Research On Method Of Community Discovery Based On Network Behavior

It is important to timely detect new applications and identify network anomalies.In the observation of network,IPs with similar communication behaviors will cluster and form network communities.Community discovery contributes to a macroscopic observation on the network,through which maj or events and potential threats can be recognized in time.In this paper,real traffic data is used to analyze the network.With relationship of IPs and behavior of traffic both under consideration,a method and a system of community discovery are proposed as well.The contents in this paper includes as follows:A new method for community discovery is proposed,which combines topology dividing and traffic clustering.In topology dividing,the use of ports is considered,which results in a good modularity.In traffic clustering,features are extracted in 2 levels:flow and IP-pair,which can describe the behavior of hosts more accurately.The experimental results show that this method can not only identify the IP addresses carrying multiple services,but also distinguish between normal users and malicious users accessing the same website.Based on the method proposed above,a network community discovery system is designed and implemented.According to the requirements and functions,all aspects in community discovery are integrated,and the system is divided into multiple modules which are designed and implemented separately.The system can assist in the work of network community discovery by showing the results to the user intuitively.The content displayed includes information such as the topological relationship of the community and the distribution of the characteristics of the traffic.Finally,real network traffic data is used for experiments.The experimental results show that the method can find the communities composed of hosts with similar topological relations and traffic behavior,and accurately reflect the group behavior of hosts.The community discovery system in this paper contributes to the observation and analysis of the network community,which has high practical value.