Abstract
Network security analysts presently lack tools for
routinely screening large collections of network traffic for struc-
tures of interest. This is particularly the case when the struc-
tures of interest are embodied as summaries of sets of related
traffic, essentially behaviour descriptions. This paper sketches
a methodology to provide such capability, in the context of flow
data. The methodology generates approximate search results, and
uses a modular construction to provide the capability to tailor
queries for multiple views of the behaviour structure of interest.
At core, the methodology involves approximate sequential search
procedures. The methodology is framed by a discussion of a large
university network.
routinely screening large collections of network traffic for struc-
tures of interest. This is particularly the case when the struc-
tures of interest are embodied as summaries of sets of related
traffic, essentially behaviour descriptions. This paper sketches
a methodology to provide such capability, in the context of flow
data. The methodology generates approximate search results, and
uses a modular construction to provide the capability to tailor
queries for multiple views of the behaviour structure of interest.
At core, the methodology involves approximate sequential search
procedures. The methodology is framed by a discussion of a large
university network.
| Original language | English |
|---|---|
| Publication status | Published - 26 Sept 2014 |
Keywords
- Big Data
- Cyber Security