Detecting Network Events by Analyzing Dynamic Behavior of Distributed Network
Detecting network events has become a prevalent task in various network scenarios, which is essential for network management. Although a number of studies have been conducted to solve this problem, few of them concern about the universality issue. This paper proposes a General Network Behavior Analysis Approach (GNB2A) to address this issue. First, a modeling approach is proposed based on hidden Markov random field. Markovianity is introduced to model the spatio-temporal context of distributed network and stochastic interaction among interconnected and time-continuous events. Second, an expectation maximum algorithm is derived to estimate parameters of the model, and a maximum a posteriori criterion is utilized to detect network events. Finally, GNB2A is applied to three network scenarios. Experiments demonstrate the generality and practicability of GNB2A.
KeywordsBehavior analysis Event detection Network modeling
- 3.Khaleghi, B., Khamis, A., Karray, F.O., Razavi, S.N.: Multisensor data fusion: a review of the state-of-the-art. Inf. Fusion 14(1), 28–44 (2013). https://doi.org/10.1016/j.inffus.2011.08.001, http://www.sciencedirect.com/science/article/pii/S1566253511000558CrossRefGoogle Scholar
- 5.Ramaki, A.A., Amini, M., Atani, R.E.: Rteca: real time episode correlation algorithm for multi-step attack scenarios detection. Comput. Secur. 49, 206–219 (2015). https://doi.org/10.1016/j.cose.2014.10.006, http://www.sciencedirect.com/science/article/pii/S0167404814001527CrossRefGoogle Scholar
- 6.Wu, S., Liu, S., Lin, W., Zhao, X., Chen, S.: Detecting remote access trojans through external control at area network borders. In: 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 131–141 (2017). https://doi.org/10.1109/ANCS.2017.27
- 8.Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010). https://doi.org/10.1016/j.cose.2009.06.008, http://www.sciencedirect.com/science/article/pii/S016740480900073XCrossRefGoogle Scholar