context aware network mapping and asset classification
play

CONTEXT-AWARE NETWORK MAPPING AND ASSET CLASSIFICATION Bartley - PowerPoint PPT Presentation

Feb 12, 2023 •206 likes •641 views

CONTEXT-AWARE NETWORK MAPPING AND ASSET CLASSIFICATION Bartley Richardson, PhD (Senior Data Scientist / AI Infrastructure Manager) GTC SJ 2019 (21 March 2019) CYBERSECURITY PRESENTS UNIQUE CHALLENGES Combination of factors lead to the need for

  1. CONTEXT-AWARE NETWORK MAPPING AND ASSET CLASSIFICATION Bartley Richardson, PhD (Senior Data Scientist / AI Infrastructure Manager) GTC SJ 2019 (21 March 2019)

  2. CYBERSECURITY PRESENTS UNIQUE CHALLENGES Combination of factors lead to the need for fast iteration and quick exploration Data velocity higher than most transactional systems and organizations Data volume at a larger scale than most other industries Decentralized IT, BYOD User expectations Unfilled cyber security jobs expected to reach 3.5 million by 2021 1 2.5 quintillion bytes of data created each day 2 [1] https://www.csoonline.com/article/3200024/security/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html [2] https://www.domo.com/learn/data-never-sleeps-5 2

  3. WHY ARE NETWORK MAPS DIFFICULT? Can’t we just put an Excel sheet up on Confluence? Security best-practices often directly opposed to rapid innovation and experimentation Employees empowered to experiment and seek novel solutions are given wide latitude on a company’s network Network is constantly evolving and changing Keeping a network map up-to-date requires substantial human interaction, including time for validation Some commercial products are available, but they may be too expensive for some companies or unable to be customized for specific needs 3

  4. HOW CAN WE MAKE IT MORE DIFFICULT? Let’s start all the way with raw data Overall goal = an end-to-end workflow running on GPUs that enable us to to parse raw data of various types, construct a network map, and add context to that network map Rather than rely on another system to parse data, we start with data in its raw form Seems easy… Let’s dig in and look at some data 4

  5. IT’S ALL ABOUT THE DATA 5

  6. IT’S ALL ABOUT THE DATA http://www.ratemynetworkdiagram.com/ 6

  7. Web Server Logs 10.131.2.1,[29/Nov/2017:16:22:41,GET /css/style.css HTTP/1.1,200 10.131.0.1,[29/Nov/2017:16:22:41,GET /js/vendor/modernizr-2.8.3.min.js HTTP/1.1,200 10.129.2.1,[29/Nov/2017:16:22:41,GET /js/vendor/jquery-1.12.0.min.js HTTP/1.1,200 10.131.0.1,[29/Nov/2017:16:22:43,GET /bootstrap-3.3.7/js/bootstrap.min.js HTTP/1.1,200 10.131.0.1,[29/Nov/2017:16:22:51,GET /login.php HTTP/1.1,302 10.129.2.1,[29/Nov/2017:16:22:51,GET /fonts/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1,200 IT’S ALL ABOUT THE DATA http://www.ratemynetworkdiagram.com/ 7

