network flow data fusion
play

Network Flow Data Fusion GeoSpatial and NetSpatial Data Enhancement - PowerPoint PPT Presentation

Apr 29, 2023 •301 likes •663 views

Network Flow Data Fusion GeoSpatial and NetSpatial Data Enhancement FloCon 2010 New Orleans, La Carter Bullard QoSient, LLC carter@qosient.com Wednesday, January 20, 2010 1 Carter Bullard carter@qosient.com QoSient - Research and

  1. Network Flow Data Fusion GeoSpatial and NetSpatial Data Enhancement FloCon 2010 New Orleans, La Carter Bullard QoSient, LLC carter@qosient.com Wednesday, January 20, 2010 1

  2. Carter Bullard carter@qosient.com • QoSient - Research and Development Company – Naval Research Laboratory (NRL), GIG-EF, JCTD-LD, DISA, DoD Network Performance and Security Research • Inventor/Developer Argus http://qosient.com/argus • FBI/CALEA Data Wire-Tapping Working Group • QoS/Security Network Management - Nortel/Bay • Security Product Manager – FORE Systems • CMU/SEI CERT – Network Intrusion Research and Analysis – NAP Site Security Policy Development – Network Security Incident Coordinator • NFSnet Core Administrator (SURAnet) • Standards Efforts – Editor of ATM Forum Security Signaling Standards – IETF Working Group(s) Contributor – Internet2 Security WG – NANOG Wednesday, January 20, 2010 2

  3. FloCon 2010 Flow Innovation This year's conference will focus on flow data analysis within the context of other data sources. Presenters are encouraged to consider how flow is a piece of the puzzle. Which Puzzle? • Cyber-Situational Awareness and Network Defense (CND) • Near real-time awareness of threats, status, and performance, with awareness of external attacks and insider abuse/misuse. • Assured Enterprise Management and Control • Critical infrastructure must operate as intended, with management, control and information assured. Wednesday, January 20, 2010 3

  4. Cyber-Situational Awareness Level 1 SA - Perception • The perception of elements in the environment within a volume of time and space • Involves timely sensing, data generation, distribution, collection, combination, filtering, enhancement, processing, storage, retention and access. Level 2 SA - Comprehension • Understanding significance of perceived elements in relation to relevant goals and objectives. • Involves integration, correlation, knowledge generation. Level 3 SA - Projection of Future Status Endsley, M. R. (1995b). Toward a theory of situation awareness in dynamic systems. Human Factors 37(1), 32-64. Wednesday, January 20, 2010 4

  5. Wednesday, January 20, 2010 5

  6. Wednesday, January 20, 2010 6

  7. Who/What/When/ Where Sometimes, ‘Where’ is the only criteria for comprehending that there is a problem. • Data isn’t suppose to be coming from there. • Data isn’t suppose to be going that way. • Data should to be coming from there but ....... • Where is this data coming from !!!!!! Network flow data can be used in perception and comprehension of some of these very complex concepts, but the data needs to have some specific qualities in order to successively support ‘where’ functions. Wednesday, January 20, 2010 7

  8. Who/What/When/ Where • GeoSpatial Information • Association with geographic information, GIS and Geomatics. • GeoLocation • Identification of ‘real-world’ geographic location information • Generally IP Address, MAC, RFID, Triangulation Based (rarely GPS based). • Time Zone, Country Codes, Region, City, Postal/Zip Codes, Lat/Lon • Commercial/Open Source Data Sources • Regional Internet Registries • ISP Provided Information • Used primarily for Marketing and Directed Advertisement. • Applications to E-commerce are emerging (taxation). • VoIP/SIP Based Emergency Services. • Lots of Standards (OGC, IEEE, W3C, ITU, IETF) • Little guidelines for privacy protection issues • Important Issue in Mobile Ad-hoc Networking • Gradient, aspect and visibility • Distance optimizations for power minimization and path length Wednesday, January 20, 2010 8

