Deriving Network Traffic Signatures via Large Graphs
|
|
- Kathlyn Nicholson
- 5 years ago
- Views:
Transcription
1 Deriving Network Traffic Signatures via Large Graphs Ahmed Abdelhadi (PI) Research Assistant Professor
2 Outline Pattern of Life and IoT A Tractable Framework for POL Modeling Dynamic Behavior Anomaly Detection 2
3 Outline Pattern of Life and IoT A Tractable Framework for POL Modeling Dynamic Behavior Anomaly Detection 3
4 Pattern of Life Detection Pattern of Life Calculations Collection and analysis of vast amount of data for repetitive and unique patterns. Changes in data patterns over time points to anomalies. How to leverage POL? Careful Feature Selection Through behavior tracking of targets over time. Importance of POL in Modern Networks Can be leveraged to analyze actual human/m2m interactions. Accurate pointer to global traits and as well as local patterns. Main Goal - Automation of analysis and inference. 4
5 Pattern of Life for Internet of Things Why is IoT good for POL? Presents a rich data environment for pattern modeling Multitude of flows and interactions within IoT networks Enables multi-dimensional analysis of packet based network traffic POL analysis geared to be agnostic to deep packet inspection Modeling node behavior Based on features that can be obtained from NetFlow analysis of IoT networks 1. Traffic rates between nodes 2. Communication Delay and Inter-arrival times 3. Queue Length at each node 4. Avg. no. of connections per node 5. Node Sensitivity based on common graph centrality measures 5
6 Outline Pattern of Life and IoT A Tractable Framework for POL Modeling Dynamic Behavior Anomaly Detection 6
7 Framework for POL in IoT Proposed Approach 1. Big Data collection from IoT Networks (NetFlow data for example) and building large graphs (order of millions of nodes) over time 2. Coarse Parsing: Cluster Large graphs based on standard centrality and sensitivity methods to form smaller sub-graphs (order of thousands of nodes) 3. Fine Parsing: Model Dynamic Behavior within sub-graphs and perform tracking and anomaly detection within each cluster. 4. Automatically monitor node behavior and flag anomalous behavior 7
8 Outline Pattern of Life and IoT A Tractable Framework for POL Modeling Dynamic Behavior Anomaly Detection 8
9 Modeling Dynamic Behavior Pattern of Life from (Big) Sub-Graphs Feedback FEATURE DISCOVERY ROLE DISCOVERY TEMPORAL ROLE TRANSITION TRACKING Big POL Graph Features Traffic rates Delay Queue Length Avg. no. of connections Node Sensitivity Role Models Local Role Discovery Global Role Discovery Transition Tracking Global Transition Tracking Local Transition Tracking Transition based Clustering 9
10 Modeling Dynamic Behavior: Technical Approach Feature Discovery Select large number of features Time dependent feature matrix Collect time stamps Role Discovery for each node Dimensionality Reduction from large to smaller number of roles Non-negative matrix factorization can be used Assume a feature role transformation matrix such that and 10
11 Behavioral Transition Model Use reduced dimensionality of feature space for behavior tracking Transition model: can be learnt over time from role observations and captures the typical behavior of the network. Learning the transition model: 11
12 Behavioral Transition Model Learning Behavior over time: Stacked Transition Model 1 Squared Error minimized to learn transitions 1 R. A. Rossi, J. Neville, B. Gallagher, K. Henderson, Modeling Dynamic Behavior in Large Evolving Graphs, In Proc. WDSM
13 Outline Pattern of Life and IoT A Tractable Framework for POL Modeling Dynamic Behavior Anomaly Detection 13
14 Anomaly Detection and Clustering Stacked Transition model lends itself to anomaly detection Learn typical network behavior transition over time Use typical pattern to forecast future behavior: Detect anomalies by observing High MSE will lead to anomaly detection 14
