Clustering and monitoring edge behaviour in enterprise network traffic

File Description SizeFormat 
IEEE_Schon_Adams_Evangelou.pdfFile embargoed until 01 January 10000766.3 kBAdobe PDF    Request a copy
Title: Clustering and monitoring edge behaviour in enterprise network traffic
Authors: Schon, C
Adams, NM
Evangelou, M
Item Type: Conference Paper
Abstract: This paper takes an unsupervised learning approach for monitoring edge activity within an enterprise computer network. Using NetFlow records, features are gathered across the active connections (edges) in 15-minute time windows. Then, edges are grouped into clusters using the k-means algorithm. This process is repeated over contiguous windows. A series of informative indicators are derived by examining the relationship of edges with the observed cluster structure. This leads to an intuitive method for monitoring network behaviour and a temporal description of edge behaviour at global and local levels.
Issue Date: 22-Jul-2017
Date of Acceptance: 28-May-2017
URI: http://hdl.handle.net/10044/1/48810
Publisher: IEEE
Journal / Book Title: IEEE Intelligence and Security Informatics
Copyright Statement: This paper is embargoed until publication.
Conference Name: IEEE International Conference on Intelligence and Security Informatics
Publication Status: Accepted
Start Date: 2017-07-22
Finish Date: 2017-07-24
Conference Place: Beijing, China
Embargo Date: publication subject to indefinite embargo
Appears in Collections:Mathematics
Statistics
Faculty of Medicine
Faculty of Natural Sciences
Epidemiology, Public Health and Primary Care



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Creative Commons