smartxac sentinel
play

SMARTxAC & Sentinel Maria Isabel Ganda, Communications Service - PowerPoint PPT Presentation

Jul 03, 2023 •339 likes •615 views

SMARTxAC & Sentinel Maria Isabel Ganda, Communications Service Manager, CESCA Maurizio Molina, CEO, 8th TF-NOC meeting, GRnet, Athens, 27-5-2013 Agenda SMARTxAC Introduction The evolution of the network and the evolution of

  1. SMARTxAC & Sentinel Maria Isabel Gandía, Communications Service Manager, CESCA Maurizio Molina, CEO, 8th TF-NOC meeting, GRnet, Athens, 27-5-2013

  2. Agenda ü SMARTxAC • Introduction • The evolution of the network and the evolution of the tool • Examples of use • Requirements for the new platform • Demo ü Sentinel • Traditional network monitoring approaches • Talaia Networks alternative vision • Sentinel Highlights • Demo • Talaia Networks Roadmap • Discussion

  3. About CESCA & Anella Científica Commercial Internet

  4. Symbiosis and collaboration ü SMARTxAC is the collaboration between UPC (CCABA) and CESCA. ü It is a platform made by the university where CESCA gets a useful and adaptable tool for the management of the network and for its users in Anella Científica and the university gets real material and feedback for the research and projects. ü Since 2003, SMARTxAC is daily used by CESCA to detect anomalies, attacks, performance problems, network faults, etc.

  5. SMARTxAC ü SMA Я TxAC: Traffic Monitoring and Analysis System for Anella Científica ( “ Sistema de Monitoratge i Anàlisi de TRàfic per l ’ Anella Científica ” ) ü Main objectives • Low-cost platform • Continuous monitoring of high-speed links without packet loss • Detection of network anomalies and irregular usage • Multi-user system: Network operators and Institutions

  6. Agenda ü SMARTxAC • Introduction • The evolution of the network and the evolution of the tool • Examples of use • Requirements for the new platform • Demo ü Sentinel • Traditional network monitoring approaches • Talaia Networks alternative vision • Sentinel Highlights • Demo • Talaia Networks Roadmap • Discussion

  7. How was it born? The background ü Previous monitoring and analysis projects: • CASTBA • MEHARI • MIRA ü With the collaboration among several universities • UPM (Universidad Politécnica de Madrid) • UC3M (Universidad Carlos III de Madrid) • UPC (Universitat Politècnica de Catalunya) ü And the participation of: • RedIRIS • CESCA • Telefónica Investigación y Desarrollo • Institut Català de Tecnologia

  8. From 1999 to 2001: The MIRA project 50% Internet 50% 50% 50% Development platform Traffic Analysis @UPC – CCABA System (Linux) ü The MIRA platform was mainly divided in two subsystems: • The Traffic Capture Subsystem was a modification of the OC3MON software for the PCA200 Fore ATM card adapter that provided periodic full IP packet samples (the traffic capture was done in a passive way). • The Traffic Analysis Subsystem had several modules that extracted different parameters of the network. ü The capture was: • Passive (using optical splitters) • Statistic (10% of real traffic maximum) • All the packet (header and payload)

  9. 2003: first stages of SMARTxAC 25% Internet 25% Private network Management network 25% 50% Result Capture platform Capture platform Traffic Analysis 50% Visualization @CESCA (DAG 4.3GE + @UPC - CCABA System (Linux) System GPS) Pentium IV 2.6 GHz. + 1 GB RAM Intel Xeon 2.4 GHz + 1 GB Pentium III 450 MHz Optical splitters RAM 2 x Endace DAG 4.3GE ü The capture was: GPS (Trimble Acutime 2000) • Passive (using optical splitters and the corresponding cards) • No sampling • Only the packet headers ü Initially, it was a measurement only of the connection between Anella Científica and RedIRIS ü The images were updated at the end of the day (not exactly real-time)

  10. 2004-2009: SMARTxAC with RedIRIS-Anella Científica flows 25% Internet 25% Private network Management network 25% 50% Capture platform Traffic Analysis Result Capture platform @CESCA (DAG 4.3GE + System (Linux) 50% Visualization @UPC - CCABA GPS) System Intel Xeon 2.4 GHz Pentium IV 2.6 GHz 1 GB RAM Optical splitters 1 GB RAM 2 x Endace DAG 4.3GE Pentium III 450 MHz GPS (Trimble Acutime 2000) The SMARTxAC platform was mainly divided in three subsystems: • The Traffic Capture Subsystem evolved from CAIDA Coralreef and UPC developments. Aggregated flows were sent to the Analysis System. • The Traffic Analysis Subsystem classified the flows (aggregation of 5-tuple flows into classified flows) . Classified flows: >1:1000 ( ≈ 60 GB/day à ≈ 50 MB/ day). Compared with header traces: > 1:250000 ( ≈ 13 TB/day) • The Visualization Subsystem was an apache website were graphics and reports were shown on demand.

