Computing and Information Systems - Research Publications

Permanent URI for this collection

http://hdl.handle.net/11343/350

Filters

2017 - 2019 1 2020 - 2021 2
3
Reset filters

Settings
Statistics
Citations
Author: Alipourchavary, Elaheh × Author: Leckie, Christopher × Start date: 2017 ×

Search Results

Now showing 1 - 3 of 3
  • Item
    Thumbnail Image
    Summarizing Significant Changes in Network Traffic Using Contrast Pattern Mining
    Chavary, EA ; Erfani, SM ; Leckie, C (Association for Computing Machinery, 2017)
    Extracting knowledge from the massive volumes of network traffic is an important challenge in network and security management. In particular, network managers require concise reports about significant changes in their network traffic. While most existing techniques focus on summarizing a single traffic dataset, the problem of finding significant differences between multiple datasets is an open challenge. In this paper, we focus on finding important differences between network traffic datasets, and preparing a summarized and interpretable report for security managers. We propose the use of contrast pattern mining, which finds patterns whose support differs significantly from one dataset to another. We show that contrast patterns are highly effective at extracting meaningful changes in traffic data. We also propose several evaluation metrics that reflect the interpretability of patterns for security managers. Our experimental results show that with the proposed unsupervised approach, the vast majority of extracted patterns are pure, i.e., most changes are either attack traffic or normal traffic, but not a mixture of both.
  • Item
    Thumbnail Image
    Mining Rare Recurring Events in Network Traffic using Second Order Contrast Patterns
    Alipourchavary, E ; Erfani, SM ; Leckie, C (IEEE, 2021)
    Data mining techniques such as contrast pattern mining provide a promising approach to detecting and characterizing changes in network traffic. However, a major challenge for network managers is how to prioritize their analysis of these changes, without being overwhelmed by uninformative patterns. In particular, some changes in traffic occur on a regular basis, such as system backups, and it is important to filter out these rare recurring events, so that network managers can focus on new events. In this paper we address the problem of identifying rare recurring events in network traffic, and we propose a novel solution to detecting new events based on the approach of mining second order contrast patterns. Based on an empirical evaluation using a variety of real traffic sources, we show that our method can achieve high accuracy and F1-Score in detecting new events. Our work demonstrates the importance of higher order contrast pattern mining in practice, and provides an effective method for finding such higher order patterns in large datasets.
  • Item
    Thumbnail Image
    Scalable Contrast Pattern Mining over Data Streams
    Alipourchavary, E ; Erfani, SM ; Leckie, C (Association for Computing Machinery, 2021-10-26)
    Incremental contrast pattern mining (CPM) is an important task in various fields such as network traffic analysis, medical diagnosis, and customer behavior analysis. Due to increases in the speed and dimension of data streams, a major challenge for CPM is to deal with the huge number of generated candidate patterns. While there are some works on incremental CPM, their approaches are not scalable in dense and high dimensional data streams, and the problem of CPM over an evolving dataset is an open challenge. In this work we focus on extracting the most specific set of contrast patterns (CPs) to discover significant changes between two data streams. We devise a novel algorithm to extract CPs using previously mined patterns instead of generating all patterns in each window from scratch. Our experimental results on a wide variety of datasets demonstrate the advantages of our approach over the state of the art in terms of efficiency.