an interactive web based platform for modeling and
play

An Interactive Web Based Platform for Modeling and Analysis of Large - PowerPoint PPT Presentation

Dec 09, 2022 •147 likes •408 views

An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data Angel Kodituwakku J.T. Liso Dr. Jens Gregor Jan 10, 2018 This material is based upon work supported by the National Science Foundation under

  1. An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data Angel Kodituwakku J.T. Liso Dr. Jens Gregor Jan 10, 2018 This material is based upon work supported by the National Science Foundation under Grant No. IRNC-1450959 01/10/2017 1

  2. Foundational Work • GLORIAD: World wide network for research & education Gl obal Ri ng Network for A dvanced Applications D evelopment NSF sponsored project 2006-2015, Greg Cole (PI) • InSight: Visualization of GLORIAD Argus flow-data Development ended with GLORIAD • InSight2: Newly developed, completely redesigned tool 01/10/2017 2

  3. Motivation • Open-source Argus flow data analytics platform that provides: • Performance metrics • Threat detection • Advanced analytics • Web based visualization • Modular architecture that supports large scale data , real-time processing , and site-specific requirements 01/10/2017 3

  4. Features • Core functionality: Performance metrics • Plug-in extensions: Advanced analytics • Markov chain: Behavior prediction • Tensor analysis: Anomaly detection • Community plugins: TBD • Data enrichment: Value-added knowledge • Geo-IP, Global Science Registry (IP-org mapping) • Threat lists, Blacklists (botnets, ransomware etc.) 01/10/2017 4

  5. Implementation • Enrichment: Python • Database: Elasticsearch • Visualization: Kibana • Front-end: HTML/JS Flow Data Back-end Front-end 01/10/2017 5

  6. Capabilities 1/2 • Measurements • Network statistics (load, packets dropped, retransmitted) • Usage statistics (countries, organizations, ISPs) • Diagnostics (jitter, packet size, hops, delay) • Visualizations • Critical activity gauges • Overlaid advanced metrics • Connections graphs of top users 01/10/2017 6

  7. Capabilities 2/2 • Intuitive filtering by UI interactions • Click UI elements to add/remove filters by country, ISP etc • Click and drag to filter time range in timeline • Click and drag define visual geo-location bounds in geo-maps • Geo-location mapping: MaxMind Geo-IP database • Threat detection: Miscl. on-line databases • Utilization prediction: Markov chain modeling • Anomaly detection: Tensor based data analysis 01/10/2017 7

  8. Traffic Overview • Main Dashboard • Activity Gauges • Country Tag Cloud • Geo Map • Intuitive filters 01/10/2017 8

  9. Performance Metrics • Traffic ratio and PCR • Setup time and hops • Packet size • Jitter and inter-packet arrival time 01/10/2017 9

  10. Argus Flow Data Powered by Argus is used by 01/10/2017 10

  11. Software Architecture 1/6 01/10/2017 11

  12. Software Architecture 2/6 01/10/2017 12

  13. Software Architecture 3/6 • Apply enrichment databases - One flow data record in - One enriched record out • Store results in Main database 01/10/2017 13

  14. Software Architecture 4/6 • Plug-ins invoked after enrichment epoch • Perform data analytics using main and summary databases • Store results in summary and events databases 01/10/2017 14

  15. Software Architecture 5/6 • Check user databases for changes • Poll threat lists for new updates • Aggregate, de-duplicate, and update enrichment databases 01/10/2017 15

  16. Software Architecture 6/6 • Create per-second summary • Collect events from main database and append to events database • Purge expired data from main database 01/10/2017 16

  17. Technologies Used 01/10/2017 17

  18. Technologies Used 01/10/2017 18

  19. uses • Visualization platform • Highly scalable • Intuitive dashboards • NoSQL database • Native integration with ES • Full-text search engine • Geo-map tile service • Distributed 01/10/2017 19

  20. Plug-in: Markov Chain 1/2 • State transition model • Stochastic: Prob(s i+1 |s i ) • Inferred from training data • Model analysis • Steady-state • First-transitions • Live data processing 01/10/2017 20

  21. Plug-in: Markov Chain 2/2 • Usage: Network utilization prediction Actual Usage Predicted Usage State Transition Probabilities 01/10/2017 21

  22. Plug-in: Tensor Analysis 1/3 • Tensor: multidimensional matrix of real numbers • Each mode is n -dimensional matrix (called slice) 01/10/2017 22

  23. Plug-in: Tensor Analysis 2/3 • Tensor energy • Average sum of squares per slice given mode • Data sparsification • Low energy change data discarded during update • Event detection • High energy change data indicates new trend that may warrant investigation (anomalous behavior?) S. Papadimitriou et al, Streaming Pattern Discovery in Multiple Time-Series, Proc. VLDB, Trondheim, Norway, 2005 01/10/2017 23

  24. Plug-in: Tensor Analysis 3/3 Observed source traffic Observed destination traffic Slice Energy Anticipated Energy Actual Energy Energy Ratio 01/10/2017 24

  25. Frontend • TLS 1.2 transport • Separate InSight2 and OS user authentication • Server side authentication • Secure administrator access • Read only / one way dashboards 01/10/2017 25

  26. Summary • Argus flowdata modeling and analysis • Interactive web based platform • Open-source modular software (release TBD) • Partners • QoSient, Cisco ASIG • Stanford University, KISTI (South Korea) • Work supported by NSF: IRNC-1450959 01/10/2017 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

the joy of interactive modeling) Dr Elgard van Leeuwen Deltares About Modeling

the joy of interactive modeling) Dr Elgard van Leeuwen Deltares About Modeling

Model based decision support (and the joy of interactive modeling) Dr Elgard van Leeuwen Deltares About Modeling Interactive and together The instrument Why does it work? Modeling I dont need models to make a desicion in

177 views • 17 slides
MOCAP Uros Zizek Measuring performance of cloud-based CEO at CASTOOLA platform for interactive

MOCAP Uros Zizek Measuring performance of cloud-based CEO at CASTOOLA platform for interactive

MOCAP Uros Zizek Measuring performance of cloud-based CEO at CASTOOLA platform for interactive TV services delivery FEC3 Paris, March 14-16, 2018 WWW.FED4FIRE.EU Castoola Platform is cloud-based platform for serving of interactive TV

1.03k views • 17 slides
MOCAP Uros Zizek Measuring performance of cloud-based CASTOOLA platform for interactive TV

MOCAP Uros Zizek Measuring performance of cloud-based CASTOOLA platform for interactive TV

MOCAP Uros Zizek Measuring performance of cloud-based CASTOOLA platform for interactive TV services delivery FEC2 Volos, 5 October 2017 WWW.FED4FIRE.EU Castoola Platform is cloud-based platform for serving of interactive TV services based

779 views • 10 slides
PDE-based Geometric Modeling and Interactive Sculpting for Graphics Hong Qin Center for Visual

PDE-based Geometric Modeling and Interactive Sculpting for Graphics Hong Qin Center for Visual

PDE-based Geometric Modeling and Interactive Sculpting for Graphics Hong Qin Center for Visual Computing Department of Computer Science SUNY at Stony Brook Geometric Modeling Shape representations Geometric modeling techniques Geometric

1.69k views • 167 slides
Transaction-level modeling of bus-based systems with SystemC 2.0 Ric Hilderink, Thorsten

Transaction-level modeling of bus-based systems with SystemC 2.0 Ric Hilderink, Thorsten

Transaction-level modeling of bus-based systems with SystemC 2.0 Ric Hilderink, Thorsten Grtker Synopsys, Inc. Efficient platform modeling Get to executable platform model ASAP Simulation speed >> 100k cycles/sec C DSP BUS

581 views • 40 slides
The Web of Mathematical Models: A Schema-based, Wiki-like, Interactive Platform Thomas

The Web of Mathematical Models: A Schema-based, Wiki-like, Interactive Platform Thomas

