Mining Anomalies in Network-Wide Flow Data. Anukool Lakhina, Ph.D. with Mark Crovella and Christophe Diot
|
|
- Randall Charles
- 7 years ago
- Views:
Transcription
1 Mining Anomalies in Network-Wide Flow Data Anukool Lakhina, Ph.D. with Mark Crovella and Christophe Diot SANOG-7, Mumbai, January, 00
2 Network Anomaly Diagnosis Am I being attacked? Is someone scanning my network? Are there worms spreading? A sudden traffic shift? An equipment outage? Something never seen before? A general, unsupervised method for reliably detecting and classifying network anomalies is needed
3 My Talk in One Slide A general system to detect & classify anomalies at ISPs and large enterprises Central Message: Network-wide analysis of NetFlow data can expose many anomalies Detect both operational & malicious incidents I am here to seek your feedback
4 x 0 OD flow i b Network-Wide Traffic Analysis 0 LA IPLS 8 x 07 x 0 7 x 0 7 Large Traffic Shifts (Operational Event) x 0 7 NYC SNVA Peak rate: 00Mbps; Attack rate ~ 9Mbps/flow LA IPLS Link c b HSTN Worm scan observable in network-wide traffic Fri Sat Sun Link d c Link f d Link i f NYC LA HSTN IPLS ATLA Distributed DOS Attack NYC
5 Collecting Network-Wide Traffic to Seattle from NYC Assemble network s traffic matrix to LA Traffic entering at the origin and leaving at the destination to Houston to Atlanta Use routing to aggregate NetFlow data into OD flows
6 Networks Evaluated Abilene research network (Internet) PoPs, OD flows, anonymized, /00 sampling, min bins Géant Europe research network (Dante) PoPs, 8 OD flows, not anonymized, /000 sampling, 0 min bins Sprint European commercial network PoPs, 9 OD flows, not anonymized, aggregated, /0 sampling, 0 min bins
7 But, This is Difficult to Analyze!. x 07 x 0 x 0. x 07. Traffic in OD Flow 9.. Traffic in OD Flow 8.. Traffic in OD Flow 7... Traffic in Ab. OD Flow x 0 7 x 0 x 0 x Traffic in Ab. OD Flow 7.. Traffic in OD Flow Traffic in Ab. OD Flow 9 Traffic in OD Flow x 0 x 0 x 0 8 x Traffic in OD Flow 7.. Traffic in OD Flow Traffic in OD Flow Traffic in OD Flow How do we extract anomalies and normal behavior from noisy, high-dimensional data? 7
8 The Subspace Method [LCD:SIGCOMM 0] An approach to separate normal & anomalous network-wide traffic Designate temporal patterns most common to all the traffic flows as the normal patterns Remaining temporal patterns form the anomalous patterns Detect anomalies by statistical thresholds on anomalous patterns 8
9 An example operational anomaly Multihomed customer CALREN reroutes around outage at LOSA 9
10 Summary of Anomaly Types Found [LCD:IMC0] False Alarms 9 Unknown Alpha DOS Scan Flash Crowd Point Multi Worm Outage Ingress Shift Unknown FalseAlarm 7 Alpha Traffic Shift Outage Worm Point-Multipoint Flash Events DOS Scans 0
11 Automatically Classifying Anomalies [LCD:SIGCOMM0] Goal: Classify anomalies without restricting yourself to a predefined set of anomalies Approach: Leverage -tuple header fields: SrcIP, SrcPort, DstIP, DstPort In particular, measure dispersion in fields Then, apply off-the-shelf clustering methods
12 Example of Anomaly Clusters Dispersed Legend (DstIP) Code Red Scanning Single source DOS attack Multi source DOS attack (SrcIP) (SrcIP) Summary: Concentrated Correctly classified 9 of Dispersed 9 injected anomalies
13 Summary Network-Wide Detection: Broad range of anomalies with low false alarms In papers: Highly sensitive detection, even when anomaly is % of background traffic Anomaly Classification: Feature clusters automatically classify anomalies In papers: clusters expose new anomalies Network-wide data and header analysis are promising for general anomaly diagnosis
14 Next steps Ongoing Work: implementing algorithms in a prototype system For more information, see papers & slides at: Your feedback much needed & appreciated! Data, deployment,
Characterization of Network-Wide Anomalies in Traffic Flows
Characterization of Network-Wide Anomalies in Traffic Flows Anukool Lakhina Dept. of Computer Science, Boston University anukool@cs.bu.edu Mark Crovella Dept. of Computer Science, Boston University crovella@cs.bu.edu
