Host Behavior in Computer Network: One-Year Study

JIRSÍK, Tomáš and Petr VELAN. Host Behavior in Computer Network: One-Year Study. IEEE Transactions on Network and Service Management. 2021, vol. 18, No 1, p. 822-838. ISSN 1932-4537. Available from: https://dx.doi.org/10.1109/TNSM.2020.3036528.

Basic information

• Original name: Host Behavior in Computer Network: One-Year Study
• Authors: JIRSÍK, Tomáš (203 Czech Republic, guarantor, belonging to the institution) and Petr VELAN (203 Czech Republic, belonging to the institution).
• Edition: IEEE Transactions on Network and Service Management, 2021, 1932-4537.

Other information

• Original language: English
• Type of outcome: Article in a journal
• Field of Study: 10201 Computer sciences, information science, bioinformatics
• Country of publisher: United States of America
• Confidentiality degree: is not subject to a state or trade secret
• WWW: URL URL
• Impact factor: Impact factor: 4.758
• RIV identification code: RIV/00216224:14610/21:00121022
• Organization unit: Institute of Computer Science
• Doi: http://dx.doi.org/10.1109/TNSM.2020.3036528
• UT WoS: 000628914700056
• Keywords in English: Stability analysis;Security;Labeling;Business;Tools;IP networks;Computer science;Network measurement;Host profiling;Netflow;Clustering;Temporal patterns
• Tags: J-D1, rivok
• Tags: International impact, Reviewed

Abstract

An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. Hence, host profiling methods attract the interest of many researchers, and novel methods for host profiling are being introduced. However, these methods are frequently developed on preprocessed and small datasets. Therefore, they do not reflect the real-world artifacts of the host profiling, such as missing observations, temporal patterns, or variability in the profile characteristics in time. To provide the needed insight into the artifacts of host profiling in real-world settings, we present a study of the host behavior in a network conducted on a one-year-long real-world network dataset. In the study, we inspect the availability of the data for host profiling, identify the temporal patterns in host behavior, introduce a method for stable labeling of the hosts, and assess the variability of the host characteristics in the course of the year using the coefficient of variance. Moreover, we make the one-year dataset containing nine characteristics used for host behavior analysis available for public use and further research, including selected use cases representing host profiling caveats. We also share the record of analyses presented in the paper.

Links

• EF16_019/0000822, research and development project: Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur
• 833418, interní kód MU: Name: Sharing and Automation for Privacy Preserving Attack Neutralization (Acronym: SAPPAN)

Investor: European Union, Sharing and Automation for Privacy Preserving Attack Neutralization, Secure societies - Protecting freedom and security of Europe and its citizens (Societal Challenges)