  9. Where is QoSient.com? Wednesday, January 20, 2010 9

  10. Where is QoSient.com? Wednesday, January 20, 2010 10

  11. Where is QoSient.com? Wednesday, January 20, 2010 11

  12. Where is QoSient.com? Wednesday, January 20, 2010 12

  13. Network Path Information? Wednesday, January 20, 2010 13

  14. Who/What/When/ Where • Issues using geospatial information and flow data • There is no GeoSpatial Information in data packets • Most network flow data must be enhanced external to sensor • Flow data enhancement during/after data collection or distribution • No relational algebraic constraints on geospatial identifiers • IP addresses are not globally unique. • IP Address / Geolocation mappings are not formally managed/maintained. • Issues involve accuracy, relevancy, dynamism and time • IPFIX has not discussed geospatial/netspatial data support. Wednesday, January 20, 2010 14

  15. Who/What/When/ Where • Argus geospatial support • Flow Data Semantic Enhancement • radium() - collection based enhancement • ralabel() - post collection enhancement • metadata insertion strategy • saddr:lat=42.246532, lon=18.345261 • geospatial information embedded in each record • direct GPS data insertion when available • Support for printing, graphing, filtering, aggregation, and anonymization. • aniso lat/lon aggregation generates bounding box • lat/lon anonymization • constant offset projected onto either poles or ocean/land boundaries Wednesday, January 20, 2010 15

  16. China Syndrome • But not all is as it appears to be. • QoSient.com constantly scanned by IP addresses from CN • Using ARIN databases for country codes. • Not a bother at all really. • One flow presented with estimated hop-count of 4 hops • Argus uses TTL to estimate hops (nearest 2^x - observed TTL). • Modified ping to source yielded RTT of less than 5 mSecs • Speed of light distance is 465.71 miles one-way. • Network distance estimates usually put 5 mSecs close, 0-20 miles. • So, what’s up with this. • Source address spoofing? • Router root-kit attack? • Routing infrastructure attack? Wednesday, January 20, 2010 16

  17. Domain Name Server DNS Root Servers BGP CN AAA MPLS Network OSPF RSVP-TE/LDP STP End Station IS-IS-TE BGP ARP Call Controller Policy Server OSPF End Connection Controller IS-IS-TE Station Call Control Policy Control Connection Control Data Plane Wednesday, January 20, 2010 17

  18. Domain Name Server DNS Root Servers BGP AAA MPLS Network OSPF RSVP-TE/LDP STP End Station IS-IS-TE BGP ARP Call Controller Policy Server OSPF End Connection Controller IS-IS-TE Station Call Control Policy Control CN Connection Control Data Plane Wednesday, January 20, 2010 18

  19. Who/What/When/Where • How Do You Detect This? • Geospatial /Netspatial Incongruity • Network Distance Estimation and Correlation • Service Discovery, Service Usage Optimization, Group Join Optimizations, Shortest Path Routing • Methods • Global Network Positioning (GNP and NPS), CDN (Akamai), Internet Iso-bar, Internet Distance Maps (IDMaps), Vivaldi, Dynamic Distance Maps (DDM), RON, Landmark Clustering, Dynamic Landmark Triangles, Netvigator • All Network Distance Estimation Methods use simple active RTT metrics such as ping() and traceroute(), differentiations involve sampling strategies and statistical analysis. Wednesday, January 20, 2010 19

  20. Need For Active Elements? • Timeliness of Determination/Validation • See a packet from some interesting IP address • Need to timely propagate the perception of address • Make GeoSpatial assessment • Decide to make some form of network estimation • Schedule ping/traceroute/probe.... • Flow sensors passively capturing network distance estimation metrics • Bi-directional flow monitors • Capture RTT regardless of protocol type • P1-P2 flow tracking captures traceroute information • Billions of Location Metrics Per Day • 8-10K Host Associations Per Work Group • 25% Infrequent, 35% Transient, 40% Persistent Wednesday, January 20, 2010 20

  21. Geo/NetSpatial Correlation • Network Distance Estimation Accuracy • Large samples generate good results • But, network distance does not relate to physical distance. • At least you can get a sense that something is up Wednesday, January 20, 2010 21

