TY - GEN
T1 - T-MAW
T2 - 20th International Conference on Network and Service Management, CNSM 2024
AU - Stephan, Maximilian
AU - Zerwas, Johannes
AU - Kellerer, Wolfgang
N1 - Publisher Copyright:
© 2024 IFIP.
PY - 2024
Y1 - 2024
N2 - A significant portion of modern network traffic analysis still relies on human expertise only. To overcome human limitations in light of increases in volume, dynamicity, and overall traffic complexity, modern networks need to autonomously gain an understanding of traffic patterns and present them in an interpretable way. This work presents T-MAW, an approach for Traffic Monitoring and Analysis using Weighted Stochastic Block Models (WSBMs). T-MAW applies WSBMs to network data to create traffic characterizations in human-interpretable form. In addition to the insights gained from the fitted models, T-MAW evaluates unseen traffic against these models to perform anomaly detection. Both, network node behavior characterization and anomaly detection complement human expertise in modern network traffic analysis. As an example, we show how T-MAW can be used to create a behavior-based structured view of network nodes in a real campus network. In the anomaly detection context, we present results for an IP scan attack against the network, as well as from a layer-2 device fault that caused network disruption.
AB - A significant portion of modern network traffic analysis still relies on human expertise only. To overcome human limitations in light of increases in volume, dynamicity, and overall traffic complexity, modern networks need to autonomously gain an understanding of traffic patterns and present them in an interpretable way. This work presents T-MAW, an approach for Traffic Monitoring and Analysis using Weighted Stochastic Block Models (WSBMs). T-MAW applies WSBMs to network data to create traffic characterizations in human-interpretable form. In addition to the insights gained from the fitted models, T-MAW evaluates unseen traffic against these models to perform anomaly detection. Both, network node behavior characterization and anomaly detection complement human expertise in modern network traffic analysis. As an example, we show how T-MAW can be used to create a behavior-based structured view of network nodes in a real campus network. In the anomaly detection context, we present results for an IP scan attack against the network, as well as from a layer-2 device fault that caused network disruption.
KW - machine learning
KW - ntma
KW - wsbm
UR - http://www.scopus.com/inward/record.url?scp=85216569068&partnerID=8YFLogxK
U2 - 10.23919/CNSM62983.2024.10814420
DO - 10.23919/CNSM62983.2024.10814420
M3 - Conference contribution
AN - SCOPUS:85216569068
T3 - Proceedings of the 2024 20th International Conference on Network and Service Management: AI-Powered Network and Service Management for Tomorrow's Digital World, CNSM 2024
BT - Proceedings of the 2024 20th International Conference on Network and Service Management
A2 - Varga, Pal
A2 - Celeda, Pavel
A2 - Wauters, Tim
A2 - Tortonesi, Mauro
A2 - Francois, Jerome
A2 - Jimenez-Galan, Jaime
A2 - Francois, Jerome
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 28 October 2024 through 31 October 2024
ER -