flow data analysis in switch eth zurich project ddosvax
play

Flow Data Analysis in SWITCH / ETH Zurich Project DDoSVax Arno - PowerPoint PPT Presentation

Nov 05, 2022 •487 likes •625 views

Flow Data Analysis in SWITCH / ETH Zurich Project DDoSVax Arno Wagner wagner@tik.ee.ethz.ch Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich) Talk Outline The Dataset Flow Data Usage by SWITCH

  1. Flow Data Analysis in SWITCH / ETH Zurich Project DDoSVax Arno Wagner wagner@tik.ee.ethz.ch Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich)

  2. Talk Outline The Dataset Flow Data Usage by SWITCH Offline Analysis Examples Traffic Amount vs. Unique Addresses Analysis Tools Performance questions Arno Wagner, ETH Zurich, FloCon 2004 – p.1

  3. The DDoSVax Dataset Project URL: http://www.tik.ee.ethz.ch/~ddosvax/ NetFlow v5 (converted from V7 by SWITCH) About 60.000.000 flows/hour Weekday: About 200k internal and 800k external IPs Unsampled Stored in full since March 2003 Arno Wagner, ETH Zurich, FloCon 2004 – p.2

  4. Flow Data Usage by SWITCH Independently done by SWITCH on NetFlow data Accounting and load monitoring (aggregated) SWITCH-CERT: Short-term forensics (reduced) Single fast computer with hardware RAID-5 No compression Sorted into minute (?) intervals Fast search with regular expressions Several weeks online No (?) long term storage Arno Wagner, ETH Zurich, FloCon 2004 – p.3

  5. Offline Analysis E.g. for network/email worms Customised tools for some analyses Single hour / prototyping: netflow_to_text and Perl Days...weeks: From C-template Also other things: P2P , IRC, ... Arno Wagner, ETH Zurich, FloCon 2004 – p.4

  6. Example: Blaster - Flows Arno Wagner, ETH Zurich, FloCon 2004 – p.5

  7. Example: Blaster - Unique Sources Arno Wagner, ETH Zurich, FloCon 2004 – p.6

  8. Example: Sobig Arno Wagner, ETH Zurich, FloCon 2004 – p.7

  9. Example: MyDoom Arno Wagner, ETH Zurich, FloCon 2004 – p.8

  10. Traffic vs. Unique Sources Traffic: Easy to do Works reasonably well Sensitive to data generation problems Sensitive to observed network Unique Sources: More complicated, more robust Weakly dependent on observed network Allows to get global picture Arno Wagner, ETH Zurich, FloCon 2004 – p.9

  11. Analysis-tools: Scripting ”netflow_to_text” Takes one data file, outputs one line Well suited as ”grep”/Perl input Example: TCP pr 111.131.210.8 si 1111.136.200.121 di 1264 sp 135 dp 48 le 1 pk 12:59:51.965 st 12:59:51.965 en 0.000 du Arno Wagner, ETH Zurich, FloCon 2004 – p.10

  12. Analysis-tools: C ”Iterator template” Iterates over all records in a set of files Preprocesses timestamps, etc. Reading of input files encapsulated Arno Wagner, ETH Zurich, FloCon 2004 – p.11

  13. Performance Issues 5-10 minutes / hour of data bunzip2 I/O limit at 10 cluster nodes reading from one NFS partition Memory limitations Arno Wagner, ETH Zurich, FloCon 2004 – p.12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NetFlow Data Capturing and Processing at SWITCH and ETH Zurich Arno Wagner

NetFlow Data Capturing and Processing at SWITCH and ETH Zurich Arno Wagner

NetFlow Data Capturing and Processing at SWITCH and ETH Zurich Arno Wagner wagner@tik.ee.ethz.ch Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich) Talk Outline The DDoSVax Project The SWITCH Network

249 views • 23 slides
Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich Arno

Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich Arno

Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich Arno Wagner wagner@tik.ee.ethz.ch Communication Systems Laboratory Swiss Federal Institute of Technology Zurich (ETH Zurich) Outline 1. Academic users

