network traffic analysis cluster analysis
play

Network Traffic Analysis & Cluster Analysis Exploring Hadoop - PowerPoint PPT Presentation

Feb 29, 2024 •444 likes •644 views

Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools Background and Goals: Apache Spot was started recently DNS, Netflow, PCAP data is analyzed The goal is to identify: suspicous

  1. Network Traffic Analysis & Cluster Analysis Exploring Hadoop Clusters using Free Tools

  2. Background and Goals: • Apache Spot was started recently • DNS, Netflow, PCAP data is analyzed • The goal is to identify: ”suspicous connections” or: “dangerous activity”. • What is suspicious? • Apache Spot uses a topic-model approach, to classify traffic.

  3. Used Raw Data:

  4. Our Goals (midterm): • Use local context information instead of single package data only. (A) Temporal communication networks (B) Vectorization of measured properties from multiple sources • Consider additional communication layers: • Syslog • Webserver logs • Cloudera Manager events • Cloudera Navigator events

  5. About Event Processing: • Kafka gives an order only within a partition • Post-processing in Spark • HBase sorts rows by key • Table design is now strictly time related, which is not a very universal approach. • Kudu uses Primary Keys Each Kudu table must declare a primary key comprised of one or more columns. Primary key columns must be non-nullable , and may not be a boolean or floating-point type. Every row in a table must have a unique set of values for its primary key columns. As with a traditional RDBMS, primary key selection is critical to ensuring performant database operations. • But: Events have timestamps which are not really unique !!!

  6. Our Activities • Implement a data pipeline: • Kafka => Spark => HDFS => Notebook • Kafka => Spark => Kudu • Kudu => Spark => HDFS => (Notebook) • Create reference data sets • Scenario A: Terrasort (Big-Batch-Workload) • Scenario B: HDFS PUT,GET; HUE (Interactive Workload) • Scenario C: Idle cluster (Vacation time) • Scenario D: Kafka => Spark => Kudu (Realistic production Workload) • Scenario E: Twitter => Spark => Kudu (Realistic production Workload)

  7. Results • Scenario A: Batch workload • Scenario D: External data acquisition • Scenario E: Idle cluster

  8. Scenario A: TERRAGEN TERRASORT

  9. Scenario D: IDLE CLUSTER (some unknown activity in the background)

  10. First Iteration: • We organized our work in 3 phases: • Data and domain inspection + solution proposals • Environment setup • Tool centric: Jupyter, Eclipse, IntlliJ, CloudCat cluster, Git repository • Data centric:, Data collector tool, Demo data generation, Data formats • Data capturing and data generation • Analyzing the data in a well defined environment • Results are available in Git repos: • http://github.mtv.cloudera.com/kamir/Snaffer • https://github.com/mbalassi/packet-inspector • Increase functionality and knowledge by doing small iterations • Share code and knowledge

  11. How it works … • We collect raw data in Avro format, using the Snaffer script. • We transform the events to networks, using Hive. • We analyze and visualize the networks using Gephi.

  13. Outlook

  14. Entropy of Temporal Network • Time evolution of the network properties • Topology • Topological node properties

  15. Milestone One: • Follow a common DSP model (data science process model) • Use CDH default tools and gain experience • Work with Kafka (for input) and Hive tables (for input and output) • Implement a dataset profiling procedure, using Spark • Present results, using Jupiter notebook • Increase functionality and knowledge by doing small iterations • Share code and knowledge

  16. TODO (1) • Define data sources according to inspection methods • Define Avro schema and SOLR schema • Automatic dataset initalization / validation • DESCRIBE as WIKI and than instantiate via ANSIBLE

  17. TODO (2) • SNAProfiler • SQL for Network creation • Topology per time slice • Envelop: • Allows us to hook in the SNAProfiler component as a JAR.

  18. TODO (3) • Time Slice Preparation • KAFKA => Hbase • App—controledtime slice management: • (K,V) : (EXP_METRIC_TS, NETWORKDATA_as_edgelist) • Opposite to TIMESERIES presentation

  19. References • https://docs.google.com/document/d/12SHvTGJWtewk8CpUClOy22 mh7cUow18F_Jg2ZNNE3h8/edit#heading=h.r4wlzr2ctack • https://docs.google.com/document/d/1sD0_T2fQ7J5k7Ttx1vmAkYk MljMySgKFimm4hNVXxgA/edit# • http://research.ijcaonline.org/volume74/number17/pxc3890233.pdf • https://www.cs.princeton.edu/~blei/papers/BleiNgJordan2003.pdf

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis

Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis

Kmean Cluster Analysis 1 Learning Objectives Understanding the kmean cluster analysis procedure. Understanding the methods used to determine the optimal number of clusters. Managing data for the sake of conducting cluster analysis.