The Web of Mathematical Models: A Schema-based, Wiki-like, Interactive Platform Thomas Grundmann, Jean-Marie Gaillourdet, Karsten Schmidt, Arnd Poetzsch-Heffter, Stefan Deloch and Martin Memmel MathWikis, Nijmegen, 2011 Outline

528 views • 17 slides
Technologies for Web-based Adaptive Interactive Systems: User Modeling Factors, User Data

Technologies for Web-based Adaptive Interactive Systems: User Modeling Factors, User Data

EPL344: Internet Technologies Technologies for Web-based Adaptive Interactive Systems: User Modeling Factors, User Data Collection Methods and User Model Generation Marios Belk Overview Engineering interactive systems following UCD

688 views • 30 slides
Boxed Economy Simulation Platform Boxed Economy Simulation Platform for Agent- -Based Economic

Boxed Economy Simulation Platform Boxed Economy Simulation Platform for Agent- -Based Economic

Boxed Economy Simulation Platform Boxed Economy Simulation Platform for Agent- -Based Economic and Social Based Economic and Social for Agent Modeling Modeling Open and look inside the black box, and you can find another world Takashi

433 views • 17 slides
A Java Based Interactive Control Design and Tuning Platform Aaron Radke 7/9/3 Aaron Radke

A Java Based Interactive Control Design and Tuning Platform Aaron Radke 7/9/3 Aaron Radke

A Java Based Interactive Control Design and Tuning Platform A Java Based Interactive Control Design and Tuning Platform Aaron Radke 7/9/3 Aaron Radke 7/9/3 Page 1 A Java Based Interactive Control Design and Tuning Platform Outline

1.01k views • 81 slides
Graphiti: Interactive Specification of Attribute-based Edges for Network Modeling and

Graphiti: Interactive Specification of Attribute-based Edges for Network Modeling and

Graphiti: Interactive Specification of Attribute-based Edges for Network Modeling and Visualization Arjun Srinivasan Hyunwoo Park Alex Endert Rahul C. Basole Green Lantern Deadpool Common actor Green Lantern Deadpool Captain America:

892 views • 51 slides
Technologies for Web-based Adaptive Interactive Systems: Personalization Categories, and

Technologies for Web-based Adaptive Interactive Systems: Personalization Categories, and

EPL344: Internet Technologies Technologies for Web-based Adaptive Interactive Systems: Personalization Categories, and Adaptation Mechanisms and Effects Marios Belk High-level Adaptive and Interactive System Architecture User Modeling Component

628 views • 31 slides
Introduction Embedded system architecture Electronic systems consist of: HW platform

Introduction Embedded system architecture Electronic systems consist of: HW platform

Outline HDL and Embedded Systems Design SystemC and VHDL Platform Based Design Transaction Level Modeling

428 views • 17 slides
UI software architectures & Modeling interaction (part of this content is based on previous

UI software architectures & Modeling interaction (part of this content is based on previous

UI software architectures & Modeling interaction (part of this content is based on previous classes from A. Bezerianos, S. Huot, M. Beaudouin-Lafon, N.Roussel, O.Chapuis) Assignment 1 Design and implement an interactive tool for creating

737 views • 48 slides
Securing the Web Platform Securing the Web Platform Collin Jackson Stanford University The Web

Securing the Web Platform Securing the Web Platform Collin Jackson Stanford University The Web

Securing the Web Platform Securing the Web Platform Collin Jackson Stanford University The Web Platform The Web Platform Dynamic Ubiquitous Dynamic Ubiquitous Interactive Instant updates Interactive Instant updates Pages Web Applications

958 views • 18 slides
Agent-Based Modeling and Simulation Models, Agent-based Models and the Modeling Cycle Dr.

Agent-Based Modeling and Simulation Models, Agent-based Models and the Modeling Cycle Dr.

