Turkish Journal of Electrical Engineering and Computer Sciences
Graph-based approaches have been widely employed to facilitate in analyzing network flow connectivity behaviors, which aim to understand the impacts and patterns of network events. However, existing approaches suffer from lack of connectivity-behavior information and loss of network event identification. In this paper, we propose network flow connectivity graphs (NFCGs) to capture network flow behavior for modeling social behaviors from network entities. Given a set of flows, edges of a NFCG are generated by connecting pairwise hosts who communicate with each other. To preserve more information about network flows, we also embed node-ranking values and edge-weight vectors into the original NFCG. After that, a network flow connectivity behavior analysis framework is present based on NFCGs. The proposed framework consists of three modules: a graph simplification module based on diversified filtering rules, a graph feature analysis module based on quantitative or semiquantitative analysis, and a graph structure analysis module based on several graph mining methods. Furthermore, we evaluate our NFCG-based framework by using real network traffic data. The results show that NFCGs and the proposed framework can not only achieve good performance on network behavior analysis but also exhibit excellent scalability for further algorithmic implementations.
Network flow behavior analysis, network flow connectivity graphs, complex network, graph analysis, anomaly detection
HU, HANGYU; ZHAI, XUEMENG; WANG, MINGDA; and HU, GUANGMIN
"Graph analysis of network flow connectivity behaviors,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 27:
2, Article 14.
Available at: https://journals.tubitak.gov.tr/elektrik/vol27/iss2/14
Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons