NeTS: Small: Motif-Driven Function and Association Discovery in Computer Networks To Support Management and Security of IT Infrastructures
Wake Forest University, Winston Salem NC
Investigators
Abstract
Understanding of the function of network hosts is critical for securing, guaranteeing performance in, and managing computer networks. Current approaches to application identification employ data packet analysis, a resource-intensive approach that ignores the available interaction information. This work builds on techniques developed for social and biological networks, applying such analysis to communications extracted from only network flow information. Application graphs are constructed per-port and annotated with meta- flow information, such as connection order and session length, followed by graph mining to extract motif profiles, lists of over-represented interconnection patterns, used to build classifiers mapping profiles to network functions. Sub-usage of motif profiles distinguishes variations of usage of an application. Multi-port applications and multi-host groups are classified using co-temporally related host presence in motifs across distinct ports. The automatic identification of network host function from flow data simplifies network management, providing administrators a better understanding of the way their network is used and supporting development of simplified security and resource-allocation mechanisms. This work will develop motif-based techniques that progressively allow for automated classification of host function, host intention, and group interaction, as well as collect and distribute new labeled traffic traces. This work will bring to network management novel ideas from social and biological networks and should add to the field of interaction network theory and result in algorithms generally applicable to group discovery and functional characterization. Results will be disseminated through targeted publications and ongoing collaborations with companies and labs interested in security and cluster-management applications of the work.
View original record on NSF Award Search →