Multiresolution Semantic Visualization of Network Traffic Alefiya Hussain, Arun Viswanathan USC/Information Sciences Institute Discover PatternsCreate.

Slides:



Advertisements
Similar presentations
Abstract There is significant need to improve existing techniques for clustering multivariate network traffic flow record and quickly infer underlying.
Advertisements

Kensington Oracle Edition: Open Discovery Workflow Meets Oracle 10g Professor Yike Guo.
Copyright © 2002 Cycorp Introduction Fundamental Expression Types Top Level Collections Time and Dates Spatial Properties and Relations Event Types Information.
This work was supported by the TRUST Center (NSF award number CCF ) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.
9/15/2008 CTBTO Data Mining/Data Fusion Workshop 1 Spatiotemporal Stream Mining Applied to Seismic+ Data Margaret H. Dunham CSE Department Southern Methodist.
MICHAEL MILFORD, DAVID PRASSER, AND GORDON WYETH FOLAMI ALAMUDUN GRADUATE STUDENT COMPUTER SCIENCE & ENGINEERING TEXAS A&M UNIVERSITY RatSLAM on the Edge:
Funding Networks Abdullah Sevincer University of Nevada, Reno Department of Computer Science & Engineering.
GeoInformatics Discussion Group Betty Salzberg & Peggy Agouris.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Cascading Spatio-Temporal Pattern Discovery P. Mohan, S.Shekhar, J. Shine, J. Rogers CSci 8715 Presented by: Atanu Roy Akash Agrawal.
Research on Intelligent Information Systems Himanshu Gupta Michael Kifer Annie Liu C.R. Ramakrishnan I.V. Ramakrishnan Amanda Stent David Warren Anita.
Chapter 10: Stream-based Data Management Title: Design, Implementation, and Evaluation of the Linear Road Benchmark on the Stream Processing Core Authors:
Vulnerabilities of Passive Internet Threat Monitors Yoichi Shinoda Japan Advanced Institute of Science and Technology Ko Ikai National Police Agency, Japan.
An Introduction to Software Visualization Dr. Jonathan I. Maletic Software DevelopMent Laboratory Department of Computer Science Kent State University.
Mobile Photos April 17, Auto Extraction of Flickr Tags Unstructured text labels Extract structured knowledge Place and event semantics Scale-structure.
Algorithm: For all e E t, define X e = {w e if e G t, 1 - w e otherwise}. Measure likelihood of substructure S by. Flag S as anomalous if, where is an.
Data mining in large spatiotemporal data sets Dr Amy McGovern Associate Professor, School of Computer Science Adjunct Associate Professor,
Data Mining: Concepts & Techniques. Motivation: Necessity is the Mother of Invention Data explosion problem –Automated data collection tools and mature.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
OLAM and Data Mining: Concepts and Techniques. Introduction Data explosion problem: –Automated data collection tools and mature database technology lead.
GeoPKDD Geographic Privacy-aware Knowledge Discovery and Delivery Kick-off meeting Pisa, March 14, 2005.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
Data Mining Techniques As Tools for Analysis of Customer Behavior
Data Mining Chun-Hung Chou
Context and Prosopography: Putting the 'Archives' Into LOD-LAM Corey A Harper SAA MDOR
Unit 2: Engineering Design Process
Interactions. 2 Objects communicate with each other by sending messages. Sending a message is another name for a member function call. –Some C++ examples.
Last Words COSC Big Data (frameworks and environments to analyze big datasets) has become a hot topic; it is a mixture of data analysis, data mining,
Yvonne M. Hansen Visualization for Thinking, Planning, and Problem Solving Simple, graphic shapes, the building blocks of a graphical language, play an.
N. Laskaris. [ IEEE SP Magazine, May 2004 ] N. Laskaris, S. Fotopoulos, A. Ioannides ENTER-2001.
Science & Technology Centers Program Center for Science of Information Bryn Mawr Howard MIT Princeton Purdue Stanford Texas A&M UC Berkeley UC San Diego.
A Framework for Mining Signatures from Event Sequences and Its Applications in Healthcare Data.
Multimedia Information Retrieval and Multimedia Data Mining Chengcui Zhang Assistant Professor Dept. of Computer and Information Science University of.
©NEC Laboratories America 1 Huadong Liu (U. of Tennessee) Hui Zhang, Rauf Izmailov, Guofei Jiang, Xiaoqiao Meng (NEC Labs America) Presented by: Hui Zhang.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Knowledge Discovery from Mobile Phone Communication Activity Data Streams Fergal Walsh Data Stream Research presented in this poster was funded by a Strategic.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lifecycle Metadata for Digital Objects November 1, 2004 Descriptive Metadata: “Modeling the World”
Indirect Supervision Protocols for Learning in Natural Language Processing II. Learning by Inventing Binary Labels This work is supported by DARPA funding.
Major Disciplines in Computer Science Ken Nguyen Department of Information Technology Clayton State University.
Event-Centric Summary Generation Lucy Vanderwende, Michele Banko and Arul Menezes One Microsoft Way, WA, USA DUC 2004.
Challenges in Mining Large Image Datasets Jelena Tešić, B.S. Manjunath University of California, Santa Barbara
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Reviewed by Dave Lim.
Mining Weather Data for Decision Support Roy George Army High Performance Computing Research Center Clark Atlanta University Atlanta, GA
GeoSpatial and GeoTemporal Informatics for dynamic and complex systems May Yuan.
Conceptual Mapping Enhancing Design Ideation CONCEPTUAL MAPPING IN THE DESIGN of VIRTUAL ARCHITECTURE PL A C E S I N C Y B E R S P A C E RIVKA OXMAN TECHNION.
Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)
An Introduction Student Name: Riaz Ahmad Program: MSIT( ) Subject: Data warehouse & Data Mining.
Copyright © 2001, SAS Institute Inc. All rights reserved. Data Mining Methods: Applications, Problems and Opportunities in the Public Sector John Stultz,
Andrey Karaulov, Alexander Strabykin Institute for System Programming Russian Academy of Sciences SYRCoSE: Spring Young Researchers Colloquium on Software.
Scientific Data Analysis via Statistical Learning Raquel Romano romano at hpcrd dot lbl dot gov November 2006.
Discovering Evolutionary Theme Patterns from Text -An exploration of Temporal Text Mining KDD’05, August 21–24, 2005, Chicago, Illinois, USA. Qiaozhu Mei.
Maikel Leemans Wil M.P. van der Aalst. Process Mining in Software Systems 2 System under Study (SUS) Functional perspective Focus: User requests Functional.
Data Mining - Introduction Compiled By: Umair Yaqub Lecturer Govt. Murray College Sialkot.
1 Dimensions / Depth James Slack CPSC 533C February 10, 2003.
Data mining in web applications
IB Assessments CRITERION!!!.
CSE5544 Final Project Interactive Visualization Tool(s) for IEEE Vis Publication Exploration and Analysis Team Name: Publication Miner Team Members:
CSE5544 Final Project Interactive Visualization Tool(s) for IEEE Vis Publication Exploration and Analysis Team Name: Publication Miner Team Members:
Introduction C.Eng 714 Spring 2010.
Datamining : Refers to extracting or mining knowledge from large amounts of data Applications : Market Analysis Fraud Detection Customer Retention Production.
Mixture of Mutually Exciting Processes for Viral Diffusion
Data Warehousing and Data Mining
Grant Number: IIS Institution of PI: WPI PIs: Matthew O
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
Data Mining.
Presentation transcript:

