POSTER: A semantic-aware approach to reasoning about network traffic relations

Hao Zhang, Danfeng Daphne Yao, Naren Ramakrishnan
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
This paper addresses the problem of reasoning about relations between network packets on a host or in a network. Our analysis approach is to discover the causal relations among network packets, and use the relational structure of network events to identify anomalous activities that cannot be attributed to a legitimate cause. The key insight that motivates our traffic-analysis approach is that higher-order information such as the underlying relations of events is useful for human experts'
more » ... man experts' cognition and decision making. We design a new pairing method that produces special pairwise features, so that the discovery problem can be efficiently solved with existing binary classification methods. Preliminary experiments involving real world HTTP and DNS traffic show promising evidence of the accuracy of inferring the network traffic relations using our semantic-aware approach.
doi:10.1145/2508859.2512504 dblp:conf/ccs/ZhangYR13 fatcat:dwtwspcycrbhhcrvfpye6yqes4