TY - GEN
T1 - Bayesian topic models for describing computer network behaviors
AU - Cramer, Christopher
AU - Carin, Lawrence
N1 - Generated from Scopus record by KAUST IRTS on 2021-02-09
PY - 2011/8/18
Y1 - 2011/8/18
N2 - We consider the use of Bayesian topic models in the analysis of computer network traffic. Our approach utilizes latent Dirichlet allocation and time-varying dynamic latent Dirichlet allocation, with the goal of identifying significant co-occurrences of types of network traffic, these forming topics of user behavior. In our experiments, these topics of user behavior included: (i) web traffic, (ii) email client and instant messaging, (iii) Microsoft file access, (iv) email server, and (v) other miscellaneous traffic. Each identified behavior topic included a variety of different, but related, protocols without using any a priori knowledge of the purpose of the protocol. We believe that the techniques presented in this paper can be used to form more complex topics through the use of deep packet inspection, and that such topic models could prove useful in the identification of zero-day exploits or other network threats. © 2011 IEEE.
AB - We consider the use of Bayesian topic models in the analysis of computer network traffic. Our approach utilizes latent Dirichlet allocation and time-varying dynamic latent Dirichlet allocation, with the goal of identifying significant co-occurrences of types of network traffic, these forming topics of user behavior. In our experiments, these topics of user behavior included: (i) web traffic, (ii) email client and instant messaging, (iii) Microsoft file access, (iv) email server, and (v) other miscellaneous traffic. Each identified behavior topic included a variety of different, but related, protocols without using any a priori knowledge of the purpose of the protocol. We believe that the techniques presented in this paper can be used to form more complex topics through the use of deep packet inspection, and that such topic models could prove useful in the identification of zero-day exploits or other network threats. © 2011 IEEE.
UR - http://ieeexplore.ieee.org/document/5946875/
UR - http://www.scopus.com/inward/record.url?scp=80051632300&partnerID=8YFLogxK
U2 - 10.1109/ICASSP.2011.5946875
DO - 10.1109/ICASSP.2011.5946875
M3 - Conference contribution
SN - 9781457705397
SP - 1888
EP - 1891
BT - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings
ER -