674 views • 23 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful Reading: Sections 1.1-1.5, 2.1 Data-flow analysis (DFA) A framework for statically proving facts about program data. Focuses on simple, finite

1.04k views • 54 slides
1 Ways to improve data-flow analysis efficiency Example (liveness) 1st 2nd 3rd

1 Ways to improve data-flow analysis efficiency Example (liveness) 1st 2nd 3rd

Speeding Up Data-Flow Analysis Solving the Data-flow Equations Last time Algorithm Various optimizations that use data-flow analysis for each node n in CFG initialize solutions in[n] = ; out[n] = Today repeat Speeding up

418 views • 4 slides
Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by

Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by

Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by Erik Stenman and Michael Schwartzbach Data-flow analysis Example: liveness Data-flow analysis is a global analysis framework that can be used to

635 views • 11 slides
1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

Introduction to Data-flow analysis Data-flow Analysis Last Time Idea Undergraduate compilers review Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Assem.Instr data

903 views • 4 slides
Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets)

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets)

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cdric Favre(1,2), Hagen Vlzer(1), Peter Mller(2) (1) IBM Research - Zurich (2) ETH Zurich 1 Outline Problem - Control-flow analysis

624 views • 44 slides
Compiler Design Spring 2018 8.0 Data-Flow Analysis Thomas R. Gross Computer Science Department

Compiler Design Spring 2018 8.0 Data-Flow Analysis Thomas R. Gross Computer Science Department

Compiler Design Spring 2018 8.0 Data-Flow Analysis Thomas R. Gross Computer Science Department ETH Zurich, Switzerland 1 Properties of program analysis Analysis must be correct Depends on use Do not mislead the compiler Analysis

448 views • 41 slides
Introduction to Data-flow analysis Last Time Implementing a Mark and Sweep GC Today

Introduction to Data-flow analysis Last Time Implementing a Mark and Sweep GC Today

Introduction to Data-flow analysis Last Time Implementing a Mark and Sweep GC Today Control flow graphs Liveness analysis Register allocation CS553 Lecture Introduction to Data-flow Analysis 1 Data-flow

435 views • 15 slides
CMSC 430 Introduction to Compilers Spring 2016 Data Flow Analysis Data Flow Analysis A

CMSC 430 Introduction to Compilers Spring 2016 Data Flow Analysis Data Flow Analysis A

CMSC 430 Introduction to Compilers Spring 2016 Data Flow Analysis Data Flow Analysis A framework for proving facts about programs Reasons about lots of little facts Little or no interaction between facts Works best on

502 views • 35 slides
Chapter 1 Data flow analysis Course Static analysis and all that Martin Steffen INF5906 /

Chapter 1 Data flow analysis Course Static analysis and all that Martin Steffen INF5906 /

Chapter 1 Data flow analysis Course Static analysis and all that Martin Steffen INF5906 / autum 2017 Chapter 1 Learning Targets of Chapter Data flow analysis. various DFAs monotone frameworks operational semantics foundations

1.08k views • 82 slides
Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow

Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow

Lattice-Theoretic Framework for Data-Flow Analysis Last time Generalizing data-flow analysis Today Introduce lattice-theoretic frameworks for data-flow analysis CS553 Lecture Lattice Theoretic Framework for DFA 1 Context

421 views • 15 slides
Generalizing Data-flow Analysis Announcements Read Section 9.3 in the book Today

Generalizing Data-flow Analysis Announcements Read Section 9.3 in the book Today

Generalizing Data-flow Analysis Announcements Read Section 9.3 in the book Today Other types of data-flow analysis Reaching definitions, available expressions, reaching constants Abstracting data-flow analysis

383 views • 9 slides
Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Example How many registers do we need a := 0 1 for the program on the right? L1: b := a + 1 2

408 views • 12 slides
Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems

Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems

Program Analysis Chris Hankin(clh) Efficiency Type and Effect Control Flow Analysis Systems Data Flow Abstract Analysis Interpretation Correctness Program Analysis p.1/23 Overview Introduction Data Flow Analysis Control Flow

279 views • 23 slides
Board of Directors Meeting Thursday, March 7, 2019 2:00 p.m. Slide 1 I. Welcome & Roll

