Mircea Iordache, Simon Jouet, Angelos K. Marnerides, Dimitrios P

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Stable Load Control with Load Prediction in Multipath Packet Forwarding IlKyu Park, Youngseok Lee, and Yanghee Choi Proc. 15 th IEEE Int l conf. on Information.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

High Performance Router Architectures for Network- based Computing By Dr. Timothy Mark Pinkston University of South California Computer Engineering Division.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.

Router Architectures An overview of router architectures.

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.

Management for IP-based Applications Mike Fisher BTexaCT Research

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.

1 New Algorithms and Protocols: Development and Testing at HPGC Research Lab PATH: measures Bottleneck Bandwidth PATH: measures Bottleneck Bandwidth Testing.

4: Network Layer4b-1 OSPF (Open Shortest Path First) r “open”: publicly available r Uses Link State algorithm m LS packet dissemination m Topology map.

Introducing a New Concept in Networking Fluid Networking S. Wood Nov Copyright 2006 Modern Systems Research.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Brocade Flow Optimizer

for SDN-based flow handover in wireless environments Daniel Corujo Carlos Guimarães Rui L. Aguiar

MPLS Introduction How MPLS Works ?? MPLS - The Motivation MPLS Application MPLS Advantages Conclusion.

1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.

PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton.

An evolutionary approach to G-MPLS ensuring a smooth migration of legacy networks Ben Martens Alcatel USA.

In the name of God.

Denial of Service Mitigation with OpenFlow using SciPass

Internet Quarantine: Requirements for Containing Self-Propagating Code

Instructor Materials Chapter 1: LAN Design

Problem: Internet diagnostics and forensics

An Architecture for Wireless LAN/WAN Integration

About Me Name: Yaokai Feng, from Kyushu University

Lecture 2: Cloud Computing

Progress of Network Architecture Work in FG IMT-2020

Distributed Mobility Management for Future 5G Networks : Overview and Analysis of Existing Approaches IEEE Wireless Communications January 2015 F. Giust,

University of Maryland College Park

Architecture and Algorithms for an IEEE 802

MadeCR: Correlation-based Malware Detection for Cognitive Radio

A Survey of Data Center Network Architectures By Obasuyi Edokpolor

Improving searches through community clustering of information

Campus Communications Fabric

Routing and Switching Fabrics

Revisiting Ethernet: Plug-and-play made scalable and efficient

Network Topics. Network Topics Initial Thoughts Network configuration management SDN exploitation Load balancing (firewalls, external traffic) Virtual.

ECE 671 – Lecture 1 Introduction.

Worm Origin Identification Using Random Moonwalks

CS 268: Computer Networking

Internet Networking recitation #4

Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University.

Defending Against DDoS

Marrying OpenStack and Bare-Metal Cloud

Preventing Internet Denial-of-Service with Capabilities

CS 31006: Computer Networks – The Routers

Overlay Networking Overview.

ECE 671 – Lecture 1 Introduction.

Abeer Ali, Dimitrios Pezaros, Christos Anagnostopoulos

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Chapter 3 VLANs Chaffee County Academy

Cloud-Enabling Technology

Uncertainty-driven Ensemble Forecasting of QoS in Software Defined Networks Kostas Kolomvatsos1, Christos Anagnostopoulos2, Angelos Marnerides3, Qiang.

EE 122: Lecture 22 (Overlay Networks)

Routing and Switching Fabrics

In-network computation

Control-Data Plane Separation

Presentation transcript:

Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks Mircea Iordache, Simon Jouet, Angelos K. Marnerides, Dimitrios P. Pezaros m.iordache-sica.1@research.glasgow.ac.uk https://netlab.dcs.gla.ac.uk School of Computing Science NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Background & Motivation Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks Background & Motivation Core Agg Edge Rack ADS Approach Edge Rack Notify Agg ADS Results Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Network Anomaly Detection Systems (ADS) Network ADS are integral part of modern DC Ensure high-availability, many-9s SLAs, security Detect (and prevent) network anomalies Malicious: (D)DoS, Malware, Firewall, Exploits… Erroneous: Misconfiguration (network loops), faulty NIC… Two common approaches: Signature-based: detect patterns in packet content or features. (SNORT, SURICATA) Statistics-based: detect deviations from normal network behaviour (Prelude IDS, ACID) Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Deployment Current approach New Philosophy Fixed point detection (limited network knowledge) Little (if any) state sharing New Philosophy Move detection closer to Edge Switches and Rack Increase communication between multiple ADS ADS Core ADS ADS Agg Agg Edge Edge Edge Edge Edge Edge Edge Edge Rack Rack Rack Rack Rack Rack Rack Rack Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Proposed Architecture Move detection to Edge Propagate up to the Core for higher accuracy Source pinpointing for efficient mitigation Share partial knowledge via voting Modular components Focus on small tasks Run on Network Nodes (switches, routers) Flexible mapping to the Network Fabric Scale of deployment based on network demand Leverage SDN Inform Controller of any issues Let Controller handle mitigation strategy Core Agg Agg Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Rack Rack Rack Rack Rack Rack Rack Rack Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Communication Model Core ADS Agg Agg Agg Edge Edge Edge Edge Edge Edge Confirm Anomaly Notify Upstream Agg Agg Agg ADS Anomaly Detected Edge Edge Edge Edge Edge Edge Edge Edge ADS ADS ADS ADS ADS ADS ADS ADS ADS Rack Rack Rack Rack Rack Rack Rack Rack Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Path Reconstruction Create a tree structure of involved ADS modules Based on Notification tracing Can pinpoint source or convergence point Efficient mitigation, reduce congestion Can use controller for strategic decisions Most likely paths, source(s) Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Detection Accuracy Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Path Reconstruction Capabilities Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Bandwidth Saving From Pinpointing Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Questions? Mircea Iordache m.iordache-sica.1@research.gla.ac.uk Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017