behavior aware network segmentation using ip flows
play

Behavior-Aware Network Segmentation using IP Flows The 14th - PowerPoint PPT Presentation

Sep 22, 2023 •517 likes •762 views

Behavior-Aware Network Segmentation using IP Flows The 14th International Conference on Availability, Reliability and Security August 26 August 29, 2019 University of Kent, Canterbury, UK Juraj Smeriga , Tomas Jirsik Institute of Computer

  1. Behavior-Aware Network Segmentation using IP Flows The 14th International Conference on Availability, Reliability and Security August 26 – August 29, 2019 University of Kent, Canterbury, UK Juraj Smeriga , Tomas Jirsik Institute of Computer Science, Masaryk University, Czech Republic

  2. Network Segmentation What is it good for? Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks , each being a network segment . ARES 2019: Behavior-Aware Network Segmentation using IP Flows 2 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  3. Network IP Flow Monitoring IP flows tell the stories Connection-oriented network traffic observation § Aggregates packets by flow keys § Optimized for high speed, large-scale networks § Who is communicating with whom , how long , on which port/protocol § Application protocols monitoring – HTTP, DNS ARES 2019: Behavior-Aware Network Segmentation using IP Flows 3 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  4. ? What is the Problem? Problems, problems everywhere § Complexity of networks – multilayered network, dynamics § Lack of information – limited/no access to all hosts in a network § Connection-oriented IP Flows – host-oriented view is required § Large volume of data – impossible to process manually What are the segments? How to assign hosts to the segments? ARES 2019: Behavior-Aware Network Segmentation using IP Flows 4 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  5. What is the Problem? Problems, problems everywhere � Machine learning solves it all ARES 2019: Behavior-Aware Network Segmentation using IP Flows 5 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  6. What is the Problem? Problems, problems everywhere � Machine learning solves it all Really? ARES 2019: Behavior-Aware Network Segmentation using IP Flows 6 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  7. Hypotheses Choosing the right question. Explore the possibilities of utilizing machine learning on IP flows to create behavior- consistent network segments. � � Network can be divided into behavior- It is possible to assign an unknown consistent segments using machine host to an existing segment based on learning. its behavior. ARES 2019: Behavior-Aware Network Segmentation using IP Flows 7 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  8. � � � � � � Methodology It’s about the journey, not the destination � � � � � � ARES 2019: Behavior-Aware Network Segmentation using IP Flows 8 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  9. Dataset � ARES 2019: Behavior-Aware Network Segmentation using IP Flows 9 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  10. � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � Data collection From connections to host profiles Features § 1 month of data from /16 campus network § Aggregations – flow duration, number of packets, bytes, flows § Distinct counts – peers, ports, protocols, AS numbers, country over days by hour by src IP none ARES 2019: Behavior-Aware Network Segmentation using IP Flows 10 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  11. � Data collection From connections to host profiles ARES 2019: Behavior-Aware Network Segmentation using IP Flows 11 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  12. � Dataset No more ”garbage in, garbage out” Labelling Origin – list of existing administrative units (network ranges) § Labels – range, administrative unit, and administrative subunit § Preprocessing Missing Values – missing labels (9.18%), all missing values (42.74%), other replaced by 0, § remains 31 501 hosts Outliers – 0.95 quantile § Standardization – zero mean and unit variance § Dataset balancing – undersampling of the major unit by 75% § Release Anonymization – IP addresses and ranges anonymized by CryptoPan § Publishing platform – zenodo.org with feature description § ARES 2019: Behavior-Aware Network Segmentation using IP Flows 12 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  13. Network Segment Discovery � ARES 2019: Behavior-Aware Network Segmentation using IP Flows 13 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  14. � Algorithms Clustering – identifying groups in unknown What class of algorithm? § Problem – divide hosts into a previously unknown groups of similar hosts § Unsupervised ML - Clustering Algorithms - the task of grouping a set of objects in such a way that objects in the same are more similar to each other than to those in other groups Selected Clustering Algorithms § K-Means � simple , fast , scales to large datasets predefined number of clusters , initial centroids matters , curse of dimensionality � § Density-based spatial clustering of applications with noise ( DBSCAN ) � no need for predefined number of clusters , non-convex cluster identification non-determinism , heavy dependence on selected distance measure � § Time-series modification LB Keogh Dynamic time warping instead Euclidean distance § ARES 2019: Behavior-Aware Network Segmentation using IP Flows 14 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  15. � Training Practice makes perfect K-Means § Number of clusters – 22 equal to number of administrative units § Initial centroids – random selection § Max iterations – 300 DBSCAN § Elbow identification – minPts = 44, ε = 160 § Grid search – minPts = 40, ε = 5 Evaluation § Silhouette coefficient – no labels, <-1 (bad) , 1 (good) >, § Adjusted Rand index – labels, around 0 (bad) , 1 (good) ARES 2019: Behavior-Aware Network Segmentation using IP Flows 15 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  16. � Results Are there behavior-consistent segments? Number of clusters § DBSCAN optimum 7 clusters Initial Results Advanced Analysis Takeaway A less behavior-similar segments than the § administrative ones Segments are overlapping § DBSCAN is slightly better for clustering behaviors § on network ARES 2019: Behavior-Aware Network Segmentation using IP Flows 16 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  17. Network Segment Assignment � ARES 2019: Behavior-Aware Network Segmentation using IP Flows 17 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  18. � Algorithms Classification – assigning to a category What class of algorithm? § Problem – assign a new host into an existing segment § Supervised ML - Classification Algorithms – based on the data creates model and predict the class of given data points Selected Classification Algorithms § K-nearest neighbors § Decision Trees � simple , only one parameter � easy to understand , requires little data preparation non-robust , overfitting homogenous features , curse of dimensionality � � § Support Vector Machines kernel choice , avoids overfitting � plenty of parameters to set � ARES 2019: Behavior-Aware Network Segmentation using IP Flows 18 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  19. � Training Practice makes perfect K-nearest neighbors 0.50 k value setting – elbow analysis § 0.49 0.48 Error Rate SVM 0.47 Kernel – polynomial § 0.46 Penalty parameter, kernel coef. – grid search § 0.45 Penalty parameter – 0.01 § Kernel coef. – 1 § 0.44 Uniform weights, no iteration limit § 2.5 5.0 7.5 10.0 12.5 15.0 17.5 20.0 K values Evaluation Decision Trees Split – Gini impurity § Train : test ratio – 80:20, random selection § Max features considered – 22 Metrics – precision, recall, F-Score § § No depth limit § ARES 2019: Behavior-Aware Network Segmentation using IP Flows 19 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  20. � Results Is it possible to assign a host? Initial Results Advanced Analysis Takeaway § Noise is introduced by small fuzzy administrative segments § Hosts with similar behaviors are present in more administrative segments § DT and SVM performs better than KNN § No time causality required for classification ARES 2019: Behavior-Aware Network Segmentation using IP Flows 20 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

