Who uses the network? What kind of applications do we see? Can we detect attacks and viruses? Can we detect when a user is under attack? Monitoring network traffic and detecting unwanted applications has become a challenging problem, since many applications obfuscate their traffic using unregistered port numbers or payload encryption. Apart from some notable exceptions, most traffic monitoring tools use two types of approaches: (a) keeping traffic statistics such as packet sizes and inter-arrivals, flow counts, byte volumes, etc or (b) analyzing packet content.

In this talk, we provide an overview of our work to answer the above questions. More specifically, we address the problems of traffic classification, and host profiling. We present a fundamentally different approach to classifying traffic flows according to the applications that generate them. In contrast to previous methods, our novel graph-based approach is based on observing and identifying patterns of host behavior at the transport layer and the network wide behavior of the community of interacting nodes.

[slides]

Michalis Faloutsos is a faculty member at the Computer Science Dept in University of California, Riverside. He got his bachelor's degree at the National Technical University of Athens and his M.Sc and Ph.D. at the University of Toronto. His interests include, Internet protocols and measurements, peer-to-peer networks, network security, BGP routing, and ad-hoc networks. He is actively involved in the community as a reviewer and a TPC member in many conferences and journals. With his two brothers, he co-authored the paper on powerlaws of the Internet topology (SIGCOMM'99, which is one of the top ten most cited papers of 199. His most recent work on peer-to-peer measurements have been widely cited in popular printed and electronic press such as slashdot, ACM Electronic News, USA Today, and Wired. Most recently he has focused on the classification of traffic and identification of abnormal network behavior. He also works in the area of Internet routing (BGP), and ad hoc networks routing, and network security, with emphasis on routing.