Advertisement

Abstract

In data-communication networks, network reliability is of great concern to both network operators and customers. To provide network reliability it is fundamentally important to know the ongoing tasks in a network. A particular task may depend on multiple network services, spanning many network devices. Unfortunately, dependency details are often not documented and are difficult to discover by relying on human expert knowledge. In monitored networks huge amounts of data are available and by applying data mining techniques, we are able to extract information of ongoing network activities. Hence, we aim to automatically learn network dependencies by analyzing network traffic and derive ongoing tasks in data-communication networks. To automatically learn network dependencies, we propose a methodology based on the normalized form of cross correlation, which is a well-established methodology for detecting similar signals in feature matching applications.

Keywords

Network Traffic Network Service Network Device Domain Name System Network Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgments

This work has been partially supported by the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement No. 610416 (PANOPTESEC). The opinions expressed in this paper are those of the authors and do not necessarily reflect the views of the European Commission.

References

  1. 1.
    Albanese, M., Jajodia, S., Jhawar, R., Piuri, V.: Reliable mission deployment in vulnerable distributed systems. In: 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W), pp. 1–8. IEEE (2013)Google Scholar
  2. 2.
    Bahl, P., Barham, P., Black, R., Chandra, R., Goldszmidt, M., Isaacs, R., Kandula, S., Li, L., MacCormick, J., Maltz, D.A., et al.: Discovering dependencies for network management. In: ACM SIGCOMM 5th Workshop on Hot Topics in Networks (Hotnets-V), pp. 97–102. ACM (2006)Google Scholar
  3. 3.
    Bahl, P., Chandra, R., Greenberg, A., Kandula, S., Maltz, D.A., Zhang, M.: Towards highly reliable enterprise network services via inference of multi-level dependencies. ACM SIGCOMM Comput. Commun. Rev. 37, 13–24 (2007)CrossRefGoogle Scholar
  4. 4.
    de Barros Barreto, A., Costa, P.C.G., Yano, E.T.: A semantic approach to evaluate the impact of cyber actions on the physical domain (2012)Google Scholar
  5. 5.
    Briechle, K., Hanebeck, U.D.: Template matching using fast normalized cross correlation. In: Aerospace/Defense Sensing, Simulation, and Controls, pp. 95–102. International Society for Optics and Photonics (2001)Google Scholar
  6. 6.
    Chen, X., Zhang, M., Mao, Z.M., Bahl, P.: Automating network application dependency discovery: experiences, limitations, and new solutions. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI), vol. 8, pp. 117–130 (2008)Google Scholar
  7. 7.
    Edwards, J., Bramante, R.: Networking Self-teaching Guide: OSI, TCP/IP, LANs, MANs, WANs, Implementation, Management, and Maintenance. Wiley, New York (2015)Google Scholar
  8. 8.
    Goodall, J.R., D’Amico, A., Kopylec, J.K.: Camus: automatically mapping cyber assets to missions and users. In: Military Communications Conference (MILCOM), pp. 1–7. IEEE (2009)Google Scholar
  9. 9.
    Höppner, F., Klawonn, F.: Compensation of translational displacement in time series clustering using cross correlation. In: Adams, N.M., Robardet, C., Siebes, A., Boulicaut, J.-F. (eds.) IDA 2009. LNCS, vol. 5772, pp. 71–82. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03915-7_7 CrossRefGoogle Scholar
  10. 10.
    Jakobson, G.: Mission cyber security situation assessment using impact dependency graphs. In: Information Fusion (FUSION), pp. 1–8 (2011)Google Scholar
  11. 11.
    Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 2013 5th International Conference on Cyber Conflict (CyCon), pp. 1–24, June 2013Google Scholar
  12. 12.
    MITRE: Common vulnerabilities and exposures (2000). https://cve.mitre.org/
  13. 13.
    Natarajan, A., Ning, P., Liu, Y., Jajodia, S., Hutchinson, S.E.: NSDMiner: automated discovery of network service dependencies. In: IEEE International Conference on Computer Communications (IEEE INFOCOM 2012). IEEE (2012)Google Scholar
  14. 14.
    Touch, J., Kojo, M., Lear, E., Mankin, A., Ono, K., Stiemerling, M., Eggert, L.: Service name and transport protocol port number registry. The Internet Assigned Numbers Authority (IANA) (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Universität zu LübeckLübeckGermany

Personalised recommendations