using substructure mining to
play

Using Substructure Mining to Identify Misbehavior in Network - PowerPoint PPT Presentation

Nov 23, 2022 •175 likes •582 views

Using Substructure Mining to Identify Misbehavior in Network Provenance Graphs David DeBoer, Georgetown University Wenchao Zhou, Georgetown University Lisa Singh, Georgetown University June 23, 2013, GRADES Workshop, SIGMOD 2013 New York, NY

  1. Using Substructure Mining to Identify Misbehavior in Network Provenance Graphs David DeBoer, Georgetown University Wenchao Zhou, Georgetown University Lisa Singh, Georgetown University June 23, 2013, GRADES Workshop, SIGMOD 2013 New York, NY

  2. Distributed Systems  Distributed systems have seen huge success  They touch many parts of our daily lives  Faults are costly  Monitoring and maintenance is difficult  Network Provenance is a proposed solution F E A D I J G B C H

  3. Our Contribution  Leverage the dependency graph of network provenance for a substructure mining application  Find common execution patterns  Use them as a feature set to identify misbehaving nodes  Use heuristics to find substructures more quickly  Implement with a graph database, neo4j  Perform extensive evaluation F E A D I J G B C H

  4. Proposed System Architecture Sub- structure Search

  5. Example: Network Provenance A B C F E A D I J G B C H

  6. Example: Provenance Graph

  7. Example: Provenance Graph

  8. Example: Provenance Graph

  9. Example: Provenance Graph

  10. Example: Provenance Graph

  11. Example: Provenance Graph

  12. Example: Provenance Graph  One Hop Path

  13. Example: Provenance Graph  Multi Hop Path

  14. Example: Provenance Graph

  15. Example: Provenance Graph

  16. Example: Provenance Graph  One Hop Path

  17. Example: Provenance Graph  Multi Hop Path

  18. Example: Provenance Graph

  19. Example: Provenance Graph

  20. Example: Provenance Graph  One Hop Path

  21. Example: Provenance Graph  No Multi Hop Path

  22. Proposed System Architecture Sub- structure Search

  23. Substructure Mining  Substructure mining is the search for “good” subgraphs within a graph or set of graphs  Two parts:  Searching the space of possible substructures  Finding instances of an individual substructure

  24. Substructure Mining: Substructures  Many Possible  Graph substructures C A A B C B C C A

  25. Substructure Mining: Instances  Graph  Substructure C A A C A A B C B C B C C A

  26. Subdue  Classical substructure mining algorithm (N.S.Ketkar et al., 2005)  Substructures are evaluated based on how well they compress the full graph  Compression calculated based on non-overlapping instances  Subdue uses a guided beam search to search the space of possible substructures  Structures from a previous iteration are expanded, tested, and only the best of the expanded go on to the next iteration (beam size = number of the best substructures)

  27. Substructure Mining: Subdue  Graph  Substructure C A A C AC A A B C AC ABC ABC B C B C AC C A

  28. Substructure Mining: Subdue  Compressed Graph 1  Compressed Graph 2 C AC AC B ABC ABC B AC C A C

  29. Proposed System Architecture Sub- structure Search

  30. Heuristics  Limiting the number of substructures to search  Duplicate Substructure Reduction  Outward Expansion  Speeding up the search for substructure instances  Infrequent Start Vertex  Start Vertex Reuse

  31. Duplicate Substructure Reduction  During the expansion of substructures you duplicate substructures are created and tested.  We incorporated aspects of Gspan (Yan and Han, 2003) to help reduce the number of duplicates link link Expands T o link Or r2 r2 r2 r2 r2 r2 r3 r3

  32. Outward Expansion  When determining new substructures to search for, only expand using outgoing edges  A possible problem is that certain types of substructures will be ignored. link r3 link link Expands T o r2 r2 r2 r2 r2 r2 Not r2 r3 r3 r3

  33. Infrequent Start Vertex  Testing a substructure instance starts with a single vertex  Pick start vertices based on the least frequently occurring vertex type in the substructure B A A B A B B B B B

