1 Dynamic Adaptation of Temporal Event Correlation Rules Rean Griffith‡, Gail Kaiser‡ Joseph Hellerstein, Yixin Diao Presented by Rean Griffith

Slides:

Advertisements

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Advertisements

A Trajectory-Preserving Synchronization Method for Collaborative Visualization Lewis W.F. Li* Frederick W.B. Li** Rynson W.H. Lau** City University of.

Causal Delivery (Thomas) Matt Guinn CS523, Spring 2006.

Presented by: Richard Wood. Goals and strategies Methods Performance evaluation Performance improvements Remaining Challenges.

Efficient Event-based Resource Discovery Wei Yan*, Songlin Hu*, Vinod Muthusamy +, Hans-Arno Jacobsen +, Li Zha* * Chinese Academy of Sciences, Beijing.

Automatic Misconfiguration Troubleshooting with PeerPressure Helen J. Wang, John C. Platt, Yu Chen, Ruyun Zhang, Yi-Min Wang Microsoft Research Presenter:

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

Estimating TCP Latency Approximately with Passive Measurements Sriharsha Gangam, Jaideep Chandrashekar, Ítalo Cunha, Jim Kurose.

A correlation method for establishing provenance of timestamps in digital evidence By: Bradley Schatz*, George Mohay, Andrew Clark From: Information Security.

Chapter 6 outline r 6.1 Multimedia Networking Applications r 6.2 Streaming stored audio and video m RTSP r 6.3 Real-time, Interactive Multimedia: Internet.

Are You Moved by Your Social Network Application? Gregory Peaker.

Probabilistic Aggregation in Distributed Networks Ling Huang, Ben Zhao, Anthony Joseph and John Kubiatowicz {hling, ravenben, adj,

PTIDES: Programming Temporally Integrated Distributed Embedded Systems Yang Zhao, EECS, UC Berkeley Edward A. Lee, EECS, UC Berkeley Jie Liu, Microsoft.

Dynamic Tuning of the IEEE Protocol to Achieve a Theoretical Throughput Limit Frederico Calì, Marco Conti, and Enrico Gregori IEEE/ACM TRANSACTIONS.

Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.

1 A Queuing Formulation of Intrusion Detection with Active and Passive Responses Wei T. Yue, Metin Cakanyildirim, Young U. Ryu Department of Information.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 15th Lecture Christian Schindelhauer.

Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.

1 Action Breakout Session Anil, AP, Nina Bhatti, Charles Berdnall, Joe Hellerstein, Wei Hu, Anthony Joseph, Randy Katz, Li, Machi Mukund Kimmo Raatikanen,

Copyright ©2009 Opher Etzion Event Processing Course Lecture 10 – Focal points on challenging topics (related to chapter 11)

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 13th Lecture Christian Schindelhauer.

User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

EEC-681/781 Distributed Computing Systems Lecture 10 Wenbing Zhao Cleveland State University.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

A Signal Analysis of Network Traffic Anomalies Paul Barford, Jeffrey Kline, David Plonka, and Amos Ron.

Lecture 12 Synchronization. EECE 411: Design of Distributed Software Applications Summary so far … A distributed system is: a collection of independent.

Avoiding Idle Waiting in the execution of Continuous Queries Carlo Zaniolo CSD CS240B Notes April 2008.

Time, Clocks, and the Ordering of Events in a Distributed System Leslie Lamport (1978) Presented by: Yoav Kantor.

Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.

IGMP and MLD Optimization in Wireless and Mobile Networks 1 draft-liu-multimob-igmp-mld-wireless-mobile-00.

Chapter 7 Configuring & Managing Distributed File System

Jani Pousi Supervisor: Jukka Manner Espoo,

1 Issues in Benchmarking Intrusion Detection Systems Marcus J. Ranum.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services

DNS (Domain Name System) Protocol On the Internet, the DNS associates various sorts of information with domain names. A domain name is a meaningful and.

Database Replication Policies for Dynamic Content Applications Gokul Soundararajan, Cristiana Amza, Ashvin Goel University of Toronto EuroSys 2006: Leuven,

Module 13: Maintaining Software by Using Windows Server Update Services.

Heterogeneity and Dynamicity of Clouds at Scale: Google Trace Analysis [1] 4/24/2014 Presented by: Rakesh Kumar [1 ]

By Qian Deng MobiUS: Enable Together-Viewing Video Experience across Two Mobile Devices.

Overcast: Reliable Multicasting with an Overlay Network CS294 Paul Burstein 9/15/2003.

Microsoft Application Virtualization 5.0: Introduction Mohnish Chaturvedi & Ian Bartlett Premier Field Engineer WCL312.

Relationship Between in-situ Information and ex-situ Metrology in Metal Etch Processes Jill Card, An Cao, Wai Chan, Bill Martin, Yi-Min Lai IBEX Process.

CS 5204 (FALL 2005)1 Leases: An Efficient Fault Tolerant Mechanism for Distributed File Cache Consistency Gray and Cheriton By Farid Merchant Date: 9/21/05.

MOJO: A Distributed Physical Layer Anomaly Detection System for WLANs Richard D. Gopaul CSCI 388.

