Toronto
Networking Seminar
Traffic
Monitoring and Application Classification: A Novel Approach
Michalis
Faloutsos
Department
of Computer Science
University
of California, Riverside
Date:
Tuesday, September 4, Time 2pm
Location: BA 1220 (Bahen Center)
Abstract:
Who uses the network? What
kind of applications do we see? Can we detect attacks and viruses? Can
we detect when a user is under attack? In this talk, we provide an
overview of our work to answer the above questions. More specifically,
we address the problems of traffic classification, and host profiling.
First, we present a fundamentally different approach to classifying
traffic flows according to the applications that generate
them. In contrast to previous methods, our novel graph-based
approach is based on observing and identifying patterns of
host behavior at the transport layer. We
analyze these patterns at three levels of increasing detail
(i) the social, (ii) the functional and (iii) the application
level. Second, we modify our approach for profiling the
end-host behavior by looking at each interactions. We propose
techniques to summarize, and evolve over time the profiles of hosts. We
argue that our approach could aid in identifying attacks at the user
and at the enterprise level.
Bio:
Michalis Faloutsos received the
B.Sc. degree in Electrical engineering
(1993) from the national Technical University of Athens, Greece and the
M.Sc. and Ph.D. degrees in Computer Science from the University of
Toronto, Canada (1999). He is currently an Associate Professor at the
University of California Riverside. He has received the CAREER award
from NSF (2000), and two major DARPA grants. He has co-authored with
Christos and Petros Faloutsos the highly-cite paper "On Powerlaws and
the Internet Topology" (SIGCOMM '99), which renewed the interest of the
community in
modeling the Internet topology. His interests include Internet
measurements, multicast protocols, real-time communications, and
wireless networks.
|