15 An Example Small Example with 100 nodes Selected 5 roles for each node Each role had values randomly generated from and exponential distribution with parameter A training phase of 1000 time samples was used to train the transition model A testing phase of time steps was used Artificial anomaly was injected at time steps , , in order to test the detection method When only distribution parameter was changed (shuffled per feature from the same set of values), small anomaly was detected. When distribution changed, large anomaly was accurately detected. 15
16
MULTIVARIATE ANALYSIS OF STEALTH QUANTITATES (MASQ)
MULTIVARIATE ANALYSIS OF STEALTH QUANTITATES (MASQ) Application of Machine Learning to Testing in Finance, Cyber, and Software Innovation center, Washington, D.C. THE SCIENCE OF TEST WORKSHOP 2017 AGENDA
More informationModeling Dynamic Behavior in Large Evolving Graphs
Modeling Dynamic Behavior in Large Evolving Graphs R. Rossi, J. Neville, B. Gallagher, and K. Henderson Presented by: Doaa Altarawy 1 Outline - Motivation - Proposed Model - Definitions - Modeling dynamic
More informationAsura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading DEF CON 26, Aug 12 2018 Ruo Ando Center for Cybersecurity Research and Development National Institute of Informatics
More informationAnomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling
Anomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling Anthony Palladino, PhD, Senior Research Scientist Christopher Thissen, PhD, Research Scientist
More informationAnalyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
More informationHow to Troubleshoot Databases and Exadata Using Oracle Log Analytics
How to Troubleshoot Databases and Exadata Using Oracle Log Analytics Nima Haddadkaveh Director, Product Management Oracle Management Cloud October, 2018 Copyright 2018, Oracle and/or its affiliates. All
More informationAAD - ASSET AND ANOMALY DETECTION DATASHEET
21 October 2018 AAD - ASSET AND ANOMALY DETECTION DATASHEET Meaningful Insights with Zero System Impact Classification: [Protected] 2018 Check Point Software Technologies Ltd. All rights reserved. This
More informationVideo AI Alerts An Artificial Intelligence-Based Approach to Anomaly Detection and Root Cause Analysis for OTT Video Publishers
Video AI Alerts An Artificial Intelligence-Based Approach to Anomaly Detection and Root Cause Analysis for OTT Video Publishers Live and on-demand programming delivered by over-the-top (OTT) will soon
More informationANOMALY DETECTION USING HOLT-WINTERS FORECAST MODEL
ANOMALY DETECTION USING HOLT-WINTERS FORECAST MODEL Alex Soares de Moura RNP Rede Nacional de Ensino e Pesquisa Rua Lauro Müller, 116 sala 1103 Rio de Janeiro, Brazil alex@rnp.br Sidney Cunha de Lucena
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationProblem Code: #ISR13. College Code :
Ministry Category : Indian Space Research Organisation (ISRO) Problem statement : Detect security breaches or anomalies in Network traffic using Network log analysis Team Leader Name : Vipin George Problem
More informationUsing (Suricata over) PF_RING for NIC-Independent Acceleration
Using (Suricata over) PF_RING for NIC-Independent Acceleration Luca Deri Alfredo Cardigliano Outlook About ntop. Introduction to PF_RING. Integrating PF_RING with
More informationMAD 12 Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation. Midori Kato, Kenjiro Cho, Michio Honda, Hideyuki Tokuda
MAD 12 Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation Midori Kato, Kenjiro Cho, Michio Honda, Hideyuki Tokuda 1 Background Traffic monitoring is important to detect
More informationEdge versus Host Pacing of TCP Traffic in Small Buffer Networks
Edge versus Host Pacing of TCP Traffic in Small Buffer Networks Hassan Habibi Gharakheili 1, Arun Vishwanath 2, Vijay Sivaraman 1 1 University of New South Wales (UNSW), Australia 2 University of Melbourne,
More informationSourcererCC -- Scaling Code Clone Detection to Big-Code
SourcererCC -- Scaling Code Clone Detection to Big-Code What did this paper do? SourcererCC a token-based clone detector, that can detect both exact and near-miss clones from large inter project repositories
More informationVisual Analytics Sandbox: A big data platform for processing network traffic