  22. Domain Name Server DNS Root Servers BGP AAA MPLS Network OSPF RSVP-TE/LDP STP End Station IS-IS-TE BGP ARP Call Controller Policy Server OSPF End Connection Controller IS-IS-TE Station Call Control Policy Control CN Connection Control Data Plane Wednesday, January 20, 2010 22

  23. Multi-Point Monitoring JCTD-LD Multipoint Flow Data Monitoring Large Data Joint Command Technical Demonstration Naval Research Laboratory Oct 18, 2007 12:04:55 EDT Wednesday, January 20, 2010 23

  24. MultiProbe Correlation • Look for flows at multiple points • Differential analysis • One-way delay • Loss statistics • Path assurance • Sensor placement provides utility • Exploit geospatial nature of observation domain • Validate explicit compartmentalizaiton • Exterior / Interior verification Wednesday, January 20, 2010 24

  25. GeoSpatial Situational Awareness System Mixed Black-box White-box Approach Local Area Network Implementation White/Visible Node Black/Non-Visible Node Comprehensive Flow IS Flow Data Generation Data Plane Situational Awareness Data Wednesday, January 20, 2010 25

  26. GeoSpatial Situational Awareness System Mixed Black-box White-box Approach Local Area Network Implementation White/Visible Node Black/Non-Visible Node Comprehensive Flow IS Flow Data Generation Data Plane Situational Awareness Data Wednesday, January 20, 2010 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Network Flow CS31005: Algorithms-II Autumn 2020 IIT Kharagpur Network Flow Models the flow

Network Flow CS31005: Algorithms-II Autumn 2020 IIT Kharagpur Network Flow Models the flow

Network Flow CS31005: Algorithms-II Autumn 2020 IIT Kharagpur Network Flow Models the flow of items through a network Example Transporting goods through the road/rail/air network Flow of fluids (oil, water,..) through pumping

949 views • 84 slides
Network Flow 5 Network Flow terminology Network flow is similar to finding how much water we

Network Flow 5 Network Flow terminology Network flow is similar to finding how much water we

1 Network Flow 5 Network Flow terminology Network flow is similar to finding how much water we can bring from a source to a sink (infinite) (intermediates cannot hold water) 6 Network Flow terminology Definitions: c(u,v)

576 views • 34 slides
Loop Fusion Amid Complex Control Flow R Ramshankar Dibyendu Das AMD 1 Loop Fusion Two loops

Loop Fusion Amid Complex Control Flow R Ramshankar Dibyendu Das AMD 1 Loop Fusion Two loops

Loop Fusion Amid Complex Control Flow R Ramshankar Dibyendu Das AMD 1 Loop Fusion Two loops with proximity in control flow iterating over same large arrays Will show poor scalability Why? Loops on large arrays stride over memory that

274 views • 14 slides
CS 401 Max Flow / Bipartite Matching Xiaorui Sun 1 Flow network Flow network. G = (V, E) =

CS 401 Max Flow / Bipartite Matching Xiaorui Sun 1 Flow network Flow network. G = (V, E) =

CS 401 Max Flow / Bipartite Matching Xiaorui Sun 1 Flow network Flow network. G = (V, E) = directed graph, no parallel edges. Two distinguished nodes: s = source, t = sink. c(e) = capacity of edge e. 9 2 5 10 15 15 10 4 source 5

1.01k views • 21 slides
CSE 521 Algorithms The Network Flow Problem 2 The Network Flow Problem 4 a x 3 5 3 7 7 4

CSE 521 Algorithms The Network Flow Problem 2 The Network Flow Problem 4 a x 3 5 3 7 7 4

CSE 521 Algorithms The Network Flow Problem 2 The Network Flow Problem 4 a x 3 5 3 7 7 4 s b y t 6 6 1 4 5 c z How much stuff can flow from s to t? 4 Soviet Rail Network, 1955 Reference: On the history of the transportation

1.05k views • 84 slides
Review Network flow definitions CSE 421 Flow examples Augmenting Paths Algorithms