  11. 2009-2011: all the external interfaces are captured 25% Internet 25% Private network Management network 25% 50% Result Capture platform Capture platform Traffic Analysis 50% Visualization @CESCA (DAG 4.3GE + @UPC - CCABA System (Linux) System GPS) Pentium IV 2.6 GHz 1 GB RAM Intel Xeon 2.4 GHz Pentium III 450 MHz Optical splitters 1 GB RAM 2 x Endace DAG 4.3GE GPS (Trimble Acutime 2000) ü After some time in the development platform, all the external interfaces captures (RedIRIS, Internet, CATNIX) were also available for the users

  12. 2011-2013: Netflow, new visualization 25% Internet 25% Private network Management network 25% 50% Result Capture platform Capture platform Traffic Analysis 50% Visualization @CESCA (DAG 4.3GE + @UPC - CCABA System (Linux) System GPS) Virtual machineUbuntu Virtual machine Server 64 bits, Intel Xeon 2.4 GHz 1 GB RAM Optical splitters 4 cpus 1 GB RAM 1 CPU 8 Gb de RAM 2 x Endace DAG 4.3GE 30 GB for logs GPS (Trimble Acutime 2000) ü The splitters are still used for the Deep Packet Inspection (DPI) ü All the internal and external interfaces are measured ü Offline analysis with DPI patterns, based on Machine Learning techniques.

  13. 2011-2013: Netflow, new visualization Port Number Machine learning 8.17% 0.30% A_UKNWN DNS 19.65% 18.47% 0.51% FTP 8.48% GAMES 1.52% IRC 0.10% 0.30% MAIL 0.43% 2.97% 0.48% MULTIMEDIA 2.43% NETFS 47.39% 9.67% NETWORK 10.34% NEWS NO_TCPUDP 1.22% OTHERS P2P 5.42% 7.97% T_UKNWN 2.26% TELNET 0.10% UNIX 40.07% 0.53% 2.48% WWW 6.04% 0.55% 0.08% 0.23% 1.84%

  14. 2011-2013: more points of capture Providers Backup ISP A ISP B ISP C REDIRIS VAL ORANGE BCN1 REDIRIS ARA ORANGE BCN2 º Optical splitters CESCA-CN CESCA-T Capture, analysis and monitoring servers Institutions @CESCA1 @CESCA2 @REDIRIS With netflow With splitters only

  15. 2011-2013: Netflow, new visualization ü New web interface using javascripts: • More statistics • More real anomalies • Zoomable • Filterable • Easier for the users • With usage statistics

  16. The evolution of the network, the tool and the research 2001 End of the MIRA project 2002 Presentation at the TNC2002 Jordi Domingo, Josep Solé 2003 From 155 Mbps ATM to 1 Gbps Ethernet UPC-CESCA agreement New capture cards (Endace DAG 4.23) Presentation at the RedIRIS Conference (Jornadas Técnicas) Change of splitters (1st window -> 2nd) 2004 Final Theses (from perl to C) Eva Codina 1st prototype at CESCA Final Theses (Automatic detection of Adnan Berberovic anomalies) Stage at Endace Presentation at the Anella Científica Conference (Trobada de l’Anella Científica, TAC) Pere Barlet

  17. The evolution of the network, the tool and the research (II) SMARTxAC was successfully tested on one of the NLANR OC192MON’s at the San Diego Supercomputing Center TeraGrid cluster 2005 1st Anella Científica users 1st workshop for the users 2006 Capture cards for the CATNIX and commercial connections (development) Presentation at the TNC2006 Pere Barlet Final Theses Derek Hossak Digital certificates (cards) ok 2007 New capture cards From 2 Gbps to 10 Gbps New splitters adapting the platform to the 10 Gbps link.