  8. Netflow 172.19.1.46-10.200.7.7-52422-3128- 6,10.200.7.7,3128,172.19.1.46,52422,6,26/04/201711:11:17,1,2,0,12,0,6,6,6,0,0,0,0,0,1.2e+07,2e+06,1,0,1,1,1,1,0,1, 1,0,0,0,0,0,0,0,0,0,40,0,2e+06,0,6,6,6,0,0,0,0,0,0,1,1,0,0,0,9,6,0,40,0,0,0,0,0,0,2,12,0,0,490,- 1,1,20,0,0,0,0,0,0,0,0,BENIGN,131,HTTP_PROXY 10.200.7.217-50.31.185.39-38848-80- 6,50.31.185.39,80,10.200.7.217,38848,6,26/04/201711:11:17,1,3,0,674,0,337,0,224.666666666667,194.567040716904,0,0, 0,0,6.74e+08,3e+06,0.5,0.707106781186548,1,0,1,0.5,0.707106781186548,1,0,0,0,0,0,0,1,0,0,0,96,0,3e+06,0,0,337,252. 75,168.5,28392.25,0,1,0,0,1,0,0,0,0,337,224.666666666667,0,96,0,0,0,0,0,0,3,674,0,0,888,- 1,1,32,0,0,0,0,0,0,0,0,BENIGN,7,HTTP 10.200.7.217-50.31.185.39-38848-80- IT’S ALL 6,50.31.185.39,80,10.200.7.217,38848,6,26/04/201711:11:17,217,1,3,0,0,0,0,0,0,0,0,0,0,0,18433.1797235023,72.333333 3333333,62.6604606856136,110,0,0,0,0,0,0,107,53.5,75.6604255869606,107,0,0,0,0,0,32,96,4608.29493087558,13824.8847 ABOUT THE 926267,0,0,0,0,0,0,0,0,0,1,1,0,0,3,0,0,0,32,0,0,0,0,0,0,1,0,3,0,888,490,0,32,0,0,0,0,0,0,0,0,BENIGN,7,HTTP DATA http://www.ratemynetworkdiagram.com/ 8

  9. DNS 1331901005.510000 CWGtK431H9XuaTN4fi 192.168.202.100 45658 192.168.27.203 137 udp 33008 *\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 1 C_INTERNET 33 SRV 0 NOERROR F F F F 1 - - F 1331901015.070000 C36a282Jljz7BsbGH 192.168.202.76 137 192.168.202.255 137 udp 57402 HPE8AA67 1 C_INTERNET 32 NB - - F F T F 1 - - F 1331901015.820000 C36a282Jljz7BsbGH 192.168.202.76 137 192.168.202.255 137 udp 57402 HPE8AA67 1 C_INTERNET 32 NB - - F F T F 1 - - F 1331901066.860000 CEfMaQ2CTA5UqfczSb 192.168.202.93 50220 172.19.1.100 53 udp 25889 www.apple.com 1 IT’S ALL C_INTERNET 28 AAAA - - F F T F 0 - - F 1331901080.630000 C6082k4wbpMj2RJlF3 192.168.202.76 137 192.168.202.255 137 udp 57419 WPAD 1 ABOUT THE C_INTERNET 32 NB - - F F T F 1 - - F DATA http://www.ratemynetworkdiagram.com/ 9

  10. Auth Nov 30 06:39:00 ip-172-31-27-153 CRON[21882]: pam_unix(cron:session): session closed for user root Nov 30 06:47:01 ip-172-31-27-153 CRON[22087]: pam_unix(cron:session): session opened for user root by (uid=0) Nov 30 06:47:03 ip-172-31-27-153 CRON[22087]: pam_unix(cron:session): session closed for user root Nov 30 07:07:14 ip-172-31-27-153 sshd[22116]: Connection closed by 122.225.103.87 [preauth] Nov 30 07:07:35 ip-172-31-27-153 sshd[22118]: Connection closed by 122.225.103.87 [preauth] Nov 30 07:08:13 ip-172-31-27-153 sshd[22120]: Connection closed by 122.225.103.87 [preauth] Nov 30 07:17:01 ip-172-31-27-153 CRON[22125]: pam_unix(cron:session): session opened for user root by (uid=0) Nov 30 07:17:01 ip-172-31-27-153 CRON[22125]: pam_unix(cron:session): session closed for user root Nov 30 08:17:01 ip-172-31-27-153 CRON[22172]: pam_unix(cron:session): session opened for user root by (uid=0) Nov 30 08:17:01 ip-172-31-27-153 CRON[22172]: pam_unix(cron:session): session closed for user root Nov 30 08:42:04 ip-172-31-27-153 sshd[22182]: Invalid user admin from 187.12.249.74 IT’S ALL ABOUT THE DATA http://www.ratemynetworkdiagram.com/ 10

