Gibberd, A. and Evangelou, M. and Nelson, J. D. B. (2016) The Time-Varying Dependency Patterns of NetFlow Statistics. In: 2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW) :. 2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW) . IEEE, pp. 288-294. ISBN 9781509059119
dependency_netflow.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (481kB)
Abstract
We investigate where and how key dependency structure between measures of network activity change throughout the course of daily activity. Our approach to data-mining is probabilistic in nature, we formulate the identification of dependency patterns as a regularised statistical estimation problem. The resulting model can be interpreted as a set of time-varying graphs and provides a useful visual interpretation of network activity. We believe this is the first application of dynamic graphical modelling to network traffic of this kind. Investigations are performed on 9 days of real-world network traffic across a subset of IP's. We demonstrate that dependency between features may change across time and discuss how these change at an intra and inter-day level. Such variation in feature dependency may have important consequences for the design and implementation of probabilistic intrusion detection systems.