More informationDetecting Network Anomalies. Anant Shah
Detecting Network Anomalies using Traffic Modeling Anant Shah Anomaly Detection Anomalies are deviations from established behavior In most cases anomalies are indications of problems The science of extracting
More informationStructural Analysis of Network Traffic Flows Eric Kolaczyk
Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki, Mark Crovella, Christophe Diot, and Nina Taft Traditional Network Traffic Analysis Focus on Short stationary
More informationAUTONOMOUS NETWORK SECURITY FOR DETECTION OF NETWORK ATTACKS
AUTONOMOUS NETWORK SECURITY FOR DETECTION OF NETWORK ATTACKS Nita V. Jaiswal* Prof. D. M. Dakhne** Abstract: Current network monitoring systems rely strongly on signature-based and supervised-learning-based
More informationMonitoring sítí pomocí NetFlow dat od paketů ke strategiím
Monitoring sítí pomocí NetFlow dat od paketů ke strategiím Martin Rehák, Karel Bartoš, Martin Grill, Jan Stiborek a Michal Svoboda ATG, České vysoké učení technické v Praze Jiří Novotný, Pavel Čeleda a
More informationDiagnosing Network Disruptions with Network-Wide Analysis
Diagnosing Network Disruptions with Network-Wide Analysis Yiyi Huang, Nick Feamster, Anukool Lakhina, Jun (Jim) Xu College of Computing, Georgia Tech, Guavus, Inc. ABSTRACT To maintain high availability
More informationFlow Monitoring With Cisco Routers
CSAMP: A System for Network- Wide Flow Monitoring Vyas Sekar,Michael K. Reiter, Walter Willinger, Hui Zhang,Ramana Rao Kompella, David G. Andersen Presentation by Beletsioti Georgia Flow measurements today
More informationMining Trends From Network Traffic Data for Security Systems
Mining Trends From Network Traffic Data for Security Systems Jennifer Li Computer Science Department Louisiana State University jli13@tigers.lsu.edu Graduate Mentor: Blaine Nelson, Saurabh Amin, and Dr.
More informationManifold Learning Visualization of Network Traffic Data
Manifold Learning Visualization of Network Traffic Data Neal Patwari npatwari@eecs.umich.edu Alfred O. Hero III hero@eecs.umich.edu University of Michigan Dept. of Electrical Engineering and Computer Science
More informationJoint Entropy Analysis Model for DDoS Attack Detection
2009 Fifth International Conference on Information Assurance and Security Joint Entropy Analysis Model for DDoS Attack Detection Hamza Rahmani, Nabil Sahli, Farouk Kammoun CRISTAL Lab., National School
More informationProactive Surge Protection: A Defense Mechanism for Bandwidth-Based Attacks
Proactive Surge Protection: A Defense Mechanism for Bandwidth-Based Attacks Jerry Chou, Bill Lin University of California, San Diego Subhabrata Sen, Oliver Spatscheck AT&T Labs-Research USENIX Security
More informationKeywords Attack model, DDoS, Host Scan, Port Scan
Volume 4, Issue 6, June 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com DDOS Detection
More informationAdaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks
Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks Yan Hu Dept. of Information Engineering Chinese University of Hong Kong Email: yhu@ie.cuhk.edu.hk D. M. Chiu
More informationA Real-time Network Traffic Profiling System
A Real-time Network Traffic Profiling System Kuai Xu, Feng Wang, Supratik Bhattacharyya, and Zhi-Li Zhang Abstract This paper presents the design and implementation of a real-time behavior profiling system
More informationTraffic Anomaly Detection and Characterization in the Tunisian National University Network
Traffic Anomaly Detection and Characterization in the Tunisian National University Network Khadija RAMAH 1, Hichem AYARI 2, Farouk KAMOUN 3 2,3 CRISTAL laboratory École Nationale des Sciences de l Informatique
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK AUTONOMOUS NETWORK SECURITY FOR UNSUPERVISED DETECTION OF NETWORK ATTACKS MS. PRITI
More informationEchidna: Efficient Clustering of Hierarchical Data for Network Traffic Analysis
Echidna: Efficient Clustering of Hierarchical Data for Network Traffic Analysis Abdun Mahmood, Christopher Leckie, Parampalli Udaya Department of Computer Science and Software Engineering University of