  11. Email (SMTP) 1331902024.070000 CtoBox4y93gvzs9sZb 192.168.202.79 44926 192.168.229.251 25 1 nmap.scanme.org - - - - - - - - - - - - 221 2.0.0 Exchange.hec.net Service closing transmission channel 192.168.229.251,192.168.202.79 - (empty) F 1331902043.810000 CiH1mj1NuwWexXJJs7 192.168.202.79 45600 192.168.229.251 25 1 example.org - - - - - - - - - - - - 221 2.0.0 Exchange.hec.net Service closing transmission channel 192.168.229.251,192.168.202.79 - (empty) F 1331908506.470000 C10LGY2RW0bfM9MVcl 192.168.202.110 55260 192.168.22.102 25 1 168.22.102 <root@[192.168.202.110]> root+:"|sleep 5 #" - - - - - - - - - - 250 2.1.5 Ok 192.168.22.102,192.168.202.110 - (empty) F IT’S ALL ABOUT THE DATA http://www.ratemynetworkdiagram.com/ 11

  12. DHCP 1331901047.230000 CCHNFI4C6RAO93bP7 192.168.202.76 68 192.168.202.1 67 00:26:9e:83:a2:30 192.168.202.76 0.000000 2767872470 1331901117.740000 CouYOF1J4EnQkQNSl3 192.168.204.69 68 192.168.204.1 67 00:26:b9:da:95:2c 192.168.204.69 0.000000 2023309577 1331901120.620000 C9svD93TrEvPshF7Gf 192.168.202.102 68 192.168.202.1 67 f0:de:f1:2e:6a:5a 192.168.202.102 0.000000 7111068 1331901121.800000 C2nAD54rXz5nILppHh 192.168.202.76 68 192.168.202.1 67 00:26:9e:83:a2:30 192.168.202.76 0.000000 4022009768 1331901182.540000 CVRJN6491gIrhKWzHk 192.168.204.69 68 192.168.204.1 67 00:26:b9:da:95:2c 192.168.204.69 0.000000 3428947570 IT’S ALL ABOUT THE DATA http://www.ratemynetworkdiagram.com/ 12

  13. File Server 1331901001.880000 FB3BBm49OLiy39Weih 192.168.229.251 192.168.202.79 Cmdg6B2p0B0QN8cWrd HTTP 0 SHA1,MD5 text/html - 0.000000 - F 1433 1433 0 0 F - d36ef6356fa2aa546f1da2bb003c17b1 213c511dfb62822d92bd1f61cb412dcb6b49b69e - - 1331901001.980000 FQXKUf1ao7P4Bl12L9 192.168.229.251 192.168.202.79 Cafz4F42G61JHIJwAk HTTP 0 SHA1,MD5 text/plain - 0.000000 - F 32 32 0 0 F - 630fd43dd78c30cacdd59629012666f5 157e9ae1f7f33b1f952c9c00d0e97fa628d8b809 - - 1331901001.990000 FWuwyFftwykPyC9if 192.168.229.251 192.168.202.79 C7sXFH2zigwKylBJeb HTTP 0 SHA1,MD5 text/plain - 0.000000 - F 32 32 0 0 F - 630fd43dd78c30cacdd59629012666f5 157e9ae1f7f33b1f952c9c00d0e97fa628d8b809 - - 1331901002.000000 FseLdjUwckdmFroBg 192.168.229.251 192.168.202.79 CnSkQClMvfFkLH7q4 HTTP 0 SHA1,MD5 text/plain - 0.000000 - F 32 32 0 0 F - 630fd43dd78c30cacdd59629012666f5 157e9ae1f7f33b1f952c9c00d0e97fa628d8b809 IT’S ALL - - ABOUT THE DATA http://www.ratemynetworkdiagram.com/ 13

  14. PCAP IT’S ALL ABOUT THE DATA http://www.ratemynetworkdiagram.com/ 14

  15. INFOSEC AND CYBERSECURITY VENDOR LANDSCAPE Appliances and tools create even more data and metadata for analysis Source: Momentum Partners 15

