using substructure mining to
play

Using Substructure Mining to Identify Misbehavior in Network - PowerPoint PPT Presentation

Nov 23, 2022 •175 likes •582 views

Using Substructure Mining to Identify Misbehavior in Network Provenance Graphs David DeBoer, Georgetown University Wenchao Zhou, Georgetown University Lisa Singh, Georgetown University June 23, 2013, GRADES Workshop, SIGMOD 2013 New York, NY

  1. Using Substructure Mining to Identify Misbehavior in Network Provenance Graphs David DeBoer, Georgetown University Wenchao Zhou, Georgetown University Lisa Singh, Georgetown University June 23, 2013, GRADES Workshop, SIGMOD 2013 New York, NY

  2. Distributed Systems  Distributed systems have seen huge success  They touch many parts of our daily lives  Faults are costly  Monitoring and maintenance is difficult  Network Provenance is a proposed solution F E A D I J G B C H

  3. Our Contribution  Leverage the dependency graph of network provenance for a substructure mining application  Find common execution patterns  Use them as a feature set to identify misbehaving nodes  Use heuristics to find substructures more quickly  Implement with a graph database, neo4j  Perform extensive evaluation F E A D I J G B C H

  4. Proposed System Architecture Sub- structure Search

  5. Example: Network Provenance A B C F E A D I J G B C H

  6. Example: Provenance Graph

  7. Example: Provenance Graph

  8. Example: Provenance Graph

  9. Example: Provenance Graph

  10. Example: Provenance Graph

  11. Example: Provenance Graph

  12. Example: Provenance Graph  One Hop Path

  13. Example: Provenance Graph  Multi Hop Path

  14. Example: Provenance Graph

  15. Example: Provenance Graph

  16. Example: Provenance Graph  One Hop Path

  17. Example: Provenance Graph  Multi Hop Path

  18. Example: Provenance Graph

  19. Example: Provenance Graph

  20. Example: Provenance Graph  One Hop Path

  21. Example: Provenance Graph  No Multi Hop Path

  22. Proposed System Architecture Sub- structure Search

  23. Substructure Mining  Substructure mining is the search for “good” subgraphs within a graph or set of graphs  Two parts:  Searching the space of possible substructures  Finding instances of an individual substructure

  24. Substructure Mining: Substructures  Many Possible  Graph substructures C A A B C B C C A

  25. Substructure Mining: Instances  Graph  Substructure C A A C A A B C B C B C C A

  26. Subdue  Classical substructure mining algorithm (N.S.Ketkar et al., 2005)  Substructures are evaluated based on how well they compress the full graph  Compression calculated based on non-overlapping instances  Subdue uses a guided beam search to search the space of possible substructures  Structures from a previous iteration are expanded, tested, and only the best of the expanded go on to the next iteration (beam size = number of the best substructures)

  27. Substructure Mining: Subdue  Graph  Substructure C A A C AC A A B C AC ABC ABC B C B C AC C A

  28. Substructure Mining: Subdue  Compressed Graph 1  Compressed Graph 2 C AC AC B ABC ABC B AC C A C

  29. Proposed System Architecture Sub- structure Search

  30. Heuristics  Limiting the number of substructures to search  Duplicate Substructure Reduction  Outward Expansion  Speeding up the search for substructure instances  Infrequent Start Vertex  Start Vertex Reuse

  31. Duplicate Substructure Reduction  During the expansion of substructures you duplicate substructures are created and tested.  We incorporated aspects of Gspan (Yan and Han, 2003) to help reduce the number of duplicates link link Expands T o link Or r2 r2 r2 r2 r2 r2 r3 r3

  32. Outward Expansion  When determining new substructures to search for, only expand using outgoing edges  A possible problem is that certain types of substructures will be ignored. link r3 link link Expands T o r2 r2 r2 r2 r2 r2 Not r2 r3 r3 r3

  33. Infrequent Start Vertex  Testing a substructure instance starts with a single vertex  Pick start vertices based on the least frequently occurring vertex type in the substructure B A A B A B B B B B

