Scientific knowledge map · Paper #30
Automated Inference of Dependencies of Network Services and Applications via Transfer Entropy
2016 · IEEE COMPSAC, ADMNET workshop
- Applied
- AI for security
- algorithm
Research question
What does the paper try to establish?
Can dependencies among network services and applications be inferred passively from traffic with fewer false positives and negatives than correlation-oriented approaches?
Central answer
What is the proposed answer?
The source abstract reports an algorithm that builds interaction time series, computes directional pairwise transfer entropy, and validates inferred dependencies on test and production traffic; because the manuscript body was not retrievable, the estimator, decision rule, ground truth, baselines, sample sizes, and numerical results remain pending.
Full paper abstract
Abstract
As the scale and complexity of modern computer networks increases, administrators and operators of such networks need tools to accurately infer dependencies between different network services and applications. Such tools can aid in (1) detecting misconfigurations, (2) effectively scheduling major software and hardware maintenance operations with minimal disruptions, and (3) exposing potential anomalies in a timely manner. Existing tools either only consider temporal correlations which require installing additional software to monitor interfaces, ignore network service profiles of more than two services, or do not necessarily capture actual causations. Such shortcomings result in high false detection rates of inferred dependencies. This paper presents the design and evaluation of an algorithm that utilizes the notion of Transfer Entropy (TE) to passively analyze and identify dependencies between various network services and applications. With TE, our algorithm formalizes and measures the amount of information exchanged between two entities (services or applications) in a computer network. By constructing time series of the interactions of such services and applications and computing the pairwise TE from such time series, our algorithm accurately infers dependencies based on causation with low false (positive and negative) alarms. Using collected network traffic from a test and production network, we demonstrate that the algorithm provides lower false alarms with efficient run time and computational requirements.
Provenance: Transcribed from the public author-uploaded full text; only typography, discretionary hyphenation, and line-break artifacts were normalized. Local file fixity has not been recorded.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence Low
-
The complete source abstract identifies an algorithm and reports production/test-traffic evaluation, but methods, datasets, baselines, and numerical evidence were not body-audited.
Complete author-uploaded source abstract - Auditability High
-
A public author-uploaded full-text route exists, satisfying the site's author-copy rule; direct body retrieval and local fixity were not achieved in this audit.
Complete author-uploaded source abstract - Production provenance Medium
-
Named authorship, an author-uploaded route, and an IEEE record establish baseline provenance; roles, code/data versions, and revision history are unknown.
Complete author-uploaded source abstract Official IEEE publication record - External scrutiny Medium
-
The paper has an IEEE workshop publication record, but reviews, replication, and deployment were not inspected.
Official IEEE publication record - Reception Low
-
OpenAlex reports 3 located citations as of 2026-07-11. The count is index-specific and may omit versions or citations.
Dated OpenAlex citation snapshot - Contribution significance Medium
-
The abstract presents a concrete passive dependency-inference algorithm with operational uses, but novelty, empirical strength, and downstream impact were not body-audited.
Complete author-uploaded source abstract
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Automated Inference via Transfer Entropy
An abstract-grounded passive algorithm for identifying directional dependencies between network services and applications from interaction time series.
Complete author-uploaded source abstract-
question Research question
research question from abstractCan service dependencies be inferred without host instrumentation while improving on pairwise temporal correlation and reducing false alarms?
Complete author-uploaded source abstract -
contribution Central answer
source abstract assertedConvert observed service interactions into time series, calculate pairwise directional transfer entropy, and classify dependencies from information transfer.
Complete author-uploaded source abstract -
scope Operational scope
abstract levelThe intended uses are dependency mapping for misconfiguration detection, maintenance planning, anomaly exposure, and general network management.
Complete author-uploaded source abstract -
method Transfer-entropy pipeline source abstract asserted
The abstract describes passive traffic collection, interaction time-series construction, pairwise TE computation, and dependency inference; it does not expose preprocessing, estimator, lag selection, significance test, or decision threshold.
Complete author-uploaded source abstract-
component Directional dependence signal
source abstract assertedTransfer entropy is used to measure predictive information flow from one service/application time series to another rather than only symmetric temporal correlation.
Complete author-uploaded source abstract
-
-
claim group Abstract-level findings
abstract onlyThe abstract reports low false-positive and false-negative alarms, lower false alarms than existing tools, and efficient runtime on test and production-network traffic.
Complete author-uploaded source abstract -
evidence group Reported evaluation
not body auditedOnly the abstract's statement that test and production traffic were used is visible; datasets, labels, baselines, metrics, numerical results, and uncertainty were not inspected.
Complete author-uploaded source abstract -
limitation group Unverified boundaries material source gap
The map cannot determine how dependencies were ground-truthed, how TE bias and common causes were handled, whether results generalize across networks, or what computational scaling was measured.
Complete author-uploaded source abstract-
limitation Transfer entropy is not intervention proof
interpretation boundaryThe abstract uses causal language, but directional predictive information alone does not rule out confounding, indirect paths, or shared drivers; the body is needed to see what causal assumptions and controls were used.
Complete author-uploaded source abstract
-
-
artifact group Artifacts and resources
public route not locally fixedAn IEEE record and author-uploaded PDF route exist, but no local fixed manuscript, code, traffic trace, or experiment package was added because direct retrieval was blocked.
Complete author-uploaded source abstract Official IEEE publication record -
scrutiny External scrutiny
publication recordedThe work was published at the IEEE COMPSAC ADMNET workshop; reviews, independent replication, and operational deployment were not audited.
Official IEEE publication record -
lineage Research lineage
source abstract assertedThe method applies information-theoretic directional dependence estimation to service-dependency discovery as an alternative to correlation and host-instrumented tools.
Complete author-uploaded source abstract
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Complete author-uploaded source abstract Abstract transcribed from author-uploaded PDF; body not audited
- Official IEEE publication record COMPSAC Workshops 2016, pages 32-37
- Dated OpenAlex citation snapshot cited_by_count = 3, accessed 2026-07-11