  16. WHAT IS RAPIDS? The New GPU Data Science Pipeline Suite of open-source, end-to-end data science tools Built on CUDA Pandas-like API for data cleaning and transformation Scikit-learn-like API for ML A unifying framework for GPU data science 16

  17. 17

  18. RAPIDS End to End Accelerate GPU Data Science Data Preparation Model Training Visualization cuDF cuIO cuML cuGraph PyTorch Chainer MxNet cuXfilter <> Kepler.gl Analytics Machine Learning Graph Analytics Deep Learning Visualization GPU Memory 18

  19. GPU-ACCELERATED ETL The average data scientist spends 90+% of their time in ETL as opposed to training models 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P

Toolkit to Support Intelligibility in Context Aware Applications Context-Aware Applications P Presented by Mary Salinas t d b M S li What problem are they trying to solve? l ? Context-aware applications are great for Context aware

164 views • 13 slides
Context-Aware Clustering for SDN Enabled Network Ran Duo Celimuge Wu Tsutomu

Context-Aware Clustering for SDN Enabled Network Ran Duo Celimuge Wu Tsutomu

Context-Aware Clustering for SDN Enabled Network Ran Duo Celimuge Wu Tsutomu Yoshinaga Yusheng Ji The University of Electro-Communications, National Institute of Informatics CONTENT Introduction 1 Related woks

666 views • 22 slides
Mapping Context-Dependent Requirements to Event-Based Context-Oriented Programs for Modularity

Mapping Context-Dependent Requirements to Event-Based Context-Oriented Programs for Modularity

Mapping Context-Dependent Requirements to Event-Based Context-Oriented Programs for Modularity Tetsuo Kamina (UTokyo) Tomoyuki Aotani (Tokyo Tech) Hidehiko Masuhara (Tokyo Tech) Purpose Methodology for context-aware systems from

639 views • 37 slides
CAM: CONSTRAINT AWARE APPLICATION MAPPING FOR APPLICATION MAPPING FOR EMBEDDED SYSTEMS Luis

CAM: CONSTRAINT AWARE APPLICATION MAPPING FOR APPLICATION MAPPING FOR EMBEDDED SYSTEMS Luis

CAM: CONSTRAINT AWARE APPLICATION MAPPING FOR APPLICATION MAPPING FOR EMBEDDED SYSTEMS Luis A. Bathen, Nikil D. Dutt Outline 2 Introduction &amp; Motivation Introduction &amp; Motivation CAM Overview Memory aware Macro

508 views • 40 slides
Context- -aware Migratory Services aware Migratory Services Context in Ad Hoc Networks* in Ad

Context- -aware Migratory Services aware Migratory Services Context in Ad Hoc Networks* in Ad

Context- -aware Migratory Services aware Migratory Services Context in Ad Hoc Networks* in Ad Hoc Networks* Rutgers-Helsinki Ph.D. Student Workshop on Spontaneous Networking 8-12th May 2006 Oriana Riva University of Helsinki, Dep. of

361 views • 15 slides
Volumetric instance-aware semantic mapping and 3D object discovery Margarita Grinvald, Fadri

Volumetric instance-aware semantic mapping and 3D object discovery Margarita Grinvald, Fadri

Volumetric instance-aware semantic mapping and 3D object discovery Margarita Grinvald, Fadri Furrer, Tonci Novkovic, Jen Jen Chung, Cesar Cadena, Roland Siegwart, Juan Nieto IROS, 5 Nov 2019 Instance-aware semantic mapping solves detection

911 views • 42 slides
Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software Systems Workshop on Spontaneous Networking Rutgers University Michael Przybilski 1 10.05.2006 michael.przybilski@cs.helsinki.fi Outline

593 views • 19 slides
Intro to Context-Aware Computing Matthew Lee 05-899 Special Topics in Ubiquitous Computing

Intro to Context-Aware Computing Matthew Lee 05-899 Special Topics in Ubiquitous Computing

