fast prototyping network data mining applications
play

Fast Prototyping Network Data Mining Applications Gianluca - PowerPoint PPT Presentation

Jul 24, 2023 •423 likes •874 views

Fast Prototyping Network Data Mining Applications Gianluca Iannaccone Intel Research Berkeley Motivation Developing new network monitoring apps is unnecessarily time-consuming Familiar development steps Need deep understanding of

  1. Fast Prototyping Network Data Mining Applications Gianluca Iannaccone Intel Research Berkeley

  2. Motivation • Developing new network monitoring apps is unnecessarily time-consuming • Familiar development steps • Need deep understanding of data sets (including details of the capture devices) • Need to develop tools to extract information of interest • Need to evaluate accuracy and resolution of data (e.g., timestamps, completeness of data, etc.) • …and all this happens before one can really get started! 2 February 28th, 2008 UC Irvine

  3. Motivation (cont’d) • Developers tend to find shortcuts • Quickly assemble bunch of ad-hoc scripts • Not “designed-to-last” • Well known consequences  hard to debug  hard to distribute  hard to reuse  hard to validate  suboptimal performance • End result: many papers, very little code 3 February 28th, 2008 UC Irvine

  4. Can we solve this problem by design? • Yes, and it has been done before in other areas. • Solution: Define declarative language and data model for network monitoring • What is specific to network measurements? • Large variety of networking devices (i.e. potential data sources) such as NIC cards, capture cards, routers, APs, … • Need native support for distributed queries to correlate observations from a large number of data sources. • Data sets tend to be extremely large for which data shipping is not feasible. 4 February 28th, 2008 UC Irvine

  5. Existing Solutions • AT&T’s GigaScope • UC Berkeley’s TelegraphCQ and Pier • Common approach (stream databases): • Define subset of SQL adding new operators (e.g., ‘window’ for time bins of continuous query) • Gigascope supports hardware offloading by static analysis of the GSQL query 5 February 28th, 2008 UC Irvine

  6. Benefits and Limitations + Decouple what is done from how it is done. + Amenable to optimizations in the implementation - Limited expressiveness. - Need workaround to implement what is not in the language losing the advantages above - Entry barrier for new users is relatively high. 6 February 28th, 2008 UC Irvine

  7. Alternative Design: The CoMo project • Users write “monitoring plugins” • Shared objects with predefined entry points. • Users can write code in C or higher level languages (support for C#, Java, Python, and others) • The platform provides • one single, extensible, network data model. • support for a wide variety of network devices. • abstraction of monitoring device internals. • enforcement of programming structure in the plug-ins to allow for optimization. 7 February 28th, 2008 UC Irvine

  8. Design Challenges • Fast Prototyping • Network Data and Programming Model • Resource Management • Local monitoring node (Load Shedding) • Global network of monitors (“Network-wide Sampling”) 8 February 28th, 2008 UC Irvine

  9. Network Data Model • Unified data model with quality and lineage information. • Allows the definition of ad-hoc metadata (i.e., labels defined by the users) • Software sniffers understand native format of each device and translate to our common data model • support so far for PCAP, DAG, NetFlow, sFlow, 802.11 w/radio, any CoMo monitoring plug-in. • Sniffers describe the packet stream they generate • Provide multiple templates if possible • Describe the fields in the schema that are available • Plug-ins just have to describe what they are interested in and the system finds the most appropriate matching 9 February 28th, 2008 UC Irvine

  10. Programming Model • Application modules made of two components: < filter >:< monitoring function > • Filter run by the core, monitoring function contained in the plug-in written by the user • set of pre-defined callbacks to perform simple primitives • e.g., update(), export(), store(), load(), print(), replay() • callback are closures (i.e., the entire state is defined in the call). they can be optimized in isolation and executed anywhere. • No explicit knowledge of the source of the packet stream • Modules specify what they need in the stream and access fields via standard macros • e.g., IP(src), RADIO(snr), NF(src_as) 10 February 28th, 2008 UC Irvine

  11. Hardware Abstraction • Goals: scalability and distributed queries • support large number of data sources and high data rates • support a heterogeneous environment (clients, APs, packet sniffers, etc.) • allow applications to perform partial query computations in remote locations • To achieve this we… • hide to modules where they are running • enforce a programming structure • … basically try to partially re-introduce declarative queries 11 February 28th, 2008 UC Irvine