Board of Directors Meeting Thursday, March 7, 2019 2:00 p.m. Slide 1 I. Welcome & Roll

Board of Directors Meeting Thursday, March 7, 2019 2:00 p.m. Slide 1 I. Welcome & Roll Call Board of Directors 2 CLEAN POWER ALLIANCE II. General Public Comment Board of Directors 3 CLEAN POWER ALLIANCE III. Consent Agenda Board

483 views • 34 slides
The National Academy's Approach to The National Academy's Approach to Medium and Heavy Duty Truck

The National Academy's Approach to The National Academy's Approach to Medium and Heavy Duty Truck

The National Academy's Approach to The National Academy's Approach to Medium and Heavy Duty Truck Fuel Medium and Heavy Duty Truck Fuel Consumption Consumption Presented to Focus for the Future Automotive Research Conferences by John

529 views • 22 slides
Restoring Hima Ecosystem Functions through Combacting the Problems of Water Resources Management

Restoring Hima Ecosystem Functions through Combacting the Problems of Water Resources Management

Restoring Hima Ecosystem Functions through Combacting the Problems of Water Resources Management in the Hima- IBAs of Lebanon Presented by :Dalia Al-jawhary Outline Overview about SPNL Hima Approach&Hima Anjar- Kfar Zabad Anjar

457 views • 33 slides
rgtsel Davran Ar Ara trmalar Dergisi Journal Of Organizational Behavior Research S2

rgtsel Davran Ar Ara trmalar Dergisi Journal Of Organizational Behavior Research S2

rgtsel Davran Ar Ara trmalar Dergisi Journal Of Organizational Behavior Research S2 , Yl/Year: 201 8 , Kod/ID:81S23 Cilt / Vol.: 3 , Say / Is.: S2 252 2528-97 9705 05 THE PRESENTATION OF SWOC STRATEGIES SOLUTIONS FOR

505 views • 13 slides
THE Based on Workshop 15 January2019 Arthur ten Wolde, Circular Economy Expert Ecopreneur.eu

THE Based on Workshop 15 January2019 Arthur ten Wolde, Circular Economy Expert Ecopreneur.eu

THE Based on Workshop 15 January2019 Arthur ten Wolde, Circular Economy Expert Ecopreneur.eu & MVO Nederland Arno Kunert, Director Business Development WeSustain GmbH About Ecopreneur: the political voice of green SMEs in Brussels Over

540 views • 12 slides
Joint ECDC-EFSA-EMA report on consumption of antimicrobials and antimicrobial resistance in

Joint ECDC-EFSA-EMA report on consumption of antimicrobials and antimicrobial resistance in

Joint ECDC-EFSA-EMA report on consumption of antimicrobials and antimicrobial resistance in animals, food and humans (JIACRA) ESVAC stakeholders meeting 2014 Jordi Torren, Kari Grave, Arno Muller, David Mackay, Christina Greko, Gerard Moulin

273 views • 12 slides
Deanonymisation in Ethereum Using Existing Methods for Bitcoin Robin Klusman Tim Dijkhuizen

Deanonymisation in Ethereum Using Existing Methods for Bitcoin Robin Klusman Tim Dijkhuizen

Deanonymisation in Ethereum Using Existing Methods for Bitcoin Robin Klusman Tim Dijkhuizen Supervisor: Arno Bakker RP1 #61 06-02-2018 Introduction Blockchain Decentralised Peer-to-peer Miners Anonymous reputation

547 views • 23 slides
HELCOM ZEN QAI Period : 2011-2013 Proposed by : Z ooplankton E xpert N etwork Chair/Contracting

HELCOM ZEN QAI Period : 2011-2013 Proposed by : Z ooplankton E xpert N etwork Chair/Contracting

HELCOM MONAS 14/2011 Q uality A ssurance and I ntegration of Zooplankton Monitoring in the Baltic Sea HELCOM ZEN QAI Period : 2011-2013 Proposed by : Z ooplankton E xpert N etwork Chair/Contracting party : Elena Gorokhova, Sweden Importance of

228 views • 12 slides

More recommend