Visual Analytics Sandbox: A big data platform for processing network traffic Raju Gottumukkala, Ph.D. Director of Research, Informatics Research Institute Site Director, NSF Center for Visual and Decision
More informationData Sheet. Monitoring Automation for Web-Scale Networks MONITORING AUTOMATION FOR WEB-SCALE NETWORKS -
Data Sheet Monitoring Automation for Web-Scale Networks CLOUD-BASED MONITORING AUTOMATION FOR WEB-SCALE NETWORKS NetSpyGlass (NSG) is cloud-based, network monitoring automation for network operators seeking
More informationFeature Subset Selection using Clusters & Informed Search. Team 3
Feature Subset Selection using Clusters & Informed Search Team 3 THE PROBLEM [This text box to be deleted before presentation Here I will be discussing exactly what the prob Is (classification based on
More informationDetecting Malicious Hosts Using Traffic Flows
Detecting Malicious Hosts Using Traffic Flows Miguel Pupo Correia joint work with Luís Sacramento NavTalks, Lisboa, June 2017 Motivation Approach Evaluation Conclusion Outline 2 1 Outline Motivation Approach
More informationSentryWire Next generation packet capture and network security.
Next generation packet capture and network security. 1 The data landscape 5 big cyber security trends for 2018 More data, more danger. Data proliferation brings many new opportunities but also many downsides:
More informationSentryWire Next generation packet capture and network security.
Next generation packet capture and network security. 1 The data landscape More data, more danger. Data proliferation brings many new opportunities but also many downsides: more data breaches, more sophisticated
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationMining Web Data. Lijun Zhang
Mining Web Data Lijun Zhang zlj@nju.edu.cn http://cs.nju.edu.cn/zlj Outline Introduction Web Crawling and Resource Discovery Search Engine Indexing and Query Processing Ranking Algorithms Recommender Systems
More informationKen Hines, Ph.D GraniteEdge Networks
Ken Hines earned his Ph.D. in computer science at the University of Washington in 2000, by successfully defending his dissertation, which applied causal analysis to debugging heterogeneous distributed
More informationLearning Low-rank Transformations: Algorithms and Applications. Qiang Qiu Guillermo Sapiro
Learning Low-rank Transformations: Algorithms and Applications Qiang Qiu Guillermo Sapiro Motivation Outline Low-rank transform - algorithms and theories Applications Subspace clustering Classification
More informationAMP-Based Flow Collection. Greg Virgin - RedJack
AMP-Based Flow Collection Greg Virgin - RedJack AMP- Based Flow Collection AMP - Analytic Metadata Producer : Patented US Government flow / metadata producer AMP generates data including Flows Host metadata
More informationNext Steps in Data Mining. Sistemas de Apoio à Decisão Cláudia Antunes
Next Steps in Data Mining Sistemas de Apoio à Decisão Cláudia Antunes Temporal Data Mining Cláudia Antunes Data Mining Knowledge Discovery is the nontrivial extraction of implicit, previously unknown,
More informationPolymorphic Blending Attacks. Slides by Jelena Mirkovic
Polymorphic Blending Attacks Slides by Jelena Mirkovic 1 Motivation! Polymorphism is used by malicious code to evade signature-based IDSs Anomaly-based IDSs detect polymorphic attacks because their byte
More informationUnderstanding and Improving the Cost of Scaling Distributed Event Processing
Understanding and Improving the Cost of Scaling Distributed Event Processing Shoaib Akram, Manolis Marazakis, and Angelos Bilas shbakram@ics.forth.gr Foundation for Research and Technology Hellas (FORTH)
More informationIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm Syam Akhil Repalle 1, Venkata Ratnam Kolluru 2 1 Student, Department of Electronics and Communication Engineering, Koneru Lakshmaiah Educational
More informationIntro to Artificial Intelligence
Intro to Artificial Intelligence Ahmed Sallam { Lecture 5: Machine Learning ://. } ://.. 2 Review Probabilistic inference Enumeration Approximate inference 3 Today What is machine learning? Supervised
