real time pattern detection in ip flow data using apache
play

Real-time Pattern Detection in IP Flow Data using Apache Spark - PowerPoint PPT Presentation

Dec 31, 2023 •291 likes •403 views

Real-time Pattern Detection in IP Flow Data using Apache Spark International Symposium on Integrated Network Management ( IM 2019) May 9, 2019 Milan Cermak, Martin Lastovicka, Tomas Jirsik Institute of Computer Science, Masaryk University, Brno

  1. Real-time Pattern Detection in IP Flow Data using Apache Spark International Symposium on Integrated Network Management ( IM 2019) May 9, 2019 Milan Cermak, Martin Lastovicka, Tomas Jirsik Institute of Computer Science, Masaryk University, Brno

  2. Attack Detection in Network Flow Records challenges that everyone has to deal with � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ? � � � ? � IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 2 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  3. Attack Detection in Network Flow Records challenges that everyone has to deal with II. � � � � � � � IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 3 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  4. Stream4Flow: Real Time Analysis distributed data stream processing framework IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 4 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  5. PatternFinder taking advantage of similarity search �� � � distance_function: biflow_quadratic_form � patterns: - name: anomaly request: [23, 8983, 9098] response: [24, 1125, 9101] � � � � distribution: anomaly: intervals: [0, 3, 5, 6, 7, 11] weights: [3, 2, 1, 1, 2, 3] IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 5 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  6. Pattern Definition discovery of general attack patterns Dataset § Only network traffic of interest § Include attack variations § Creation � § Real-world dataset � § Artificial dataset Pattern § Easy to determine from dataset § Statistical aggregations of attack characteristics IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 6 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  7. SSH Authentication Attack Use-case from theory to real-world IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 7 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  8. Pattern Definition Hydra, Medusa, or Ncrack? Dataset Creation § Virtual environment – attacker and server § 3 tools, 5 different settings Derived Patterns – median aggregation IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 8 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  9. Evaluation comparison with others Measurement § one week period § 478.98 M Flows, 5.54k Flows/second, 9.9k Flows/second in peak § 21.91 TB data processed Comparison § Commercial solution Flowmon Anomaly Detection System § More than 30 login attempts in 5 min is an attack § ADS 264 events from 75 IPs vs PatternFinder 78 events from 42 IPs § ADS overlapping events § Accuracy 39%, precision 82%, recall 43% IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 9 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  10. Further Results additional findings worth mentioning IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 10 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  11. Thank you for your attention https://stream4flow.ics.muni.cz/ Milan Cermak et al. @csirtmu cermak@ics.muni.cz

Recommend

Considerations for Scan Detection Using Flow Data. 1 Ov Over erview iew Scans and scan

Considerations for Scan Detection Using Flow Data. 1 Ov Over erview iew Scans and scan

Considerations for Scan Detection Using Flow Data. 1 Ov Over erview iew Scans and scan detection goals and objectives A review of Threshold Random Walk Real time vs. Flow based approaches Bi-flows and Oracles Extensions

522 views • 18 slides
Apache Apex: Next Gen Big Data Analytics Thomas Weise <thw@apache.org> @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise <thw@apache.org> @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise <thw@apache.org> @thweise PMC Chair Apache Apex, Architect DataTorrent Apache Big Data Europe, Sevilla, Nov 14 th 2016 Stream Data Processing Real-time Data Delivery Transform /

632 views • 35 slides
Apache Kafka Real-Time Data Pipelines http://kafka.apache.org/ Joe Stein Developer,

Apache Kafka Real-Time Data Pipelines http://kafka.apache.org/ Joe Stein Developer,

Apache Kafka Real-Time Data Pipelines http://kafka.apache.org/ Joe Stein Developer, Architect & Technologist Founder & Principal Consultant => Big Data Open Source Security LLC - http://stealth.ly Big Data Open Source

637 views • 40 slides
A (Probably not) Project Proposal: Spark Streaming vs Apache Storm for Real-time Event Detection