Breno de MedeirosFlorida State University Fall 2005 Network Intrusion Detection Systems Beyond packet filtering.

IPDPS 2005, slide 1 Automatic Construction and Evaluation of “Performance Skeletons” ( Predicting Performance in an Unpredictable World ) Sukhdeep Sodhi.

DISTRIBUTED ALGORITHMS By Nancy.A.Lynch Chapter 18 LOGICAL TIME By Sudha Elavarti.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.

Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.

DCIM: Distributed Cache Invalidation Method for Maintaining Cache Consistency in Wireless Mobile Networks.

KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.

Consensus Extraction from Heterogeneous Detectors to Improve Performance over Network Traffic Anomaly Detection Jing Gao 1, Wei Fan 2, Deepak Turaga 2,

An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.

Uncertain Observation Times Shaunak Chatterjee & Stuart Russell Computer Science Division University of California, Berkeley.

By Nitin Bahadur Gokul Nadathur Department of Computer Sciences University of Wisconsin-Madison Spring 2000.

Module 11: Configuring and Managing Distributed File System.

GangLL Gang Scheduling on the IBM SP Andy B. Yoo and Morris A. Jette Lawrence Livermore National Laboratory.

Mining Data Streams with Periodically changing Distributions Yingying Tao, Tamer Ozsu CIKM’09 Supervisor Dr Koh Speaker Nonhlanhla Shongwe April 26,

Under the Guidance of V.Rajashekhar M.Tech Assistant Professor

Abhinav Kamra, Vishal Misra CS Department Columbia University

Virtualization Review and Discussion

Configuration Fuzzing for Software Vulnerability Detection

Action Breakout Session

Sharing Content through Multiple Channels

QianZhu, Liang Chen and Gagan Agrawal

Roland Kwitt & Tobias Strohmeier

Control Theory in Log Processing Systems

Presentation transcript:

1 Dynamic Adaptation of Temporal Event Correlation Rules Rean Griffith‡, Gail Kaiser‡ Joseph Hellerstein*, Yixin Diao* Presented by Rean Griffith ‡ - Programming Systems Lab (PSL) Columbia University * - IBM Thomas J. Watson Research Center

2 Overview Introduction Problem Solution System Architecture How it works – Feed-forward control Experiments Results I, II, III Conclusions & Future work

3 Introduction Temporal event correlation is essential to realizing self-managing distributed systems. For example, correlating multiple event streams from multiple event sources to detect: System health/live-ness Processing delays in single/multi-machine systems Denial of service attacks Anomalous application/machine-behavior

4 Problem Time-bounds that guide event stream analysis are usually fixed. Based on “guesstimates” that ignore dynamic changes in the operating environment Fixed time-bounds may result in false-alarms that distract administrators from responding to real problems. Issues with client-side timestamps (even with clock synchronization).

5 Solution Use time-bounds as the basis for temporal rules, but introduce an element of “fuzz” based on detected changes in the operating environment. To detect changes in the operating environment introduce Calibration Event Generators which generate sequences of events (Calibration frames) at a known resolution. Use the difference in the arrival times of calibration events to determine the “fuzz” to use. Only time-stamps at the receiver count.

6 System Architecture

7 How it works – Feed-forward Control Use the difference in the arrival times of calibration events within a calibration frame (less the generator resolution) as an observation of “propagation skew”. Record last N observations of propagation skew. Sort these observations and use the median as the “fuzz” to add to timer rules Using the median prevents overreaction to transient spikes.

8 Experiments Linux 2.6 3GHz, 1GB RAM Linux 2.6 3GHz, 1GB RAM Windows XP SP2, 3GHz, 1GB RAM Linux 2.6 3GHz, 1GB RAM Configuration A 3-machine Calibration Event Generator Siena Event Router Event DistillerN/A Configuration B 3-machine Calibration Event Generator Siena Event Router N/AEvent Distiller Configuration C 2-machine Calibration Event Generator N/ASiena Event Router + Event Distiller N/A Configuration D 2-machine Calibration Event Generator Siena Event Router + Event Distiller N/A

9 Results I – Propagation Skews 3-machine 2-machine Windows + LinuxAll Linux

10 Results II - Autocorrelations 3-machine 2-machine Windows + LinuxAll Linux A B CD

11 Results III – Sensitivity to N (Run 3 Configuration C) Most accurate N (observation window size) depends on: Actual conditions AND initial fuzz factor setting Generator set to produce 241/445 “real” failures With large N we use initial fuzz factor longer, erroneously reporting fewer “real failures” (when we’re missing real problems) Initial fuzz factor setting = 500 ms 80%+ accuracy with smaller N. Initial fuzz factor setting = 0 ms 85%-90% accuracy with smaller N

12 Conclusions There is more to our notion of “propagation skew” than network delays. Resource contention at the receiver on certain platforms as seen in configuration C (2-machine Linux + Windows setups) also affects our observations. Near optimal settings automatically achieved by managing the tradeoff between larger observation windows and the ability to respond quickly to changes in the environment. Feed-forward control useful in building self-regulating systems that rely on temporal event correlation.

13 Comments, Questions, Queries Thank you for your time and attention. Contact: Rean Griffith

14 Event Package Events Represented as Siena Notifications of size ~80 bytes