An Approximate Framework for Flexible Network Flow Screening

Niall M. Adams, Daniel J. Lawson
2014 2014 IEEE Joint Intelligence and Security Informatics Conference  
Network security analysts presently lack tools for routinely screening large collections of network traffic for structures of interest. This is particularly the case when the structures of interest are embodied as summaries of sets of related traffic, essentially behaviour descriptions. This paper sketches a methodology to provide such capability, in the context of flow data. The methodology generates approximate search results, and uses a modular construction to provide the capability to
more » ... queries for multiple views of the behaviour structure of interest. At core, the methodology involves approximate sequential search procedures. The methodology is framed by a discussion of a large university network.
doi:10.1109/jisic.2014.49 dblp:conf/isi/AdamsL14 fatcat:qz7vpntov5dvzcxayi22ks2lve