Fast and Configurable Detection of Device Dependencies in Network Traffic
| Authors | |
|---|---|
| Year of publication | 2025 |
| Type | Article in Proceedings |
| Conference | 21st International Conference on Network and Service Management |
| MU Faculty or unit | |
| Citation | |
| web | https://opendl.ifip-tc6.org/db/conf/cnsm/cnsm2025/1571195022.pdf |
| Attached files | |
| Description | Device dependencies are recurring communication patterns between IP addresses that reveal how networked entities rely on one another. Understanding these relationships is essential for reliability, troubleshooting, and security, yet detecting them efficiently from operational traffic remains challenging. We propose a fast and accurate tool for dependency detection from passive flow-level data using a link prediction approach. In contrast to the prior implementation, the tool introduces a parallelized processing pipeline with early termination of stalled random walks, an expanded feature set that combines embedding-derived and graph-theoretic metrics, and a fully externalized configuration of sampling, embedding, and classification parameters. These design choices enable scalable execution and more reliable identification of dependencies across diverse network environments. Evaluation on synthetic traffic from cyber-defense exercises and real-world campus flows demonstrates up to 100$\times$ faster runtime and markedly higher classification accuracy compared to the prior implementation. Further analysis shows that structural graph features improve stability in sparse settings, while extended embedding training enhances accuracy in low-signal scenarios. Together, these results confirm that the proposed tool advances link prediction-based dependency detection toward practical, near-real-time use. |