Characterization of Periodic Network Traffic
Abstract
This thesis focuses on characterizing periodic communications in network traffic, which we refer
to as network heartbeats. Heartbeat traffic can be used to assess the overall health of an operational
network, based on the presence/absence of heartbeats for known network services, and also to
detect unexpected/undesired network services, such as malicious traffic. We use a simple and
flexible SQL-based method to detect a wide range of heartbeats in network traffic, using seven
weeks of connection logs from a campus edge network. Our results show that heartbeat analysis
is effective for detecting P2P, gaming, cloud, scanning, and botnet traffic flows, which often have
periodic signatures.
Description
Keywords
Computer Science
Citation
Haffey, M. (2017). Characterization of Periodic Network Traffic (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/25285