Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012732
D. Harutyunyan, Riccardo Fedrizzi, Nashid Shahriar, R. Boutaba, R. Riggio
5G networks are characterized by massive device connectivity, supporting a wide range of novel applications with their diverse Quality of Service (QoS) requirements. This poses a challenge since 5G as one-fits-all technology has to simultaneously address all these requirements. Network slicing has been proposed to cope with this challenge, calling for efficient slicing and slice placement strategies in order to ensure that the slice requirements (e.g., latency, data rate) are met, while the network resources are utilized in the most optimal manner. In this paper, we compare different end-to-end (E2E) slice placement strategies by formulating and solving a Mixed Integer Linear Programming (MILP) slice placement problem and study their trade-offs. E2E slice requests are modelled as Service Functions Chains (SFC), in which each core network and radio access network component is represented as a Virtual Network Function (VNF). Based on the analysis of the results, we then propose a slice placement heuristic algorithm whose objective is to minimize the number of VNF migrations in the network and their impact onto the slices while, at the same time, optimizing the network utilization and making sure that the QoS requirements of the considered slice requests are satisfied. The results of the simulations demonstrate the efficiency of the proposed algorithm.
{"title":"Orchestrating End-to-end Slices in 5G Networks","authors":"D. Harutyunyan, Riccardo Fedrizzi, Nashid Shahriar, R. Boutaba, R. Riggio","doi":"10.23919/CNSM46954.2019.9012732","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012732","url":null,"abstract":"5G networks are characterized by massive device connectivity, supporting a wide range of novel applications with their diverse Quality of Service (QoS) requirements. This poses a challenge since 5G as one-fits-all technology has to simultaneously address all these requirements. Network slicing has been proposed to cope with this challenge, calling for efficient slicing and slice placement strategies in order to ensure that the slice requirements (e.g., latency, data rate) are met, while the network resources are utilized in the most optimal manner. In this paper, we compare different end-to-end (E2E) slice placement strategies by formulating and solving a Mixed Integer Linear Programming (MILP) slice placement problem and study their trade-offs. E2E slice requests are modelled as Service Functions Chains (SFC), in which each core network and radio access network component is represented as a Virtual Network Function (VNF). Based on the analysis of the results, we then propose a slice placement heuristic algorithm whose objective is to minimize the number of VNF migrations in the network and their impact onto the slices while, at the same time, optimizing the network utilization and making sure that the QoS requirements of the considered slice requests are satisfied. The results of the simulations demonstrate the efficiency of the proposed algorithm.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124489424","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/cnsm46954.2019.9012690
{"title":"CNSM 2019 TOC","authors":"","doi":"10.23919/cnsm46954.2019.9012690","DOIUrl":"https://doi.org/10.23919/cnsm46954.2019.9012690","url":null,"abstract":"","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131809434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012687
Liam Fallon, J. Keeney, R. Verma
Taking an autonomic approach to management and using closed control loops has been the subject of much research in the Network management community since the early 2000s. It is fair to say that Network Management system developers and users have not adopted Autonomic Management approaches very widely. Most network management systems continue to use an ITU TMN inspired layered approach to management.In recent years, a trend towards implementing autonomic management and closed control loops on management systems built using a TMN architecture has emerged in practice. This trend is requirement driven; an autonomic approach is taken when there is no other option for implementing a feature. It is clear to see a closed control loop approach being taken to implement C-SON (Centralized Self Organizing Networks) features in 4G network management systems in the early 2010s. Autonomic approaches are even more apparent in systems such as ONAP that implement SDN and NFV orchestration. However, the implementation of closed control loops is often pragmatic and rigid, focused on the feature being delivered. Providing systemized support for control loops is in its infancy and has much to learn from the extensive autonomic management literatureThis paper surveys the current state of autonomic management in practice and outlines some research challenges that must be addressed to allow it to be systematically supported in current management systems, with a particular focus on ONAP.
