Download now Free registration required
Government computer networks need a real-time network traffic monitoring tool to detect anomalies in network traffic patterns to improve security. Specifically, they need a tool to determine if a host is using a network connection for something other than the intended use. A key step in developing this tool is creating statistical models to accurately identify the application protocols of sessions in a network without relying on port numbers, which conventionally identify them. This paper outlines the construction of these models. Specifically, it focuses on the methods used to build them, which included: structuring network data in a database, aggregating packet level data into sessions, and then identifying the key variables.
- Format: PDF
- Size: 465.8 KB