  21. Conclusions Take away messages � � We can divide network to behavior-consistent segments using ML § A less behavior-similar segments than the administrative ones § Segments are overlapping � § DBSCAN is slightly better for clustering behaviors on network � It is possible to assign an unknown host to an existing segment based on its behavior. § Noise is introduced by small fuzzy administrative segments § Hosts with similar behaviors are present in more administrative segments § No time causalit y required for classification § DT and SVM performs better than KNN ARES 2019: Behavior-Aware Network Segmentation using IP Flows 21 Juraj Smeriga, Tomas Jirsik , Masaryk University, Brno

Recommend

Network Coding-Aware Queue Network Coding Aware Queue Management for Unicast Flows over Coded

Network Coding-Aware Queue Network Coding Aware Queue Management for Unicast Flows over Coded

Network Coding-Aware Queue Network Coding Aware Queue Management for Unicast Flows over Coded Wireless Networks Coded Wireless Networks Hlya Sefero lu, Athina Markopoulou University of California Irvine University of California, Irvine

287 views • 24 slides
Budget-aware Semi-Supervised Semantic and Instance Segmentation Miriam Bellver, Amaia Salvador,

Budget-aware Semi-Supervised Semantic and Instance Segmentation Miriam Bellver, Amaia Salvador,

Budget-aware Semi-Supervised Semantic and Instance Segmentation Miriam Bellver, Amaia Salvador, Jordi Torres, Xavier Giro-i-Nieto Women In Computer Vision - CVPR 2019 Motivation Semantic segmentation Instance segmentation Pixel-level

282 views • 15 slides
v v 1 3 20 liquids through pipe 16 Vancouver parts through an assembly line s t 10

v v 1 3 20 liquids through pipe 16 Vancouver parts through an assembly line s t 10

4.2 Network Flows A directed graph can model a flow network where some material (e.g., widgets, current, . . . ) is produced or enters the network at Mat 3770 a source and is consumed at a sink . Network Flows Production and consumption

465 views • 11 slides
NETWORK FLOWS NETWORK FLOWS A network consists of a loopless digraph D = ( V , A ) plus a function

NETWORK FLOWS NETWORK FLOWS A network consists of a loopless digraph D = ( V , A ) plus a function