{"title":"Autonomic Closed Control Loops for Management, an idea whose time has come?","authors":"Liam Fallon, J. Keeney, R. Verma","doi":"10.23919/CNSM46954.2019.9012687","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012687","url":null,"abstract":"Taking an autonomic approach to management and using closed control loops has been the subject of much research in the Network management community since the early 2000s. It is fair to say that Network Management system developers and users have not adopted Autonomic Management approaches very widely. Most network management systems continue to use an ITU TMN inspired layered approach to management.In recent years, a trend towards implementing autonomic management and closed control loops on management systems built using a TMN architecture has emerged in practice. This trend is requirement driven; an autonomic approach is taken when there is no other option for implementing a feature. It is clear to see a closed control loop approach being taken to implement C-SON (Centralized Self Organizing Networks) features in 4G network management systems in the early 2010s. Autonomic approaches are even more apparent in systems such as ONAP that implement SDN and NFV orchestration. However, the implementation of closed control loops is often pragmatic and rigid, focused on the feature being delivered. Providing systemized support for control loops is in its infancy and has much to learn from the extensive autonomic management literatureThis paper surveys the current state of autonomic management in practice and outlines some research challenges that must be addressed to allow it to be systematically supported in current management systems, with a particular focus on ONAP.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"1520 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131747064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012752
Sarah Shah, Yasaman Amannejad, Diwakar Krishnamurthy, Mea Wang
The Apache Spark cluster computing platform is being increasingly used to develop big data analytics applications. There are many scenarios that require quick estimates of the execution time of any given Spark application. For example, users and operators of a Spark cluster often require quick insights on how the execution time of an application is likely to be impacted by the resources allocated to the application, e.g., the number of Spark executor cores assigned, and the size of the data to be processed. Job schedulers can benefit from fast estimates at runtime that would allow them to quickly conFigure a Spark application for a desired execution time using the least amount of resources. While others have developed models to predict the execution time of Spark applications, such models typically require extensive prior executions of applications under various resource allocation settings and data sizes. Consequently, these techniques are not suited for situations where quick predictions are required and very little cluster resources are available for the experimentation needed to build a model. This paper proposes an alternative approach called PERIDOT that addresses this limitation. The approach involves executing a given application under a fixed resource allocation setting with two different-sized, small subsets of its input data. It analyzes logs from these two executions to estimate the dependencies between internal stages in the application. Information on these dependencies combined with knowledge of Spark’s data partitioning mechanisms is used to derive an analytic model that can predict execution times for other resource allocation settings and input data sizes. We show that deriving a model using just these two reference executions allows PERIDOT to accurately predict the performance of a variety of Spark applications spanning text analytics, linear algebra, machine learning and Spark SQL. In contrast, we show that a state-of-the-art machine learning based execution time prediction algorithm performs poorly when presented with such limited training data.
{"title":"Quick Execution Time Predictions for Spark Applications","authors":"Sarah Shah, Yasaman Amannejad, Diwakar Krishnamurthy, Mea Wang","doi":"10.23919/CNSM46954.2019.9012752","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012752","url":null,"abstract":"The Apache Spark cluster computing platform is being increasingly used to develop big data analytics applications. There are many scenarios that require quick estimates of the execution time of any given Spark application. For example, users and operators of a Spark cluster often require quick insights on how the execution time of an application is likely to be impacted by the resources allocated to the application, e.g., the number of Spark executor cores assigned, and the size of the data to be processed. Job schedulers can benefit from fast estimates at runtime that would allow them to quickly conFigure a Spark application for a desired execution time using the least amount of