towards provable network traffic measurement and analysis
play

Towards Provable Network Traffic Measurement and Analysis via - PowerPoint PPT Presentation

Mar 05, 2024 •320 likes •575 views

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets Network Traffic Measurement and Analysis Conference (TMA 2018) June 28, 2018 Milan Cermak et al. Institute of Computer Science, Masaryk University, Brno

  1. Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets Network Traffic Measurement and Analysis Conference (TMA 2018) June 28, 2018 Milan Cermak et al. Institute of Computer Science, Masaryk University, Brno

  2. TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 2 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  3. TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 3 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  4. TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 4 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  5. Research Problems challenges that everyone has to deal with ▪ Lack of research standards missing rules for research data collection, analysis, sharing, and ethics of usage ▪ Inaccessibility of appropriate datasets real-world data cannot be reliable annotated and needs to be anonymized, artificial data are not sufficiently realistic and provides a limited set of network traffic ▪ Inability to prove research results it is complicated to prove properties of the proposed analytical method leading to limited acceptance of the results by industry ▪ Missing verification of others researchers’ results data and algorithms are kept in private which leads to the impossibility of research reproducibility TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 5 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  6. TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 6 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  7. TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 7 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  8. The Basic Idea what we realized during our research ▪ Single event full packet capture can be publicly shared units of network traffic with one type of network event contains only a minimum of personal data and can be publicly shared and easily annotated ▪ Packet capture can be „ simply “ manipulated MAC and IP addresses can be changed to predefined values together with capture time and subsequently adapted to real-world data ▪ Events can be mixed with each other or with real-world data we usually have access to the real-world data, but we need an annotation or a ground truth TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 8 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  9. Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets our goal is not to deal with all identified problems at this point, but to present a general solution in order to start a discussion of its usability TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 9 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  10. Semi-Labeled Datasets we aim to cover all areas relevant to datasets usage 1. Creation of annotated units 2. Use of semi-labeled datasets composed of annotated units 3. Sharing platform for annotated units 4. Use of semi-labeled datasets for a research evaluation TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 10 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  11. Challenges of Shared Datasets usage and creation requirements to support applicability ▪ Data anonymization problems of application data and consistency in all packet layers ▪ Traffic annotation either inaccurate annotation of real-world datasets or accurate annotation of an artificial dataset but with insufficient authenticity ▪ Capture parameters network topology, capacity, utilization, and latency affects the dataset creation ▪ Dataset recency each fixed dataset becomes obsolete in time TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 11 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  12. Annotated Units normalized and annotated packet traces containing a single event Creation of full packet traces ▪ filter the desired traffic from an existing network ▪ capture a traffic form a prepared environment Packet trace normalization ▪ change MAC and IP addresses to predefined values ▪ reset timestamp to zero epoch time Units annotation ▪ store information about author, capture interface, network settings, and trace content github.com/CSIRT-MU/trace-share TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 12 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  13. Annotated Units besides benefits, there are still issues that need to be addressed ▪ No sensitive content of a traffic ▪ Uniformity of virtual environment ▪ Accurate annotation ▪ Normalization problems ▪ Easily accessible data recency ▪ Trace consistency preservation TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 13 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  14. Semi-Labeled Datasets we aim to cover all areas relevant to datasets usage 1. Creation of annotated units 2. Use of semi-labeled datasets composed of annotated units 3. Sharing platform for annotated units 4. Use of semi-labeled datasets for a research evaluation TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 14 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  15. Combination of Annotated Units how to create a semi-labeled dataset 1. Select annotated units based on your interest 2. Capture real-world network traffic within your environment 3. Compute characteristics of the real-world traffic capture 4. Modify annotated units to reflect characteristics of the real-world traffic 5. Merge annotated units and real-world traffic capture TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 15 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  16. Usage of Semi-Labeled Datasets development of analytical methods using annotated units TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 16 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  17. Semi-Labeled Datasets we aim to cover all areas relevant to datasets usage 1. Creation of annotated units 2. Use of semi-labeled datasets composed of annotated units 3. Sharing platform for annotated units 4. Use of semi-labeled datasets for a research evaluation TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 17 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  18. Sharing Platform Challenges each of dataset sharing platforms suffers from common issues ▪ Data anonymization assisted anonymization of uploaded datasets should be one of the key features of a central dataset sharing platform ▪ Data heterogeneity sharing platform should have clearly defined types and format of datasets it collects ▪ Platform sustainability a necessity to have a founding and create the platform as an open community hub ▪ Initial content sharing platforms should contain a sufficient number of up-to-date datasets when launched TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 18 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  19. Data Sharing Platform our plans with trace·share open platform ▪ Community hub ▪ Storage and management of annotated units ▪ Assisted uploading, normalization, annotation, and mixing of annotated units ▪ Inspired by OpenML platform (see https://openml.org) ▪ Prototype available at the end of the year (see https://github.com/CSIRT-MU/traceshare) TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 19 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  20. Semi-Labeled Datasets we aim to cover all areas relevant to datasets usage 1. Creation of annotated units 2. Use of semi-labeled datasets composed of annotated units 3. Sharing platform for annotated units 4. Use of semi-labeled datasets for a research evaluation TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 20 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  21. Challenges of Research Evaluation an evaluation must give an objective metric of the method efficiency ▪ Qualitative aspect properties of a dataset itself whereas the network traffic capture must contain realistic, diverse data, that accurately reflect real-world traffic ▪ Quantitative aspect the process of evaluation giving an objective metric of the method efficiency, typically using confusion matrix with true positive, false positive, and false negative values TMA 2018 : Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets 21 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

