In this work, we present LENTA (Longitudinal Exploration for Network Traffic Analysis), a system that supports the network analysts in the identification of traffic generated by services and applications running on the web. In the case of URLs observed in operative network, LENTA simplifies the analyst’s job by letting her observe few hundreds of clusters instead of the original hundred thousands of single URLs. We implement a self-learning methodology, where the system grows its knowledge, which is used in turn to automatically associate traffic to previously observed services, and identify new traffic generated by possibly suspicious applications. This approach lets the analysts easily observe changes in network traffic, identify new services, and unexpected activities. We follow a data-driven approach and run LENTA on traces collected both in ISP networks and directly on hosts via proxies. We analyze traffic in batches of 24-hours worth of traffic. Big data solutions are used to enable horizontal scalability and meet performance requirements. We show that LENTA allows the analyst to clearly understand which services are running on their network, possibly highlighting malicious traffic and changes over time, greatly simplifying the view and understanding of the network traffic.
|Titolo:||LENTA: Longitudinal Exploration for Network Traffic Analysis from Passive Data|
|Data di pubblicazione:||2019|
|Digital Object Identifier (DOI):||10.1109/TNSM.2019.2927409|
|Appare nelle tipologie:||1.1 Articolo in rivista|
File in questo prodotto:
|LENTA__Longitudinal_Exploration_for_Network_Traffic_Analysis_from_Passive_Data.pdf||Camera ready||2. Post-print||Non Pubblico - Accesso privato/ristretto||Administrator Richiedi una copia|
|08758184.pdf||versione finale||2. Post-print||PUBBLICO - Tutti i diritti riservati||Visibile a tuttiVisualizza/Apri|