Sciweavers

IMC
2006
ACM

Semi-automated discovery of application session structure

14 years 6 months ago
Semi-automated discovery of application session structure
While the problem of analyzing network traffic at the granularity of individual connections has seen considerable previous work and tool development, understanding traffic at a higher level—the structure of user-initiated sessions comprised of groups of related connections—remains much less explored. Some types of session structure, such as the coupling between an FTP control connection and the data connections it spawns, have prespecified forms, though the specifications do not guarantee how the forms appear in practice. Other types of sessions, such as a user reading email with a browser, only manifest empirically. Still other sessions might exist without us even knowing of their presence, such as a botnet zombie receiving instructions from its master and proceeding in turn to carry them out. We present algorithms rooted in the statistics of Poisson processes that can mine a large corpus of network connection logs to extract the apparent structure of application sessions emb...
Jayanthkumar Kannan, Jaeyeon Jung, Vern Paxson, Ca
Added 13 Jun 2010
Updated 13 Jun 2010
Type Conference
Year 2006
Where IMC
Authors Jayanthkumar Kannan, Jaeyeon Jung, Vern Paxson, Can Emre Koksal
Comments (0)