NETWORK FLOWS NETWORK FLOWS A network consists of a loopless digraph D = ( V , A ) plus a function c : A R + . Here c ( x , y ) for ( x , y ) A is the capacity of the edge ( x , y ) . We use the following notation: if : A R and S , T

566 views • 17 slides
Network Flows Marco Chiarandini Department of Mathematics &amp; Computer Science University of

Network Flows Marco Chiarandini Department of Mathematics &amp; Computer Science University of

DM545 Linear and Integer Programming Lecture 12 Network Flows Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Network Flows Outline Duality 1. (Minimum Cost) Network Flows 2. Duality in

625 views • 35 slides
Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson

Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson

Mat 3770 Network Flows Network Flow Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson Residual Spring 2014 Network Augmenting Path Max-flow Min-cut Matching 4.2 Network Flows Mat 3770 Network

896 views • 61 slides
Using BGP Flow-Spec for distributed micro-segmentation Davide Pucci / 12019364 Attilla de Groot /

Using BGP Flow-Spec for distributed micro-segmentation Davide Pucci / 12019364 Attilla de Groot /

Using BGP Flow-Spec for distributed micro-segmentation Davide Pucci / 12019364 Attilla de Groot / Cumulus Networks Data Center micro-segmentation Layer 2 segmentation Layer 3 segmentation VLANs to isolate multiple flows VRFs to separate

461 views • 16 slides
Network Flows Math 482, Lecture 23 Misha Lavrov March 30, 2020 Network Flows Upper bounds on

Network Flows Math 482, Lecture 23 Misha Lavrov March 30, 2020 Network Flows Upper bounds on

Network Flows Upper bounds on flow Network Flows Math 482, Lecture 23 Misha Lavrov March 30, 2020 Network Flows Upper bounds on flow Definition of a network 1 4 2 1 s t 3 2 1 2 3 2 3 2 A set N of nodes . Here, N = { s , 1 , 2 ,

749 views • 34 slides
Semantic segmentation Image classification Object detection Semantic segmentation Evolution

Semantic segmentation Image classification Object detection Semantic segmentation Evolution

Accel : A Corrective Fusion Network for Efficient Semantic Segmentation on Video Samvit Jain , Xin Wang , Joseph Gonzalez RISE Lab, UC Berkeley Semantic segmentation Image classification Object detection Semantic segmentation Evolution

857 views • 13 slides
CHAPTER CONTENTS What is Marketing The Marketing Mix Market Segmentation &amp;

CHAPTER CONTENTS What is Marketing The Marketing Mix Market Segmentation &amp;

CHAPTER CONTENTS What is Marketing The Marketing Mix Market Segmentation &amp; Targeting Understanding Consumer Behavior Corporate Buying Behavior Product New Product Development International Marketing Mix Small

844 views • 47 slides
Network Flows Marco Chiarandini Department of Mathematics &amp; Computer Science University of

Network Flows Marco Chiarandini Department of Mathematics &amp; Computer Science University of

DM545 Linear and Integer Programming Lecture 11 Network Flows Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Network Flows Duality Outline Assignment and Transportation 1. (Minimum Cost)

675 views • 39 slides
Pr Proposal Tr Tracking an and Se Segmentation (PTS) S): A A cascaded network for video obje

Pr Proposal Tr Tracking an and Se Segmentation (PTS) S): A A cascaded network for video obje

Pr Proposal Tr Tracking an and Se Segmentation (PTS) S): A A cascaded network for video obje ject segmentation Zilong Huang*, Qiang Zhou*, Lichao Huang, Han Shen, Yongchao Gong, Chang Huang, Wenyu Liu, Xinggang Wang speeding_zZteam

397 views • 17 slides
You Are How You Drive: Peer and Temporal-Aware Representation Learning for Driving Behavior

You Are How You Drive: Peer and Temporal-Aware Representation Learning for Driving Behavior

You Are How You Drive: Peer and Temporal-Aware Representation Learning for Driving Behavior Analysis Pengyang Wang, Yanjie Fu, Jiawei Zhang, Pengfei Wang, Yu Zheng, Charu Aggarwal Outline 1 Background and Motivation Definition and

1.09k views • 38 slides
VIDEO SIGNALS Segmentation WHAT IS SEGMENTATION WHAT IS SEGMENTATION Segmentation is a

VIDEO SIGNALS Segmentation WHAT IS SEGMENTATION WHAT IS SEGMENTATION Segmentation is a

VIDEO SIGNALS Segmentation WHAT IS SEGMENTATION WHAT IS SEGMENTATION Segmentation is a fundamental low level operation on Segmentation is a fundamental low-level operation on images. If an image is already partitioned into segments

639 views • 51 slides
Well Solved Problems Network Flows Marco Chiarandini Department of Mathematics &amp; Computer

