Efficient Multi-Dimensional Flow Correlation

L
LCN
2007
32nd IEEE Conference on Local Computer Networks (LCN 2007)
Abstract - Efficient Multi-Dimensional Flow Correlation

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by W. Timothy Strayer Articles by Christine Jones Articles by Beverly Schwartz Articles by Sarah Edwards Articles by Walter Milliken Articles by Alden Jackson

32nd IEEE Conference on Local Computer Networks (LCN 2007)

Dublin, Ireland

October 15-October 18

ISBN: 0-7695-3000-1

	ASCII Text	x
	W. Timothy Strayer, Christine Jones, Beverly Schwartz, Sarah Edwards, Walter Milliken, Alden Jackson, "Efficient Multi-Dimensional Flow Correlation," Local Computer Networks, Annual IEEE Conference on, pp. 531-538, 32nd IEEE Conference on Local Computer Networks (LCN 2007), 2007.

	BibTex	x
	@article{ 10.1109/LCN.2007.132, author = {W. Timothy Strayer and Christine Jones and Beverly Schwartz and Sarah Edwards and Walter Milliken and Alden Jackson}, title = {Efficient Multi-Dimensional Flow Correlation}, journal ={Local Computer Networks, Annual IEEE Conference on}, volume = {0}, year = {2007}, issn = {0742-1303}, pages = {531-538}, doi = {http://doi.ieeecomputersociety.org/10.1109/LCN.2007.132}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Local Computer Networks, Annual IEEE Conference on TI - Efficient Multi-Dimensional Flow Correlation SN - 0742-1303 SP531 EP538 A1 - W. Timothy Strayer, A1 - Christine Jones, A1 - Beverly Schwartz, A1 - Sarah Edwards, A1 - Walter Milliken, A1 - Alden Jackson, PY - 2007 KW - correlation algorithms; flow correlation; stepping stone detection VL - 0 JA - Local Computer Networks, Annual IEEE Conference on ER -

W. Timothy Strayer, BBN Technologies, USA

Christine Jones, BBN Technologies, USA

Beverly Schwartz, BBN Technologies, USA

Sarah Edwards, BBN Technologies, USA

Walter Milliken, BBN Technologies, USA

Alden Jackson, BBN Technologies, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/LCN.2007.132

Flow correlation algorithms compare flows to determine similarity, and are especially useful and well studied for detecting flow chains through "stepping stone" hosts. Most correlation algorithms use only one characteristic and require all values in the correlation matrix (the correlation value of all flows to all other flows) to be updated on every event. We have developed an algorithm that tracks multiple (n) characteristics per flow, and requires updating only the flow?s n values upon an event, not all the values for all the flows. The n correlation values are used as coordinates for a point in n-space; two flows are considered correlated if there is a very small Euclidean distance between them. Our results show that this algorithm is efficient in space and compute time, is resilient against anomalies in the flow, and has uses outside of stepping stone detection.

Index Terms:

correlation algorithms; flow correlation; stepping stone detection

Citation:

W. Timothy Strayer, Christine Jones, Beverly Schwartz, Sarah Edwards, Walter Milliken, Alden Jackson, "Efficient Multi-Dimensional Flow Correlation," lcn, pp.531-538, 32nd IEEE Conference on Local Computer Networks (LCN 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.