More informationCloudifying Datacenter Monitoring with DANZ
Cloudifying Datacenter Monitoring with DANZ The shift to a cloud networking approach driven by the emergence of massive scale cloud datacenters, rapidly evolving merchant silicon and software-driven operational
More informationDDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch)
DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) Pavel Minarik, Chief Technology Officer SwiNOG meeting, 9 th Nov 2017 Backbone DDoS protection Backbone protection
More informationJaal: Towards Network Intrusion Detection at ISP Scale
Jaal: Towards Network Intrusion Detection at ISP Scale A. Aqil, K. Khalil, A. Atya, E. Paplexakis, S. Krishnamurthy, KK. Ramakrishnan University of California Riverside T. Jaeger Penn State University
More informationTOWARDS HIGH-PERFORMANCE NETWORK APPLICATION IDENTIFICATION WITH AGGREGATE-FLOW CACHE
TOWARDS HIGH-PERFORMANCE NETWORK APPLICATION IDENTIFICATION WITH AGGREGATE-FLOW CACHE Fei He 1, 2, Fan Xiang 1, Yibo Xue 2,3 and Jun Li 2,3 1 Department of Automation, Tsinghua University, Beijing, China
More informationCreating a Recommender System. An Elasticsearch & Apache Spark approach
Creating a Recommender System An Elasticsearch & Apache Spark approach My Profile SKILLS Álvaro Santos Andrés Big Data & Analytics Solution Architect in Ericsson with more than 12 years of experience focused
More informationPOLYMORPHIC ON-CHIP NETWORKS
POLYMORPHIC ON-CHIP NETWORKS Martha Mercaldi Kim, John D. Davis*, Mark Oskin, Todd Austin** University of Washington *Microsoft Research, Silicon Valley ** University of Michigan On-Chip Network Selection
More informationCongestion Control for High Bandwidth-delay Product Networks. Dina Katabi, Mark Handley, Charlie Rohrs
Congestion Control for High Bandwidth-delay Product Networks Dina Katabi, Mark Handley, Charlie Rohrs Outline Introduction What s wrong with TCP? Idea of Efficiency vs. Fairness XCP, what is it? Is it
More informationMining Web Data. Lijun Zhang
Mining Web Data Lijun Zhang zlj@nju.edu.cn http://cs.nju.edu.cn/zlj Outline Introduction Web Crawling and Resource Discovery Search Engine Indexing and Query Processing Ranking Algorithms Recommender Systems
More informationCellular Network Traffic Scheduling using Deep Reinforcement Learning
Cellular Network Traffic Scheduling using Deep Reinforcement Learning Sandeep Chinchali, et. al. Marco Pavone, Sachin Katti Stanford University AAAI 2018 Can we learn to optimally manage cellular networks?
More informationModel-Driven Geo-Elasticity In Database Clouds
Model-Driven Geo-Elasticity In Database Clouds Tian Guo, Prashant Shenoy College of Information and Computer Sciences University of Massachusetts, Amherst This work is supported by NSF grant 1345300, 1229059
More informationNonparametric Importance Sampling for Big Data
Nonparametric Importance Sampling for Big Data Abigael C. Nachtsheim Research Training Group Spring 2018 Advisor: Dr. Stufken SCHOOL OF MATHEMATICAL AND STATISTICAL SCIENCES Motivation Goal: build a model
More informationPARALLEL AND DISTRIBUTED PLATFORM FOR PLUG-AND-PLAY AGENT-BASED SIMULATIONS. Wentong CAI
PARALLEL AND DISTRIBUTED PLATFORM FOR PLUG-AND-PLAY AGENT-BASED SIMULATIONS Wentong CAI Parallel & Distributed Computing Centre School of Computer Engineering Nanyang Technological University Singapore
More informationValidation and Reverse Business Process Documentation of on line services
Geneva, Switzerland, 15-16 September 2014 ITU Workshop on ICT Security Standardization for Developing Countries (Geneva, Switzerland, 15-16 September 2014) Validation and Reverse Business Process Documentation
More informationKnowledge-Defined Networking: Towards Self-Driving Networks
Knowledge-Defined Networking: Towards Self-Driving Networks Albert Cabellos (UPC/BarcelonaTech, Spain) albert.cabellos@gmail.com 2nd IFIP/IEEE International Workshop on Analytics for Network and Service
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationHardware Flow Offload. What is it? Why you should matter?