1.1k views • 80 slides
Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of

Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of

Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of Graph Cluster Analysis Algorithms for Graph Clustering k-Spanning Tree Shared Nearest Neighbor Betweenness Centrality Based Highly

836 views • 48 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets Network Traffic Measurement and Analysis Conference (TMA 2018) June 28, 2018 Milan Cermak et al. Institute of Computer Science, Masaryk University, Brno

575 views • 25 slides
Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki,

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki,

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki, Mark Crovella, Christophe Diot, and Nina Taft Traditional Network What ISPs Care Traffic Analysis About Focus on Focus on Long,

1.09k views • 46 slides
ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and

ICmyNet.Flow: NetFlow based traffic investigation analysis traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@ rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF

641 views • 46 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC

IN INTRODUCTION TO TRAFFIC ANALYSIS ETI2506 Sunday, 23 October 2016 1 WHERE ARE WE IN THE CURRICULUM? 2 GOAL OF TRAFFIC ANALYSIS 1. Except for user terminals, the telephone network is composed of a variety of common 45 Trunks equipment

385 views • 17 slides
What is Cluster Analysis? Dmitriy (Dima) Gorenshteyn Sr. Data Scientist, Memorial Sloan

What is Cluster Analysis? Dmitriy (Dima) Gorenshteyn Sr. Data Scientist, Memorial Sloan

DataCamp Cluster Analysis in R CLUSTER ANALYSIS IN R What is Cluster Analysis? Dmitriy (Dima) Gorenshteyn Sr. Data Scientist, Memorial Sloan Kettering Cancer Center DataCamp Cluster Analysis in R What is Clustering? DataCamp Cluster

2.23k views • 54 slides
CLUSTER ANALYSIS Agenda Introduction to cluster analysis and application Feature

CLUSTER ANALYSIS Agenda Introduction to cluster analysis and application Feature

CLUSTER ANALYSIS Agenda Introduction to cluster analysis and application Feature Selection for Clustering Clustering Algorithm DBScan Cluster Validation Introduction Clustering is the partitioning of large

593 views • 21 slides
Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic analysis for Bitcoin and derived Transaction clustering using network traffic blockchains analysis for Bitcoin and derived blockchains Biryukov, Tikhomirov Introduction Network privacy Alex

491 views • 30 slides
Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network Security at Prague Embedded Systems Workshop (PESW 2019) June 28, 2019 Milan Cermak Institute of Computer Science, Masaryk University, Brno 2 3

440 views • 20 slides
FloCon 2018 Tucson AZ Analysis of DNS Traffic on the Network EDGE, and In Motion. Fred Stringer

FloCon 2018 Tucson AZ Analysis of DNS Traffic on the Network EDGE, and In Motion. Fred Stringer

x January 2018 FloCon 2018 Tucson AZ Analysis of DNS Traffic on the Network EDGE, and In Motion. Fred Stringer 1 Key M Messages es Distributed Analysis (at the collection points) enables scale, flexibility and timely indicators.

364 views • 11 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Week 5 Video 6 Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network Analysis (ENA) (Shaffer, 2017) Studying relationships between elements in coded data Lots of applications Conference founded

536 views • 30 slides
Measuring Function Duration with Ftrace By Tim Bird Sony Corporation of America <tim.bird

Measuring Function Duration with Ftrace By Tim Bird Sony Corporation of America <tim.bird

On ARM Measuring Function Duration with Ftrace By Tim Bird Sony Corporation of America <tim.bird (at) am.sony.com> Outline Introduction to Ftrace Adding function graph tracing to ARM Duration Filtering Trace coverage

576 views • 30 slides
Distributed Systems Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski pxk@cs.rutgers.edu

Distributed Systems Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski pxk@cs.rutgers.edu

Distributed Systems Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1

869 views • 29 slides
midterm 1 Exam Outline L. Olson September 17, 2015 Department of Computer Science University

midterm 1 Exam Outline L. Olson September 17, 2015 Department of Computer Science University

midterm 1 Exam Outline L. Olson September 17, 2015 Department of Computer Science University of Illinois at Urbana-Champaign 1 motivation Exam window: Sunday September 27 Wednesday September 30 Multiple choice, short answer,

510 views • 11 slides
Cervus We were formed in 2013 We come from Force Development and Collective Training

Cervus We were formed in 2013 We come from Force Development and Collective Training

Introduction to Cervus We were formed in 2013 We come from Force Development and Collective Training Backgrounds We exploit military and security training data to provide our customers with a comprehensive understanding of their

521 views • 21 slides
Affinity Group 1 January 15, 2019 The University of Wisconsin Service Center will Serve

Affinity Group 1 January 15, 2019 The University of Wisconsin Service Center will Serve

Affinity Group 1 January 15, 2019 The University of Wisconsin Service Center will Serve the people of the University of Wisconsin System Collaborate by being supportive and constructive Act with Integrity always and in all

696 views • 35 slides
Rick Kernan richard.s.kernan@xcelenergy.com Presentation Overview Denver Network Stats

Rick Kernan richard.s.kernan@xcelenergy.com Presentation Overview Denver Network Stats

Eaton Vaultgard Uses For Field Personnel Presented by Rick Kernan richard.s.kernan@xcelenergy.com Presentation Overview Denver Network Stats Legacy Construction Issues Identified Real time Vaultgard Uses Protector and other

936 views • 68 slides
Extending BarnOwl Nelson Elhage Student Information Processing Board January 12, 2009 Nelson

Extending BarnOwl Nelson Elhage Student Information Processing Board January 12, 2009 Nelson

Introduction Extending BarnOwl Nelson Elhage Student Information Processing Board January 12, 2009 Nelson Elhage (SIPB) Extending BarnOwl January 12, 2009 1 / 30 Introduction BarnOwl BarnOwl is a console IM client (not just Zephyr!)

555 views • 31 slides
The Full Spectrum Warrior Camera System John Giors 1 INTRODUCTION 1.1 Motivation Camera

The Full Spectrum Warrior Camera System John Giors 1 INTRODUCTION 1.1 Motivation Camera

The Full Spectrum Warrior Camera System John Giors 1 INTRODUCTION 1.1 Motivation Camera systems are among the most important systems in any game. After all, the camera is the window through which the player interacts with the simulated world.

276 views • 13 slides

More recommend