  34. Start Vertex Reuse  Good substructures get expanded to new substructures  Save the subset of start vertices which have a match  New substructures can take advantage of the information from the previous substructure B A A B A B B B B B

  35. Experimental Setup  Use 5 different inferred intra-domain topologies from the Rocketfuel project (Spring et al., 2002) Dataset ASN Nodes Links |V(G)| |E(G)| 1 1221 108 306 16,227 28,090 2 1755 87 322 23,015 40,725 3 3257 161 656 52,848 94,568 4 6461 141 748 73,316 134,072 5 1239 315 1,944 317,066 592,038  Use a beam size of 10 with 100 expansions maximum  Evaluate run time, quality of substructures, and effect of beam size

  36. Experimental Runs  DB-OPTIMIZED: all heuristics using Neo4j  MEM-OPTIMIZED: all heuristics using in memory version  No-DUP-REDUCE: all heuristics except duplication reduction  No-EXPAND-OUT: all heuristics except outward expansion  No-REUSE: all heuristics except reuse of start vertices  BASE-LINE: no heuristics

  37. Results (Run Time)  Each heuristic improves the run time  DB version consistently outperforms the memory version

  38. Results (Compression)  Top compression results the same for each run

  39. Conclusion  Contributions  Apply substructure mining to network provenance  Implement algorithm using the neo4j graph database  Propose heuristics which take advantage of provenance structure  Perform extensive evaluation that shows strength of our approach  Future Work  Try other protocols  Use more advanced substructure mining techniques  Take advantage of the tree like structure of our graphs  Explore substructure mining for dynamic provenance graphs  Implement a complete system to test using misbehaving nodes

  40. References  N.S. Ketkar, L.B. Holder, and D.J. Cook. Subdue: compression-based frequent pattern discovery in graph data. In Proc. OSDM , 2005.  N. Spring, R. Mahajan, and D. Wetherall. Measuring isp topologies with rocketfuel. ACM SIGCOMM CCR , 32(4), 2002.  X. Yan and J. Han. Closegraph: mining closed frequent graph patterns. In Proc. SIGKDD , 2003.  W. Zhou, M. Sherr, T. Tao, X. Li, B. T. Loo, and Y. Mao. Efficient querying and maintenance of network provenance at Internet-scale. In Proc. SIGMOD, 2010.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

gSpan: Graph-Based Substructure Pattern Mining Xifeng Yan Jiawei Han Department of Computer

gSpan: Graph-Based Substructure Pattern Mining Xifeng Yan Jiawei Han Department of Computer

gSpan: Graph-Based Substructure Pattern Mining Xifeng Yan Jiawei Han Department of Computer Science University of Illinois at Urbana-Champaign xyan, hanj @uiuc.edu Abstract chemical compound dataset in 10 minutes

303 views • 4 slides
Effect of substructure on tidal streams Denis Erkal University of Surrey Halo Substructure and

Effect of substructure on tidal streams Denis Erkal University of Surrey Halo Substructure and

Effect of substructure on tidal streams Denis Erkal University of Surrey Halo Substructure and Dark Matter Searches , IFT Madrid, June 29th 2018 Milky Way Substructure Halo mass function Stars No Stars 200 kpc 10 4 10 10 Mass (M )

536 views • 37 slides
JET SUBSTRUCTURE AT THE LHC & BEYOND Simone Marzani Universit di Genova & INFN

JET SUBSTRUCTURE AT THE LHC & BEYOND Simone Marzani Universit di Genova & INFN

JET SUBSTRUCTURE AT THE LHC & BEYOND Simone Marzani Universit di Genova & INFN Sezione di Genova Interpreting the LHC Run 2 data and Beyond ICTP Trieste 27 th - 31 st May 2019 1 OUTLINE Jet substructure: where we are

474 views • 29 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

774 views • 20 slides
Jet Substructure Pedro Cal In collaboration with: Du ff Neill arXiv:1901.06389 arXiv:1911.xxxxx

Jet Substructure Pedro Cal In collaboration with: Du ff Neill arXiv:1901.06389 arXiv:1911.xxxxx