Review Network flow definitions CSE 421 Flow examples Augmenting Paths Algorithms

Review Network flow definitions CSE 421 Flow examples Augmenting Paths Algorithms g Residual Graph Richard Anderson Ford Fulkerson Algorithm Lecture 22 Cuts Network Flow Maxflow-MinCut Theorem Network Flow

860 views • 4 slides
Figure 1: Visual representation of M 3 Fusion . II. D ATA The study was carried out on Reunion

Figure 1: Visual representation of M 3 Fusion . II. D ATA The study was carried out on Reunion

M 3 Fusion : A Deep Learning Architecture for Multi- { Scale/Modal/Temporal } satellite data fusion P. Benedetti, D. Ienco, R. Gaetano, K. Os e, R. Pensa and S. Dupuy Abstract Modern Earth Observation systems provide sensing data at different

107 views • 9 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
Probabilistic and Model Fusion: . . . Model Fusion: . . . Interval Uncertainty Model Fusion:

Probabilistic and Model Fusion: . . . Model Fusion: . . . Interval Uncertainty Model Fusion:

Data Fusion under . . . Data Fusion under . . . New Problem: . . . Why This Is Important New Idea: Model Fusion Probabilistic and Model Fusion: . . . Model Fusion: . . . Interval Uncertainty Model Fusion: Interval . . . Model Fusion:

503 views • 13 slides
Network Flow II 2 Every edge e has a capacity c(e) 0. Flow: 1 Inge Li Grtz

Network Flow II 2 Every edge e has a capacity c(e) 0. Flow: 1 Inge Li Grtz

Network Flow 1 Network flow: 2 graph G=(V,E). 2 2 s 1 t Special vertices s (source) and t (sink). 2 2 Network Flow II 2 Every edge e has a capacity c(e) 0. Flow: 1 Inge Li Grtz capacity constraint: every

503 views • 15 slides
CSE 421 Introduction to Algorithms The Network Flow Problem 1 The Network Flow Problem 4 a x

CSE 421 Introduction to Algorithms The Network Flow Problem 1 The Network Flow Problem 4 a x

CSE 421 Introduction to Algorithms The Network Flow Problem 1 The Network Flow Problem 4 a x 3 5 3 7 7 4 s b y t 6 6 1 4 5 c z How much stuff can flow from s to t ? 2 Soviet Rail Network, 1955 Reference: On the history of

889 views • 75 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Data Fusion Techniques and Application Guangyu Zhou Reference paper: Zheng Yu: Methodologies for

Data Fusion Techniques and Application Guangyu Zhou Reference paper: Zheng Yu: Methodologies for

Data Fusion Techniques and Application Guangyu Zhou Reference paper: Zheng Yu: Methodologies for Cross-Domain Data Fusion: An Overview Agenda Introduction Related work Data fusion techniques & applications Stage-based methods

677 views • 49 slides
Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson

Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson

Mat 3770 Network Flows Network Flow Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson Residual Spring 2014 Network Augmenting Path Max-flow Min-cut Matching 4.2 Network Flows Mat 3770 Network

896 views • 61 slides
Introduction to Sensor Data Fusion Methods and Applications Last lecture: Why Sensor Data

Introduction to Sensor Data Fusion Methods and Applications Last lecture: Why Sensor Data

Introduction to Sensor Data Fusion Methods and Applications Last lecture: Why Sensor Data Fusion? Motivation, general context Discussion of examples Today: Steep climb to a first algorithm. oral examination: 6 credit points

995 views • 42 slides
Introduction to Sensor Data Fusion Methods and Applications Last lecture: Why Sensor Data

Introduction to Sensor Data Fusion Methods and Applications Last lecture: Why Sensor Data

Introduction to Sensor Data Fusion Methods and Applications Last lecture: Why Sensor Data Fusion? Motivation, general context Discussion of examples Today: Steep climb to a first algorithm. oral examination: 6 credit points

1.02k views • 56 slides
Workload Characterization of 3D Games Jordi Roca, Victor Moya, Carlos Gonzlez, Chema Solis,