  12. Hardware Abstraction (cont’d) • EXPORT/STORAGE can be replicated for load balancing • CAPTURE is the main choke point • It periodically discards all state to reduce overhead and maintain a relative stable operating point 12 February 28th, 2008 UC Irvine

  13. Distributed queries • Modules behave as software sniffers themselves • replay() callback to generate a packet stream out of module stored data • e.g., snort module generates stream of packets labeled with the rule they match; module B computes correlation of alerts • This way computations can be distributed but also modules can be pipelined (to reduce the load on CAPTURE) update() replay() A 13 February 28th, 2008 UC Irvine

  14. Design Challenges • Fast Prototyping • Network Data and Programming Model • Resource Management • Local monitoring node (Load Shedding) • Global network of monitors (“Network-wide Sampling”) 14 February 28th, 2008 UC Irvine

  15. Resource Management Load Network-wide online Shedding Sampling Capacity Distributed offline Provisioning Indexing local global 15 February 28th, 2008 UC Irvine

  16. Resource Management Load Network-wide online Shedding Sampling Capacity Distributed offline Provisioning Indexing local global 16 February 28th, 2008 UC Irvine

  17. Predictive Load Shedding • Building robust network monitoring apps is hard • Unpredictable nature of network traffic • Anomalous traffic, extreme data mixes, highly variable data rates • Operating Scenario • Monitoring system running multiple arbitrary queries • Single resource to manage: CPU cycles • Challenge: “How to efficiently handle overload situations?” 17 February 28th, 2008 UC Irvine

  18. Approach • Real-time modeling of the queries’ CPU usage 1. Find correlation between traffic features and CPU usage – Features are query agnostic with deterministic worst case cost 2. Exploit the correlation to predict CPU load 3. Use the prediction to guide the load shedding procedure • Main Novelty: No a priori knowledge of the queries is needed • Preserves high degree of flexibility • Increases possible applications and network scenarios 18 February 28th, 2008 UC Irvine

  19. Key Idea • Cost of maintaining data structures needed to execute a query can be modeled looking at a basic set of traffic features • Empirical observation • Updating state information incurs in different processing costs – E.g., creating or updating entries, looking for a valid match, etc. • Type of update operations depend on the incoming traffic • Query cost is dominated by the cost of maintaning the state • Our method • Find the right set of traffic features to model queries’ cost 19 February 28th, 2008 UC Irvine

  20. Example 20 February 28th, 2008 UC Irvine

  21. Example 21 February 28th, 2008 UC Irvine

  22. System overview Use multi-resolution bitmaps to extract features (e.g., # of new MLR to predict CPU cycles flows, repeat flows, with needed by queries to different aggregation levels) process the batch Use TSC to measure and feed back actual cycles spent Apply flow/packet sampling Use a variant of FCBF [1] on batch to reduce CPU to remove irrelevant and requests. Assume linear redundant features relationship CPU/pkts [1] L. Yu and H. Liu. Feature Selection for High-Dimensional Data: A Fast Correlation-Based Filter Solution. In Proc. of ICML, 2003. 22 February 28th, 2008 UC Irvine

  23. Performance: Cycles per batch 23 February 28th, 2008 UC Irvine

  24. Performance: packet losses No load shedding Reactive Predictive 24 February 28th, 2008 UC Irvine

  25. Performance: Accuracy • Queries estimate their unsampled output by multiplying their results by the inverse of the sampling rate Errors in the query results ( mean ± stdev) 25 February 28th, 2008 UC Irvine

  26. Limitations • Current method works only with queries that support packet/flow sampling • Working on custom load shedding support • Results shown when applying same sampling rate across all queries. • Need to accommodate for varying needs of queries • Maximize the overall system utility by guaranteeing queries a fair access to CPU (and packet streams) • Consider other resources (e.g., memory, disk) 26 February 28th, 2008 UC Irvine

  27. Resource Management Load Network-wide online Shedding Sampling Capacity Distributed offline Provisioning Indexing local global 27 February 28th, 2008 UC Irvine

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ONoC-SPL: Customized Network-on-Chip (NoC) Architecture and Prototyping for Data-intensive

ONoC-SPL: Customized Network-on-Chip (NoC) Architecture and Prototyping for Data-intensive

iCAST 2012 Seoul, Korea July 21-24 2012 ONoC-SPL: Customized Network-on-Chip (NoC) Architecture and Prototyping for Data-intensive Computation Applications Akram Ben Ahmed, Kenichi Mori, Abderazek Ben Abdallah The University of Aizu School of