More informationReal-time Behavior Profiling for Network Monitoring
Real-time Behavior Profiling for Network Monitoring Kuai Xu Arizona State University E-mail: kuai.xu@asu.edu Corresponding author Feng Wang Arizona State University E-mail: fwang25@asu.edu Supratik Bhattacharyya
More informationDesign and Implementation of an Interactive DBMS-supported Network Traffic Analysis and Visualization System
Design and Implementation of an Interactive DBMS-supported Network Traffic Analysis and Visualization System 1 Hyun-chul Kim, 2Jihoon Lee Dept. of Computer Software Engineering, Sangmyung Univ., hyunchulk@gmail.com
More informationIncreasing Reliability in Network Traffic Anomaly Detection
Increasing Reliability in Network Traffic Anomaly Detection Romain Thibault Fontugne DOCTOR OF PHILOSOPHY Department of Informatics, School of Multidisciplinary Sciences, The Graduate University for Advanced
More informationOutline. The Problem BGP/Routing Information. Netflow/Traffic Information. Conclusions
Outline The Problem BGP/Routing Information BGP-Inspect Information Extraction from BGP Update messages VAST Internet AS topology Visualization Netflow/Traffic Information Flamingo Internet Traffic Exploration
More informationLightweight Detection of DoS Attacks
Lightweight Detection of DoS Attacks Sirikarn Pukkawanna *, Vasaka Visoottiviseth *, Panita Pongpaibool * Department of Computer Science, Mahidol University, Rama 6 Rd., Bangkok 10400, THAILAND E-mail:
More informationKNOM Tutorial 2003. Internet Traffic Measurement and Analysis. Sue Bok Moon Dept. of Computer Science
KNOM Tutorial 2003 Internet Traffic Measurement and Analysis Sue Bok Moon Dept. of Computer Science Overview Definition of Traffic Matrix 4Traffic demand, delay, loss Applications of Traffic Matrix 4Engineering,
More informationProfiling the End Host
Profiling the End Host Thomas Karagiannis 1, Konstantina Papagiannaki 2, Nina Taft 2, and Michalis Faloutsos 3 1 Microsoft Research 2 Intel Research 3 UC Riverside Abstract. Profiling is emerging as a
More informationCAMNEP: An intrusion detection system for highspeed
Progress in Informatics, No. 5, pp.65 74, (2008) 65 Special issue: The future of software engineering for security and privacy Research Paper CAMNEP: An intrusion detection system for highspeed networks
More informationStructural Analysis of Network Traffic Flows
Structural Analysis of Network Traffic Flows Anukool Lakhina, Konstantina Papagiannaki, Mark Crovella, Christophe Diot, Eric D. Kolaczyk, and Nina Taft ABSTRACT Network traffic arises from the superposition
More informationTime-Frequency Detection Algorithm of Network Traffic Anomalies
2012 International Conference on Innovation and Information Management (ICIIM 2012) IPCSIT vol. 36 (2012) (2012) IACSIT Press, Singapore Time-Frequency Detection Algorithm of Network Traffic Anomalies
More informationNetwork Anomaly Detection through Traffic Measurement
Network Anomaly Detection through Traffic Measurement Yuming Jiang, Zhihua Jin, Atef Abdelkefi, Magnus Ask, Helge Skrautvol Abstract With the growth of the Internet, an increase in network anomalies is
More informationManaging Incompleteness, Complexity and Scale in Big Data
Managing Incompleteness, Complexity and Scale in Big Data Nick Duffield Electrical and Computer Engineering Texas A&M University http://nickduffield.net/work Three Challenges for Big Data Complexity Problem:
More informationDesign and simulation of wireless network for Anomaly detection and prevention in network traffic with various approaches
IJISE - International Journal of Innovative Science, Engineering & echnology, Vol. 1 Issue 5, July 2014. Design and simulation of wireless network for Anomaly detection and prevention in network traffic
More informationKuai Xu* and Feng Wang. Supratik Bhattacharyya
Int. J. Internet Protocol Technology, Vol. 5, Nos. 1/2, 2010 65 Real-time behaviour profiling for network monitoring Kuai Xu* and Feng Wang Arizona State University, 4701 W. Thunderbird Road, Glendale,
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.
ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow
More informationOnline Detection of Network Traffic Anomalies Using Behavioral Distance
Online Detection of Network Traffic Anomalies Using Behavioral Distance Hemant Sengar Xinyuan Wang Haining Wang Duminda Wijesekera Sushil Jajodia Technology Development Dept. Center for Secure Information
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationSystem Specification. Author: CMU Team
System Specification Author: CMU Team Date: 09/23/2005 Table of Contents: 1. Introduction...2 1.1. Enhancement of vulnerability scanning tools reports 2 1.2. Intelligent monitoring of traffic to detect
More informationA HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING
A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING AZRUDDIN AHMAD, GOBITHASAN RUDRUSAMY, RAHMAT BUDIARTO, AZMAN SAMSUDIN, SURESRAWAN RAMADASS. Network Research Group School of
More informationFlash Crowds & Denial of Service Attacks
Flash Crowds & Denial of Service Attacks Characterization and Implications for CDNs and Web sites Jaeyeon Jung MIT Laboratory for Computer Science Balachander Krishnamurthy and Michael Rabinovich AT&T
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationPredicting Resource Usage of Arbitrary Network Traffic Queries
Predicting Resource Usage of Arbitrary Network Traffic Queries Pere Barlet-Ros, Gianluca Iannaccone, Josep Sanjuàs-Cuxart, Diego Amores-López, Josep Solé-Pareta Universitat Politècnica de Catalunya Barcelona,
More informationNetwork Management & Monitoring
Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationCISCO IOS NETFLOW AND SECURITY
CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network
More informationAnomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool
Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool Wayne Routly, Maurizio Molina - (DANTE) Ignasi Paredes-Oliva - Universitat Politècnica de Catalunya (UPC) Ashish
More informationConclusions and Future Directions
Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions
More informationNetflow Overview. PacNOG 6 Nadi, Fiji
Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools
More informationDetecting Anomalous Network Traffic in Organizational Private Networks
Detecting Anomalous Network Traffic in Organizational Private Networks Risto Vaarandi 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in
More informationNetwork-Wide Capacity Planning with Route Analytics
with Route Analytics Executive Summary Capacity planning is an important business process in large IP networks for ensuring reliable application and service delivery. In the days of fixed circuits and
More informationMonitoring Stealthy Network Conversations with Sampled Traffic
Monitoring Stealthy Network Conversations with Sampled Traffic Anirudh Ramachandran, Srinivasan Seetharaman, Nick Feamster, Anukool Lakhina College of Computing, Georgia Tech Department of Computer Science,
More informationDetecting Anomalies in Network Traffic Using Maximum Entropy Estimation
Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation Yu Gu, Andrew McCallum, Don Towsley Department of Computer Science, University of Massachusetts, Amherst, MA 01003 Abstract We develop
More informationSource-domain DDoS Prevention
bhattacharjee, LTS S 05 Page: 0 Source-domain DDoS Prevention Bobby Bhattacharjee Christopher Kommareddy Mark Shayman Dave Levin Richard La Vahid Tabatabaee University of Maryland bhattacharjee, LTS S
More informationLe Routage Robuste Réactif Une combinaison de techniques d ingénierie de trafic proactives et réactives pour traiter le trafic dynamique de réseau
Le Routage Robuste Réactif Une combinaison de techniques d ingénierie de trafic proactives et réactives pour traiter le trafic dynamique de réseau Pedro Casas et Sandrine Vaton Brest, France, 27-28 mars
More informationAS THE Internet continues to grow in size and complexity,
IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 16, NO. 6, DECEMBER 2008 1241 Internet Traffic Behavior Profiling for Network Security Monitoring Kuai Xu, Zhi-Li Zhang, Member, IEEE, and Supratik Bhattacharyya
More informationNSC 93-2213-E-110-045
NSC93-2213-E-110-045 2004 8 1 2005 731 94 830 Introduction 1 Nowadays the Internet has become an important part of people s daily life. People receive emails, surf the web sites, and chat with friends
More informationEvangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08
Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Network Security Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 2 Collaboration with Frank Akujobi
More informationData Mining Part 5. Prediction
Data Mining Part 5. Prediction 5.1 Spring 2010 Instructor: Dr. Masoud Yaghini Outline Classification vs. Numeric Prediction Prediction Process Data Preparation Comparing Prediction Methods References Classification
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationIn-Network PCA and Anomaly Detection
In-Network PCA and Anomaly Detection Ling Huang University of California Berkeley, CA 947 hling@cs.berkeley.edu XuanLong Nguyen University of California Berkeley, CA 947 xuanlong@cs.berkeley.edu Minos
More informationBio-Inspired Anomaly Detection
Bio-Inspired Anomaly Detection Cyber Security Division 2012 Principal Investigators Meeting 10/11/12 S. Raj Rajagopalan Scientist HP Labs/Honeywell Sraj.raj@gmail.com 908-305-1681 Bio-Inspired Anomaly
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationHow is SUNET really used?
