real time pattern detection in ip flow data using apache
play

Real-time Pattern Detection in IP Flow Data using Apache Spark - PowerPoint PPT Presentation

Dec 31, 2023 •291 likes •403 views

Real-time Pattern Detection in IP Flow Data using Apache Spark International Symposium on Integrated Network Management ( IM 2019) May 9, 2019 Milan Cermak, Martin Lastovicka, Tomas Jirsik Institute of Computer Science, Masaryk University, Brno

  1. Real-time Pattern Detection in IP Flow Data using Apache Spark International Symposium on Integrated Network Management ( IM 2019) May 9, 2019 Milan Cermak, Martin Lastovicka, Tomas Jirsik Institute of Computer Science, Masaryk University, Brno

  2. Attack Detection in Network Flow Records challenges that everyone has to deal with � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ? � � � ? � IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 2 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  3. Attack Detection in Network Flow Records challenges that everyone has to deal with II. � � � � � � � IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 3 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  4. Stream4Flow: Real Time Analysis distributed data stream processing framework IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 4 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  5. PatternFinder taking advantage of similarity search �� � � distance_function: biflow_quadratic_form � patterns: - name: anomaly request: [23, 8983, 9098] response: [24, 1125, 9101] � � � � distribution: anomaly: intervals: [0, 3, 5, 6, 7, 11] weights: [3, 2, 1, 1, 2, 3] IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 5 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  6. Pattern Definition discovery of general attack patterns Dataset § Only network traffic of interest § Include attack variations § Creation � § Real-world dataset � § Artificial dataset Pattern § Easy to determine from dataset § Statistical aggregations of attack characteristics IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 6 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  7. SSH Authentication Attack Use-case from theory to real-world IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 7 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  8. Pattern Definition Hydra, Medusa, or Ncrack? Dataset Creation § Virtual environment – attacker and server § 3 tools, 5 different settings Derived Patterns – median aggregation IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 8 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  9. Evaluation comparison with others Measurement § one week period § 478.98 M Flows, 5.54k Flows/second, 9.9k Flows/second in peak § 21.91 TB data processed Comparison § Commercial solution Flowmon Anomaly Detection System § More than 30 login attempts in 5 min is an attack § ADS 264 events from 75 IPs vs PatternFinder 78 events from 42 IPs § ADS overlapping events § Accuracy 39%, precision 82%, recall 43% IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 9 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  10. Further Results additional findings worth mentioning IM 2019 : Real-time Pattern Detection in IP Flow Data using Apache Spark 10 Milan Cermak et al., Institute of Computer Science, Masaryk University, Brno

  11. Thank you for your attention https://stream4flow.ics.muni.cz/ Milan Cermak et al. @csirtmu cermak@ics.muni.cz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Considerations for Scan Detection Using Flow Data. 1 Ov Over erview iew Scans and scan

Considerations for Scan Detection Using Flow Data. 1 Ov Over erview iew Scans and scan

Considerations for Scan Detection Using Flow Data. 1 Ov Over erview iew Scans and scan detection goals and objectives A review of Threshold Random Walk Real time vs. Flow based approaches Bi-flows and Oracles Extensions

522 views • 18 slides
Apache Apex: Next Gen Big Data Analytics Thomas Weise <thw@apache.org> @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise <thw@apache.org> @thweise PMC Chair

Apache Apex: Next Gen Big Data Analytics Thomas Weise <thw@apache.org> @thweise PMC Chair Apache Apex, Architect DataTorrent Apache Big Data Europe, Sevilla, Nov 14 th 2016 Stream Data Processing Real-time Data Delivery Transform /

632 views • 35 slides
Apache Kafka Real-Time Data Pipelines http://kafka.apache.org/ Joe Stein Developer,

Apache Kafka Real-Time Data Pipelines http://kafka.apache.org/ Joe Stein Developer,

Apache Kafka Real-Time Data Pipelines http://kafka.apache.org/ Joe Stein Developer, Architect & Technologist Founder & Principal Consultant => Big Data Open Source Security LLC - http://stealth.ly Big Data Open Source