710 views • 37 slides
CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data Instructor: Yizhou Sun yzsun@ccs.neu.edu November 16, 2015 Methods to Learn Matrix Data Text Set Data Sequence Time Series Graph &amp; Images Data Data Network Classification

936 views • 38 slides
CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data Instructor: Yizhou Sun yzsun@ccs.neu.edu March 16, 2016 Methods to Learn Matrix Data Text Set Data Sequence Time Series Graph &amp; Images Data Data Network Classification

724 views • 54 slides
The HeartBeat model A platform abstraction enabling fast prototyping of real-time applications on

The HeartBeat model A platform abstraction enabling fast prototyping of real-time applications on

The HeartBeat model A platform abstraction enabling fast prototyping of real-time applications on NoC-based MPSoC on FPGA Francesco Robino, Johnny Oberg KTH Royal Institute of Technology ReCoSoC 2013 F. Robino (KTH) The HeartBeat model

391 views • 16 slides
Fast QML UI prototyping for platforms WITHOUT Qt/QtQuick support Attila Csipa @achipa Qt

Fast QML UI prototyping for platforms WITHOUT Qt/QtQuick support Attila Csipa @achipa Qt

Fast QML UI prototyping for platforms WITHOUT Qt/QtQuick support Attila Csipa @achipa Qt DevDays Berlin, 08.10.2013 Session content What (Fast UI Prototyping without QtQuick) Why do it? Why NOT do it? How to do it? Case

505 views • 50 slides
Data Mining 2018 Mining (Social) Network Data Ad Feelders Universiteit Utrecht Ad Feelders (

Data Mining 2018 Mining (Social) Network Data Ad Feelders Universiteit Utrecht Ad Feelders (

Data Mining 2018 Mining (Social) Network Data Ad Feelders Universiteit Utrecht Ad Feelders ( Universiteit Utrecht ) Data Mining 1 / 39 Example: Predicting Romantic Relationships The latest offering from Facebooks data-science team teases

686 views • 39 slides
Applications+of+Clock+Synchronization: Network+Telemetry 1

Applications+of+Clock+Synchronization: Network+Telemetry 1

Applications+of+Clock+Synchronization: Network+Telemetry 1 Market'Data'Synchronization'and'Freshness Recall&amp;two&amp;scenarios: Fast&amp;loop Traders'place'orders'based'on'market'data'feeds'from'several'exchanges

305 views • 18 slides
Fast and Accurate Mining of Evolving &amp; Trajectory Networks Manos Papagelis York University,

Fast and Accurate Mining of Evolving &amp; Trajectory Networks Manos Papagelis York University,

Fast and Accurate Mining of Evolving &amp; Trajectory Networks Manos Papagelis York University, Toronto, Canada Current Research focus A. Network Representation Learning B. Trajectory Network Mining C. Streaming &amp; Dynamic Graphs D.

792 views • 52 slides
Data Mining: Concepts and Techniques Chapter 9 Graph mining and Social Network Analysis

Data Mining: Concepts and Techniques Chapter 9 Graph mining and Social Network Analysis

Data Mining: Concepts and Techniques Chapter 9 Graph mining and Social Network Analysis Li Xiong Slides credits: Jiawei Han and Micheline Kamber 1 April 2, 2008 Graph Mining and Social Network Analysis Graph mining Frequent

879 views • 62 slides
An Algorithm for Sample and Data Dimensionality Reduction Using Fast Simulated Annealing Szymon

An Algorithm for Sample and Data Dimensionality Reduction Using Fast Simulated Annealing Szymon

7th International Conference on Advanced Data Mining and Applications An Algorithm for Sample and Data Dimensionality Reduction Using Fast Simulated Annealing Szymon ukasik , Piotr Kulczycki Department of Automatic Control and IT, Cracow

589 views • 16 slides
DATA MINING LECTURE 2 What is data? The data mining pipeline What is Data Mining? Data

DATA MINING LECTURE 2 What is data? The data mining pipeline What is Data Mining? Data

DATA MINING LECTURE 2 What is data? The data mining pipeline What is Data Mining? Data mining is the use of efficient techniques for the analysis of very large collections of data and the extraction of useful and possibly unexpected

2.4k views • 94 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

774 views • 20 slides
CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data: Part I Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data: Part I Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Mining Graph/Network Data: Part I Instructor: Yizhou Sun yzsun@ccs.neu.edu November 12, 2013 Announcement Homework 4 will be out tonight Due on 12/2 Next class will be canceled I will still put the