A (Probably not) Project Proposal: Spark Streaming vs Apache Storm for Real-time Event Detection

A (Probably not) Project Proposal: Spark Streaming vs Apache Storm for Real-time Event Detection Niall Egan November 2019 Streaming Dataflow Dataflow systems weve seen so far (e.g. MapReduce, Spark) are batch-processing systems

280 views • 7 slides
Data at the Speed of your Users Apache Cassandra and Spark for simple, distributed, near real-time

Data at the Speed of your Users Apache Cassandra and Spark for simple, distributed, near real-time

Data at the Speed of your Users Apache Cassandra and Spark for simple, distributed, near real-time stream processing. GOTO Copenhagen 2014 Rustam Aliyev Solution Architect at . @rstml Big Data? Photo:

675 views • 49 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise @atrato_io October 30, 2017, Dagstuhl Seminar Stream Processing with Apache Apex Real-time visualization, Transform / Analytics Data Sources Data

398 views • 22 slides
Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is Apache Flink? Distributed Data Flow Processing System Focused on large-scale data analytics Real-time stream and batch processing Easy and

667 views • 39 slides
How-to for real-time streaming and analytics at scale with Apache Kafka and Apache Ignite Viktor

How-to for real-time streaming and analytics at scale with Apache Kafka and Apache Ignite Viktor

How-to for real-time streaming and analytics at scale with Apache Kafka and Apache Ignite Viktor Gamov, Confluent, @gamussa Denis Magda, GridGain, @denismagda Digital Transformations Challenges Application Layer 10-100x more queries and

347 views • 18 slides
Modeling and Analysis of Data Flow Graphs using the Digraph Real-Time Task Model Morteza

Modeling and Analysis of Data Flow Graphs using the Digraph Real-Time Task Model Morteza

Modeling and Analysis of Data Flow Graphs using the Digraph Real-Time Task Model Morteza Mohaqeqi, Jakaria Abdullah, and Wang Yi Uppsala University Ada-Europe 2016 Overview Introduction Data Flow Graphs: [ 1 , 3 ] [ 2 ] Signal processing a

508 views • 46 slides
Predicting Share Prices in Real-Time with Apache Spark and Apache Ignite MANUEL MOURATO Summary

Predicting Share Prices in Real-Time with Apache Spark and Apache Ignite MANUEL MOURATO Summary

Predicting Share Prices in Real-Time with Apache Spark and Apache Ignite MANUEL MOURATO Summary What is the stock market? Making a profit on volatility: Scalp trading Looking at first hour price swings The need for an in-memory

482 views • 32 slides
Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic protocol for real-time traffic Protocol for the management of data flow Secure version of the protocol 2 What is real-time (time of

629 views • 33 slides
Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honeypot Environment Eric Badger Masters Student Computer Engineering 1 Overview Introduction/Motivation Challenges

508 views • 30 slides
I Logs Apache Kafka, Stream Processing, and Real-time Data Jay Kreps The Plan 1. What is Data

I Logs Apache Kafka, Stream Processing, and Real-time Data Jay Kreps The Plan 1. What is Data

I Logs Apache Kafka, Stream Processing, and Real-time Data Jay Kreps The Plan 1. What is Data Integration? 2. What is Apache Kafka? 3. Logs and Distributed Systems 4. Logs and Data Integration 5. Logs and Stream Processing Data Integration

661 views • 42 slides
Journey to a Real-Time Enterprise Neha Narkhede, Co-founder/CTO at Confluent, Co-Creator Apache

Journey to a Real-Time Enterprise Neha Narkhede, Co-founder/CTO at Confluent, Co-Creator Apache

Journey to a Real-Time Enterprise Neha Narkhede, Co-founder/CTO at Confluent, Co-Creator Apache Kafka Infrastructure Technology ? Relational Data Database Warehousing Management Systems Adoption in Silicon Valley Adoption in Silicon

867 views • 45 slides
The Viola/Jones Face Detector (2001) A widely used method for real-time object detection.

The Viola/Jones Face Detector (2001) A widely used method for real-time object detection.

