Association for Computing Machinery
In this paper, the authors highlight two topics on security from their lab. First, they address the problem of internet traffic classification (e.g. web, file-sharing, or botnet?). They present a fundamentally different approach to classifying traffic that studies the network wide behavior by modeling the interactions of users as a graph. By contrast, most previous approaches use statistics such as packet sizes and inter-packet delays. They show how their approach gives rise to novel and powerful ways to: visualize the traffic, model the behavior of applications, and detect abnormalities and attacks. Extending this approach, they develop entelecheia, a botnet-detection method.