1.06k views • 77 slides
Data Mining: Concepts and Techniques Additional Applications and Emerging Topics Li Xiong

Data Mining: Concepts and Techniques Additional Applications and Emerging Topics Li Xiong

Data Mining: Concepts and Techniques Additional Applications and Emerging Topics Li Xiong Slides credits: Jiawei Han and Micheline Kamber Chris Clifton Agrawal and Srikant 4/10/2008 1 Outline Biological data mining Data

842 views • 45 slides
MODEL-BASED DESIGN TOOLBOX ENABLING FAST PROTOTYPING AND DESIGN ON-TARGET RAPID PROTOTYPING FOR

MODEL-BASED DESIGN TOOLBOX ENABLING FAST PROTOTYPING AND DESIGN ON-TARGET RAPID PROTOTYPING FOR

MODEL-BASED DESIGN TOOLBOX ENABLING FAST PROTOTYPING AND DESIGN ON-TARGET RAPID PROTOTYPING FOR MODEL-BASED DESIGN AND MOTOR CONTROL APPLICATION DEVELOPMENT EXTERNAL USE Agenda Overview: Introduction and Objectives Model-Based

1.9k views • 150 slides
Twitter Data Analysis with R Text Mining and Social Network Analysis 1 Yanchang Zhao

Twitter Data Analysis with R Text Mining and Social Network Analysis 1 Yanchang Zhao

Twitter Data Analysis with R Text Mining and Social Network Analysis 1 Yanchang Zhao http://www.RDataMining.com Short Course on R and Data Mining University of Canberra 7 October 2016 1 Chapter 10: Text Mining, in R and Data Mining:

798 views • 40 slides
Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or

Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or

Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy. Choke point between secured

613 views • 34 slides
User G r Grou oup ly Me e ting Ma rc h 9, 2017 Quar te r Webcast and audio inform rmation

User G r Grou oup ly Me e ting Ma rc h 9, 2017 Quar te r Webcast and audio inform rmation

User G r Grou oup ly Me e ting Ma rc h 9, 2017 Quar te r Webcast and audio inform rmation The call-in phone number is: 1-719 719-867-1571 571 &amp; &amp; enter 7 72543 5437# a 7# at the p prompt Your phone l line w will b

813 views • 60 slides
Range of graph database use cases broadens and new application requirements emerge One

Range of graph database use cases broadens and new application requirements emerge One

Range of graph database use cases broadens and new application requirements emerge One such requirement: solutions to specify rigid forms of logical schemas What does a valid instance has to look like? What constraints does it have

587 views • 26 slides
CONFLICT MINERAL LEGISLATION IN EUROPE AND THE UNITED STATES: HOW IT IMPACTS ON BOTH THE DOMESTIC

CONFLICT MINERAL LEGISLATION IN EUROPE AND THE UNITED STATES: HOW IT IMPACTS ON BOTH THE DOMESTIC

FIERA DI VICENZA 20/01/2014 SEMINAR ON CONFLICT MINERAL LEGISLATION IN EUROPE AND THE UNITED STATES: HOW IT IMPACTS ON BOTH THE DOMESTIC AND EXPORT JEWELRY BUSINESS ORGANISED BY FIERA DI VICENZA, CIBJO, RJC, AND FEDERORAFI Maria Benedetta

911 views • 44 slides
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A function E : {0, 1} k {0, 1} n

553 views • 32 slides
Block ciphers CS 161: Computer Security Prof. Raluca Ada Popa February 26, 2016 Announcements

Block ciphers CS 161: Computer Security Prof. Raluca Ada Popa February 26, 2016 Announcements

Block ciphers CS 161: Computer Security Prof. Raluca Ada Popa February 26, 2016 Announcements Last time Syntax of encryption: Keygen, Enc, Dec Security definition for known plaintext attack: attacker provides two messages m0, m1

993 views • 43 slides
IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee Research Seminar in

IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee Research Seminar in

MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee Research Seminar in Cryptography, 31.10.2005 IND-CCA2 secure cryptosystems, Dan Bogdanov 1 Overview Notion of

396 views • 20 slides
Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity

Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity

Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity @jurajsomorovsky 1 Practi tical l Attacks on Real l World ld Crypto to Imple lementa mentati tion ons Juraj Somorovsky 1 Recent years

406 views • 29 slides

More recommend