  18. The evolution of the network, the tool and the research (III) 2008 Doctoral Theses Pere Barlet All the external lines presented 2009 2010 New DAG 2011 Netflow, testbed users New platform Master Theses Ismael Castell From 10 Gbps to 20 Gbps 2012 Doctoral Theses Josep Sanjuàs 2013 is born!

  19. Agenda ü SMARTxAC • Introduction • The evolution of the network and the evolution of the tool • Examples of use • Requirements for the new platform • Demo ü Sentinel • Traditional network monitoring approaches • Talaia Networks alternative vision • Sentinel Highlights • Demo • Talaia Networks Roadmap • Discussion

  20. An example from 2006: Port Scanning (I) ü Traffic profile per application (bps)

  21. An example from 2006: Port Scanning (I) ü Traffic profile per application (flows/s)

  22. An example from April 2013

  23. An example from April 2013

  24. Agenda ü SMARTxAC • Introduction • The evolution of the network and the evolution of the tool • Examples of use • Requirements for the new platform • Demo ü Sentinel • Traditional network monitoring approaches • Talaia Networks alternative vision • Sentinel Highlights • Demo • Talaia Networks Roadmap • Discussion

  25. Our current requirements ü Classification of the traffic following the Institutions / Points of access by default ü Customizable filters available to users (with a maximum threshold) ü Correlated TopN for input and output ü CSV reports ü Multi-user and multi-view ü Integrated with other sources of alarms (for instance, T. Cymru) ü Integrated with our databases

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SMARTxAC SMARTxAC Collaboration agreement started on July 2003 h UPC (Technical University of

SMARTxAC SMARTxAC Collaboration agreement started on July 2003 h UPC (Technical University of

SMARTxAC: Traffic Monitoring and Analysis System for high-speed links Pere Barlet Josep Sol-Pareta Jordi Domingo-Pascual Advanced Broadband Communications Center (CCABA) {pbarlet, pareta, jordid}@ac.upc.es Technical University

561 views • 23 slides
Topics for Discussion What is a sentinel lymph node (SLN)? Utility of sentinel lymph biopsies:

Topics for Discussion What is a sentinel lymph node (SLN)? Utility of sentinel lymph biopsies:

5/17/2013 Topics for Discussion What is a sentinel lymph node (SLN)? Utility of sentinel lymph biopsies: therapeutic or staging? Thin Melanoma and Sentinel Node Dissection Groin Mapping Superficial/Deep Current Treatment of Timing of

581 views • 18 slides
SENTINEL TESTING, RESULTS TO DATE TOTAL NUMBERS: Inmates have been tested at the Butte

SENTINEL TESTING, RESULTS TO DATE TOTAL NUMBERS: Inmates have been tested at the Butte

MONTANA DEPARTMENT OF CORRECTIONS + COVID-19 RESPONSE UPDATE LAW AND JUSTICE INTERIM COMMITTEE JUNE 30, 2020 + COVID-19 SENTINEL TESTING AT DOC FACILITIES + COVID-19 SENTINEL TESTING MAY 21, 2020 DOC started sentinel testing of

511 views • 12 slides
Mini-Sentinel Common Data Model Lesley Curtis on behalf of the Mini-Sentinel Data Core May 8,

Mini-Sentinel Common Data Model Lesley Curtis on behalf of the Mini-Sentinel Data Core May 8,

Mini-Sentinel Common Data Model Lesley Curtis on behalf of the Mini-Sentinel Data Core May 8, 2013 info@mini-sentinel.org 1 Guiding principles (selected) Accommodates all requirements of Mini-Sentinel and can evolve to meet expanded

254 views • 10 slides
Sentinel Landscapes Sentinel Landscapes are working or natural lands important to the Nations

Sentinel Landscapes Sentinel Landscapes are working or natural lands important to the Nations

Sentinel Landscapes Sentinel Landscapes are working or natural lands important to the Nations defense mission places where preserving the working and rural character of key landscapes strengthens farms, ranches, and forests economically;

307 views • 11 slides
Status of Sentinel-1 and acquisition plans for GFOI Frank Martin Seifert, Pierre Potin, Johannes

Status of Sentinel-1 and acquisition plans for GFOI Frank Martin Seifert, Pierre Potin, Johannes

Status of Sentinel-1 and acquisition plans for GFOI Frank Martin Seifert, Pierre Potin, Johannes Roeder, ESA Earth Observation Programme 5 th Space Data Coordination, ESRIN, Frascati, 24 February 2014 GMES Sentinel Missions Sentinel 1

