Toronto Networking Seminar

Traffic Monitoring and Application Classification: A Novel Approach

Michalis Faloutsos
Department of Computer Science
University of California,  Riverside

Date:  Tuesday, September 4,  Time 2pm
Location: BA 1220 (Bahen Center)


Who uses the network? What kind of applications do we see? Can we detect attacks and viruses? Can we detect when a user is under attack? In this talk, we provide an overview of our work to answer the above questions. More specifically, we address the problems of traffic classification, and host profiling. First, we present a fundamentally different approach to classifying traffic flows according to  the applications that generate them. In contrast to previous methods,  our novel graph-based approach is based  on observing and identifying patterns of host  behavior at the transport layer.  We analyze  these patterns at three levels of increasing detail (i) the social, (ii) the functional  and (iii) the application level. Second, we modify our approach for profiling the  end-host behavior by looking at each interactions. We propose techniques to summarize, and evolve over time the profiles of hosts. We argue that our approach could aid in identifying attacks at the user and at the enterprise level.

Michalis Faloutsos received the B.Sc. degree in Electrical engineering (1993) from the national Technical University of Athens, Greece and the M.Sc. and Ph.D. degrees in Computer Science from the University of Toronto, Canada (1999). He is currently an Associate Professor at the University of California Riverside. He has received the CAREER award from NSF (2000), and two major DARPA grants. He has co-authored with Christos and Petros Faloutsos the highly-cite paper "On Powerlaws and the Internet Topology" (SIGCOMM '99), which renewed the interest of the community in modeling the Internet topology. His interests include Internet measurements, multicast protocols, real-time communications, and wireless networks.