637 views • 40 slides
A (Probably not) Project Proposal: Spark Streaming vs Apache Storm for Real-time Event Detection

A (Probably not) Project Proposal: Spark Streaming vs Apache Storm for Real-time Event Detection

A (Probably not) Project Proposal: Spark Streaming vs Apache Storm for Real-time Event Detection Niall Egan November 2019 Streaming Dataflow Dataflow systems weve seen so far (e.g. MapReduce, Spark) are batch-processing systems

280 views • 7 slides
Data at the Speed of your Users Apache Cassandra and Spark for simple, distributed, near real-time

Data at the Speed of your Users Apache Cassandra and Spark for simple, distributed, near real-time

Data at the Speed of your Users Apache Cassandra and Spark for simple, distributed, near real-time stream processing. GOTO Copenhagen 2014 Rustam Aliyev Solution Architect at . @rstml Big Data? Photo:

675 views • 49 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise @atrato_io October 30, 2017, Dagstuhl Seminar Stream Processing with Apache Apex Real-time visualization, Transform / Analytics Data Sources Data

398 views • 22 slides
Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is Apache Flink? Distributed Data Flow Processing System Focused on large-scale data analytics Real-time stream and batch processing Easy and

667 views • 39 slides
How-to for real-time streaming and analytics at scale with Apache Kafka and Apache Ignite Viktor

How-to for real-time streaming and analytics at scale with Apache Kafka and Apache Ignite Viktor

How-to for real-time streaming and analytics at scale with Apache Kafka and Apache Ignite Viktor Gamov, Confluent, @gamussa Denis Magda, GridGain, @denismagda Digital Transformations Challenges Application Layer 10-100x more queries and

347 views • 18 slides
Modeling and Analysis of Data Flow Graphs using the Digraph Real-Time Task Model Morteza

Modeling and Analysis of Data Flow Graphs using the Digraph Real-Time Task Model Morteza

Modeling and Analysis of Data Flow Graphs using the Digraph Real-Time Task Model Morteza Mohaqeqi, Jakaria Abdullah, and Wang Yi Uppsala University Ada-Europe 2016 Overview Introduction Data Flow Graphs: [ 1 , 3 ] [ 2 ] Signal processing a

508 views • 46 slides
Predicting Share Prices in Real-Time with Apache Spark and Apache Ignite MANUEL MOURATO Summary

Predicting Share Prices in Real-Time with Apache Spark and Apache Ignite MANUEL MOURATO Summary

Predicting Share Prices in Real-Time with Apache Spark and Apache Ignite MANUEL MOURATO Summary What is the stock market? Making a profit on volatility: Scalp trading Looking at first hour price swings The need for an in-memory

482 views • 32 slides
Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic protocol for real-time traffic Protocol for the management of data flow Secure version of the protocol 2 What is real-time (time of

629 views • 33 slides
Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honeypot Environment Eric Badger Masters Student Computer Engineering 1 Overview Introduction/Motivation Challenges

508 views • 30 slides
I Logs Apache Kafka, Stream Processing, and Real-time Data Jay Kreps The Plan 1. What is Data

I Logs Apache Kafka, Stream Processing, and Real-time Data Jay Kreps The Plan 1. What is Data

I Logs Apache Kafka, Stream Processing, and Real-time Data Jay Kreps The Plan 1. What is Data Integration? 2. What is Apache Kafka? 3. Logs and Distributed Systems 4. Logs and Data Integration 5. Logs and Stream Processing Data Integration

661 views • 42 slides
Journey to a Real-Time Enterprise Neha Narkhede, Co-founder/CTO at Confluent, Co-Creator Apache

Journey to a Real-Time Enterprise Neha Narkhede, Co-founder/CTO at Confluent, Co-Creator Apache

Journey to a Real-Time Enterprise Neha Narkhede, Co-founder/CTO at Confluent, Co-Creator Apache Kafka Infrastructure Technology ? Relational Data Database Warehousing Management Systems Adoption in Silicon Valley Adoption in Silicon

867 views • 45 slides
The Viola/Jones Face Detector (2001) A widely used method for real-time object detection.