Intro to Context-Aware Computing Matthew Lee 05-899 Special Topics in Ubiquitous Computing Readings Context-Aware Computing Applications, by Bill Schilit, Norman Adams, and Roy Want Ask not for whom the cell phone tolls: Some problems

923 views • 27 slides
2017 Transmission Network Forum #PQForum Interactive Session 3 A new approach to transmission

2017 Transmission Network Forum #PQForum Interactive Session 3 A new approach to transmission

2017 Transmission Network Forum #PQForum Interactive Session 3 A new approach to transmission network connections NER Chapter 5 Amendments to Connection Rules from July 2018 Service and asset classification Asset/ Service Shared Assets

226 views • 12 slides
A component-based approach for Context-Aware Systems specification Brahim Djoudi , Chafia

A component-based approach for Context-Aware Systems specification Brahim Djoudi , Chafia

Constantine 2 University LIRE laboratory Team Software Engineering and Distributed Systems A component-based approach for Context-Aware Systems specification Brahim Djoudi , Chafia Bouanaka, Nadia Zeghib Plan Introduction Context-Aware

477 views • 35 slides
Network Asset Viewer (NAV) May 2020 1 Agenda Introduction What we promised What we

Network Asset Viewer (NAV) May 2020 1 Agenda Introduction What we promised What we

Network Asset Viewer (NAV) May 2020 1 Agenda Introduction What we promised What we have delivered Network Asset Viewer (NAV) access Navigating through the system How do you search for an asset How to check which asset

453 views • 42 slides
Management Challenges of Context Management Challenges of Context- - Aware Services in

Management Challenges of Context Management Challenges of Context- - Aware Services in

DSOM 2003 DSOM 2003 Management Challenges of Context Management Challenges of Context- - Aware Services in Ubiquitous Aware Services in Ubiquitous Environments Environments Heinz-Gerd Hegering, Axel Kpper Claudia Linnhoff-Popien, Helmut

307 views • 6 slides
Context-aware recommendation Eirini Kolomvrezou, Hendrik Heuer Special Course in Computer and

Context-aware recommendation Eirini Kolomvrezou, Hendrik Heuer Special Course in Computer and

Context-aware recommendation Eirini Kolomvrezou, Hendrik Heuer Special Course in Computer and Information Science User Modelling &amp; Recommender Systems Aalto University Context-aware recommendation 2 Recommendation Problem

479 views • 34 slides
The Magicians Assistant Kevin Tassini Carnegie Mellon University Context-Aware Technology

The Magicians Assistant Kevin Tassini Carnegie Mellon University Context-Aware Technology

The Magicians Assistant Kevin Tassini Carnegie Mellon University Context-Aware Technology Context-Aware Technology Collecting data to help systematically predict the users state (GPS, accelerometer, microphone, time). Providing

317 views • 28 slides
Extended Context Patterns A Visual Language for Context-Aware Applications Andrei

Extended Context Patterns A Visual Language for Context-Aware Applications Andrei

Extended Context Patterns A Visual Language for Context-Aware Applications Andrei Olaru and Adina Magda Florea cs@andreiolaru.ro AI-MAS Group, University Politehnica of Bucharest 10.10.2016 0 / 10 . Andrei

516 views • 26 slides
UPDATE to RCA Forum, Christchurch 9 May 2014 Jim Harland, Regional Director Southern 2 Strategic

UPDATE to RCA Forum, Christchurch 9 May 2014 Jim Harland, Regional Director Southern 2 Strategic

1 UPDATE to RCA Forum, Christchurch 9 May 2014 Jim Harland, Regional Director Southern 2 Strategic Context 3 REG THE ROAD EFFICIENCY GROUP THREE KEY WORKSTREAMS Strategic Context One Network Road Classification Clustering and Asset

662 views • 25 slides
Web To Speech (Text To MP3) Josef Kejzlar (kejzlj1@fel.cvut.cz) Petr Vavrouek

