Workload Characterization And Application Investigation Of Periodic Network Traffic

Periodic behavior is a kind of particular behavior model in network.It is normally used to automatically achieve the communications between hosts on the network,including aliveness detection in P2 P network,information exchange between mirror servers and reliability detection of service,etc.In network security area,the detection of periodic traffic is also widely used to detect botnet and other malicious activities.The analysis of periodic traffic within network will help understand the performance of current network environment,as well as locating potential security threats.However,existing works still suffer from several problems such low-efficiency and inefficient usage of periodicity.This work provides a systematic investigation of periodic network traffic.It consists of three major parts,including: periodic traffic detection,classification and utilization.By analyzing real world data,this work has classified and investigated the ecosystem of periodic traffic within current network.Botnet related attributes are emphasized.Based on this our work has remedied the insufficient of periodicity in existing works by introducing the noise rate,mutation rate into consideration.The major contributions including:1.Two periodicity detection methods are proposed in this work,i.e.: threshold based method and -value based method.These two methods together achieves the filtration of periodic traffic from arge-scaled network dataset efficiently.2.Based on the filtration result,we proposed the very first classification based investigation of eriodic network traffic.By adopting 5 different classification standards,this thesis classifies the eriodic network traffic we collected from a real network.Each category was discussed in detail n this work.By doing this classification,we describe the ecosystem of periodic traffic.Some otential problems are also addressed.3.Based on the detailed understanding of periodic traffic,we proposed an updated method to detect otnet based on periodicity.The proposed method changes the traditional binary utilization of eriodicity.More related attributes are explored from it.By applying these attributes together hrough a KNN classifier,the proposed method improves the False Negative Rate and False Positive ate by 2.4% and 1.7% respectively compared with traditional work.