NNV Annual meeting November 1st, 2019 Jet Substructure Pedro Cal In collaboration with: Du ff Neill arXiv:1901.06389 arXiv:1911.xxxxx Felix Ringer Wouter Waalewijn Outline What are jets and why do they form? What is jet substructure? Jet

356 views • 34 slides
Web Mining Web Mining Web mining is the use of data mining techniques to automatically

Web Mining Web Mining Web mining is the use of data mining techniques to automatically

What is Web Mining? What is Web Mining? Web Mining Web Mining Web mining is the use of data mining techniques to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) Web mining aims to

566 views • 22 slides
Jet Substructure Adam Davison University College London 1 Outline Jets at the LHC

Jet Substructure Adam Davison University College London 1 Outline Jets at the LHC

Jet Substructure Adam Davison University College London 1 Outline Jets at the LHC Machine and ATLAS detector What is a jet? Jet substructure What is it? What can it do for us? Some ATLAS/Higgs bias here 2 Jets at

850 views • 50 slides
12. Dynamic Programming Memoization, Optimal Substructure, Overlapping Sub-Problems,

12. Dynamic Programming Memoization, Optimal Substructure, Overlapping Sub-Problems,

12. Dynamic Programming Memoization, Optimal Substructure, Overlapping Sub-Problems, Dependencies, General Procedure. Examples: Rod Cutting, Rabbits, Edit Distance [Ottman/Widmayer, Kap. 7.1, 7.4, Cormen et al, Kap. 15] 260 Fibonacci Numbers

1.15k views • 88 slides
Dynamical interaction between astrophysical systems and DM substructure; constraints on the

Dynamical interaction between astrophysical systems and DM substructure; constraints on the

Dynamical interaction between astrophysical systems and DM substructure; constraints on the smallest DM structures. Alma X. Gonzlez Morales (ICN, UNAM) with Octavio Valenzuela and Luis Aguilar (IA, UNAM) Motivation: Subsolar mass

442 views • 23 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) (another definition:

287 views • 15 slides
19. Dynamic Programming I (again) Memoization, Optimal Substructure, Overlapping

19. Dynamic Programming I (again) Memoization, Optimal Substructure, Overlapping

Fibonacci Numbers 19. Dynamic Programming I (again) Memoization, Optimal Substructure, Overlapping Sub-Problems, n if n < 2 F n := Dependencies, General Procedure. Examples: Fibonacci, Rod if n 2 . F n 1 + F n 2 Cutting,

562 views • 17 slides
Port of San Francisco Marine Structural Projects IV, (Pier 29 & 31.5 Substructure Repair)

Port of San Francisco Marine Structural Projects IV, (Pier 29 & 31.5 Substructure Repair)

Port of San Francisco Marine Structural Projects IV, (Pier 29 & 31.5 Substructure Repair) Contract No. 2790 January 3, 2018 AGENDA 1. Welcome & Introductions Andre Antonio 2. Project Overview Jonathan Roman 3. CMD Finbarr

329 views • 31 slides
Population Substructure and Control Selection in Genome-wide Association Studies Kai Yu, Ph.D.

Population Substructure and Control Selection in Genome-wide Association Studies Kai Yu, Ph.D.

Population Substructure and Control Selection in Genome-wide Association Studies Kai Yu, Ph.D. Division of Cancer Epidemiology and Genetics, NCI Acknowledgements CeRePP , France HSPH CGEMS & DCEG Olivier Cussenot David Hunter Gilles

485 views • 36 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) 1 2 The Web The Web

468 views • 23 slides
dark matter distribution in the Milky Way halo 1) observational evidence 2) substructure 3)

dark matter distribution in the Milky Way halo 1) observational evidence 2) substructure 3)

dark matter distribution in the Milky Way halo 1) observational evidence 2) substructure 3) density profiles Jrg Diemand UC Santa Cruz Sept 12, 2007

580 views • 39 slides
Jet Substructure at the LHC Wouter Waalewijn LANL - January 8, 2015 Outline Introduction

Jet Substructure at the LHC Wouter Waalewijn LANL - January 8, 2015 Outline Introduction

