|Article title||ABOUT THE METHOD OF CREATING A PROFILE FOR WEB USERS|
|Authors||R. M. Аlguliev, Y. N. Imamverdiyev, B. R. Nabiyev|
|Section||SECTION V. INFORMATION TECHNOLOGIES AND PROTECTION OF INFORMATION|
|Month, Year||07, 2017 @en|
|Abstract||There are some tools for securing computer networks and optimizing processes. It is known that one of the main causes of the danger in network traffic is the generation of anomalous and non-core traffic. All this, creates an unnecessary load on the computer network, which in turn, reduces the availability of payload on the communication channels. This event is one of those events, which sooner or later may face corporate networks that are not adapted to the rule of behavior. Considering this, to determine the behavior profile of traffic on the network, a special tool has been developed. To determine the behavior profile, the K-means clustering method was applied. The reason for choosing the K-means algorithm is that this method is very fast and simple for solving the clustering problem. Data for analysis is collected in AzScienceNet network environment consisting of more than 5000 IP addresses (individual computers) and this network is also divided into several small subnets. In order to ensure that users privacy is not violated, AzScienceNet is based on user policy and additionally limited data on the identity of users. As a result of the application of the clustering model, certain clusters were formed. Clusters, in the main, form social networks, video resources and scientific and practical resources. The result is obtained for 20 clusters using the bigml.com resource. Most of all, the cluster under consideration consists of scientific and practical resources. The 2nd cluster in turn, these are social networks. The third cluster consists of calls to video resources. Appeal to other clusters is much less.|
|Keywords||Network traffic; clustering; behavioral profile; anomalous traffic.|
|References||1. Sokolov A.S. Modelirovanie segmenta vychislitel'noy seti i vyyavlenie problemnykh uchastkov v protsesse monitoringa [The modeling segment of the computer network and identification of problem areas in the monitoring process], Prikladnaya informatika [Applied Informatics], 2011, No. 3, pp. 116-120.
2. Available at: http://www.itu.int/en/ITUD/Cybersecurity/Documents/Symantec_annual_internet_ threat_report_ITU2014.pdf.
3. Callado A., Kamienski C., Szabo G., Gero B., Kelner J., Fernandes S., Sadok D. A Survey on Internet Traffic Identification, IEEE Communications Surveys & Tutorials, 2009, Vol. 11, Issue 3, pp. 37-52.
4. Mingbo L., Wenjie S., Qianhong Z., Zhaoping T. Design and implementation of IP network traffic monitoring system, 15th International Conference on Optical Communications and Networks (ICOCN), 2016, pp. 23-35.
5. Howlett T. Open Source Security Tools: Practical Guide to Security Applications, 2004, ed. 1. Prentice Hall, 608 p.
6. Kumpulainen P., Hätönen K., Knuuti O., Alapaholuoma T. Internet traffic clustering using packet header information, Joint International IMEKO TC1+ TC7+ TC13 Symposium, Jena, Germany, 2011, pp. 13-20.
7. Gerhard M., Sa L., Georg C. Traffic Anomaly Detection Using K-Means Clustering, In Pro-ceedings of performance, reliability and dependability evaluation of communication networks and distributed systems, 4GI/ITG-Workshop MMBnet, Hamburg, Germany, 2007, pp. 25-33.
8. Ekola T., Laurikkala M., Lehto T., Koivisto H. Network traffic analysis using clustering ants, Proceedings. World Automation Congress. Seville, Spain, 2004, Vol. 17, pp. 275-280.
9. Duo Liu, Chung-Horng Lung, LambadanÏs I., Seddigh N. Network traffic anomaly detection using clustering techniques and performance comparison, Proceedings the 26th Annual IEEE Ca-nadian Conference on Electrical and Computer Engineering (CCECE), Canada, 2013, pp. 1-4.
10. Shokri, R., Oroumchian F., Yazdani N. CluSID: a clustering scheme for intrusion detection improved by information theory, Proceedings of the 7th IEEE Malaysia International Conference on Communications and IEEE International Conference in Networks, Kuala Lumpur, Malasia, 2005, pp. 553-558.
11. Available at: http://wiki.squid-cache.org/SquidFaq/SquidLogs.
12. Available at: https://ru.wikipedia.org/wiki/UNIX-время.
13. Available at: https://en.wikipedia.org/wiki/Network_packet.
14. Available at: https://ru.wikipedia.org/wiki/Список_кодов_состояния_HTTP.
15. Available at: https://ru.wikipedia.org/wiki/HTTP#Методы.
16. Available at: http://squid-handbuch.de/hb/node106_mn.html.
17. Available at: https://ru.wikipedia.org/wiki/Список_MIME-типов.
18. Available at: http://www.squid-cache.org/Intro/why.html.
19. Han J., Kambe M., Pei J. Data Mining: Concepts and Techniques, ed. 3. Morgan Kaufmann Publishers is an imprint of Elsevier, 2012, 740 p.
20. Yang G., Zhou G., Yin Y., Yang X. K-Means Based Fingerprint Segmentation with Sensor In-teroperability, Journal on Advances in Signal Processing (EURASIP), 2010, Vol. 10, No. 54, pp. 1-12.
21. Kodinariya M., Makwana R. Review on determining number of Cluster in K-Means Clustering, International Journal of Advance Research in Computer Science and Management Studies, 2013, Vol. 1, Issue 6, pp. 90-95.
22. Available at: http://www.bigml.com.