The Viola/Jones Face Detector (2001) A widely used method for real-time object detection. Training is slow, but detection is very fast. (Most slides from Paul Viola) Classifier is Learned from Labeled Data Training Data 5000

548 views • 21 slides
Sentiments of Tweets using Hashtags - Apache Storm James Trever Overview Of Apache Storm -

Sentiments of Tweets using Hashtags - Apache Storm James Trever Overview Of Apache Storm -

Sentiments of Tweets using Hashtags - Apache Storm James Trever Overview Of Apache Storm - Real time fault tolerant data processing system - Consists of streams of tuples flowing through topologies - Topologies are directed graphs -

562 views • 8 slides
Scalable Data Analytics Pipeline for Validation of Real-Time Attack Detection Eric Badger , Phuong

Scalable Data Analytics Pipeline for Validation of Real-Time Attack Detection Eric Badger , Phuong

Scalable Data Analytics Pipeline for Validation of Real-Time Attack Detection Eric Badger , Phuong Cao, Alex Withers, Adam Slagell, Zbigniew Kalbarczyk, Ravi Iyer University of Illinois Urbana-Champaign 1 Overview Introduction/Motivation

283 views • 24 slides
SPARQL Graph Pattern Processing with Apache Spark title ?P speaker Hubert Naacke University

SPARQL Graph Pattern Processing with Apache Spark title ?P speaker Hubert Naacke University

SPARQL Graph Pattern Processing with Apache Spark title ?P speaker Hubert Naacke University author P. et M. Curie Paris 6 Olivier Cur Paris Est Marne-la-Valle Bernd Amann GRADES 2017 1 Context Big RDF data Linked Open Data

704 views • 47 slides
Real-time PCR Data Markup Language A new standard for archiving and exchanging real-time PCR data

Real-time PCR Data Markup Language A new standard for archiving and exchanging real-time PCR data

Real-time PCR Data Markup Language A new standard for archiving and exchanging real-time PCR data Steve Lefever On behalf of the RDML consortium qPCR = golden standard for nucleic acids quantification Dedicated and precise instruments needed

780 views • 21 slides
Modelling of the London Bus Network The Data London Open Transport API Real-time bus

Modelling of the London Bus Network The Data London Open Transport API Real-time bus

Alex Gubbay Real Time Graph Modelling of the London Bus Network The Data London Open Transport API Real-time bus arrivals at every stop 130,000 data points a minute Also provided: Real-time traffic incidents Real-time

173 views • 5 slides
Apache NiFi Better Analytics Demand Better Dataflow Presented by: Joe Witt Apache NiFi PPMC

Apache NiFi Better Analytics Demand Better Dataflow Presented by: Joe Witt Apache NiFi PPMC

Apache NiFi Better Analytics Demand Better Dataflow Presented by: Joe Witt Apache NiFi PPMC Member Apache NiFis job: Enterprise Dataflow Management Automate the flow of data from any source to systems which extract meaning and insight

1.45k views • 18 slides
Near Real-Time Multi-Source Flow Data Correlation FloCon 2013 Carter Bullard QoSient, LLC

Near Real-Time Multi-Source Flow Data Correlation FloCon 2013 Carter Bullard QoSient, LLC

Near Real-Time Multi-Source Flow Data Correlation FloCon 2013 Carter Bullard QoSient, LLC Albuquerque, New Mexico Jan 7-10, 2013 carter@qosient.com Problem Statement Cyber incident attribution and forensics, is a complex process. To

795 views • 28 slides
Apache Storm Christopher Little Apache Storm Alternatives Storm Hadoop Spark Streaming

Apache Storm Christopher Little Apache Storm Alternatives Storm Hadoop Spark Streaming

Real-time Web Marketing with Apache Storm Christopher Little Apache Storm Alternatives Storm Hadoop Spark Streaming Processing Model DAG MapReduce DAG Processing Unit Record-at-a-time Batch Mini Batch Latency Sub-second High Few

386 views • 17 slides

More recommend