MonNet a project for network and traffic monitoring How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering
More information8. 網路流量管理 Network Traffic Management
8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error
More informationSignature-aware Traffic Monitoring with IPFIX 1
Signature-aware Traffic Monitoring with IPFIX 1 Youngseok Lee, Seongho Shin, and Taeck-geun Kwon Dept. of Computer Engineering, Chungnam National University, 220 Gungdong Yusonggu, Daejon, Korea, 305-764
More informationEvaluating the Potential of Collaborative Anomaly Detection
Evaluating the Potential of Collaborative Anomaly Detection Haakon Ringberg, Augustin Soule, and Matthew Caesar Princeton University, Thomson, UIUC Abstract. Unwanted traffic is a serious problem for users
More informationEE627 Lecture 22. Multihoming Route Control Devices
EE627 Lecture 22 Multihoming Route Control Devices 1 Multihoming Connect to multiple ISPs Provide reliability from access link/isp failures Potential for load balancing Intelligent Route Control Devices
More informationAlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationOn Entropy in Network Traffic Anomaly Detection
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015 Jayro Santiago-Paz, Deni Torres-Roman. 1/19 On Entropy in Network
More informationEffect of sampling rate and monitoring granularity on anomaly detectability
Effect of sampling rate and monitoring granularity on anomaly detectability Keisuke Ishibashi, Ryoichi Kawahara, Mori Tatsuya, Tsuyoshi Kondoh and Shoichiro Asano Information Sharing Platform Labs. NTT
More informationHow to build a Carrier-Grade Defense-Shield. Dr. Antonio Nucci Chief Technology Officer, Narus Inc.
How to build a Carrier-Grade Defense-Shield Dr. Antonio Nucci Chief Technology Officer, Narus Inc. Agenda Security Market Landscape Approach to Efficiently and Shortly Detect DDoS/Worms 2 Take a walk on
More informationA Survey on Intrusion Detection System with Data Mining Techniques
A Survey on Intrusion Detection System with Data Mining Techniques Ms. Ruth D 1, Mrs. Lovelin Ponn Felciah M 2 1 M.Phil Scholar, Department of Computer Science, Bishop Heber College (Autonomous), Trichirappalli,
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationReformulating the monitor placement problem: Optimal Network-wide wide Sampling
Reformulating the monitor placement problem: Optimal Network-wide wide Sampling Gianluca Iannaccone Intel Research @ Cambridge Joint work with: G. Cantieni,, P. Thiran (EPFL) C. Barakat (INRIA), C. Diot
More informationInternet Security Systems
Internet Security Systems Monitoring the network to enhance visibility, integrity and preemtive protection ISS Company Background World s leading independent IT security provider World leader in security
More informationThe Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack
The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack Asnita Hashim, University of Technology MARA, Malaysia April 14-15, 2011 The Integration of SNORT with K-Means Clustering
More informationHow to Build Attack Scenarios
AFRL-IF-RS-TR-2006-250 Final Technical Report July 2006 INTEGRATION OF AUDIT DATA ANALYSIS AND MINING TECHNIQUES INTO AIDE George Mason University APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. AIR
More informationHashdoop: A MapReduce Framework for Network Anomaly Detection
Hashdoop: A MapReduce Framework for Network Anomaly Detection Romain Fontugne, Johan Mazel, Kensuke Fukuda National Institute of Informatics Japanese - French Laboratory for Informatics Tokyo, Japan Abstract
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationHybrid Intrusion Detection System Using K-Means Algorithm
International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Hybrid Intrusion Detection System Using K-Means Algorithm Darshan K. Dagly 1*, Rohan
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks
More informationData-Driven Performance Management in Practice for Online Services
Data-Driven Performance Management in Practice for Online Services Dongmei Zhang Principal Researcher/Research Manager Software Analytics group, Microsoft Research Asia October 29, 2012 Landscape of Online
More informationNetwork optimization and Flow Management Design
CSAMP: A System for Network-Wide Flow Monitoring Vyas Sekar, Michael K. Reiter, Walter Willinger, Hui Zhang, Ramana Rao Kompella, David G. Andersen Carnegie Mellon University, UNC-Chapel Hill, AT&T Labs-Research,