Hardware Offload What is it? Why you should matter? Good News: Network Speed The market is moving from 10 Gbit to 40/100 Gbit At 40 Gbit frame inter-arrival time is ~16 nsec At 100 Gbit frame inter-arrival
More informationLatent Space Model for Road Networks to Predict Time-Varying Traffic. Presented by: Rob Fitzgerald Spring 2017
Latent Space Model for Road Networks to Predict Time-Varying Traffic Presented by: Rob Fitzgerald Spring 2017 Definition of Latent https://en.oxforddictionaries.com/definition/latent Latent Space Model?
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationDIAL: A Distributed Adaptive-Learning Routing Method in VDTNs
DIAL: A Distributed Adaptive-Learning Routing Method in VDTNs Authors: Bo Wu, Haiying Shen and Kang Chen Dept. of Electrical and Computer Engineering Clemson University, SC, USA 1 Outline Background Trace
More informationInformation-Agnostic Flow Scheduling for Commodity Data Centers. Kai Chen SING Group, CSE Department, HKUST May 16, Stanford University
Information-Agnostic Flow Scheduling for Commodity Data Centers Kai Chen SING Group, CSE Department, HKUST May 16, 2016 @ Stanford University 1 SING Testbed Cluster Electrical Packet Switch, 1G (x10) Electrical
More informationAffordable High-Speed Sensors Everywhere. ntop Meetup Flocon 2016, Daytona Beach Jan 13th 2016
Affordable High-Speed Sensors Everywhere ntop Meetup Flocon 2016, Daytona Beach Jan 13th 2016 Welcome to the ntop Meetup Meeting Goals: Meet ntop users Describe our ideas and plans for 2016 Hear your comments
More informationForescout. Configuration Guide. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationndpi & Machine Learning A future concrete idea
ndpi & Machine Learning A future concrete idea 1. Conjunction between DPI & ML 2. Introduction to Tensorflow and ConvNet project Traffic classification approaches Category Classification methodology Attribute(s)
More informationContent distribution networks
Content distribution networks v challenge: how to stream content (selected from millions of videos) to hundreds of thousands of simultaneous users? v option 2: store/serve multiple copies of videos at
More informationRequirement Discussion of Flow-Based Flow Control(FFC)
Requirement Discussion of Flow-Based Flow Control(FFC) Nongda Hu Yolanda Yu hunongda@huawei.com yolanda.yu@huawei.com IEEE 802.1 DCB, Stuttgart, May 2017 www.huawei.com new-dcb-yolanda-ffc-proposal-0517-v01
More informationRouter s Queue Management
Router s Queue Management Manages sharing of (i) buffer space (ii) bandwidth Q1: Which packet to drop when queue is full? Q2: Which packet to send next? FIFO + Drop Tail Keep a single queue Answer to Q1:
More informationDDoS Protection in Backbone Networks
DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,
More informationInternet Inter-Domain Traffic. C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, F. Jahanian, Proc. of SIGCOMM 2010
Internet Inter-Domain Traffic C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, F. Jahanian, Proc. of SIGCOMM 2010 Motivation! Measuring the Internet is hard! Significant previous work on Router
More informationTackling the data analytics dilemma for predictive maintenance Dawen Nozdryn-Plotnicki Advanced Analytics Dave Kinney Technical Fellow September 2017
Tackling the data analytics dilemma for predictive maintenance Dawen Nozdryn-Plotnicki Advanced Analytics Dave Kinney Technical Fellow September 2017 BOEING PROPRIETARY Copyright 2017 Boeing. All rights
More informationInternet Traffic Classification using Machine Learning
Internet Traffic Classification using Machine Learning by Alina Lapina 2018, UiO, INF5050 Alina Lapina, Master student at IFI, Full stack developer at Ciber Experis 2 Based on Thuy T. T. Nguyen, Grenville
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationA Brief Introduction to Data Mining
A Brief Introduction to Data Mining L. Torgo ltorgo@dcc.fc.up.pt Departamento de Ciência de Computadores Faculdade de Ciências / Universidade do Porto Sept, 2014 Introduction Motivation for Data Mining?