  34. Start Vertex Reuse  Good substructures get expanded to new substructures  Save the subset of start vertices which have a match  New substructures can take advantage of the information from the previous substructure B A A B A B B B B B

  35. Experimental Setup  Use 5 different inferred intra-domain topologies from the Rocketfuel project (Spring et al., 2002) Dataset ASN Nodes Links |V(G)| |E(G)| 1 1221 108 306 16,227 28,090 2 1755 87 322 23,015 40,725 3 3257 161 656 52,848 94,568 4 6461 141 748 73,316 134,072 5 1239 315 1,944 317,066 592,038  Use a beam size of 10 with 100 expansions maximum  Evaluate run time, quality of substructures, and effect of beam size

  36. Experimental Runs  DB-OPTIMIZED: all heuristics using Neo4j  MEM-OPTIMIZED: all heuristics using in memory version  No-DUP-REDUCE: all heuristics except duplication reduction  No-EXPAND-OUT: all heuristics except outward expansion  No-REUSE: all heuristics except reuse of start vertices  BASE-LINE: no heuristics

  37. Results (Run Time)  Each heuristic improves the run time  DB version consistently outperforms the memory version

  38. Results (Compression)  Top compression results the same for each run

  39. Conclusion  Contributions  Apply substructure mining to network provenance  Implement algorithm using the neo4j graph database  Propose heuristics which take advantage of provenance structure  Perform extensive evaluation that shows strength of our approach  Future Work  Try other protocols  Use more advanced substructure mining techniques  Take advantage of the tree like structure of our graphs  Explore substructure mining for dynamic provenance graphs  Implement a complete system to test using misbehaving nodes

  40. References  N.S. Ketkar, L.B. Holder, and D.J. Cook. Subdue: compression-based frequent pattern discovery in graph data. In Proc. OSDM , 2005.  N. Spring, R. Mahajan, and D. Wetherall. Measuring isp topologies with rocketfuel. ACM SIGCOMM CCR , 32(4), 2002.  X. Yan and J. Han. Closegraph: mining closed frequent graph patterns. In Proc. SIGKDD , 2003.  W. Zhou, M. Sherr, T. Tao, X. Li, B. T. Loo, and Y. Mao. Efficient querying and maintenance of network provenance at Internet-scale. In Proc. SIGMOD, 2010.

Recommend

gSpan: Graph-Based Substructure Pattern Mining Xifeng Yan Jiawei Han Department of Computer

gSpan: Graph-Based Substructure Pattern Mining Xifeng Yan Jiawei Han Department of Computer

gSpan: Graph-Based Substructure Pattern Mining Xifeng Yan Jiawei Han Department of Computer Science University of Illinois at Urbana-Champaign xyan, hanj @uiuc.edu Abstract chemical compound dataset in 10 minutes

303 views • 4 slides
Effect of substructure on tidal streams Denis Erkal University of Surrey Halo Substructure and

Effect of substructure on tidal streams Denis Erkal University of Surrey Halo Substructure and

Effect of substructure on tidal streams Denis Erkal University of Surrey Halo Substructure and Dark Matter Searches , IFT Madrid, June 29th 2018 Milky Way Substructure Halo mass function Stars No Stars 200 kpc 10 4 10 10 Mass (M )

536 views • 37 slides
JET SUBSTRUCTURE AT THE LHC & BEYOND Simone Marzani Universit di Genova & INFN

JET SUBSTRUCTURE AT THE LHC & BEYOND Simone Marzani Universit di Genova & INFN

JET SUBSTRUCTURE AT THE LHC & BEYOND Simone Marzani Universit di Genova & INFN Sezione di Genova Interpreting the LHC Run 2 data and Beyond ICTP Trieste 27 th - 31 st May 2019 1 OUTLINE Jet substructure: where we are

474 views • 29 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

774 views • 20 slides
Jet Substructure Pedro Cal In collaboration with: Du ff Neill arXiv:1901.06389 arXiv:1911.xxxxx

Jet Substructure Pedro Cal In collaboration with: Du ff Neill arXiv:1901.06389 arXiv:1911.xxxxx

