Name
Abstract | ||
|---|---|---|
Traditionally, user traffic profiling is performed by analyzing traffic traces collected on behalf of the user at aggregation points located in the middle of the network. However, the modern enterprise network has a highly mobile population that frequently moves in and out of its physical perimeter. Thus an in-the-network monitor is unlikely to capture full user activity traces when users move outside the enterprise perimeter. The distinct environments, such as the cubicle and the coffee shop (among others), that users visit, may each pose different constraints and lead to varied behavioral modes. It is thus important to ask: is the profile of a user constructed in one environment representative of the same user in another environment? In this paper, we answer in the negative for the mobile population of an enterprise. Using real corporate traces collected at nearly 400 end-hosts for approximately 5 weeks, we study how end-host usage differs across three environments: inside the enterprise, outside the enterprise but using a VPN, and entirely outside the enterprise network. Within these environments, we examine three types of features: (i) environment lifetimes, (ii) relative usage statistics of network services, and (iii) outlier detection thresholds as used for anomaly detection. We find significant diversity in end-host behavior across environments for many features, thus indicating that profiles computed for a user in one environment yield inaccurate representations of the same user in a different environment. |
Year | DOI | Venue |
|---|---|---|
2008 | 10.1007/978-3-540-79232-1_21 | PAM |
Keywords | Field | DocType |
user traffic profiling,environment representative,enterprise end-users,full user activity trace,distinct environment,modern enterprise network,enterprise perimeter,different environment,enterprise network,mobile population,coffee shop,behavioral mode,environment lifetime,anomaly detection,network monitoring,point location,outlier detection | Population,Anomaly detection,World Wide Web,Ask price,End user,Computer security,Computer science,Profiling (computer programming),Computer network,Enterprise private network | Conference |
Volume | ISSN | ISBN |
4979 | 0302-9743 | 3-540-79231-7 |
Citations | PageRank | References |
16 | 1.08 | 10 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Frédéric Giroire | 1 | 194 | 22.80 |
| Jaideep Chandrashekar | 2 | 411 | 30.25 |
| Gainluca Iannaccone | 3 | 2140 | 156.52 |
| Konstantina Papagiannaki | 4 | 4094 | 304.11 |
| Eve M. Schooler | 5 | 2695 | 314.25 |
| Nina Taft | 6 | 2109 | 154.92 |