Network Behavior Analysis (eBook)

This book provides a comprehensive overview of network behavior analysis that mines Internet traffic data in order to extract, model, and make sense of behavioral patterns in Internet 'objects' such as end hosts, smartphones, Internet of things, and applications. The objective of this book is to fill the book publication gap in network behavior analysis, which has recently become an increasingly important component of comprehensive network security solutions for data center networks, backbone networks, enterprise networks, and edge networks.

The book presents fundamental principles and best practices for measuring, extracting, modeling and analyzing network behavior for end hosts and applications on the basis of Internet traffic data. In addition, it explains the concept and key elements (e.g., what, who, where, when, and why) of communication patterns and network behavior of end hosts and network applications, drawing on data mining, machine learning, information theory, probabilistic graphical and structural modeling to do so. The book also discusses the benefits of network behavior analysis for applications in cybersecurity monitoring, Internet traffic profiling, anomaly traffic detection, and emerging application detections.

The book will be of particular interest to researchers and practitioners in the fields of Internet measurement, traffic analysis, and cybersecurity, since it provides a spectrum of innovative techniques for summarizing behavior models, structural models, and graphic models of Internet traffic, and explains how to leverage the results for a broad range of real-world applications in network management, security operations, and cyber-intelligent analysis. After finishing this book, readers will 1) have learned the principles and practices of measuring, modeling, and analyzing network behavior on the basis of massive Internet traffic data; 2) be able to make sense of network behavior for a spectrum of applications ranging from cybersecurity and network monitoring to emerging application detection; and 3) understand how to explore network behavior analysis to complement traditional perimeter-based firewall and intrusion detection systems in order to detect unusual traffic patterns or zero-day security threats using data mining and machine learning techniques. To ideally benefit from this book, readers should have a basic grasp of TCP/IP protocols, data packets, network flows, and Internet applications.

Dr. Kuai Xu is a Full Professor at Arizona State University. He received his B.S. and M.S. degrees from Peking University in 1998 and 2001, respectively, and his Ph.D. from the University of Minnesota Twin Cities in 2006, all in computer science. His research interests include network behavior analysis, Internet measurement, cybersecurity, and network forensics. He has published over 70 papers in prestigious journals and conferences including ACM SIGCOMM, IEEE INFOCOM, IEEE/ACM Transactions on Networking, and IEEE Transactions on Industrial Informatics. He has served on numerous technical program committees for major conferences including the ACM Internet Measurement Conference (IMC), IEEE GLOBECOM, IEEE ICCCN, and IEEE INFOCOM. Dr. Xu is Member of the ACM and Senior Member of the IEEE.

---

This book provides a comprehensive overview of network behavior analysis that mines Internet traffic data in order to extract, model, and make sense of behavioral patterns in Internet "e;objects"e; such as end hosts, smartphones, Internet of things, and applications. The objective of this book is to fill the book publication gap in network behavior analysis, which has recently become an increasingly important component of comprehensive network security solutions for data center networks, backbone networks, enterprise networks, and edge networks.The book presents fundamental principles and best practices for measuring, extracting, modeling and analyzing network behavior for end hosts and applications on the basis of Internet traffic data. In addition, it explains the concept and key elements (e.g., what, who, where, when, and why) of communication patterns and network behavior of end hosts and network applications, drawing on data mining, machine learning, information theory, probabilistic graphical and structural modeling to do so. The book also discusses the benefits of network behavior analysis for applications in cybersecurity monitoring, Internet traffic profiling, anomaly traffic detection, and emerging application detections.The book will be of particular interest to researchers and practitioners in the fields of Internet measurement, traffic analysis, and cybersecurity, since it provides a spectrum of innovative techniques for summarizing behavior models, structural models, and graphic models of Internet traffic, and explains how to leverage the results for a broad range of real-world applications in network management, security operations, and cyber-intelligent analysis. After finishing this book, readers will 1) have learned the principles and practices of measuring, modeling, and analyzing network behavior on the basis of massive Internet traffic data; 2) be able to make sense of network behavior for a spectrum of applications ranging from cybersecurity and network monitoring to emerging application detection; and 3) understand how to explore network behavior analysis to complement traditional perimeter-based firewall and intrusion detection systems in order to detect unusual traffic patterns or zero-day security threats using data mining and machine learning techniques. To ideally benefit from this book, readers should have a basic grasp of TCP/IP protocols, data packets, network flows, and Internet applications.