resources. While others have developed models to predict the execution time of Spark applications, such models typically require extensive prior executions of applications under various resource allocation settings and data sizes. Consequently, these techniques are not suited for situations where quick predictions are required and very little cluster resources are available for the experimentation needed to build a model. This paper proposes an alternative approach called PERIDOT that addresses this limitation. The approach involves executing a given application under a fixed resource allocation setting with two different-sized, small subsets of its input data. It analyzes logs from these two executions to estimate the dependencies between internal stages in the application. Information on these dependencies combined with knowledge of Spark’s data partitioning mechanisms is used to derive an analytic model that can predict execution times for other resource allocation settings and input data sizes. We show that deriving a model using just these two reference executions allows PERIDOT to accurately predict the performance of a variety of Spark applications spanning text analytics, linear algebra, machine learning and Spark SQL. In contrast, we show that a state-of-the-art machine learning based execution time prediction algorithm performs poorly when presented with such limited training data.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132661022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012692
Fetia Bannour, Sami Souihi, A. Mellouk
This paper addresses the knowledge dissemination problem in distributed SDN control by proposing an adaptive and continuous consistency model for the distributed SDN controllers in large-scale deployments. We put forward a scalable and intelligent replication strategy following Quorum-replicated consistency: It uses the read and write Quorum parameters as adjustable control knobs for a fine-grained consistency level tuning. The main purpose is to find, at runtime, appropriate partial Quorum configurations that achieve, under changing network and workload conditions, balanced trade-offs between the application’s continuous performance and consistency requirements. Our approach was implemented for a CDN-like application that we designed on top of the ONOS controllers. When compared to ONOS’s static consistency model, our model proved efficient in minimizing the application’s inter-controller overhead while satisfying the SLA-style application requirements.
{"title":"Adaptive Quorum-inspired SLA-Aware Consistency for Distributed SDN Controllers","authors":"Fetia Bannour, Sami Souihi, A. Mellouk","doi":"10.23919/CNSM46954.2019.9012692","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012692","url":null,"abstract":"This paper addresses the knowledge dissemination problem in distributed SDN control by proposing an adaptive and continuous consistency model for the distributed SDN controllers in large-scale deployments. We put forward a scalable and intelligent replication strategy following Quorum-replicated consistency: It uses the read and write Quorum parameters as adjustable control knobs for a fine-grained consistency level tuning. The main purpose is to find, at runtime, appropriate partial Quorum configurations that achieve, under changing network and workload conditions, balanced trade-offs between the application’s continuous performance and consistency requirements. Our approach was implemented for a CDN-like application that we designed on top of the ONOS controllers. When compared to ONOS’s static consistency model, our model proved efficient in minimizing the application’s inter-controller overhead while satisfying the SLA-style application requirements.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128006040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012721
Sepehr Kazemian, I. Nikolaidis
We present a model to predict the short-term utilization of an IEEE 802.11 channel. We approximate the time-varying utilization process via a Markovian state transition model and subsequently create a lumped representation of the transition matrix. Each lumped state can then be treated as a class. The lumped matrix provides a simpler to understand description of the channel utilization behavior and naturally includes the persistence in one lumped state which resembles the characteristic behavior of naive predictors (where predicted state equals the current state). We demonstrate that treating the lumped states as classes allows good prediction models to be built using Logistic Regression and Neural Network models. Our results are based on IEEE 802.11 wireless utilization data collected as reported in the channel utilization (CU) field of the QBSS Load Element in Beacon frames. The presented approach can be implemented as an edge computing task, whereby edge nodes calculate the lumped states and train models, informing nearby client devices of the model parameters, allowing them to produce predictions on their own.