The Viola/Jones Face Detector (2001) A widely used method for real-time object detection.

The Viola/Jones Face Detector (2001) A widely used method for real-time object detection. Training is slow, but detection is very fast. (Most slides from Paul Viola) Classifier is Learned from Labeled Data Training Data 5000

548 views • 21 slides
Apache Hadoop YARN: The Next- generation Distributed Operating System Zhijie Shen & Jian He

Apache Hadoop YARN: The Next- generation Distributed Operating System Zhijie Shen & Jian He

Apache Hadoop YARN: The Next- generation Distributed Operating System Zhijie Shen & Jian He @ Hortonworks About Us Software Engineer @ Hortonworks, Inc. Hadoop Committer @ The Apache Foundation Were doing YARN! Agenda

562 views • 29 slides
Your Program on Apache Spark GTC 2017 Kazuaki Ishizaki + , Madhusudanan Kandasamy * , Gita

Your Program on Apache Spark GTC 2017 Kazuaki Ishizaki + , Madhusudanan Kandasamy * , Gita

Leverage GPU Acceleration for Your Program on Apache Spark GTC 2017 Kazuaki Ishizaki + , Madhusudanan Kandasamy * , Gita Koblents - + IBM Research Tokyo * IBM India - IBM Canada 1 Spark is Becoming Popular for Parallel Computing Write a

332 views • 21 slides
OFBiz CRM, presentation, functionalities Nicolas Malin, Nov. 2012 Agenda CRM and functional

OFBiz CRM, presentation, functionalities Nicolas Malin, Nov. 2012 Agenda CRM and functional

OFBiz CRM, presentation, functionalities Nicolas Malin, Nov. 2012 Agenda CRM and functional framework Demonstration, in the use Conclusion Apache OFBiz functional framework CRM B2B is a addon composant No modification on

107 views • 6 slides
Boosters Programs Apache Junction High Schools Boosters programs are dictated by policy KJA

Boosters Programs Apache Junction High Schools Boosters programs are dictated by policy KJA

Boosters Programs Apache Junction High Schools Boosters programs are dictated by policy KJA Policy KJA requires that all booster organizations report the previous school years finances to the Office of the superintendent by July

168 views • 14 slides
Analyzing Weather Data with Apache Spark Jeremie Juban Tom Kunicki Introduction Who we

Analyzing Weather Data with Apache Spark Jeremie Juban Tom Kunicki Introduction Who we

Analyzing Weather Data with Apache Spark Jeremie Juban Tom Kunicki Introduction Who we are Professional Services Division of The Weather Company What we do Aviation Energy Insurance Retail Apache

443 views • 19 slides
Investor presentation September 2014 0 Disclaimer THIS DOCUMENT IS CONFIDENTIAL This document

Investor presentation September 2014 0 Disclaimer THIS DOCUMENT IS CONFIDENTIAL This document

Investor presentation September 2014 0 Disclaimer THIS DOCUMENT IS CONFIDENTIAL This document has been prepared and issued by and is the sole responsibility of Ophir Energy plc (the Company ) and its subsidiaries for selected recipients.

566 views • 29 slides
Turning Data Into Business Value Qwertee 101: Finding Your Next Data Partner Data-Intensive

Turning Data Into Business Value Qwertee 101: Finding Your Next Data Partner Data-Intensive

Turning Data Into Business Value Qwertee 101: Finding Your Next Data Partner Data-Intensive Software Services We cover the full scope of data-intensive application development. From data engineering, machine learning to production-ready cloud

212 views • 9 slides
HELPING THE PEOPLE SERVICES! San Carlos Apache Tribe TANF/Public Transit Director FY16 GOALS

HELPING THE PEOPLE SERVICES! San Carlos Apache Tribe TANF/Public Transit Director FY16 GOALS

NNEE BICHO NII (TANF) HELPING THE PEOPLE SERVICES! San Carlos Apache Tribe TANF/Public Transit Director FY16 GOALS ADOT & SCAT Partnership Meeting-July 28, 2015 FY16 GOALS Continue WPR rate of 48.7% Families Participating!

51 views • 4 slides

More recommend