Unauthorized Network Services Detection by Flow Analysis

Authors

  • M. Ekmanis Riga Technical University
  • V. Novikovs Riga Technical University
  • A. Ruško Riga Technical University

Abstract

There is no strong semantic structure in network traffic behavior so the most general abstraction query-by-example can be used to identify particular application. Automatic traffic grouping is also possible according to some similarity or dissimilarity distance, if such is defined. We propose a new distinction distance as a method to define the distance between network flows. Cluster analysis is done using distinction distance matrix calculated from real traffic flow dumps. The experiment shows the ability of algorithm to identify a traffic source by example and group similar sources together. Ill. 5, bibl. 13 (in English; summaries in English, Russian and Lithuanian).

Downloads

Published

2008-05-20

How to Cite

Ekmanis, M., Novikovs, V., & Ruško, A. (2008). Unauthorized Network Services Detection by Flow Analysis. Elektronika Ir Elektrotechnika, 85(5), 53-56. Retrieved from https://eejournal.ktu.lt/index.php/elt/article/view/11161

Issue

Vol. 85 No. 5 (2008)

Section

T 180 TELECOMMUNICATION ENGINEERING

License

The copyright for the paper in this journal is retained by the author(s) with the first publication right granted to the journal. The authors agree to the Creative Commons Attribution 4.0 (CC BY 4.0) agreement under which the paper in the Journal is licensed.

By virtue of their appearance in this open access journal, papers are free to use with proper attribution in educational and other non-commercial settings with an acknowledgement of the initial publication in the journal.