Well Solved Problems Network Flows Marco Chiarandini Department of Mathematics &amp; Computer

DM545 Linear and Integer Programming Lecture 10 Well Solved Problems Network Flows Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Well Solved Problems Outline Network Flows 1. Well Solved

278 views • 23 slides
An Overview of Semantic Image Segmentation with Deep Learning Simone Bonechi Outline

An Overview of Semantic Image Segmentation with Deep Learning Simone Bonechi Outline

An Overview of Semantic Image Segmentation with Deep Learning Simone Bonechi Outline Semantic Image Segmentation Deep Network for Semantic Segmentation FCN (Fully Convolutional Neural Network) DeconvNet PSPNet (Pyramid Scene

746 views • 22 slides
Segmentation Bottom-up Segmentation Semantic / instance segmentation Many Slides from L.

Segmentation Bottom-up Segmentation Semantic / instance segmentation Many Slides from L.

Segmentation Bottom-up Segmentation Semantic / instance segmentation Many Slides from L. Lazebnik. Outline Bottom-up segmentation Superpixel segmentation Semantic segmentation Metrics Architectures

1.28k views • 49 slides
Network-aware Service Placement in Community Network Clouds Mennan Selimi mselimi@ac.upc.edu

Network-aware Service Placement in Community Network Clouds Mennan Selimi mselimi@ac.upc.edu

Network-aware Service Placement in Community Network Clouds Mennan Selimi mselimi@ac.upc.edu Advisors: Prof. Felix Freitag (UPC), Prof. Luis Vega (IST/INESC-ID) EMJD-DC Summer Event 2 nd of June, 2016 Activity Network - started in 2004 -

576 views • 23 slides
Cutting-Plane Training of Non-associative Markov Network for 3D Point Cloud Segmentation Roman

Cutting-Plane Training of Non-associative Markov Network for 3D Point Cloud Segmentation Roman

Cutting-Plane Training of Non-associative Markov Network for 3D Point Cloud Segmentation Roman Shapovalov, Alexander Velizhev Lomonosov Moscow State University Hangzhou, May 18, 2011 Semantic segmentation of point clouds LIDAR point cloud

252 views • 13 slides
Learning Deconvolution Network for Semantic Segmentation Hyeonwoo Noh, Seunghoon Hong, Bohyung

Learning Deconvolution Network for Semantic Segmentation Hyeonwoo Noh, Seunghoon Hong, Bohyung

Learning Deconvolution Network for Semantic Segmentation Hyeonwoo Noh, Seunghoon Hong, Bohyung Han Mehmet Gnel What is this paper about? A novel semantic segmentation algorithm Convolution &amp; Deconvolution layers Fully

1.03k views • 37 slides
Demand Aware Network ( DAN ) Design Some Results and Open Questions Chen Avin Joint work with

Demand Aware Network ( DAN ) Design Some Results and Open Questions Chen Avin Joint work with

Demand Aware Network ( DAN ) Design Some Results and Open Questions Chen Avin Joint work with Stefan Schmid, Kaushik Mondal, Alexandr Hercules, Andreas Loukas Motivation Demand Aware Network Design? self-adjust the networks

249 views • 20 slides
Towards Personalized Review Summarization via User-Aware Sequence Network ADVISOR: JIA-LING, KOH

Towards Personalized Review Summarization via User-Aware Sequence Network ADVISOR: JIA-LING, KOH

Towards Personalized Review Summarization via User-Aware Sequence Network ADVISOR: JIA-LING, KOH SOURCE: AAAI-19 SPEAKER: WEI, LAI DATE: 2020/5/25 OUTLINE 01 03 INTRODUCTION EXPERIMENTS 02 04 METHOD CONCLUSION 2 4 User-aware

822 views • 30 slides
Segmentation Segmentation Segmentation Define the accurate boundaries of all objects in an image

Segmentation Segmentation Segmentation Define the accurate boundaries of all objects in an image

Day 4 Lecture 2 Segmentation Segmentation Segmentation Define the accurate boundaries of all objects in an image Segmentation: Datasets Pascal Visual Object Classes Microsoft COCO 20 Classes 80 Classes ~ 5.000 images ~ 300.000 images

995 views • 26 slides
Socket (Session) Aware Socket (Session) Aware Change of IP - SACIP Change of IP - SACIP network

Socket (Session) Aware Socket (Session) Aware Change of IP - SACIP Change of IP - SACIP network

Socket (Session) Aware Socket (Session) Aware Change of IP - SACIP Change of IP - SACIP network functionality network functionality Samo Poganik Key notes about SACIP Key notes about SACIP On-the-fly changes of network access point of

660 views • 30 slides

More recommend