This study investigates the feasibility of establishing and maintaining a system of compact IP behavioral profiles as a robust means of computer anomaly definition and detection. These profiles are based upon the degree to which a systems (IPs) network traffic is distributed among stable characteristic clusters derived of the aggregate session traffic generated by each of the major network services. In short, an IPs profile represents its degree of membership in these derived service clusters. The goal is to quantify and rank behaviors that are outside of the statistical norm for the services in question, or present significant deviation from profile for individual client IPs. Herein, we establish stable clusters for accessible features of common session traffic, migrate these clusters over time, define IP behavior profiles with respect to these clusters, migrate individual IP profiles over time, and demonstrate the detection of IP behavioral changes in terms of deviation from profile.
PDF
download
878987797
028-85220240
