ABSTRACT
Network administrators monitor a huge amount of network tra¢c ¤ows to identify hidden problems, such as attacks or misuse of services, analyze the network tra¢c, and identify signiƒcant patterns in the tra¢c ¤ows. For such monitoring
160
to be successful, we must provide a tool that can generalize and elucidate the signiƒcant characteristics or signatures of network tra¢c in the report, such that the network administrators reading the report will understand the dominant behaviors in the network, such as the communities of hosts, the provider/server of services, and malicious ¤ows.
