Profiling is emerging as a useful tool for a variety of diagnosis and security applications. Existing profiles are often narrowly focused in terms of the data they capture or the application they target. In this paper, we seek to design general end-host profiles capable of capturing and representing a broad range of user activity and behavior. We first present a novel methodology to profiling that uses a graph-based structure to represent and distill flow level information at the transport layer. Second, we develop mechanisms to: (a) summarize the information, and (b) adaptively evolve it over time.We conduct an initial study of our profiles on real user data, and observe that our method generates a compact, robust and intuitive description of user behavior.

In: PAM

Publisher: Springer-Verlag
All copyrights reserved by Springer 2007.

Details