Three Statistical Approaches to Sessionizing Network Flow Data

Patrick Rubin-Delanchy, Daniel J. Lawson, Melissa J. Turcotte, Nicholas Heard, Niall M. Adams
2014 2014 IEEE Joint Intelligence and Security Informatics Conference  
The network traffic generated by a computer, or a pair of computers, is often well-modelled as a series of sessions. These are, roughly speaking, intervals of time during which a computer is engaging in the same, continued, activity. This article explores a variety of statistical approaches to re-discovering sessions from network flow data using timing alone. Solutions to this problem are essential for network monitoring and cyber-security. For example overlapping sessions on a computer network can be evidence of an intruder 'tunnelling'.
doi:10.1109/jisic.2014.46 dblp:conf/isi/Rubin-DelanchyLTHA14 fatcat:kclurvgtqvahxh4zeup65cuha4