Real-Time Behavior Profiling for Network Monitoring

Date Added: Mar 2010
Format: PDF

This paper presents the design and implementation of a real-time behavior profiling system for Internet links. The system uses flow-level information, and applies data mining and information-theoretic techniques to automatically discover significant events based on communication patterns. The paper demonstrates the operational feasibility of the system by implementing it and performing benchmarking of CPU and memory costs using packet traces from backbone links. To improve the robustness of this system against sudden traffic surges, the paper proposes a novel filtering algorithm. The proposed algorithm successfully reduces the CPU and memory cost while maintaining high profiling accuracy.