12:45PM, Thursday, March 16th 2006.
Gates 104

Profiling Backbone Traffic: Behavior Models, Applications and Implementation

Supratik Bhattacharyya
Sprint Labs

About the talk:
Recent spates of cyber attacks and the frequent emergence of disruptive applications in the Internet has made it imperative to design techniques that can automatically extract, and make sense of, significant behavioral patterns from massive volumes of traffic data.  In this talk, I will present a methodology for building comprehensive behavioral profiles of Internet traffic in terms of communication patterns of end-hosts. This methodology relies on information-theoretic and data-mining techniques, and consists of significant cluster extraction, automatic behavior classification and structural modeling for interpretive analyses. Using traffic data from the Internet core, I will demonstrate how this methodology enables us to identify canonical profiles, deviant or unusual behavior as well as malicious activities such as port scans and DOS attacks. Finally, I will discuss a real-time implementation of this profiling system using information collected from always-on packet monitoring systems.


About the speaker:
Supratik Bhattacharyya  is a Distinguished Member of Technical Staff at Sprint Advanced Technology Laboratories in Burlingame CA. He holds a PhD from the University of Massachusetts Amherst. He is broadly interested in Internet protocols and systems, and wireless communications and services. His work at Sprint has covered a number of aspects of core IP networks such as performance monitoring, routing, traffic engineering and fault tolerance. He is currently working on seamless mobile communication across heterogeneous access networks, and on mining network traffic data collected from high-speed links.