NECO: A Graph-Based Approach to Traffic Monitoring and Application Classification

NECO:基于图的流量监控和应用分类方法

基本信息

  • 批准号:
    1316446
  • 负责人:
  • 金额:
    $ 1.88万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2012
  • 资助国家:
    美国
  • 起止时间:
    2012-12-31 至 2013-08-31
  • 项目状态:
    已结题

项目摘要

NECO: A Graph-Based Approach to Traffic Monitoring and Application ClassificationNETS NECO proposal 0832069Michalis Faloutsos (UCR) The fundamental problem that motivates this work is the need to detect and classify emerging and undesired applications in a network, such as a large ISP, or an enterprise network. The undesired applications can refer to Peer-To-Peer (P2P) protocols, which can dominate network resources, but also include malware such as intrusions and worms. This proposal addresses the following tightly related problems in this area of research: (a) monitoring and visualizing network traffic, (b) identifying applications, and (c) detecting anomalies.Monitoring the traffic and detecting unwanted applications is far from trivial. The authors of controversial applications often obfuscate their traffic to make them very hard to detect by using encryption or ever-changing behavior. Thus, there is a need for an approach that has the following properties: (a) it is easy to use with few and intuitive parameters, (b) it can operate even when packet payload is unavailable, and (c) it does not rely on a priori knowledge of the application specification, such as port numbers. Despite the significant number of previous efforts, most previous work fails to meet one of these three constraints.The proposal follows a more fundamental behavioral approach, where the detector looks for behavior patterns of the application that are both intrinsic to the application and distinct from other traffic. By identifying intrinsic behaviors, it becomes difficult for application writers to disguise their applications without defeating the very purpose of the application. The key contribution of this proposal is that it demonstrates the power of a behavioral or graph-based approach to network monitoring. Specifically, the proposal fully explores the use of Traffic Dispersion Graphs or TDGs, which capture the communication pattern in a network, namely, who talks to whom. TDGs capture the ``social" interaction of the network as a whole, which leads to a directed graph; each node is an IP address, and each edge represents an interaction between two nodes. The proposal shows that there is a wealth of information embedded in a TDG, which the other monitoring and application classification methods simply cannot capture.Broader Impact: This proposal will make enterprise and ISP networks more reliable and safer by providing the basis for a new generation of monitoring and security tools. Service disruptions and malware cost billions of dollars per year to any industry with significant IT infrastructure. At the same time, the Internet has become the battleground of multimillion dollar wars: between industries (content providers versus ISPs on network neutrality) and between the entertainment industry and users (the peer-to-peer saga). The proposal will provide the tools (e.g. application classification) that will play an important role in deciding the future of the network. Educational Goals: The PI will develop a cross-disciplinary educational program by bringing together networking, security, graph-mining, and social networks research. In addition, the PIs will develop programs to: (a) encourage the early involvement of both undergraduate and graduate students in research and teaching, and (b) increase the participation of minorities in higher education in engineering.
NECO:基于图的流量监控和应用程序分类方法NETS NECO提案0832069 Michalis Faloutsos(UCR)推动这项工作的根本问题是需要检测和分类网络(如大型ISP或企业网络)中出现的和不需要的应用程序。不期望的应用可以指对等(P2P)协议,其可以支配网络资源,但也包括恶意软件,诸如入侵和蠕虫。 该提案解决了该研究领域中以下密切相关的问题:(a)监视和可视化网络流量,(B)识别应用程序,以及(c)检测异常。有争议的应用程序的作者经常混淆他们的流量,使他们很难通过使用加密或不断变化的行为来检测。 因此,需要一种具有以下特性的方法:(a)易于使用很少且直观的参数,(B)即使在分组有效载荷不可用时也可以操作,以及(c)不依赖于应用规范的先验知识,例如端口号。尽管大量的先前的努力,大多数先前的工作未能满足这三个constrain.The建议遵循一个更基本的行为的方法,其中检测器寻找的应用程序的行为模式,既固有的应用程序和其他流量不同。通过识别内在行为,应用程序编写者很难在不破坏应用程序的目的的情况下伪装他们的应用程序。该提案的主要贡献在于,它展示了行为或基于图的网络监控方法的强大功能。具体而言,该提案充分探索了流量分散图或TDG的使用,它捕获了网络中的通信模式,即谁与谁交谈。TDG将网络的“社会”交互作为一个整体来捕捉,这导致了一个有向图;每个节点是一个IP地址,每条边代表两个节点之间的交互。该提案表明,有丰富的信息嵌入在一个TDG,这是其他监控和应用程序分类方法根本无法捕捉。更广泛的影响:该提案将使企业和ISP网络更可靠和更安全的基础上,提供了新一代的监控和安全工具。 服务中断和恶意软件每年给任何拥有重要IT基础设施的行业带来数十亿美元的损失。与此同时,互联网已经成为数百万美元战争的战场:行业之间(内容提供商与网络中立性的ISP)以及娱乐行业与用户之间(点对点佐贺)。该提案将提供在决定网络未来方面发挥重要作用的工具(例如应用程序分类)。教育目标:PI将开发一个跨学科的教育计划,将网络,安全,图形挖掘和社交网络研究结合在一起。此外,PI将制定方案:(a)鼓励本科生和研究生尽早参与研究和教学,(B)增加少数民族在工程高等教育中的参与。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Michalis Faloutsos其他文献

iDispatcher: A unified platform for secure planet-scale information dissemination
  • DOI:
    10.1007/s12083-012-0128-8
  • 发表时间:
    2012-04-19
  • 期刊:
  • 影响因子:
    2.600
  • 作者:
    Md Sazzadur Rahman;Guanhua Yan;Harsha V. Madhyastha;Michalis Faloutsos;Stephan Eidenbenz;Mike Fisk
  • 通讯作者:
    Mike Fisk
Performance Evaluation of a New MAC Protocol for the CDMA Interconnection Network
  • DOI:
    10.1007/s11235-005-6628-6
  • 发表时间:
    2005-05-01
  • 期刊:
  • 影响因子:
    2.300
  • 作者:
    Jang Hyun Baek;Michalis Faloutsos;Ho Yeon Chung
  • 通讯作者:
    Ho Yeon Chung
Analyzing Communication Interaction Networks (CINs) in enterprises and inferring hierarchies
分析企业中的通信交互网络 (CIN) 并推断层次结构
  • DOI:
    10.1016/j.comnet.2012.11.028
  • 发表时间:
    2013-07
  • 期刊:
  • 影响因子:
    5.6
  • 作者:
    Yi Wang;Marios Iliofotou;Michalis Faloutsos;Bin Wu
  • 通讯作者:
    Bin Wu
A linear-time optimal-message distributed algorithm for minimum spanning trees
  • DOI:
    10.1007/s00446-004-0107-2
  • 发表时间:
    2004-08-01
  • 期刊:
  • 影响因子:
    2.100
  • 作者:
    Michalis Faloutsos;Mart Molle
  • 通讯作者:
    Mart Molle

Michalis Faloutsos的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Michalis Faloutsos', 18)}}的其他基金

SaTC: CORE: Small: SOFIA: Finding and profiling malware source-code in public archives at scale
SaTC:核心:小型:SOFIA:大规模在公共档案中查找和分析恶意软件源代码
  • 批准号:
    2132642
  • 财政年份:
    2021
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Know Thy Enemy: Data Mining Meets Networks for Understanding Web-Based Malware Dissemination
TWC:媒介:协作:了解你的敌人:数据挖掘与网络结合以了解基于 Web 的恶意软件传播
  • 批准号:
    1638219
  • 财政年份:
    2016
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Standard Grant
TWC: Medium: Collaborative: Know Thy Enemy: Data Mining Meets Networks for Understanding Web-Based Malware Dissemination
TWC:媒介:协作:了解你的敌人:数据挖掘与网络结合以了解基于 Web 的恶意软件传播
  • 批准号:
    1314935
  • 财政年份:
    2013
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Standard Grant
NECO: A Graph-Based Approach to Traffic Monitoring and Application Classification
NECO:基于图的流量监控和应用分类方法
  • 批准号:
    0832069
  • 财政年份:
    2008
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Standard Grant
Collaborative Research: NETS-NBD: RIDR: Towards Robust Inter-Domain Routing: Measurements, Models, and Deployable Tools
协作研究:NETS-NBD:RIDR:迈向稳健的域间路由:测量、模型和可部署工具
  • 批准号:
    0721889
  • 财政年份:
    2007
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Continuing Grant
Collaborative Research: NetMine: Finding Patterns in Network Data
合作研究:NetMine:寻找网络数据中的模式
  • 批准号:
    0208950
  • 财政年份:
    2002
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Continuing Grant
CAREER: Multicast Protocols and Topology Models for the Internet
职业:互联网的组播协议和拓扑模型
  • 批准号:
    9985195
  • 财政年份:
    2000
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Standard Grant

相似国自然基金

基于Graph-PINN的层结稳定度参数化建模与沙尘跨介质耦合传输模拟研
  • 批准号:
  • 批准年份:
    2025
  • 资助金额:
    0.0 万元
  • 项目类别:
    省市级项目
平面三角剖分flip graph的强凸性研究
  • 批准号:
    12301432
  • 批准年份:
    2023
  • 资助金额:
    30.00 万元
  • 项目类别:
    青年科学基金项目
基于graph的多对比度磁共振图像重建方法
  • 批准号:
    61901188
  • 批准年份:
    2019
  • 资助金额:
    24.5 万元
  • 项目类别:
    青年科学基金项目
基于de bruijn graph梳理的宏基因组拼接算法开发
  • 批准号:
    61771009
  • 批准年份:
    2017
  • 资助金额:
    50.0 万元
  • 项目类别:
    面上项目
基于Graph和ISA的红外目标分割与识别方法研究
  • 批准号:
    61101246
  • 批准年份:
    2011
  • 资助金额:
    22.0 万元
  • 项目类别:
    青年科学基金项目
中国Web Graph的挖掘与应用研究
  • 批准号:
    60473122
  • 批准年份:
    2004
  • 资助金额:
    23.0 万元
  • 项目类别:
    面上项目

相似海外基金

Heterogeneous Graph Neural Network based Federated Mobile Crowdsensing
基于异构图神经网络的联合移动群智感知
  • 批准号:
    23K24829
  • 财政年份:
    2024
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
CAREER: Integrating Graph Theory based Networks with Machine Learning for Enhanced Process Synthesis and Design
职业:将基于图论的网络与机器学习相集成以增强流程综合和设计
  • 批准号:
    2339588
  • 财政年份:
    2024
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Continuing Grant
Development and integration of organic solar cell and organic transistor materials using graph-based machine learning
使用基于图形的机器学习开发和集成有机太阳能电池和有机晶体管材料
  • 批准号:
    23H02064
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
CSR: Small: Processing-in-Memory enabled Manycore Systems to Accelerate Graph Neural Network-based Data Analytics
CSR:小型:启用内存处理的众核系统可加速基于图神经网络的数据分析
  • 批准号:
    2308530
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Standard Grant
SHINE: Understanding the Relationships of Photospheric Vector Magnetic Field Parameters in Solar Flare Occurrences using Graph-based Machine Learning Models
SHINE:使用基于图的机器学习模型了解太阳耀斑发生时光球矢量磁场参数的关系
  • 批准号:
    2301397
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Standard Grant
A Graph-based Methodology for Modeling the Nucleation of Weak Electrolytes
基于图形的弱电解质成核建模方法
  • 批准号:
    2317787
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Continuing Grant
Taking the structure of proteins into account: predicting if infections are resistant to B-lactam antibiotics using graph-based convolutional neural n
考虑蛋白质的结构:使用基于图的卷积神经网络预测感染是否对 B-内酰胺抗生素具有耐药性
  • 批准号:
    2886022
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Studentship
Automatic Methods for Knowledge Graph Construction using Ontology-based Context Management
使用基于本体的上下文管理的知识图谱自动构建方法
  • 批准号:
    23H03462
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
SCH: Graph-based Spatial Transcriptomics Computational Methods in Kidney Diseases
SCH:肾脏疾病中基于图的空间转录组学计算方法
  • 批准号:
    10816929
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
Realization of Graph Neural SLAM, a next-generation SLAM technology based on knowledge-intensive maps
基于知识密集型地图的下一代SLAM技术Graph Neural SLAM的实现
  • 批准号:
    23K11270
  • 财政年份:
    2023
  • 资助金额:
    $ 1.88万
  • 项目类别:
    Grant-in-Aid for Scientific Research (C)
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了