NNV Annual meeting November 1st, 2019 Jet Substructure Pedro Cal In collaboration with: Du ff Neill arXiv:1901.06389 arXiv:1911.xxxxx Felix Ringer Wouter Waalewijn Outline What are jets and why do they form? What is jet substructure? Jet

356 views • 34 slides
Web Mining Web Mining Web mining is the use of data mining techniques to automatically

Web Mining Web Mining Web mining is the use of data mining techniques to automatically

What is Web Mining? What is Web Mining? Web Mining Web Mining Web mining is the use of data mining techniques to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) Web mining aims to

566 views • 22 slides
Jet Substructure Adam Davison University College London 1 Outline Jets at the LHC

Jet Substructure Adam Davison University College London 1 Outline Jets at the LHC

Jet Substructure Adam Davison University College London 1 Outline Jets at the LHC Machine and ATLAS detector What is a jet? Jet substructure What is it? What can it do for us? Some ATLAS/Higgs bias here 2 Jets at

850 views • 50 slides
12. Dynamic Programming Memoization, Optimal Substructure, Overlapping Sub-Problems,

12. Dynamic Programming Memoization, Optimal Substructure, Overlapping Sub-Problems,

12. Dynamic Programming Memoization, Optimal Substructure, Overlapping Sub-Problems, Dependencies, General Procedure. Examples: Rod Cutting, Rabbits, Edit Distance [Ottman/Widmayer, Kap. 7.1, 7.4, Cormen et al, Kap. 15] 260 Fibonacci Numbers

1.15k views • 88 slides
Dynamical interaction between astrophysical systems and DM substructure; constraints on the

Dynamical interaction between astrophysical systems and DM substructure; constraints on the

Dynamical interaction between astrophysical systems and DM substructure; constraints on the smallest DM structures. Alma X. Gonzlez Morales (ICN, UNAM) with Octavio Valenzuela and Luis Aguilar (IA, UNAM) Motivation: Subsolar mass

442 views • 23 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) (another definition:

287 views • 15 slides
19. Dynamic Programming I (again) Memoization, Optimal Substructure, Overlapping

19. Dynamic Programming I (again) Memoization, Optimal Substructure, Overlapping

Fibonacci Numbers 19. Dynamic Programming I (again) Memoization, Optimal Substructure, Overlapping Sub-Problems, n if n < 2 F n := Dependencies, General Procedure. Examples: Fibonacci, Rod if n 2 . F n 1 + F n 2 Cutting,

562 views • 17 slides
Port of San Francisco Marine Structural Projects IV, (Pier 29 & 31.5 Substructure Repair)

Port of San Francisco Marine Structural Projects IV, (Pier 29 & 31.5 Substructure Repair)

Port of San Francisco Marine Structural Projects IV, (Pier 29 & 31.5 Substructure Repair) Contract No. 2790 January 3, 2018 AGENDA 1. Welcome & Introductions Andre Antonio 2. Project Overview Jonathan Roman 3. CMD Finbarr

329 views • 31 slides
Population Substructure and Control Selection in Genome-wide Association Studies Kai Yu, Ph.D.

Population Substructure and Control Selection in Genome-wide Association Studies Kai Yu, Ph.D.

Population Substructure and Control Selection in Genome-wide Association Studies Kai Yu, Ph.D. Division of Cancer Epidemiology and Genetics, NCI Acknowledgements CeRePP , France HSPH CGEMS & DCEG Olivier Cussenot David Hunter Gilles

485 views • 36 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) 1 2 The Web The Web

468 views • 23 slides
dark matter distribution in the Milky Way halo 1) observational evidence 2) substructure 3)

dark matter distribution in the Milky Way halo 1) observational evidence 2) substructure 3)

dark matter distribution in the Milky Way halo 1) observational evidence 2) substructure 3) density profiles Jrg Diemand UC Santa Cruz Sept 12, 2007

580 views • 39 slides
Jet Substructure at the LHC Wouter Waalewijn LANL - January 8, 2015 Outline Introduction

Jet Substructure at the LHC Wouter Waalewijn LANL - January 8, 2015 Outline Introduction

