IP Addresses are a central part of packet- and flow-based network data. However, visualization and similarity computation of IP Addresses are challenging to due the missing natural order. This paper presents a novel similarity measure IP2Vec for IP Addresses that builds on ideas from Word2Vec, a popular approach in text mining. The key idea is to learn similarities by extracting available context information from network data. IP Addresses are similar if they appear in similar contexts. Thus, IP2Vec is automatically derived from the given network data set. The proposed approach is evaluated experimentally on two public flow-based data sets. In particular, we demonstrate the effectiveness of clustering IP Addresses within a botnet data set. In addition, we use visualization methods to analyse the learned similarities in more detail. These experiments indicate that IP2Vec is well suited to capture the similarity of IP Addresses based on their network communications.
Описание
IP2Vec: Learning Similarities Between IP Addresses - Semantic Scholar
%0 Conference Paper
%1 ring2017ip2vec
%A Ring, Markus
%A Landes, Dieter
%A Dallmann, Alexander
%A Hotho, Andreas
%D 2017
%J 2017 IEEE International Conference on Data Mining Workshops (ICDMW)
%K mr
%P 657-666
%R 10.1109/ICDMW.2017.93
%T IP2Vec: Learning Similarities Between IP Addresses
%X IP Addresses are a central part of packet- and flow-based network data. However, visualization and similarity computation of IP Addresses are challenging to due the missing natural order. This paper presents a novel similarity measure IP2Vec for IP Addresses that builds on ideas from Word2Vec, a popular approach in text mining. The key idea is to learn similarities by extracting available context information from network data. IP Addresses are similar if they appear in similar contexts. Thus, IP2Vec is automatically derived from the given network data set. The proposed approach is evaluated experimentally on two public flow-based data sets. In particular, we demonstrate the effectiveness of clustering IP Addresses within a botnet data set. In addition, we use visualization methods to analyse the learned similarities in more detail. These experiments indicate that IP2Vec is well suited to capture the similarity of IP Addresses based on their network communications.
%@ 978-1-5386-3800-2
@inproceedings{ring2017ip2vec,
abstract = {IP Addresses are a central part of packet- and flow-based network data. However, visualization and similarity computation of IP Addresses are challenging to due the missing natural order. This paper presents a novel similarity measure IP2Vec for IP Addresses that builds on ideas from Word2Vec, a popular approach in text mining. The key idea is to learn similarities by extracting available context information from network data. IP Addresses are similar if they appear in similar contexts. Thus, IP2Vec is automatically derived from the given network data set. The proposed approach is evaluated experimentally on two public flow-based data sets. In particular, we demonstrate the effectiveness of clustering IP Addresses within a botnet data set. In addition, we use visualization methods to analyse the learned similarities in more detail. These experiments indicate that IP2Vec is well suited to capture the similarity of IP Addresses based on their network communications.},
added-at = {2018-03-14T12:29:50.000+0100},
author = {Ring, Markus and Landes, Dieter and Dallmann, Alexander and Hotho, Andreas},
biburl = {https://www.bibsonomy.org/bibtex/21c04507d62aed86e0068dc3f27c2efc3/baywiss1},
description = {IP2Vec: Learning Similarities Between IP Addresses - Semantic Scholar},
doi = {10.1109/ICDMW.2017.93},
interhash = {75a3a48952f20594dc13c34a9e574e1c},
intrahash = {1c04507d62aed86e0068dc3f27c2efc3},
isbn = {978-1-5386-3800-2},
issn = {2375-9259},
journal = {2017 IEEE International Conference on Data Mining Workshops (ICDMW)},
keywords = {mr},
pages = {657-666},
timestamp = {2019-03-25T11:52:55.000+0100},
title = {IP2Vec: Learning Similarities Between IP Addresses},
type = {Publication},
year = 2017
}