摘要:The objective of this research is to study the behavior of IP Network nodes (IP hosts) from the prospective of their communication behavior patterns to setup hosts’ behavior profiles of the observed IP nodes by clustering hosts into clusters of similar communication behaviors. The problem of IP address behavior analysis and profile establishment is the one that not fully discussed and the results achieved are not good enough, there is no complete solution yet. There are many potential applications of this work, the results of this research will be useful to the network management and Network security situation awareness in addition to the applications in studying the network user behavior. The contribution of this paper includes: 1) discussion about the features or host behavior communication patterns to be utilized in hosts clustering to characterize accurately and efficiently groups of host behavior traffic. 2) We presented an algorithm to extract most significant IP nodes to be analyzed instead of analyzing the complete list of millions of IP nodes that exist in the trace. 3) We analyzed IP nodes traffic behavior on relatively long periods of traces, which help to extract a more stable host’s behavior. While previous studies focus only on host behavior for relatively short periods of 5 to 15 minutes, we extract host’s behavior patterns over a period of one hour which needs big data analysis to provide results in a reasonable time.