Jet Substructure at the LHC Wouter Waalewijn LANL - January 8, 2015 Outline Introduction Jet Charge Jet Mass Hadronization of Jets Quark/Gluon Discrimination Conclusions Introduction What is a Jet? Energetic quarks and

769 views • 60 slides
Probabilistic Methods for Complex Networks Lecture 2: Classical random graphs Prof. Sotiris

Probabilistic Methods for Complex Networks Lecture 2: Classical random graphs Prof. Sotiris

Probabilistic Methods for Complex Networks Lecture 2: Classical random graphs Prof. Sotiris Nikoletseas University of Patras and CTI , Patras 2019 - 2020 Prof. Sotiris Nikoletseas Probabilistic Methods in Complex Networks

724 views • 33 slides
Structural Evolution of the Internet Topology Hamed Haddadi Hamed.haddadi@cl.cam.ac.uk 9th

Structural Evolution of the Internet Topology Hamed Haddadi Hamed.haddadi@cl.cam.ac.uk 9th

Structural Evolution of the Internet Topology Hamed Haddadi Hamed.haddadi@cl.cam.ac.uk 9th November 2010 Mphil ACS Network Architecture Tuesday, 9 November 2010 Internet Topology Inference Characterisation Generation Evolution Tuesday, 9

257 views • 21 slides
3 forms of convexity in graphs & networks joint work with Lovro Subelj Tilen Marc

3 forms of convexity in graphs & networks joint work with Lovro Subelj Tilen Marc

3 forms of convexity in graphs & networks joint work with Lovro Subelj Tilen Marc University of Ljubljana University of Ljubljana Faculty of Computer and Institute of Mathematics, Information Science Physics and Mechanics COSTNET

341 views • 18 slides
Tree-like reticulation networks Andrew R Francis Centre for Research in Mathematics University

Tree-like reticulation networks Andrew R Francis Centre for Research in Mathematics University

Tree-like reticulation networks Andrew R Francis Centre for Research in Mathematics University of Western Sydney Australia Phylomania 2014. Andrew R Francis (CRM @ UWS) November 2014 1 / 13 Andrew R. Francis, Mike Steel Tree-like

784 views • 21 slides
Challenges for Efficient Query Evaluation on Structured Probabilistic Data SUM2016 SEPTEMBER

Challenges for Efficient Query Evaluation on Structured Probabilistic Data SUM2016 SEPTEMBER

Challenges for Efficient Query Evaluation on Structured Probabilistic Data SUM2016 SEPTEMBER 23, 2016, NICE Antoine Amarilli, Silviu Maniu, Mikal Monet 2 A probabilistic database R S a d d e f c f e a e d a c e b e Q c

682 views • 55 slides
Applications of Tuttes tree decomposition in the enumeration of bipartite graph families

Applications of Tuttes tree decomposition in the enumeration of bipartite graph families

Applications of Tuttes tree decomposition in the enumeration of bipartite graph families Juanjo Ru e , Kerstin Weller Nice Random Graphs Workshop Objects: graphs Labelled Graph = vertices+edges 3 5 2 4 1 Simple Graph = NO multiples

688 views • 29 slides
Large-Scale Topology Discovery Benoit Donnet, Timur Friedman LIP6-CNRS laboratory, UPMC, Paris

Large-Scale Topology Discovery Benoit Donnet, Timur Friedman LIP6-CNRS laboratory, UPMC, Paris

Large-Scale Topology Discovery Benoit Donnet, Timur Friedman LIP6-CNRS laboratory, UPMC, Paris ISMA Workshop on Internet Topology (WIT) CAIDA, UC San Diego - 10 May 2006 Context Network measurement Internet topology discovery -

686 views • 19 slides
Evaluating Databases for the Internet of Things David Gogrichiani Advisor(s): Stefan Liebald,

Evaluating Databases for the Internet of Things David Gogrichiani Advisor(s): Stefan Liebald,

Evaluating Databases for the Internet of Things David Gogrichiani Advisor(s): Stefan Liebald, Marc-Oliver Pahl Supervisor: Prof. Dr.-Ing. Georg Carle Technical University of Munich (TUM) Department of Informatics Chair of Network Architectures

489 views • 21 slides

More recommend