Network Data Collection Infrastructure to Detect Security Anomalies

Slides:

Advertisements

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Advertisements

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Design and Implementation of SIP-aware DDoS Attack Detection System.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

K E Y : SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Application Provider Visualization Access Analytics Curation Collection.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.

CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

K E Y : SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Transformation Provider Visualization Access Analytics Curation Collection.

PART3 Data collection methodology and NM paradigms 1.

WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

Network Management Mechanisms Two major network management protocols: Simple Network Management Protocol (SNMP) Common Management Information Protocol.

K E Y : DATA SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Hardware (Storage, Networking, etc.) Big Data Framework Scalable.

ODL based AI/ML for Networks Prem Sankar Gopannan, Ericsson

Towards High Performance Processing of Streaming Data May Supun Kamburugamuve, Saliya Ekanayake, Milinda Pathirage and Geoffrey C. Fox Indiana.

PART1 Data collection methodology and NM paradigms 1.

Cybersecurity concerns persist Global attacks are increasing and costs are rising 4 Cybercrime extracts between 15% and 20% of the value created by.

The Network Aware IoT Service at Edge Guoxi Wang.

Data Center Power Analytics

Platform as a Service (PaaS)

OpenDaylight Based Machine Learning for Networks

IoT Security Part 2, The Malware

Latency and Communication Challenges in Automated Manufacturing

Overview of Research in Dependable Computing Systems Lab

Platform as a Service (PaaS)

Current State of the Dasvis Project and Ideas for Moving Forward

TrueSight Operations Management 11.0 Architecture

Heitor Moraes, Marcos Vieira, Italo Cunha, Dorgival Guedes

Apache Spot (Incubating)

Alina Oprea Associate Professor, CCIS Northeastern University

MadeCR: Correlation-based Malware Detection for Cognitive Radio

Connected Maintenance Solution

Distributed Network Traffic Feature Extraction for a Real-time IDS

Real-time protection for web sites and web apps against ATTACKS

Virtual laboratories in cloud infrastructure of educational institutions Evgeniy Pluzhnik, Evgeniy Nikulchev, Moscow Technological Institute

Applying Control Theory to Stream Processing Systems

Data Center Power Analytics

Connected Maintenance Solution

Flow Collection and Analytics

Presented By: #NercompPDO3

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

In-Memory Performance

Data collection methodology and NM paradigms

Network Monitoring System

OPERATING SYSTEM OVERVIEW

A Survey on Distributed File Systems

Capitalize on modern technology

Intercept X for Server Early Access Program Sophos Tester

Capriccio – A Thread Model

湖南大学-信息科学与工程学院-计算机与科学系

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

AKAMAI INTELLIGENT PLATFORM™

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

External Sorting The slides for this text are organized into chapters. This lecture covers Chapter 11. Chapter 1: Introduction to Database Systems Chapter.

RM3G: Next Generation Recovery Manager

In-Memory NoSql Aerospike

Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.

Advanced Geospatial Techniques: Aiding Earth Observation Applications

PCAV: Evaluation of Parallel Coordinates Attack Visualization

What’s New In WatchGuard Wi-Fi Cloud v8.6

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Presentation transcript:

Network Data Collection Infrastructure to Detect Security Anomalies Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Overview Goals Determine the performance impact of deploying sFlow/NetFlow data collection in MOC Set up a local staging environment to measure performance impact of network traffic collection Deploy sFlow data collection on Brocade fabric in Engage1 environment Use machine learning algorithms to detect security anomalies and improve cloud security Overview Staging Environment MongoDB Schema Engage1 Environment Analytics

Network Data Collection Infrastructure to Detect Security Anomalies Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Staging Environment Experiment Goal Determine performance impact of deploying sFlow data collection in MOC Metrics Latency - delay between when a request is issued and when is completed Throughput - number bytes per unit time transferred Control Issue requests from traffic generator to Apache HTTP server Record latency and throughput values Repeat steps 1 and 2 for 10 times Increment number of requests and repeat until maximum is reached Test Set sampling rate and polling interval on Brocade VDX switch Run control experiment and repeat for different parameters Determine optimal configuration of switch parameters Overview Staging Environment MongoDB Schema Engage1 Environment Analytics

Network Data Collection Infrastructure to Detect Security Anomalies Gen Ohta and Alina Oprea, Northeastern University, Boston, USA MongoDB Schema Overview Staging Environment Persistent storage Internal and external flows Persist data in NoSQL database Common fields for sFlow/NetFlow Can index on multiple fields MongoDB Schema Engage1 Environment Analytics

Network Data Collection Infrastructure to Detect Security Anomalies Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Engage1 Environment Overview Staging Environment Data Collection Deploy data collection on all switches in Brocade fabric in Engage 1 HPC cluster Deploy Brocade flow collector on multiple servers Create MongoDB cluster to store sFlow data MongoDB Schema Engage1 Environment Analytics

Network Data Collection Infrastructure to Detect Security Anomalies Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Analytics for security applications Use cases Detect suspicious communication with external IP addresses Detect data exfiltration attempts Prevent DDoS attacks Prevent cloud abuse malware infection, application exploits, illegal use of cloud resources Techniques Graph modeling of internal and external communication patterns Correlate with performance metrics collected by monitoring team CPU, I/O, memory, power Machine learning algorithms: clustering, graph propagation, outlier detection, time-series anomaly detection Overview Staging Environment MongoDB Schema Engage1 Environment Analytics