268 views • 16 slides
Sentinel Mine & Enterprise Project Analyst presentation October 2015 1 Trident Project

Sentinel Mine & Enterprise Project Analyst presentation October 2015 1 Trident Project

Sentinel Mine & Enterprise Project Analyst presentation October 2015 1 Trident Project location 2 Orientation project layout YOU ARE HERE 3 Sentinel Mine 4 Total Sentinel capex $2.1billion Total Sentinel capex = approx

352 views • 33 slides
Sentinel Initiative Public Workshop The Brookings Institution Marriott Wardman Park Washington,

Sentinel Initiative Public Workshop The Brookings Institution Marriott Wardman Park Washington,

Sentinel Initiative Public Workshop The Brookings Institution Marriott Wardman Park Washington, DC January 31, 2013 Development of the Sentinel System through Public-Private Collaboration FDA awards Mini-Sentinel Brookings able to query

316 views • 3 slides
FDA's Mini Sentinel Program to FDA s Mini Sentinel Program to Evaluate the Safety of Marketed

FDA's Mini Sentinel Program to FDA s Mini Sentinel Program to Evaluate the Safety of Marketed

FDA's Mini Sentinel Program to FDA s Mini Sentinel Program to Evaluate the Safety of Marketed Medical Products d l d Update and Focus on Communications Focus on Communications Richard Platt Harvard Pilgrim Health Care Institute Harvard

408 views • 29 slides
Leaders Meeting Sentinel event Annual report 2016-17 Overview Update re Incident Response Team

Leaders Meeting Sentinel event Annual report 2016-17 Overview Update re Incident Response Team

Quarterly Quality & Safety Leaders Meeting Sentinel event Annual report 2016-17 Overview Update re Incident Response Team Summary of Sentinel Event data 2013-2017 Overview of Sentinel Event data 2016/17 Ambitions for 2018+ Sentinel Event

235 views • 21 slides
FDA Mini-Sentinel as a National Resource Jeffrey Brown Harvard Pilgrim Health Care Institute

FDA Mini-Sentinel as a National Resource Jeffrey Brown Harvard Pilgrim Health Care Institute

Opportunities to Expand the Public Health Impact of the Sentinel Initiative FDA Mini-Sentinel as a National Resource Jeffrey Brown Harvard Pilgrim Health Care Institute Harvard Medical School January 31, 2013 info@mini-sentinel.org 1 Outline

476 views • 16 slides
Sentinel-1 Constellation SAR Interferometry Performance Verification Dirk Geudtner, Pau Prats,

Sentinel-1 Constellation SAR Interferometry Performance Verification Dirk Geudtner, Pau Prats,

Sentinel-1 Constellation SAR Interferometry Performance Verification Dirk Geudtner, Pau Prats, Nestor Yague-Martinz, Francesco De Zan, Helko Breit, Yngvar Larsen, Andrea Monti-Guaneri and Ramn Torres 1 Sentinel 1 Mission Facts A

483 views • 30 slides
Promises and Challenges of Screening for Adverse Events in Sentinel Michael D. Nguyen, MD FDA

Promises and Challenges of Screening for Adverse Events in Sentinel Michael D. Nguyen, MD FDA

Promises and Challenges of Screening for Adverse Events in Sentinel Michael D. Nguyen, MD FDA Sentinel Lead Office of Surveillance and Epidemiology Center for Drug Evaluation and Research August 28, 2017 Plan for Talk When and why does

570 views • 23 slides
Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser

Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser

Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser use only To watch over and guard Headlines Sentinel Defensive Fund Tough start for the Fund Sentinel Perfect storm Falling

202 views • 17 slides
Arrive, enjoy refreshments, chat to old friends A Presentation commences @ 10:00 B Sentinel

Arrive, enjoy refreshments, chat to old friends A Presentation commences @ 10:00 B Sentinel

01-Aug-19 Arrive, enjoy refreshments, chat to old friends A Presentation commences @ 10:00 B Sentinel Retirement Funds Standing 1 Interesting Pensioner Statistics 2 Sentinel Investments 3 Up-To-Date Pension Increase Indicators 4

824 views • 18 slides
Sentinel and alert system (detection of new WRDs), by the network of French Occupational Diseases

Sentinel and alert system (detection of new WRDs), by the network of French Occupational Diseases