More informationAn AI-driven Malfunction Detection Concept
Deutsches Forschungszentrum für Künstliche Intelligenz German Research Centre for Artificial An AI-driven Malfunction Detection Concept fornfvinstancesin5g Julian Ahrens Mathias Strufe Lia Ahrens Hans
More informationEvolved Multimedia Broadcast/Multicast Service (embms) in LTE-advanced
Evolved Multimedia Broadcast/Multicast Service (embms) in LTE-advanced 1 Evolved Multimedia Broadcast/Multicast Service (embms) in LTE-advanced Separation of control plane and data plane Image from: Lecompte
More informationUNIVERSITY OF CASTILLA-LA MANCHA. Computing Systems Department
UNIVERSITY OF CASTILLA-LA MANCHA Computing Systems Department A case study on implementing virtual 5D torus networks using network components of lower dimensionality HiPINEB 2017 Francisco José Andújar
More informationNetwork Traffic Measurements and Analysis
DEIB - Politecnico di Milano Fall, 2017 Introduction Often, we have only a set of features x = x 1, x 2,, x n, but no associated response y. Therefore we are not interested in prediction nor classification,
More informationIntroduction to Data Mining
Introduction to Data Mining Lecture #14: Clustering Seoul National University 1 In This Lecture Learn the motivation, applications, and goal of clustering Understand the basic methods of clustering (bottom-up
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationDetecting Botnets Using Cisco NetFlow Protocol
Detecting Botnets Using Cisco NetFlow Protocol Royce Clarenz C. Ocampo 1, *, and Gregory G. Cu 2 1 Computer Technology Department, College of Computer Studies, De La Salle University, Manila 2 Software
More informationA Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models
A Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models Marc Ph. Stoecklin Jean-Yves Le Boudec Andreas Kind
More informationIQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.
IQ for DNA Interactive Query for Dynamic Network Analytics Haoyu Song www.huawei.com Motivation Service Provider s pain point Lack of real-time and full visibility of networks, so the network monitoring
More informationDesign and Development of Secure Data Cache Framework. Please purchase PDF Split-Merge on to remove this watermark.
