; Kate Coronges; Bruno Goncalves; Roberta Sinatra; Alessandro Vespignani. Springer Science and Business Media B.V., 2018. p. 233-241 (Springer Proceedings in Complexity; Vol. 0).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Discovering patterns of interest in ip traffic using cliques in bipartite link streams

AU - Viard, Tiphaine

AU - Fournier-S’niehotta, Raphaël

AU - Magnien, Clémence

AU - Latapy, Matthieu

N1 - Publisher Copyright: © Springer International Publishing AG 2018.

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Studying IP traffic is crucial for many applications. We focus here on the detection of (structurally and temporally) dense sequences of interactions that may indicate botnets or coordinated network scans. More precisely, we model a MAWI capture of IP traffic as a link streams, i.e., a sequence of interactions (t1, t2, u, v) meaning that devices u and v exchanged packets from time t1 to time t2 . This traffic is captured on a single router and so has a bipartite structure: Links occur only between nodes in two disjoint sets. We design a method for finding interesting bipartite cliques in such link streams, i.e., two sets of nodes and a time interval such that all nodes in the first set are linked to all nodes in the second set throughout the time interval. We then explore the bipartite cliques present in the considered trace. Comparison with the MAWILab classification of anomalous IP addresses shows that the found cliques succeed in detecting anomalous network activity.

AB - Studying IP traffic is crucial for many applications. We focus here on the detection of (structurally and temporally) dense sequences of interactions that may indicate botnets or coordinated network scans. More precisely, we model a MAWI capture of IP traffic as a link streams, i.e., a sequence of interactions (t1, t2, u, v) meaning that devices u and v exchanged packets from time t1 to time t2 . This traffic is captured on a single router and so has a bipartite structure: Links occur only between nodes in two disjoint sets. We design a method for finding interesting bipartite cliques in such link streams, i.e., two sets of nodes and a time interval such that all nodes in the first set are linked to all nodes in the second set throughout the time interval. We then explore the bipartite cliques present in the considered trace. Comparison with the MAWILab classification of anomalous IP addresses shows that the found cliques succeed in detecting anomalous network activity.

UR - https://www.scopus.com/pages/publications/85054342702

U2 - 10.1007/978-3-319-73198-8_20

DO - 10.1007/978-3-319-73198-8_20

M3 - Conference contribution

AN - SCOPUS:85054342702

SN - 9783319731971

T3 - Springer Proceedings in Complexity

SP - 233

EP - 241

BT - Springer Proceedings in Complexity

A2 - Cornelius, Sean

A2 - Coronges, Kate

A2 - Goncalves, Bruno

A2 - Sinatra, Roberta

A2 - Vespignani, Alessandro

PB - Springer Science and Business Media B.V.

T2 - 9th International Conference on Complex Networks, CompleNet 2018

Y2 - 5 March 2018 through 8 March 2018

ER -

Viard T, Fournier-S’niehotta R, Magnien C, Latapy M. Discovering patterns of interest in ip traffic using cliques in bipartite link streams. In Cornelius S, Coronges K, Goncalves B, Sinatra R, Vespignani A, editors, Springer Proceedings in Complexity. Springer Science and Business Media B.V. 2018. p. 233-241. (Springer Proceedings in Complexity). doi: 10.1007/978-3-319-73198-8_20

Discovering patterns of interest in ip traffic using cliques in bipartite link streams

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this