{"title":"Lumped Markovian Estimation for Wi-Fi Channel Utilization Prediction","authors":"Sepehr Kazemian, I. Nikolaidis","doi":"10.23919/CNSM46954.2019.9012721","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012721","url":null,"abstract":"We present a model to predict the short-term utilization of an IEEE 802.11 channel. We approximate the time-varying utilization process via a Markovian state transition model and subsequently create a lumped representation of the transition matrix. Each lumped state can then be treated as a class. The lumped matrix provides a simpler to understand description of the channel utilization behavior and naturally includes the persistence in one lumped state which resembles the characteristic behavior of naive predictors (where predicted state equals the current state). We demonstrate that treating the lumped states as classes allows good prediction models to be built using Logistic Regression and Neural Network models. Our results are based on IEEE 802.11 wireless utilization data collected as reported in the channel utilization (CU) field of the QBSS Load Element in Beacon frames. The presented approach can be implemented as an edge computing task, whereby edge nodes calculate the lumped states and train models, informing nearby client devices of the model parameters, allowing them to produce predictions on their own.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115278624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012681
Shlomi Linoy, Natalia Stakhanova, A. Matyukhina
Blockchain users are identified by addresses (public keys), which cannot be easily linked back to them without out-of-network information. This provides pseudo-anonymity, which is amplified when the user generates a new address for each transaction. Since all transaction history is visible to all users in public blockchains, finding affiliation between related addresses can hurt pseudo-anonymity. Such affiliation information can be used to discriminate against addresses that were found to be related to a specific group, or can even lead to the de-anonymization of all addresses in the associated group, if out-of-network information is available on a few addresses in that group. In this work we propose to leverage a stylometry approach on Ethereum’s deployed smart contracts’ bytecode and high level source code, which is publicly available by third party platforms. We explore the extent to which a deployed smart contract’s source code can contribute to the affiliation of addresses. To address this, we prepare a dataset of real-world Ethereum smart contracts data, which we make publicly available; design and implement feature selection, extraction techniques, data refinement heuristics, and examine their effect on attribution accuracy. We further use these techniques to test the classification of real-world scammers data.
{"title":"Exploring Ethereum’s Blockchain Anonymity Using Smart Contract Code Attribution","authors":"Shlomi Linoy, Natalia Stakhanova, A. Matyukhina","doi":"10.23919/CNSM46954.2019.9012681","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012681","url":null,"abstract":"Blockchain users are identified by addresses (public keys), which cannot be easily linked back to them without out-of-network information. This provides pseudo-anonymity, which is amplified when the user generates a new address for each transaction. Since all transaction history is visible to all users in public blockchains, finding affiliation between related addresses can hurt pseudo-anonymity. Such affiliation information can be used to discriminate against addresses that were found to be related to a specific group, or can even lead to the de-anonymization of all addresses in the associated group, if out-of-network information is available on a few addresses in that group. In this work we propose to leverage a stylometry approach on Ethereum’s deployed smart contracts’ bytecode and high level source code, which is publicly available by third party platforms. We explore the extent to which a deployed smart contract’s source code can contribute to the affiliation of addresses. To address this, we prepare a dataset of real-world Ethereum smart contracts data, which we make publicly available; design and implement feature selection, extraction techniques, data refinement heuristics, and examine their effect on attribution accuracy. We further use these techniques to test the classification of real-world scammers data.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116702764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Internet traffic is growing quickly, and it is majorly contributed by the proliferation of video services. Content Delivery Networks (CDNs) reduce the video traffic by storing replicas of videos in their cache servers. Nonetheless, the cache servers are usually located outside Internet Service Providers (ISPs). This implies that CDNs cannot reduce the video traffic inside ISP networks. To mitigate this issue, many ISPs build their own CDNs called Telco-CDNs. Genetic Algorithm-based caching is deemed the best approach in terms of traffic reduction. However, it is not practical since its computation time to generate content allocations is extremely long even when using a cluster. A color-based approach was devised to help overcome the drawback at the expense of its increase in traffic. Nevertheless, in case the number of content categories or requests proliferates quickly, the approach also has the same limitation like the Genetic Algorithm-based caching. To resolve the limitation, we propose two novel techniques to hamper the increase in the computation time. One is able to cope with the situation when the number of content categories increases while the other can deal with the circumstance when the number of requests rises. The empirical results show that the computation time is reduced 5x for the former and 7x for the latter at the expense of 1% and 12% increase in traffic for a problem of 5,000 contents, respectively.
