Three statistical approaches to sessionizing network flow data

Patrick T G Rubin-Delanchy; Daniel John Lawson; Melissa J. Turcotte; Nicholas A Heard; Niall M Adams

doi:10.1109/JISIC.2014.46

Three statistical approaches to sessionizing network flow data

Patrick T G Rubin-Delanchy, Daniel John Lawson, Melissa J. Turcotte, Nicholas A Heard, Niall M Adams

Research output: Contribution to conference › Conference Paper › peer-review

4 Citations (Scopus)

317 Downloads (Pure)

Abstract

The network traffic generated by a computer, or a pair of computers, is often well modelled as a series of sessions. These are, roughly speaking, intervals of time during which a computer is engaging in the same, continued, activity. This article explores a variety of statistical approaches to re-discovering sessions from network flow data using timing alone. Solutions to this problem are essential for network monitoring and cyber-security. For example overlapping sessions on a computer network can be evidence of an intruder 'tunnelling'.

Original language	English
Pages	244-247
Number of pages	4
DOIs	https://doi.org/10.1109/JISIC.2014.46
Publication status	Published - 26 Sep 2014
Event	Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint - The Hague, Netherlands Duration: 24 Sep 2014 → 26 Sep 2014

Conference

Conference	Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Country/Territory	Netherlands
City	The Hague
Period	24/09/14 → 26/09/14

Bibliographical note

Print ISBN: 978-1-4799-6363-8

Keywords

Big Data
Cyber Security

Access to Document

10.1109/JISIC.2014.46

RubinDelanchyEtAl2014-CyberSessionization
Copyright © 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 119 KB

Cite this

@conference{3289882537f645179145f0e094fca865,

title = "Three statistical approaches to sessionizing network flow data",

abstract = "The network traffic generated by a computer, or a pair of computers, is often well modelled as a series of sessions. These are, roughly speaking, intervals of time during which a computer is engaging in the same, continued, activity. This article explores a variety of statistical approaches to re-discovering sessions from network flow data using timing alone. Solutions to this problem are essential for network monitoring and cyber-security. For example overlapping sessions on a computer network can be evidence of an intruder 'tunnelling'.",

keywords = "Big Data, Cyber Security",

author = "Rubin-Delanchy, {Patrick T G} and Lawson, {Daniel John} and Turcotte, {Melissa J.} and Heard, {Nicholas A} and Adams, {Niall M}",

note = "Print ISBN: 978-1-4799-6363-8; Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint ; Conference date: 24-09-2014 Through 26-09-2014",

year = "2014",

month = sep,

day = "26",

doi = "10.1109/JISIC.2014.46",

language = "English",

pages = "244--247",

}

Three statistical approaches to sessionizing network flow data. / Rubin-Delanchy, Patrick T G ; Lawson, Daniel John; Turcotte, Melissa J.; Heard, Nicholas A; Adams, Niall M.

2014. 244-247 Paper presented at Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint, The Hague, Netherlands.

Research output: Contribution to conference › Conference Paper › peer-review

TY - CONF

T1 - Three statistical approaches to sessionizing network flow data

AU - Rubin-Delanchy, Patrick T G

AU - Lawson, Daniel John

AU - Turcotte, Melissa J.

AU - Heard, Nicholas A

AU - Adams, Niall M

N1 - Print ISBN: 978-1-4799-6363-8

PY - 2014/9/26

Y1 - 2014/9/26

N2 - The network traffic generated by a computer, or a pair of computers, is often well modelled as a series of sessions. These are, roughly speaking, intervals of time during which a computer is engaging in the same, continued, activity. This article explores a variety of statistical approaches to re-discovering sessions from network flow data using timing alone. Solutions to this problem are essential for network monitoring and cyber-security. For example overlapping sessions on a computer network can be evidence of an intruder 'tunnelling'.

AB - The network traffic generated by a computer, or a pair of computers, is often well modelled as a series of sessions. These are, roughly speaking, intervals of time during which a computer is engaging in the same, continued, activity. This article explores a variety of statistical approaches to re-discovering sessions from network flow data using timing alone. Solutions to this problem are essential for network monitoring and cyber-security. For example overlapping sessions on a computer network can be evidence of an intruder 'tunnelling'.

KW - Big Data

KW - Cyber Security

U2 - 10.1109/JISIC.2014.46

DO - 10.1109/JISIC.2014.46

M3 - Conference Paper

SP - 244

EP - 247

T2 - Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint

Y2 - 24 September 2014 through 26 September 2014

ER -

Three statistical approaches to sessionizing network flow data

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this