Workload Characterization of 3D Games Jordi Roca, Victor Moya, Carlos Gonzlez, Chema Solis,

Workload Characterization of 3D Games Jordi Roca, Victor Moya, Carlos Gonzlez, Chema Solis, Agustn Fernandez and Roger Espasa (Intel DEG Barcelona) Computer Architecture Department 1 Outline Introduction Game selection &

460 views • 27 slides
Sustainable Li-based batteries for energy storage J.M. Tarascon Todays energy overview

Sustainable Li-based batteries for energy storage J.M. Tarascon Todays energy overview

New Fellows Seminar The Royal Society London, July 10, 2014 Sustainable Li-based batteries for energy storage J.M. Tarascon Todays energy overview Energy transition http://americanenergyindependence.com/energychallenge.aspx Renewable

590 views • 17 slides
Northwest Pacific Ocean : Tracing the water mass movement using 240 Pu/ 239 Pu atom ratio Sang-Han

Northwest Pacific Ocean : Tracing the water mass movement using 240 Pu/ 239 Pu atom ratio Sang-Han

The transport of close-in fallout plutonium in the Northwest Pacific Ocean : Tracing the water mass movement using 240 Pu/ 239 Pu atom ratio Sang-Han Lee 1, *, Gi-Hoon Hong 2 , Moon-Sik Suk 2 , Janine Gastaud 3 , Jerome La Rosa 4 , Chul-Soo Kim 5

379 views • 25 slides
Choice Neighborhood Action Activities Grant Task Force, Coordinating Committee, Beecher Terrace

Choice Neighborhood Action Activities Grant Task Force, Coordinating Committee, Beecher Terrace

Choice Neighborhood Action Activities Grant Task Force, Coordinating Committee, Beecher Terrace Resident and Community Meeting August 17, 2016 1 2 Agenda Choice Neighborhoods Initiative Grants Overview Types of CNI Awards and Amounts

652 views • 31 slides
CLINICAL MEETING 22.03.18 CASE PRESENTATION BY Dr. Divya Nuthakki 2 nd Yr Post Graduate DEPT

CLINICAL MEETING 22.03.18 CASE PRESENTATION BY Dr. Divya Nuthakki 2 nd Yr Post Graduate DEPT

CLINICAL MEETING 22.03.18 CASE PRESENTATION BY Dr. Divya Nuthakki 2 nd Yr Post Graduate DEPT OF PEDIATRICS KIMS Narketpally Case History Name: Baby S Informant: Mother Age: 8 month Male R/o

971 views • 30 slides
ICMAB ICMAB INSTITUT DE CINCIA DE INSTITUT DE CINCIA DE MATERIALS DE BARCELONA MATERIALS

ICMAB ICMAB INSTITUT DE CINCIA DE INSTITUT DE CINCIA DE MATERIALS DE BARCELONA MATERIALS

ICMAB ICMAB INSTITUT DE CINCIA DE INSTITUT DE CINCIA DE MATERIALS DE BARCELONA MATERIALS DE BARCELONA Xavier Obradors Director ICMAB CSIC CONSEJO SUPERIOR DE INVESTIGACIONES CIENTFICAS CONSEJO SUPERIOR DE INVESTIGACIONES

670 views • 37 slides
Part 1 How can computational NMR contribute to structure determination of proteins with

Part 1 How can computational NMR contribute to structure determination of proteins with

Part 1 How can computational NMR contribute to structure determination of proteins with paramagnetic center? Ji Mare University of Oulu 2014 Start 17.1.2013 . . . we are sending the structure and the experimental pcs of a

434 views • 41 slides
1,2 <E <E 2 > f ( c ,

1,2 <E <E 2 > f ( c ,

Paramagnetic metalloproteins Paramagnetic metalloproteins Nuclear relaxation due to the Nuclear relaxation due to the electron electron-nucleus dipolar coupling nucleus dipolar coupling Solomon equations Solomon equations In paramagnetic

784 views • 18 slides

More recommend