User Behaviour Profiling

Understanding user behaviour is of fundamental importance in realizing improved Quality of Experience (QoE) for the end-user as well as for generating optimized subscription models. Research into behaviour profiling at CIMACS broadly encompasses the following themes.

Internet Traffic Classification

Traditional methods of traffic classification such as port-based identification have been long considered obsolete due to frequent obfuscation techniques employed by modern Internet applications. Traffic tunneling and encapsulation require the use of relatively newer approaches such as Deep Packet Inspection (DPI) and statistical analysis of traffic patterns to identify applications (traffic). This research therefore, seeks to investigate and develop light-weight and scalable traffic classification solutions using statistical traffic analysis to meet service provider requirements. Using supervised and unsupervised Machine Learning (ML) techniques, our developed application can classify up to ten popular Internet applications using only a small number of packets per traffic flow. The application is available at GitHub and is available for research use under Creative Commons License with due to citation to the relevant publication.

Multi-Feature User Profiling

Profiling of user population frequenting a range of computing devices from laptops to smart phones is a broad paradigm and not necessarily limited to traffic classification alone. Research studies being conducted by CIMACS and other researchers working in this domain have highlighted the use of multiple system features (e.g. memory and CPU usage, process lists, application usage, spatial and temporal distribution of flows and general network activity) to highlight the patterns/clusters of user preference. The resulting multi-feature profiles can be employed in diverse avenues from improving security of software defined networks, minimizing the energy footprint of data centers to planning for capacity and maintenance windows. Present CIMACS publications in this avenue include the following papers Multi-Feature Enterprise Characterization in Software Defined Networks and Dyanmic Policy Creation & Conflict Resolution in SDN, with further ongoing work in Ransomare Detection and Prevention, and Securing Software Defined Networks.