Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mircea Iordache, Simon Jouet, Angelos K. Marnerides, Dimitrios P

Published byBlaise Henry Modified over 6 years ago

Similar presentations

Presentation on theme: "Mircea Iordache, Simon Jouet, Angelos K. Marnerides, Dimitrios P"— Presentation transcript:

1 Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks
Mircea Iordache, Simon Jouet, Angelos K. Marnerides, Dimitrios P. Pezaros School of Computing Science NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

2 Background & Motivation
Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks Background & Motivation Core Agg Edge Rack ADS Approach Edge Rack Notify Agg ADS Results Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

3 Network Anomaly Detection Systems (ADS)
Network ADS are integral part of modern DC Ensure high-availability, many-9s SLAs, security Detect (and prevent) network anomalies Malicious: (D)DoS, Malware, Firewall, Exploits… Erroneous: Misconfiguration (network loops), faulty NIC… Two common approaches: Signature-based: detect patterns in packet content or features. (SNORT, SURICATA) Statistics-based: detect deviations from normal network behaviour (Prelude IDS, ACID) Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

4 Deployment Current approach New Philosophy
Fixed point detection (limited network knowledge) Little (if any) state sharing New Philosophy Move detection closer to Edge Switches and Rack Increase communication between multiple ADS ADS Core ADS ADS Agg Agg Edge Edge Edge Edge Edge Edge Edge Edge Rack Rack Rack Rack Rack Rack Rack Rack Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

5 Proposed Architecture
Move detection to Edge Propagate up to the Core for higher accuracy Source pinpointing for efficient mitigation Share partial knowledge via voting Modular components Focus on small tasks Run on Network Nodes (switches, routers) Flexible mapping to the Network Fabric Scale of deployment based on network demand Leverage SDN Inform Controller of any issues Let Controller handle mitigation strategy Core Agg Agg Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Edge ADS Rack Rack Rack Rack Rack Rack Rack Rack Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

6 Communication Model Core ADS Agg Agg Agg Edge Edge Edge Edge Edge Edge
Confirm Anomaly Notify Upstream Agg Agg Agg ADS Anomaly Detected Edge Edge Edge Edge Edge Edge Edge Edge ADS ADS ADS ADS ADS ADS ADS ADS ADS Rack Rack Rack Rack Rack Rack Rack Rack Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

7 Path Reconstruction Create a tree structure of involved ADS modules
Based on Notification tracing Can pinpoint source or convergence point Efficient mitigation, reduce congestion Can use controller for strategic decisions Most likely paths, source(s) Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

8 Detection Accuracy Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

9 Path Reconstruction Capabilities
Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

10 Bandwidth Saving From Pinpointing
Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

11 Questions? Mircea Iordache m.iordache-sica.1@research.gla.ac.uk
Distributed, Multi-Level Network Anomaly Detection for Datacentre Networks NGNI-IS02: Future Internet and Next-Generation Networking Architectures II IEEE ICC - 22/05/2017

Download ppt "Mircea Iordache, Simon Jouet, Angelos K. Marnerides, Dimitrios P"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Stable Load Control with Load Prediction in Multipath Packet Forwarding IlKyu Park, Youngseok Lee, and Yanghee Choi Proc. 15 th IEEE Int l conf. on Information.

Stable Load Control with Load Prediction in Multipath Packet Forwarding IlKyu Park, Youngseok Lee, and Yanghee Choi Proc. 15 th IEEE Int l conf. on Information.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
High Performance Router Architectures for Network- based Computing By Dr. Timothy Mark Pinkston University of South California Computer Engineering Division.

High Performance Router Architectures for Network- based Computing By Dr. Timothy Mark Pinkston University of South California Computer Engineering Division.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.

Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.
Router Architectures An overview of router architectures.

Router Architectures An overview of router architectures.
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.

INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
Management for IP-based Applications Mike Fisher BTexaCT Research

Management for IP-based Applications Mike Fisher BTexaCT Research
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

Similar presentations

Ads by Google