Recommend

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network Security at Prague Embedded Systems Workshop (PESW 2019) June 28, 2019 Milan Cermak Institute of Computer Science, Masaryk University, Brno 2 3

440 views • 20 slides
Measurement and Analysis of Traffic in a Hybrid Satellite-Terrestrial Network Qing (Kenny) Shao

Measurement and Analysis of Traffic in a Hybrid Satellite-Terrestrial Network Qing (Kenny) Shao

Measurement and Analysis of Traffic in a Hybrid Satellite-Terrestrial Network Qing (Kenny) Shao and Ljiljana Trajkovic { qshao, ljilja} @cs.sfu.ca Communication Networks Laboratory http://www.ensc.sfu.ca/cnl School of Engineering Science

533 views • 29 slides
Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet? Active measurement vs. passive

771 views • 31 slides
Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet? q Active measurement vs. passive

654 views • 31 slides
Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic

Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic

Traffic Measurement Activities of the WIDE project Kenjiro Cho IIJ Research Lab traffic measurement and analysis in WIDE measurement activities across research groups broad perspectives - tracking long-term trends - analysis (with wide

415 views • 12 slides
Measurement of Data Traffic Measurement of Data Traffic in Cellular Networks 2008.8.16 Kisu

Measurement of Data Traffic Measurement of Data Traffic in Cellular Networks 2008.8.16 Kisu

Measurement of Data Traffic Measurement of Data Traffic in Cellular Networks 2008.8.16 Kisu Kim, Hyeongu Son, Taeck-keun Kwon, DK Lee*, S. Moon* and Youngseok Lee, Chungnam National University *KAIST D Daejon, Korea j K 1 Contents

1.2k views • 28 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Traffic Measurement and Analysis of Building Automation and Control Networks Radek Krej,

Traffic Measurement and Analysis of Building Automation and Control Networks Radek Krej,

Traffic Measurement and Analysis of Building Automation and Control Networks Radek Krej, Pavel eleda, Jakub Dobrovoln rkrejci@cesnet.cz, {celeda|dobrovolny}@ics.muni.cz AIMS 2012 - 6th International Conference on Autonomous

723 views • 35 slides
Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki,

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki,

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki, Mark Crovella, Christophe Diot, and Nina Taft Traditional Network What ISPs Care Traffic Analysis About Focus on Focus on Long,

1.09k views • 46 slides
WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN

WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN

CPSC 641: WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN Traffic Measurements There have been several studies of wide area network traffic (i.e., Internet traffic) We will look briefly at two

655 views • 13 slides
Network Measurement Carey Williamson Department of Computer Science University of Calgary

Network Measurement Carey Williamson Department of Computer Science University of Calgary

CPSC 641: Network Measurement Carey Williamson Department of Computer Science University of Calgary Network Traffic Measurement A focus of networking research for 30+ years Collect data or packet traces showing packet activity on the

462 views • 25 slides
Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools

Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools

Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools Background and Goals: Apache Spot was started recently DNS, Netflow, PCAP data is analyzed The goal is to identify: suspicous

644 views • 19 slides
Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Traffic Measurement Analysis & Robust Methods Modeling Anomaly Detection Traffic Classification Conclusion + Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon, Laboratoire de Physique (UMR

716 views • 60 slides
LAN Measurement Carey Williamson Department of Computer Science University of Calgary LAN

LAN Measurement Carey Williamson Department of Computer Science University of Calgary LAN

CPSC 641: LAN Measurement Carey Williamson Department of Computer Science University of Calgary LAN Traffic Measurements Some of the first network traffic measurement papers were for measurements done on Ethernet local area networks

696 views • 7 slides
Servers in Action: Towards Distributed Traffic Measurement in Data Centers Praveen Tammana &

Servers in Action: Towards Distributed Traffic Measurement in Data Centers Praveen Tammana &

Servers in Action: Towards Distributed Traffic Measurement in Data Centers Praveen Tammana & Myungjin Lee School of Informatics University of Edinburgh MSN14 - Cosener's House, Abingdon 1 Network Measurement in Data Centers Data

574 views • 25 slides
Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic analysis for Bitcoin and derived Transaction clustering using network traffic blockchains analysis for Bitcoin and derived blockchains Biryukov, Tikhomirov Introduction Network privacy Alex

491 views • 30 slides
Measurement Techniques Part 2: Measurement Techniques Terminology and general issues

Measurement Techniques Part 2: Measurement Techniques Terminology and general issues

Part 2 Measurement Techniques Part 2: Measurement Techniques Terminology and general issues Active performance measurement SNMP and RMON Packet monitoring Flow measurement Traffic analysis Terminology and General I

758 views • 64 slides
ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@ rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF

641 views • 46 slides
A summary of security-related network measurements. David Malone Maynooth University.

A summary of security-related network measurements. David Malone Maynooth University.

A summary of security-related network measurements. David Malone Maynooth University. 2017-09-11 15:15:00 Network Measurement Results Internet Measurement Conference (IMC), Passive and Active Measurement Conference (PAM), Traffic

812 views • 12 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

IN INTRODUCTION TO TRAFFIC ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC ANALYSIS 1. Except for user terminals, the telephone network is composed of a variety of common 45 Trunks equipment

385 views • 17 slides
Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1 Presentation By Henk van Doorn & Marko Spithoff Relevance Security Audits Company Detects (Attempted) Breach Accountability Of Actions 2

337 views • 22 slides

More recommend