Enterprise networks of scale are complex,
dynamic computing environments that respond to evolv-
ing business objectives and requirements. Characteriz-
ing system behaviors in these environments is essential
for network management and cyber security operations.
Characterization of system’s communication is typical and
is supported using network flow information (NetFlow).
Related work has characterized behavior using theoretical
graph metrics; results are often difficult to interpret
by enterprise staff. We propose a different approach,
where flow information is mapped to sets of tags that
contextualize the data in terms of network principals and
enterprise concepts. Frequent patterns are then extracted
and are expressed as behaviors. Behaviors can be com-
pared, identifying systems expressing similar behaviors.
We evaluate the approach using flow information collected
by a third party.
Revised: June 4, 2018 |
Published: June 8, 2017
Citation
Carroll T.E., S. Chikkagoudar, K.M. Arthur-Durett, and D.G. Thomas. 2017.Automating Network Node Behavior Characterization by Mining Communication Patterns. In IEEE International Symposium on Technologies for Homeland Security (HST 2017), April 25-26, 2017, Waltham, MA, 1-7. Piscataway, New Jersey:IEEE.PNNL-SA-122293.doi:10.1109/THS.2017.7943510