Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Data Collection Infrastructure to Detect Security Anomalies

Published byBrianna Harrell Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Data Collection Infrastructure to Detect Security Anomalies"— Presentation transcript:

1 Network Data Collection Infrastructure to Detect Security Anomalies
Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Overview Goals Determine the performance impact of deploying sFlow/NetFlow data collection in MOC Set up a local staging environment to measure performance impact of network traffic collection Deploy sFlow data collection on Brocade fabric in Engage1 environment Use machine learning algorithms to detect security anomalies and improve cloud security Overview Staging Environment MongoDB Schema Engage1 Environment Analytics

2 Network Data Collection Infrastructure to Detect Security Anomalies
Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Staging Environment Experiment Goal Determine performance impact of deploying sFlow data collection in MOC Metrics Latency - delay between when a request is issued and when is completed Throughput - number bytes per unit time transferred Control Issue requests from traffic generator to Apache HTTP server Record latency and throughput values Repeat steps 1 and 2 for 10 times Increment number of requests and repeat until maximum is reached Test Set sampling rate and polling interval on Brocade VDX switch Run control experiment and repeat for different parameters Determine optimal configuration of switch parameters Overview Staging Environment MongoDB Schema Engage1 Environment Analytics

3 Network Data Collection Infrastructure to Detect Security Anomalies
Gen Ohta and Alina Oprea, Northeastern University, Boston, USA MongoDB Schema Overview Staging Environment Persistent storage Internal and external flows Persist data in NoSQL database Common fields for sFlow/NetFlow Can index on multiple fields MongoDB Schema Engage1 Environment Analytics

4 Network Data Collection Infrastructure to Detect Security Anomalies
Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Engage1 Environment Overview Staging Environment Data Collection Deploy data collection on all switches in Brocade fabric in Engage 1 HPC cluster Deploy Brocade flow collector on multiple servers Create MongoDB cluster to store sFlow data MongoDB Schema Engage1 Environment Analytics

5 Network Data Collection Infrastructure to Detect Security Anomalies
Gen Ohta and Alina Oprea, Northeastern University, Boston, USA Analytics for security applications Use cases Detect suspicious communication with external IP addresses Detect data exfiltration attempts Prevent DDoS attacks Prevent cloud abuse malware infection, application exploits, illegal use of cloud resources Techniques Graph modeling of internal and external communication patterns Correlate with performance metrics collected by monitoring team CPU, I/O, memory, power Machine learning algorithms: clustering, graph propagation, outlier detection, time-series anomaly detection Overview Staging Environment MongoDB Schema Engage1 Environment Analytics

Download ppt "Network Data Collection Infrastructure to Detect Security Anomalies"

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Design and Implementation of SIP-aware DDoS Attack Detection System.

Design and Implementation of SIP-aware DDoS Attack Detection System.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu, Roberto Perdisci, Junjie Zhang, and.
K E Y : SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Application Provider Visualization Access Analytics Curation Collection.

K E Y : SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Application Provider Visualization Access Analytics Curation Collection.
Module 10: Monitoring ISA Server 2004. Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.

workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.
CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.

CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
K E Y : SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Transformation Provider Visualization Access Analytics Curation Collection.

K E Y : SW Service Use Big Data Information Flow SW Tools and Algorithms Transfer Transformation Provider Visualization Access Analytics Curation Collection.
PART3 Data collection methodology and NM paradigms 1.

PART3 Data collection methodology and NM paradigms 1.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

Similar presentations

Ads by Google