Methodologies to identify work-related diseases (WRD) Review on sentinel and alert systems Seminar to discuss the current approaches, Brussels 18 May 2017 Sentinel and alert system (detection of new WRDs), by the network of French Occupational

1.03k views • 60 slides
Outline Introduction PGAS Chapel Motivation Related Studies Benchmarks

Outline Introduction PGAS Chapel Motivation Related Studies Benchmarks

Outline Introduction PGAS Chapel Motivation Related Studies Benchmarks Versions Evaluation Conclusion 5/27/16 Engin Kayraklioglu - CHIUW 2016 1 Introduction - PGAS Actual Abstraction 5/27/16 Engin

787 views • 32 slides
Compilation Techniques for Partitioned Global Address Space Languages Katherine Yelick U.C.

Compilation Techniques for Partitioned Global Address Space Languages Katherine Yelick U.C.

Compilation Techniques for Partitioned Global Address Space Languages Katherine Yelick U.C. Berkeley and Lawrence Berkeley National Lab http://titanium.cs.berkeley.edu http://upc.lbl.gov 1 Charm++ 2007 Kathy Yelick HPC Programming: Where

575 views • 42 slides
Using XACML for access control in Social Networks Anna Carreras, Eva Rodrguez, Jaime Delgado

Using XACML for access control in Social Networks Anna Carreras, Eva Rodrguez, Jaime Delgado

Using XACML for access control in Social Networks Anna Carreras, Eva Rodrguez, Jaime Delgado Distributed Multimedia Applications Group (DMAG) Universitat Politcnica de Catalunya (UPC) W3C Workshop on Access Control Application Scenarios

712 views • 24 slides
Indrustry/Academic partnership: y p p ageme an experience at DAMA-UPC Mana Josep-L.

Indrustry/Academic partnership: y p p ageme an experience at DAMA-UPC Mana Josep-L.

PC nt - UP Indrustry/Academic partnership: y p p ageme an experience at DAMA-UPC Mana Josep-L. Larriba-Pey Data Expertise UPC, Technical University of Catalunya, Barcelona. Formed by 25 members, 3 professors (2 CS, 1 statistitian),

393 views • 6 slides
Brexit means Brexit Olivia Murphy Chartered & European Patent Attorney Haseltine Lake

Brexit means Brexit Olivia Murphy Chartered & European Patent Attorney Haseltine Lake

Brexit means Brexit Olivia Murphy Chartered & European Patent Attorney Haseltine Lake LLP Latest News Brexit Day: 29 March 2019 Draft agreement published reflecting state of negotiations between UK and EU on transitional

783 views • 21 slides
AT THE LHC Mariola Kusek-Gawenda INSTITUTE OF NUCLEAR PHYSICS POLISH ACADEMY OF SCIENCE

AT THE LHC Mariola Kusek-Gawenda INSTITUTE OF NUCLEAR PHYSICS POLISH ACADEMY OF SCIENCE

MESON2018 FUSION IN HEAVY ION UPC I MPORTANCE OF MESONS EPA IN L IGHT - BY -L IGHT SCATTERING SCATTERING E > 5 G E V E < 5 G E V IN ULTRAPERIPHERAL LEAD - LEAD COLLISIONS E < 2 G E V C ONCLUSION AT THE LHC Mariola

504 views • 22 slides
Symmetries of b-manifolds and their generalizations Eva Miranda UPC-Barcelona Exterior

Symmetries of b-manifolds and their generalizations Eva Miranda UPC-Barcelona Exterior

Symmetries of b-manifolds and their generalizations Eva Miranda UPC-Barcelona Exterior differential systems and Lie theory Fields Institute, Toronto Eva Miranda (UPC) Exterior differential systems and Lie theory December 10, 2013 1 / 19

646 views • 23 slides
NAS FT Variants Performance Summary Best MFlop rates for all NAS FT Benchmark versions 1100 .5

NAS FT Variants Performance Summary Best MFlop rates for all NAS FT Benchmark versions 1100 .5

NAS FT Variants Performance Summary Best MFlop rates for all NAS FT Benchmark versions 1100 .5 Tflops Best NAS Fortran/MPI 1000 Best NAS Fortran/MPI Best MPI (always Slabs) 1000 Best MPI Best UPC (always Pencils) 900 Best UPC 800 800

234 views • 4 slides

More recommend