Multiresolution Semantic Visualization of Network Traffic Alefiya Hussain, Arun Viswanathan USC/Information Sciences Institute Discover PatternsCreate Models Update kbase

Goal: Understand behavior in large volume and variety network traffic Need: 1. Associate meaning to the data; 2. Save discoveries and build upon them Approach: create models in a kbase, systematically explore complex and subtle spatial and temporal patterns

Semantically Rich Semantically Devoid

Visualization System I: Discover PatternsII: Create Models III: Update kbase Generate Viz Use visualization to find a pattern: an ordered sequence of events Expressive logic- based abstract model captures the relationship between the events Labels all instances of the pattern in the data; creates abstract events to drive next iteration of visual analysis

I: Discover a Pattern Sense-making loop Example Attack: A large stream of packets sent from a node in the network Behavior Model Attack Behavior Model Attack Symbol Symbol Meaning Attacker Meaning Attacker Associate MatchRepresents

II: Create Models State 1 State n State 1 State 2 State 3State 4State 6 State 5 Behavior 2 Behavior 2 Behavior 1 Behavior 1 Behavior: sequence of states related by causal relationships Model: Collection of behaviors 6 A model is an abstract representation of pattern in the data State: Sequence of events Arun Viswanathan, Alefiya Hussain, Jelena Mirkovic, Stephen Schwab, John Wroclawski, “A Semantic Analysis Framework for Data Analysis of Networked Systems”, USENIX NSDI, April 2011 Model Attack Model Attack Attacker

Causal Relationships 7 Logical Operators Temporal Operators Constraints Express rich patterns within data: - ordering - dependence - concurrency Model Attack Model Attack Attacker

III: Generate Visualization With Behavior Models Model Attack Model Attack Attacker Webserver Attacker Victim 1.Roles and Relationships are identified 2.Packets are visually encoded to highlight relationships

Goal: Understand behavior in large volume and variety network traffic Need: 1. Associate meaning to the data; 2. Save discoveries and build upon them Approach: visualize with create models in a kbase, systematically explore complex and subtle spatial and temporal patterns