Jet Substructure at the LHC Wouter Waalewijn LANL - January 8, 2015 Outline Introduction Jet Charge Jet Mass Hadronization of Jets Quark/Gluon Discrimination Conclusions Introduction What is a Jet? Energetic quarks and

769 views • 60 slides
Substructure from Simulations Can the standard reionization scenario explain the current

Substructure from Simulations Can the standard reionization scenario explain the current

Substructure from Simulations Can the standard reionization scenario explain the current population of satellite galaxies? (How low does galaxy formation go?) James S. Bullock (UC Irvine) Tyler Kelley ( UC Irvine ) ( UC Irvine > Texas

909 views • 45 slides
CONSTRAINING THE NATURE OF DARK MATTER WITH SUBSTRUCTURE LENSING: PREDICTIONS FROM THEORY AND

CONSTRAINING THE NATURE OF DARK MATTER WITH SUBSTRUCTURE LENSING: PREDICTIONS FROM THEORY AND

CONSTRAINING THE NATURE OF DARK MATTER WITH SUBSTRUCTURE LENSING: PREDICTIONS FROM THEORY AND SIMULATIONS Giulia Despali Simona Vegetti Elisa Ritondale MPA - Garching Simon White Carlo Giocoli Mark Lovell Mark Vogelsberger Martin Sparre

408 views • 22 slides
19. Dynamic Programming I Memoization, Optimal Substructure, Overlapping Sub-Problems,

19. Dynamic Programming I Memoization, Optimal Substructure, Overlapping Sub-Problems,

19. Dynamic Programming I Memoization, Optimal Substructure, Overlapping Sub-Problems, Dependencies, General Procedure. Examples: Fibonacci, Rod Cutting, Longest Ascending Subsequence, Longest Common Subsequence, Edit Distance, Matrix Chain

1.63k views • 135 slides
Introduction to Web Mining What is Web Mining? Discovering useful information from the

Introduction to Web Mining What is Web Mining? Discovering useful information from the

CS 345A Data Mining Lecture 1 Introduction to Web Mining What is Web Mining? Discovering useful information from the World-Wide Web and its usage patterns Web Mining v. Data Mining Structure (or lack of it) Textual information and

744 views • 31 slides
Opaque Faade Segment or Universal Substructure System and Technology for Fixing of Ventilated

Opaque Faade Segment or Universal Substructure System and Technology for Fixing of Ventilated

A Holistic Proposal for the Opaque Faade Segment or Universal Substructure System and Technology for Fixing of Ventilated Claddings and Modelling of Faade Features August 2019 Building envelope industry has evolved dynamically in the last

481 views • 35 slides
(machine) learning jet substructure Machine Learning for Jet Physics Workshop, 2017 Eric M.

(machine) learning jet substructure Machine Learning for Jet Physics Workshop, 2017 Eric M.

A complete linear basis for (machine) learning jet substructure Machine Learning for Jet Physics Workshop, 2017 Eric M. Metodiev Center for Theoretical Physics Massachusetts Institute of Technology Based on work with Patrick T. Komiske and

441 views • 21 slides
Uncovering latent jet substructure Barry M . Dillon Jozef Stefan Institute , Ljubljana , Slovenia

Uncovering latent jet substructure Barry M . Dillon Jozef Stefan Institute , Ljubljana , Slovenia

Uncovering latent jet substructure Barry M . Dillon Jozef Stefan Institute , Ljubljana , Slovenia Based on: hep - ph/ 1904.04200 BMD , Darius A . Faroughy , Jernej F . Kamenik Dark Machines , Trieste , April 11 th 2019 Overview Goal:

536 views • 26 slides
AM Gradiometer (AMG) Technology Underground Utility/Substructure Detection Charbel Khoury, PhD,

AM Gradiometer (AMG) Technology Underground Utility/Substructure Detection Charbel Khoury, PhD,

AM Gradiometer (AMG) Technology Underground Utility/Substructure Detection Charbel Khoury, PhD, PE Geotechnical Practice SUE Association Conference 9/25/2019 AM Gradiometer (AMG) Technology Table for Operation & Visualization AMG

678 views • 47 slides

More recommend