{"title":"A Scalable Color-Based Caching Scheme in Telco-CDNs","authors":"Anh-Tu Ngoc Tran, Thanh-Dang Diep, Takuma Nakajima, Masato Yoshimi, N. Thoai","doi":"10.23919/CNSM46954.2019.9012726","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012726","url":null,"abstract":"Internet traffic is growing quickly, and it is majorly contributed by the proliferation of video services. Content Delivery Networks (CDNs) reduce the video traffic by storing replicas of videos in their cache servers. Nonetheless, the cache servers are usually located outside Internet Service Providers (ISPs). This implies that CDNs cannot reduce the video traffic inside ISP networks. To mitigate this issue, many ISPs build their own CDNs called Telco-CDNs. Genetic Algorithm-based caching is deemed the best approach in terms of traffic reduction. However, it is not practical since its computation time to generate content allocations is extremely long even when using a cluster. A color-based approach was devised to help overcome the drawback at the expense of its increase in traffic. Nevertheless, in case the number of content categories or requests proliferates quickly, the approach also has the same limitation like the Genetic Algorithm-based caching. To resolve the limitation, we propose two novel techniques to hamper the increase in the computation time. One is able to cope with the situation when the number of content categories increases while the other can deal with the circumstance when the number of requests rises. The empirical results show that the computation time is reduced 5x for the former and 7x for the latter at the expense of 1% and 12% increase in traffic for a problem of 5,000 contents, respectively.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116715401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012700
Haibo Bian, Tim Bai, M. A. Salahuddin, Noura Limam, Abbas Abou Daya, R. Boutaba
Recently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable losses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this paper, we leverage machine learning (ML) to detect hosts in a network that are targeted by an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We explore (i) graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) feature engineering to reduce dimensionality, and (iii) balancing the training dataset using numerous over- and under-sampling techniques. Finally, we compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead.
{"title":"Host in Danger? Detecting Network Intrusions from Authentication Logs","authors":"Haibo Bian, Tim Bai, M. A. Salahuddin, Noura Limam, Abbas Abou Daya, R. Boutaba","doi":"10.23919/CNSM46954.2019.9012700","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012700","url":null,"abstract":"Recently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable losses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this paper, we leverage machine learning (ML) to detect hosts in a network that are targeted by an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We explore (i) graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) feature engineering to reduce dimensionality, and (iii) balancing the training dataset using numerous over- and under-sampling techniques. Finally, we compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128373776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-10-01DOI: 10.23919/CNSM46954.2019.9012704
Andrew Curtis-Black, A. Willig, M. Galster
There are two kinds of network data: Network telemetry (e.g. packet counters) and business data (e.g. user roles). Existing approaches to querying network data keep these separate, increasing the number and complexity of queries users must write to answer questions about networks. We present Scout, a framework for creating tools which combine these two types of data. It is comprised of: An information model which can represent both network telemetry and business-domain data in use-case-specific schemas; a nascent query language for this information model; and an algorithm for executing queries on schemas. A preliminary evaluation showed that a Scout-based tool can answer questions pertaining to both network telemetry and business data, and reduces the knowledge and number of queries needed to answer realistic questions about networks.
{"title":"Scout: A Framework for Querying Networks","authors":"Andrew Curtis-Black, A. Willig, M. Galster","doi":"10.23919/CNSM46954.2019.9012704","DOIUrl":"https://doi.org/10.23919/CNSM46954.2019.9012704","url":null,"abstract":"There are two kinds of network data: Network telemetry (e.g. packet counters) and business data (e.g. user roles). Existing approaches to querying network data keep these separate, increasing the number and complexity of queries users must write to answer questions about networks. We present Scout, a framework for creating tools which combine these two types of data. It is comprised of: An information model which can represent both network telemetry and business-domain data in use-case-specific schemas; a nascent query language for this information model; and an algorithm for executing queries on schemas. A preliminary evaluation showed that a Scout-based tool can answer questions pertaining to both network telemetry and business data, and reduces the knowledge and number of queries needed to answer realistic questions about networks.","PeriodicalId":273818,"journal":{"name":"2019 15th International Conference on Network and Service Management (CNSM)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126123098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: