Host Behavior in Computer Network: One-Year Study

Host Behavior in Computer Network: One-Year Study

An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. Hence, host profiling methods attr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE eTransactions on network and service management 2021-03, Vol.18 (1), p.822-838
Hauptverfasser: Jirsik, Tomas, Velan, Petr
Format: Artikel
Sprache:eng
Schlagworte:
Anomalies
Business
clustering
Computer networks
Computer science
Datasets
host profiling
IP networks
Labeling
netflow
Network measurement
Security
Stability analysis
temporal patterns
Variability
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 838
container_issue 1
container_start_page 822
container_title IEEE eTransactions on network and service management
container_volume 18
creator Jirsik, Tomas
Velan, Petr
description An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. Hence, host profiling methods attract the interest of many researchers, and novel methods for host profiling are being introduced. However, these methods are frequently developed on preprocessed and small datasets. Therefore, they do not reflect the real-world artifacts of the host profiling, such as missing observations, temporal patterns, or variability in the profile characteristics in time. To provide the needed insight into the artifacts of host profiling in real-world settings, we present a study of the host behavior in a network conducted on a one-year-long real-world network dataset. In the study, we inspect the availability of the data for host profiling, identify the temporal patterns in host behavior, introduce a method for stable labeling of the hosts, and assess the variability of the host characteristics in the course of the year using the coefficient of variance. Moreover, we make the one-year dataset containing nine characteristics used for host behavior analysis available for public use and further research, including selected use cases representing host profiling caveats. We also share the record of analysis presented in the paper.
doi_str_mv 10.1109/TNSM.2020.3036528
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2501322616</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9250634</ieee_id><sourcerecordid>2501322616</sourcerecordid><originalsourceid>FETCH-LOGICAL-c336t-e1176d42d259fa24be462395d3492f8c196753ae3c58cc1c8e01a5557abcbb323</originalsourceid><addsrcrecordid>eNpNkDFPwzAQhS0EEqXwAxBLJOYEny92YjaogCKVdmgZmCzHuYgU2hQ7AfXfk6oVYro3fO-d9DF2CTwB4PpmMZ2_JIILniBHJUV-xAagUcSpxOz4Xz5lZyEsOZc5aDFgMG5CG93Tu_2uGx_V62jUrDZdSz6aUvvT-I_baLam-I2sj-ZtV27P2UllPwNdHO6QvT4-LEbjeDJ7eh7dTWKHqNqYADJVpqIUUldWpAWlSqCWJaZaVLkDrTKJltDJ3DlwOXGwUsrMFq4oUOCQXe93N7756ii0Ztl0ft2_NEJyQCEUqJ6CPeV8E4Knymx8vbJ-a4CbnRmzM2N2ZszBTN-52ndqIvrjdb-qMMVf6NBdGQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2501322616</pqid></control><display><type>article</type><title>Host Behavior in Computer Network: One-Year Study</title><source>IEEE Electronic Library (IEL)</source><creator>Jirsik, Tomas ; Velan, Petr</creator><creatorcontrib>Jirsik, Tomas ; Velan, Petr</creatorcontrib><description>An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. Hence, host profiling methods attract the interest of many researchers, and novel methods for host profiling are being introduced. However, these methods are frequently developed on preprocessed and small datasets. Therefore, they do not reflect the real-world artifacts of the host profiling, such as missing observations, temporal patterns, or variability in the profile characteristics in time. To provide the needed insight into the artifacts of host profiling in real-world settings, we present a study of the host behavior in a network conducted on a one-year-long real-world network dataset. In the study, we inspect the availability of the data for host profiling, identify the temporal patterns in host behavior, introduce a method for stable labeling of the hosts, and assess the variability of the host characteristics in the course of the year using the coefficient of variance. Moreover, we make the one-year dataset containing nine characteristics used for host behavior analysis available for public use and further research, including selected use cases representing host profiling caveats. We also share the record of analysis presented in the paper.</description><identifier>ISSN: 1932-4537</identifier><identifier>EISSN: 1932-4537</identifier><identifier>DOI: 10.1109/TNSM.2020.3036528</identifier><identifier>CODEN: ITNSC4</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Anomalies ; Business ; clustering ; Computer networks ; Computer science ; Datasets ; host profiling ; IP networks ; Labeling ; netflow ; Network measurement ; Security ; Stability analysis ; temporal patterns ; Variability</subject><ispartof>IEEE eTransactions on network and service management, 2021-03, Vol.18 (1), p.822-838</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c336t-e1176d42d259fa24be462395d3492f8c196753ae3c58cc1c8e01a5557abcbb323</citedby><cites>FETCH-LOGICAL-c336t-e1176d42d259fa24be462395d3492f8c196753ae3c58cc1c8e01a5557abcbb323</cites><orcidid>0000-0002-2824-4299 ; 0000-0002-6180-1069</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9250634$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids></links><search><creatorcontrib>Jirsik, Tomas</creatorcontrib><creatorcontrib>Velan, Petr</creatorcontrib><title>Host Behavior in Computer Network: One-Year Study</title><title>IEEE eTransactions on network and service management</title><addtitle>T-NSM</addtitle><description>An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. Hence, host profiling methods attract the interest of many researchers, and novel methods for host profiling are being introduced. However, these methods are frequently developed on preprocessed and small datasets. Therefore, they do not reflect the real-world artifacts of the host profiling, such as missing observations, temporal patterns, or variability in the profile characteristics in time. To provide the needed insight into the artifacts of host profiling in real-world settings, we present a study of the host behavior in a network conducted on a one-year-long real-world network dataset. In the study, we inspect the availability of the data for host profiling, identify the temporal patterns in host behavior, introduce a method for stable labeling of the hosts, and assess the variability of the host characteristics in the course of the year using the coefficient of variance. Moreover, we make the one-year dataset containing nine characteristics used for host behavior analysis available for public use and further research, including selected use cases representing host profiling caveats. We also share the record of analysis presented in the paper.</description><subject>Anomalies</subject><subject>Business</subject><subject>clustering</subject><subject>Computer networks</subject><subject>Computer science</subject><subject>Datasets</subject><subject>host profiling</subject><subject>IP networks</subject><subject>Labeling</subject><subject>netflow</subject><subject>Network measurement</subject><subject>Security</subject><subject>Stability analysis</subject><subject>temporal patterns</subject><subject>Variability</subject><issn>1932-4537</issn><issn>1932-4537</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><recordid>eNpNkDFPwzAQhS0EEqXwAxBLJOYEny92YjaogCKVdmgZmCzHuYgU2hQ7AfXfk6oVYro3fO-d9DF2CTwB4PpmMZ2_JIILniBHJUV-xAagUcSpxOz4Xz5lZyEsOZc5aDFgMG5CG93Tu_2uGx_V62jUrDZdSz6aUvvT-I_baLam-I2sj-ZtV27P2UllPwNdHO6QvT4-LEbjeDJ7eh7dTWKHqNqYADJVpqIUUldWpAWlSqCWJaZaVLkDrTKJltDJ3DlwOXGwUsrMFq4oUOCQXe93N7756ii0Ztl0ft2_NEJyQCEUqJ6CPeV8E4Knymx8vbJ-a4CbnRmzM2N2ZszBTN-52ndqIvrjdb-qMMVf6NBdGQ</recordid><startdate>202103</startdate><enddate>202103</enddate><creator>Jirsik, Tomas</creator><creator>Velan, Petr</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-2824-4299</orcidid><orcidid>https://orcid.org/0000-0002-6180-1069</orcidid></search><sort><creationdate>202103</creationdate><title>Host Behavior in Computer Network: One-Year Study</title><author>Jirsik, Tomas ; Velan, Petr</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c336t-e1176d42d259fa24be462395d3492f8c196753ae3c58cc1c8e01a5557abcbb323</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Anomalies</topic><topic>Business</topic><topic>clustering</topic><topic>Computer networks</topic><topic>Computer science</topic><topic>Datasets</topic><topic>host profiling</topic><topic>IP networks</topic><topic>Labeling</topic><topic>netflow</topic><topic>Network measurement</topic><topic>Security</topic><topic>Stability analysis</topic><topic>temporal patterns</topic><topic>Variability</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Jirsik, Tomas</creatorcontrib><creatorcontrib>Velan, Petr</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><jtitle>IEEE eTransactions on network and service management</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Jirsik, Tomas</au><au>Velan, Petr</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Host Behavior in Computer Network: One-Year Study</atitle><jtitle>IEEE eTransactions on network and service management</jtitle><stitle>T-NSM</stitle><date>2021-03</date><risdate>2021</risdate><volume>18</volume><issue>1</issue><spage>822</spage><epage>838</epage><pages>822-838</pages><issn>1932-4537</issn><eissn>1932-4537</eissn><coden>ITNSC4</coden><abstract>An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. Hence, host profiling methods attract the interest of many researchers, and novel methods for host profiling are being introduced. However, these methods are frequently developed on preprocessed and small datasets. Therefore, they do not reflect the real-world artifacts of the host profiling, such as missing observations, temporal patterns, or variability in the profile characteristics in time. To provide the needed insight into the artifacts of host profiling in real-world settings, we present a study of the host behavior in a network conducted on a one-year-long real-world network dataset. In the study, we inspect the availability of the data for host profiling, identify the temporal patterns in host behavior, introduce a method for stable labeling of the hosts, and assess the variability of the host characteristics in the course of the year using the coefficient of variance. Moreover, we make the one-year dataset containing nine characteristics used for host behavior analysis available for public use and further research, including selected use cases representing host profiling caveats. We also share the record of analysis presented in the paper.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TNSM.2020.3036528</doi><tpages>17</tpages><orcidid>https://orcid.org/0000-0002-2824-4299</orcidid><orcidid>https://orcid.org/0000-0002-6180-1069</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1932-4537
ispartof IEEE eTransactions on network and service management, 2021-03, Vol.18 (1), p.822-838
issn 1932-4537
1932-4537
language eng
recordid cdi_proquest_journals_2501322616
source IEEE Electronic Library (IEL)
subjects Anomalies
Business
clustering
Computer networks
Computer science
Datasets
host profiling
IP networks
Labeling
netflow
Network measurement
Security
Stability analysis
temporal patterns
Variability
title Host Behavior in Computer Network: One-Year Study
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-12T22%3A54%3A42IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Host%20Behavior%20in%20Computer%20Network:%20One-Year%20Study&rft.jtitle=IEEE%20eTransactions%20on%20network%20and%20service%20management&rft.au=Jirsik,%20Tomas&rft.date=2021-03&rft.volume=18&rft.issue=1&rft.spage=822&rft.epage=838&rft.pages=822-838&rft.issn=1932-4537&rft.eissn=1932-4537&rft.coden=ITNSC4&rft_id=info:doi/10.1109/TNSM.2020.3036528&rft_dat=%3Cproquest_cross%3E2501322616%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2501322616&rft_id=info:pmid/&rft_ieee_id=9250634&rfr_iscdi=true