Large Network: Scale, Volume, Variety

Interactive Exploration Spatial Reduction – highly connected networks – significant amount of redundancy in semantically relevant relationships – Connectivity profiles to summarize nodes Temporal Reduction – useful to observe trends or change patterns in network data – aggregating groups of events based on time. – Behavior-based clustering to summarize events

Connectivity profiles based on locality Connectivity profiles based on behavior Spatial Reduction + Resolution + HighLow Subnet Reflectors

Temporal Reductions Behavior based clustering Example: Visualization of HTTP Connections 1. [header] 2. NAMESPACE = NET.ATTACKS 3. NAME = DNSKAMINSKY 4. QUALIFIER = {eventtype='PACKET_DNS'} 5. IMPORT = NET.APP_PROTO.DNSREQRES 6. [states] 8. AtoV_query = DNSREQRES.dns_req() 10. VtoR_query= DNSREQRES.dns_req(sipaddr=$AtoV_query.dipad dr, dnsquesname=$AtoV_query.dnsquesname) 12.RtoV_resp = DNSREQRES.dns_res($ dnsauth=fakens.fake.com) 14.AtoV_resp = DNSREQRES.dns_res($VtoR_query, dnsauth=realns.eby.com) [limit=*] 16.AtoV_noresp = DNSREQRES.dns_res($VtoR_query, dnsid != $VtoR_query.dnsid) [limit=*] 8.[behavior] 19.initial_query = (AtoV_query ~> VtoR_query) 20.b_1 = initial_query~>RtoV_resp ~> (AtoV_resp | AtoV_noresp) 21.b_2 = initial_query ~> AtoV_noresp ~> RtoV_resp 22.b_3 = initial_query ~> AtoV_resp ~> RtoV_resp Advertisement Images Text 1. [header] 2. NAMESPACE = NET.ATTACKS 3. NAME = DNSKAMINSKY 4. QUALIFIER = {eventtype='PACKET_DNS'} 5. IMPORT = NET.APP_PROTO.DNSREQRES 6. [states] 8. AtoV_query = DNSREQRES.dns_req() 10. VtoR_query= DNSREQRES.dns_req(sipaddr=$AtoV_query.dipaddr, dnsquesname=$AtoV_query.dnsquesname) 12.RtoV_resp = DNSREQRES.dns_res($ dnsauth=fakens.fake.com) 14.AtoV_resp = DNSREQRES.dns_res($VtoR_query, dnsauth=realns.eby.com) [limit=*] 16.AtoV_noresp = DNSREQRES.dns_res($VtoR_query, dnsid != $VtoR_query.dnsid) [limit=*] 8.[behavior] 19.initial_query = (AtoV_query ~> VtoR_query) 20.b_1 = initial_query~>RtoV_resp ~> (AtoV_resp | AtoV_noresp) 21.b_2 = initial_query ~> AtoV_noresp ~> RtoV_resp 22.b_3 = initial_query ~> AtoV_resp ~> RtoV_resp 1. [header] 2. NAMESPACE = NET.ATTACKS 3. NAME = DNSKAMINSKY 4. QUALIFIER = {eventtype='PACKET_DNS'} 5. IMPORT = NET.APP_PROTO.DNSREQRES 6. [states] 8. AtoV_query = DNSREQRES.dns_req() 10. VtoR_query= DNSREQRES.dns_req(sipaddr=$AtoV_que ry.dipaddr, dnsquesname=$AtoV_query.dnsquesnam e) 12.RtoV_resp = DNSREQRES.dns_res($ dnsauth=fakens.fake.com) 14.AtoV_resp = DNSREQRES.dns_res($VtoR_query, dnsauth=realns.eby.com) [limit=*] 16.AtoV_noresp = DNSREQRES.dns_res($VtoR_query, dnsid != $VtoR_query.dnsid) [limit=*] 8.[behavior] 19.initial_query = (AtoV_query ~> VtoR_query) 20.b_1 = initial_query~>RtoV_resp ~> (AtoV_resp | AtoV_noresp) 21.b_2 = initial_query ~> AtoV_noresp ~> RtoV_resp 22.b_3 = initial_query ~> AtoV_resp ~> RtoV_resp 20.b_1 = initial_query~>RtoV_resp ~> (AtoV_resp | Maaria’s Homepage Resolution Low: webpage High: packets Medium: objects

Challenges Spatio-temporal reductions – Simultaneous exploration of spatial and temporal behaviors Algorithms for clustering – Knowledge representation and data mining techniques Performance and Scale – Multi-type, multivariate, time-ordered data

Future Work Developing a prototype for network data set exploration and demonstration – Interactive and iterative Enrich the kw-base to include a large range of frequently seen patterns Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.