%0 Conference Paper %1 Morichetta18ITC30 %A Morichetta, Andrea %A Mellia, Marco %B 30th International Teletraffic Congress (ITC 30) %C Vienna, Austria %D 2018 %K Session_7:_Network_Measurements itc itc30 %T LENTA: Longitudinal Exploration for Network Traffic Analysis %U https://gitlab2.informatik.uni-wuerzburg.de/itc-conference/itc-conference-public/-/raw/master/itc30/Morichetta18ITC30.pdf?inline=true %X In this work, we present LENTA (Longitudinal Exploration for Network Traffic Analysis), a system that allows the network analyst to easily identify traffic generated by services and applications running on the web, being them benign or possibly malicious. First, LENTA simplifies analysts job by letting them observe few hundreds of clusters instead of the original hundred thousands of single URLs. Second, it implements a self-learning methodology, where a semi-supervised approach lets the system grow its knowledge, which is used in turn to automatically associate traffic to previously observed services and identify new traffic generated by possibly suspicious applications. This lets the analyst easily observe changes in the traffic, like the birth of new services, or unexpected activities. We follow a data driven approach, running LENTA on real data. Traffic is analyzed in batches of 24-hour worth of traffic. We show that LENTA allows the analyst to easily understand which services are running on its network, highlights malicious traffic and changes over time, greatly simplifying the view and understanding of the traffic.

@inproceedings{Morichetta18ITC30, abstract = {In this work, we present LENTA (Longitudinal Exploration for Network Traffic Analysis), a system that allows the network analyst to easily identify traffic generated by services and applications running on the web, being them benign or possibly malicious. First, LENTA simplifies analysts job by letting them observe few hundreds of clusters instead of the original hundred thousands of single URLs. Second, it implements a self-learning methodology, where a semi-supervised approach lets the system grow its knowledge, which is used in turn to automatically associate traffic to previously observed services and identify new traffic generated by possibly suspicious applications. This lets the analyst easily observe changes in the traffic, like the birth of new services, or unexpected activities. We follow a data driven approach, running LENTA on real data. Traffic is analyzed in batches of 24-hour worth of traffic. We show that LENTA allows the analyst to easily understand which services are running on its network, highlights malicious traffic and changes over time, greatly simplifying the view and understanding of the traffic.}, added-at = {2018-09-12T17:41:00.000+0200}, address = {Vienna, Austria}, author = {Morichetta, Andrea and Mellia, Marco}, biburl = {https://www.bibsonomy.org/bibtex/2eb817341ba33f701c83b04a208e20c53/itc}, booktitle = {30th International Teletraffic Congress (ITC 30)}, interhash = {d928cdf0ca1b43dda12853c5404302a9}, intrahash = {eb817341ba33f701c83b04a208e20c53}, keywords = {Session_7:_Network_Measurements itc itc30}, timestamp = {2020-05-24T20:14:34.000+0200}, title = {LENTA: Longitudinal Exploration for Network Traffic Analysis}, url = {https://gitlab2.informatik.uni-wuerzburg.de/itc-conference/itc-conference-public/-/raw/master/itc30/Morichetta18ITC30.pdf?inline=true}, year = 2018 }