Design and Development of Secure Data Cache Framework CHAPTER 6 DESIGN AND DEVELOPMENT OF A SECURE DATA CACHE FRAMEWORK The nodes of the MANETs act as host and a router without trustworthy gateways. An
More informationIt was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to
1 2 It was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to keep putting garbage characters into the command
More informationMachine Learning and Next-Generation Intrusion Prevention System (NGIPS)
A Trend Micro White Paper May 2017 Machine Learning and Next-Generation Intrusion Prevention System (NGIPS) Building a smarter NGIPS >> How Trend Micro is using machine learning to tackle today s complex
More informationSEER: LEVERAGING BIG DATA TO NAVIGATE THE COMPLEXITY OF PERFORMANCE DEBUGGING IN CLOUD MICROSERVICES
SEER: LEVERAGING BIG DATA TO NAVIGATE THE COMPLEXITY OF PERFORMANCE DEBUGGING IN CLOUD MICROSERVICES Yu Gan, Yanqi Zhang, Kelvin Hu, Dailun Cheng, Yuan He, Meghna Pancholi, and Christina Delimitrou Cornell
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationVirtualWisdom â ProbeNAS Brief
TECH BRIEF VirtualWisdom â ProbeNAS Brief Business Drivers and Business Value for VirtualWisdom Infrastructure is expensive, costly to maintain, and often difficult to scale. While transitioning to virtualized
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationA Network-aware Scheduler in Data-parallel Clusters for High Performance
A Network-aware Scheduler in Data-parallel Clusters for High Performance Zhuozhao Li, Haiying Shen and Ankur Sarker Department of Computer Science University of Virginia May, 2018 1/61 Data-parallel clusters
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
FUT2634PU Big Data for the 99% (of Enterprises) #VMworld #FUT2634PU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents
More informationApplication of Genetic Algorithms to CFD. Cameron McCartney
Application of Genetic Algorithms to CFD Cameron McCartney Introduction define and describe genetic algorithms (GAs) and genetic programming (GP) propose possible applications of GA/GP to CFD Application
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationNetwork Security. Tadayoshi Kohno
CSE 484 (Winter 2011) Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationGenerating Representative Traffic for Intrusion Detection System Benchmarking
Generating Representative Traffic for Intrusion Detection System Benchmarking H. Güneş Kayacık, Nur Zincir-Heywood Dalhousie University, Faculty of Computer Science, 6050 University Avenue, Halifax, Nova
More informationTransport Layer (Congestion Control)
Transport Layer (Congestion Control) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Congestion Collapse Congestion
More informationPerformance Modeling
Performance Modeling EECS 489 Computer Networks http://www.eecs.umich.edu/~zmao/eecs489 Z. Morley Mao Tuesday Sept 14, 2004 Acknowledgement: Some slides taken from Kurose&Ross and Katz&Stoica 1 Administrivia
More informationBattle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
More informationIs Host-Based Anomaly Detection + Temporal Correlation = Worm Causality?
Is Host-Based Anomaly Detection + Temporal Correlation = Worm Causality? Vyas Sekar, Yinglian Xie, Michael K. Reiter, Hui Zhang March 6, 27 CMU-CS-7-112 School of Computer Science Carnegie Mellon University
More informationModel-based Measurements Of Network Loss
Model-based Measurements Of Network Loss June 28, 2013 Mirja Kühlewind mirja.kuehlewind@ikr.uni-stuttgart.de Universität Stuttgart Institute of Communication Networks and Computer Engineering (IKR) Prof.
More informationWorkload Prediction For Efficient Performance Isolation And System Reliability
College of William and Mary W&M ScholarWorks Dissertations, Theses, and Masters Projects Theses, Dissertations, & Master Projects Spring 217 Workload Prediction For Efficient Performance Isolation And
More informationCongestion Collapse in the 1980s
Congestion Collapse Congestion Collapse in the 1980s Early TCP used fixed size window (e.g., 8 packets) Initially fine for reliability But something happened as the ARPANET grew Links stayed busy but transfer
More informationChallenges in Ubiquitous Data Mining
LIAAD-INESC Porto, University of Porto, Portugal jgama@fep.up.pt 1 2 Very-short-term Forecasting in Photovoltaic Systems 3 4 Problem Formulation: Network Data Model Querying Model Query = Q( n i=0 S i)
More informationDetection of Anomalies using Online Oversampling PCA
Detection of Anomalies using Online Oversampling PCA Miss Supriya A. Bagane, Prof. Sonali Patil Abstract Anomaly detection is the process of identifying unexpected behavior and it is an important research
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationLecture 18. Questions? Monday, February 20 CS 430 Artificial Intelligence - Lecture 18 1
Lecture 18 Questions? Monday, February 20 CS 430 Artificial Intelligence - Lecture 18 1 Outline Chapter 6 - Constraint Satisfaction Problems Path Consistency & Global Constraints Sudoku Example Backtracking
More information