Agent-Based Modeling and Simulation Models, Agent-based Models and the Modeling Cycle Dr. Alejandro Guerra-Hernndez Universidad Veracruzana Centro de Investigacin en Inteligencia Artificial Sebastin Camacho No. 5, Xalapa, Ver., Mxico

694 views • 43 slides
IAC 2018 Interactive Presentations FAQ You can find answers to most questions in this FAQ. You can

IAC 2018 Interactive Presentations FAQ You can find answers to most questions in this FAQ. You can

IAC 2018 Interactive Presentations FAQ You can find answers to most questions in this FAQ. You can also look at the Interactive Presentation Manual and our Guided Tours in the Interactive Presentations platform. Check out our sample Interactive

156 views • 3 slides
Cebu - Shelter Cluster Meeting 14:00, Dec 13, 2013 Shelter Cluster Philippines

Cebu - Shelter Cluster Meeting 14:00, Dec 13, 2013 Shelter Cluster Philippines

Cebu - Shelter Cluster Meeting 14:00, Dec 13, 2013 Shelter Cluster Philippines ShelterCluster.org Coordinating Humanitarian Shelter Agenda 1. Introductions - Last meeting's minutes review 2. Shelter Cluster update - Strategic Response Plan

375 views • 21 slides
Being a good Netizen GRNOG 9 December 6 2019 Antonis Lioumis GRNET/NOC National

Being a good Netizen GRNOG 9 December 6 2019 Antonis Lioumis GRNET/NOC National

http:// www.grnet.gr Being a good Netizen GRNOG 9 December 6 2019 Antonis Lioumis GRNET/NOC National Infrastructures for Research and Technology Connect Research and Educational Community in Greece GRIX operators Network

112 views • 10 slides
3 Org Structure Politicians IT Network Structure 5 History of projects between

3 Org Structure Politicians IT Network Structure 5 History of projects between

3 Org Structure Politicians IT Network Structure 5 History of projects between CMU and the City Heinz College Information Systems & Management Public Policy and Management Penetration Test project last

985 views • 22 slides
The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet Rob Beverly

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet Rob Beverly

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet Rob Beverly and Steve Bauer {rbeverly,bauer}@mit.edu The Spoofer Project Goal: Quantify the extent and nature of source address filtering on the

421 views • 31 slides
The Challenges of Marketing Your Home Watch Business First C Chal allenge Virtually no one

The Challenges of Marketing Your Home Watch Business First C Chal allenge Virtually no one

The Challenges of Marketing Your Home Watch Business First C Chal allenge Virtually no one except you and Jack Luber knows what HOME WATCH means or is Keyword Home Watch Keyword Volume Keyword Difficulty CPC (USD) Competitive

480 views • 14 slides
ECONOMIC OFFENCES BY DR. ISH KUMAR, IPS IGP, CID 14/11/2005 1 DEFINITION OF ECONOMIC CRIME 1.

ECONOMIC OFFENCES BY DR. ISH KUMAR, IPS IGP, CID 14/11/2005 1 DEFINITION OF ECONOMIC CRIME 1.

ECONOMIC OFFENCES BY DR. ISH KUMAR, IPS IGP, CID 14/11/2005 1 DEFINITION OF ECONOMIC CRIME 1. Unlawful activities which take place during the course of economic activities 2. Crime motivated by greed are normally committed by so called

571 views • 43 slides
DIVISION OF SECURITIES UPDATE August 4, 2017 Utah Division of Securities Keith Woodwell

DIVISION OF SECURITIES UPDATE August 4, 2017 Utah Division of Securities Keith Woodwell

DIVISION OF SECURITIES UPDATE August 4, 2017 Utah Division of Securities Keith Woodwell Benjamin Johnson Ken Barton AGENDA Keith Woodwell -- Regulatory Statistics and Enforcement Trends Benjamin Johnson Corporate Finance Developments

466 views • 28 slides
Actuarial Accounting: A Cautionary Report Dan R. Young, Esq. Attorney at Law Law Offices of Dan

Actuarial Accounting: A Cautionary Report Dan R. Young, Esq. Attorney at Law Law Offices of Dan

Actuarial Accounting: A Cautionary Report Dan R. Young, Esq. Attorney at Law Law Offices of Dan R. Young Seattle, Washington danryoung@netzero.net Presented the Spring Meeting of the CAS New Orleans, Louisiana May 6, 2009 The Story of the

907 views • 69 slides

More recommend