Kaleido: Network traffic attribution using multifaceted footprinting

Ting Wang, Fei Wang, Reiner Sailer, Douglas Schales

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Network traffic attribution, namely, inferring users responsible for activities observed on network interfaces, is one fundamental yet challenging task in network security forensics. Compared with other user-system interaction records, network traces are inherently coarsegrained, context-sensitive, and detached from user ends. This paper presents Kaleido, a new network traffic attribution tool with a series of key features: a) it adopts a new class of inductive discriminant models to capture user- and context-specific patterns ("footprints") from different aspects of network traffic; b) it applies efficient learning methods to extracting and aggregating such footprints from noisy historical traces; c) with the help of novel indexing structures, it is able to perform efficient, runtime traffic attribution over high-volume network traces. The efficacy of Kaleido is evaluated with extensive experimental studies using the real network traces collected over three months in a large enterprise network.

Original languageEnglish (US)
Title of host publicationSIAM International Conference on Data Mining 2014, SDM 2014
EditorsPang Ning-Tan, Arindam Banerjee, Srinivasan Parthasarathy, Zoran Obradovic, Chandrika Kamath, Mohammed Zaki
PublisherSociety for Industrial and Applied Mathematics Publications
Pages695-703
Number of pages9
ISBN (Electronic)9781510811515
DOIs
StatePublished - 2014
Event14th SIAM International Conference on Data Mining, SDM 2014 - Philadelphia, United States
Duration: Apr 24 2014Apr 26 2014

Publication series

NameSIAM International Conference on Data Mining 2014, SDM 2014
Volume2

Other

Other14th SIAM International Conference on Data Mining, SDM 2014
CountryUnited States
CityPhiladelphia
Period4/24/144/26/14

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'Kaleido: Network traffic attribution using multifaceted footprinting'. Together they form a unique fingerprint.

Cite this