More informationAutomaton Models. Short Overview DRAFT. C. Hammerschmidt (SnT) Automaton Models for NetFlows SnT 2015-07-24 1 / 13
Automaton Models for Netflow Analysis Fingerprinting and Classifying Participants NMRG Workshop, Prague, Czech Republic Friday, July 24th 2015 Christian A Hammerschmidt,christian.hammerschmidt@uni.lu Interdisciplinary
More informationResearch and Educational Networking Information Analysis and Sharing Center (REN-ISAC)
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC ren-isac@iu.edu Copyright Trustees of Indiana University 2003. Permission is granted
More informationPage 1. Outline EEC 274 Internet Measurements & Analysis. Traffic Measurements. Motivations. Applications
Outline EEC 274 Internet Measurements & Analysis Spring Quarter, 2006 Traffic Measurements Traffic measurements What metrics are we interested in? Measurement and analysis methodologies Traffic characterization
More informationLEISURE: A Framework for Load-Balanced Network-Wide Traffic Measurement
LEISURE: A Framework for Load-Balanced Network-Wide Traffic Measurement Chia-Wei Chang, Guanyao Huang, Bill Lin, Chen-Nee Chuah University of California, San Diego, University of California, Davis ABSTRACT
More informationIntrusion Detection: Game Theory, Stochastic Processes and Data Mining
Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic
More informationCLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA
CLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA Professor Yang Xiang Network Security and Computing Laboratory (NSCLab) School of Information Technology Deakin University, Melbourne, Australia http://anss.org.au/nsclab
More informationIntroduction to Netflow
Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationTELCO challenge: Learning and managing the network behavior
TELCO challenge: Learning and managing the network behavior M.Sc. Ljupco Vangelski CEO, Scope Innovations Kiril Oncevski NOC, ISP Neotel Skopje Presentation overview Challenges for the modern network monitoring
More informationAnomaly Detection Aiming Pro-Active Management of Computer Network Based on Digital Signature of Network Segment *
LANOMS 2005-4th Latin American Network Operations and Management Symposium 53 Anomaly Detection Aiming Pro-Active Management of Computer Network Based on Digital Signature of Network Segment * Bruno Bogaz
More informationIP Forwarding Anomalies and Improving their Detection using Multiple Data Sources
IP Forwarding Anomalies and Improving their Detection using Multiple Data Sources Matthew Roughan (Univ. of Adelaide) Tim Griffin (Intel Research Labs) Z. Morley Mao (Univ. of Michigan) Albert Greenberg,
More informationIntegration Misuse and Anomaly Detection Techniques on Distributed Sensors
Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Shih-Yi Tu Chung-Huang Yang Kouichi Sakurai Graduate Institute of Information and Computer Education, National Kaohsiung Normal
More informationHP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide
HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with
More informationSDN Programming Languages. Programming SDNs!
SDN Programming Languages Programming SDNs! The Good Network-wide visibility Direct control over the switches Simple data-plane abstraction The Bad Low-level programming interface Functionality tied to
More informationCase Study: Instrumenting a Network for NetFlow Security Visualization Tools
Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at
More informationIEEE/ACM TRANSACTIONS ON NETWORKING 1. Behavior Analysis of Internet Traffic via Bipartite Graphs and One-Mode Projections
IEEE/ACM TRANSACTIONS ON NETWORKING 1 Behavior Analysis of Internet Traffic via Bipartite Graphs and One-Mode Projections Kuai Xu, Member, IEEE, ACM, FengWang, Member, IEEE, and LinGu, Member, IEEE Abstract
More informationConcept and Project Objectives
3.1 Publishable summary Concept and Project Objectives Proactive and dynamic QoS management, network intrusion detection and early detection of network congestion problems among other applications in the
More informationDYNAMIC FUZZY PATTERN RECOGNITION WITH APPLICATIONS TO FINANCE AND ENGINEERING LARISA ANGSTENBERGER
DYNAMIC FUZZY PATTERN RECOGNITION WITH APPLICATIONS TO FINANCE AND ENGINEERING LARISA ANGSTENBERGER Kluwer Academic Publishers Boston/Dordrecht/London TABLE OF CONTENTS FOREWORD ACKNOWLEDGEMENTS XIX XXI
More information