Web To Speech (Text To MP3) Josef Kejzlar (kejzlj1@fel.cvut.cz) Petr Vavrouek

IBM - CVUT Student Research Projects Web To Speech (Text To MP3) Josef Kejzlar (kejzlj1@fel.cvut.cz) Petr Vavrouek (vavrop1@fel.cvut.cz) Vojtch Hora (horav1@fel.cvut.cz) Martin Hevera (heverm1@fel.cvut.cz) How It Works 1) Client: User

262 views • 9 slides
Yahoo! Homepage Yahoo! Homepage Nicholas C. Zakas Nicholas C. Zakas Principal Front End

Yahoo! Homepage Yahoo! Homepage Nicholas C. Zakas Nicholas C. Zakas Principal Front End

flickr.com/photos/eyesplash/4268550236/ Performance on the Performance on the Yahoo! Homepage Yahoo! Homepage Nicholas C. Zakas Nicholas C. Zakas Principal Front End Engineer, Yahoo! Principal Front End Engineer, Yahoo! Velocity, June 24

1.21k views • 99 slides
Frontend Frameworks Introduction Speakers Lee Byron Rob Wormald Taras Mankovski React Core

Frontend Frameworks Introduction Speakers Lee Byron Rob Wormald Taras Mankovski React Core

Frontend Frameworks Introduction Speakers Lee Byron Rob Wormald Taras Mankovski React Core Team @ Facebook Angular Core Team @ Google Ember Contrib @ EmberSherpa @leeb @robwormald @tarasm Started at Facebook in 2012 Created by Jordan

1.34k views • 107 slides
Vroom: Accelerating the Mobile Web with Server-Aided Dependency Resolution Vaspol Ruamviboonsuk 1

Vroom: Accelerating the Mobile Web with Server-Aided Dependency Resolution Vaspol Ruamviboonsuk 1

Vroom: Accelerating the Mobile Web with Server-Aided Dependency Resolution Vaspol Ruamviboonsuk 1 , Ravi Netravali 2 , Muhammed Uluyol 1 , Harsha V. Madhyastha 1 1 University of Michigan, 2 MIT 1 Mobile Web Dominant ... but Slow... 9.85s to

297 views • 29 slides
Magento Spring Clean Who is responsible? Its a team effort 1. Make a check-list 2. Assign

Magento Spring Clean Who is responsible? Its a team effort 1. Make a check-list 2. Assign

Magento Spring Clean Who is responsible? Its a team effort 1. Make a check-list 2. Assign Responsibilities and/or automate 3. Schedule Structuring the check-list SECURITY MAINTENANCE PERFORMANCE Security - Mage Level Checking log

179 views • 17 slides
KYOCERA Corporation Outline of Q&amp;A on financial presentation for the six months ended

KYOCERA Corporation Outline of Q&amp;A on financial presentation for the six months ended

KYOCERA Corporation Outline of Q&amp;A on financial presentation for the six months ended September 30, 2012 (the first half) (Held on November 2, 2012) Solar Energy Business Q: Full-year projections for the Applied Ceramic Products Group

57 views • 4 slides
Scratching that itch Process improvement and problem solving in the University of Bath Research

Scratching that itch Process improvement and problem solving in the University of Bath Research

Scratching that itch Process improvement and problem solving in the University of Bath Research Data Archive Alex Ball University of Bath Open Repositories 2019 12 June 2019 This work is released under a Creative Commons Attribution 4.0

520 views • 25 slides
arXiv:1602.04283v1 [cs.DC] 13 Feb 2016 ABSTRACT formance in important domains such as computer

arXiv:1602.04283v1 [cs.DC] 13 Feb 2016 ABSTRACT formance in important domains such as computer

Deep Learning on FPGAs: Past, Present, and Future Griffin Lacey Graham Taylor Shawki Areibi University of Guelph University of Guelph University of Guelph 50 Stone Rd E 50 Stone Rd E 50 Stone Rd E Guelph, Ontario Guelph, Ontario Guelph,

370 views • 8 slides

More recommend