network traffic analysis cluster analysis
play

Network Traffic Analysis & Cluster Analysis Exploring Hadoop - PowerPoint PPT Presentation

Feb 29, 2024 •444 likes •644 views

Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools Background and Goals: Apache Spot was started recently DNS, Netflow, PCAP data is analyzed The goal is to identify: suspicous

  1. Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools

  2. Background and Goals: • Apache Spot was started recently • DNS, Netflow, PCAP data is analyzed • The goal is to identify: ”suspicous connections” or: “dangerous activity”. • What is suspicious? • Apache Spot uses a topic-model approach, to classify traffic.

  3. Used Raw Data:

  4. Our Goals (midterm): • Use local context information instead of single package data only. (A) Temporal communication networks (B) Vectorization of measured properties from multiple sources • Consider additional communication layers: • Syslog • Webserver logs • Cloudera Manager events • Cloudera Navigator events

  5. About Event Processing: • Kafka gives an order only within a partition • Post-processing in Spark • HBase sorts rows by key • Table design is now strictly time related, which is not a very universal approach. • Kudu uses Primary Keys Each Kudu table must declare a primary key comprised of one or more columns. Primary key columns must be non-nullable , and may not be a boolean or floating-point type. Every row in a table must have a unique set of values for its primary key columns. As with a traditional RDBMS, primary key selection is critical to ensuring performant database operations. • But: Events have timestamps which are not really unique !!!

  6. Our Activities • Implement a data pipeline: • Kafka => Spark => HDFS => Notebook • Kafka => Spark => Kudu • Kudu => Spark => HDFS => (Notebook) • Create reference data sets • Scenario A: Terrasort (Big-Batch-Workload) • Scenario B: HDFS PUT,GET; HUE (Interactive Workload) • Scenario C: Idle cluster (Vacation time) • Scenario D: Kafka => Spark => Kudu (Realistic production Workload) • Scenario E: Twitter => Spark => Kudu (Realistic production Workload)

  7. Results • Scenario A: Batch workload • Scenario D: External data acquisition • Scenario E: Idle cluster

  8. Scenario A: TERRAGEN TERRASORT

  9. Scenario D: IDLE CLUSTER (some unknown activity in the background)

  10. First Iteration: • We organized our work in 3 phases: • Data and domain inspection + solution proposals • Environment setup • Tool centric: Jupyter, Eclipse, IntlliJ, CloudCat cluster, Git repository • Data centric:, Data collector tool, Demo data generation, Data formats • Data capturing and data generation • Analyzing the data in a well defined environment • Results are available in Git repos: • http://github.mtv.cloudera.com/kamir/Snaffer • https://github.com/mbalassi/packet-inspector • Increase functionality and knowledge by doing small iterations • Share code and knowledge

  11. How it works … • We collect raw data in Avro format, using the Snaffer script. • We transform the events to networks, using Hive. • We analyze and visualize the networks using Gephi.

  13. Outlook

  14. Entropy of Temporal Network • Time evolution of the network properties • Topology • Topological node properties

  15. Milestone One: • Follow a common DSP model (data science process model) • Use CDH default tools and gain experience • Work with Kafka (for input) and Hive tables (for input and output) • Implement a dataset profiling procedure, using Spark • Present results, using Jupiter notebook • Increase functionality and knowledge by doing small iterations • Share code and knowledge

  16. TODO (1) • Define data sources according to inspection methods • Define Avro schema and SOLR schema • Automatic dataset initalization / validation • DESCRIBE as WIKI and than instantiate via ANSIBLE

  17. TODO (2) • SNAProfiler • SQL for Network creation • Topology per time slice • Envelop: • Allows us to hook in the SNAProfiler component as a JAR.

  18. TODO (3) • Time Slice Preparation • KAFKA => Hbase • App—controledtime slice management: • (K,V) : (EXP_METRIC_TS, NETWORKDATA_as_edgelist) • Opposite to TIMESERIES presentation

  19. References • https://docs.google.com/document/d/12SHvTGJWtewk8CpUClOy22 mh7cUow18F_Jg2ZNNE3h8/edit#heading=h.r4wlzr2ctack • https://docs.google.com/document/d/1sD0_T2fQ7J5k7Ttx1vmAkYk MljMySgKFimm4hNVXxgA/edit# • http://research.ijcaonline.org/volume74/number17/pxc3890233.pdf • https://www.cs.princeton.edu/~blei/papers/BleiNgJordan2003.pdf

Recommend

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis

Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis

Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis procedure. Understanding the methods used to determine the optimal number of clusters. Managing data for the sake of conducting cluster analysis.

1.1k views • 80 slides
Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of

Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of

Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of Graph Cluster Analysis Algorithms for Graph Clustering k-Spanning Tree Shared Nearest Neighbor Betweenness Centrality Based Highly

836 views • 48 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets Network Traffic Measurement and Analysis Conference (TMA 2018) June 28, 2018 Milan Cermak et al. Institute of Computer Science, Masaryk University, Brno

575 views • 25 slides
Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki,

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki,

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki, Mark Crovella, Christophe Diot, and Nina Taft Traditional Network What ISPs Care Traffic Analysis About Focus on Focus on Long,

1.09k views • 46 slides
ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@ rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF

641 views • 46 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

IN INTRODUCTION TO TRAFFIC ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC ANALYSIS 1. Except for user terminals, the telephone network is composed of a variety of common 45 Trunks equipment

385 views • 17 slides
What is Cluster Analysis? Dmitriy (Dima) Gorenshteyn Sr. Data Scientist, Memorial Sloan

What is Cluster Analysis? Dmitriy (Dima) Gorenshteyn Sr. Data Scientist, Memorial Sloan

DataCamp Cluster Analysis in R CLUSTER ANALYSIS IN R What is Cluster Analysis? Dmitriy (Dima) Gorenshteyn Sr. Data Scientist, Memorial Sloan Kettering Cancer Center DataCamp Cluster Analysis in R What is Clustering? DataCamp Cluster

2.23k views • 54 slides
CLUSTER ANALYSIS Agenda Introduction to cluster analysis and application Feature

CLUSTER ANALYSIS Agenda Introduction to cluster analysis and application Feature

CLUSTER ANALYSIS Agenda Introduction to cluster analysis and application Feature Selection for Clustering Clustering Algorithm DBScan Cluster Validation Introduction Clustering is the partitioning of large

593 views • 21 slides
Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic analysis for Bitcoin and derived Transaction clustering using network traffic blockchains analysis for Bitcoin and derived blockchains Biryukov, Tikhomirov Introduction Network privacy Alex

491 views • 30 slides
Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network Security at Prague Embedded Systems Workshop (PESW 2019) June 28, 2019 Milan Cermak Institute of Computer Science, Masaryk University, Brno 2 3

441 views • 20 slides
FloCon 2018 Tucson AZ Analysis of DNS Traffic on the Network EDGE, and In Motion. Fred Stringer

FloCon 2018 Tucson AZ Analysis of DNS Traffic on the Network EDGE, and In Motion. Fred Stringer

x January 2018 FloCon 2018 Tucson AZ Analysis of DNS Traffic on the Network EDGE, and In Motion. Fred Stringer 1 Key M Messages es Distributed Analysis (at the collection points) enables scale, flexibility and timely indicators.

364 views • 11 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Week 5 Video 6 Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network Analysis (ENA) (Shaffer, 2017) Studying relationships between elements in coded data Lots of applications Conference founded

536 views • 30 slides
Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher Previously: Threat Analyst at NASA Threat Analyst at Mandiant @joshpyorre rootaccesspodcast.com Behavioral Analysis VIDEO analyzing website visitors

1.45k views • 127 slides
1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop

AGENDA AGENDA 1. The role and significance of public transport and tram transport in urban areas 2. Goal and stages of the study 1 THE ANALYSIS OF TRAFFIC SAFETY THE ANALYSIS OF TRAFFIC SAFETY 3. Classification of stop stations at tram stops

169 views • 4 slides
Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The Free Haven Project http://freehaven.net/tor/ July 29, Black Hat 2004 Talk Outline Motivation: Why anonymous communication? Personal privacy

788 views • 57 slides
TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) , Daniele E. Asoni , Adrian Perrig (ETH Zrich) , David Barrera (Polytechnique Montreal) , George Danezis (UCL) , Carmela Troncoso (EPFL)

1.98k views • 131 slides
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu 1,2 , Roberto Perdisci 3 , Junjie Zhang 1 , and Wenke Lee 1 1 Georgia Tech 3 Damballa, Inc. 2 Texas A&M University 2008-7-31

549 views • 22 slides
Discrete Mathematical Approaches to Traffic Graph Analysis CLIFF JOSLYN WENDY COWLEY, EMILIE

Discrete Mathematical Approaches to Traffic Graph Analysis CLIFF JOSLYN WENDY COWLEY, EMILIE

Discrete Mathematical Approaches to Traffic Graph Analysis CLIFF JOSLYN WENDY COWLEY, EMILIE HOGAN, BRYAN OLSEN FLOCON 2015 JANUARY 2015 Outline The challenge for analytics on cyber network data Multi-scale network analysis approaches

531 views • 41 slides
Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map

Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map

Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map of websites sexual relations Actor and Network analysis, WHY? Most problems cannot be solved by a single actor; Quality of analysis and

356 views • 12 slides
A Traffic Analysis of a Small Private Network Compromised by an On-line Gaming Host Ron McLeod,

A Traffic Analysis of a Small Private Network Compromised by an On-line Gaming Host Ron McLeod,

A Traffic Analysis of a Small Private Network Compromised by an On-line Gaming Host Ron McLeod, BCSc, MCSc. Director - Corporate Development Telecom Applications Research Alliance Doctoral Student, Faculty of Computer Science, Dalhousie

486 views • 45 slides

More recommend