Impact of network activity levels on the performance of passive network service dependency discovery

Network services often depend on other services distributed throughout a network to function correctly. If a service fails, is disrupted, or is degraded, it is likely to impair other services. The web of dependencies can be surprisingly complex-especially within a large enterprise network-and evolve over time. Acquiring, maintaining, and understanding dependency knowledge is critical for many network management and cyber defense activities, such as cyber mission mapping. While automation can improve situation awareness for network operators and cyber practitioners, poor detection performance reduces their confidence and can complicate their roles. In this paper, we study the effects of network activity levels on the detection performance of passive network-based service dependency discovery methods. The performance of all methods except for one were inconsistent with respect to network activity levels. Our proposed cross-correlation method was particularly robust to the influence of network activity. The proposed experimental treatment will further advance a more scientific evaluation of methods and provide a foundation to determine their operational boundaries.

[1]  Christopher Krügel,et al.  Rippler: Delay injection for service dependency detection , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[2]  John S. Heidemann,et al.  Understanding passive and active service discovery , 2007, IMC '07.

[3]  George E. P. Box,et al.  Time Series Analysis: Box/Time Series Analysis , 2008 .

[4]  Ehab Al-Shaer,et al.  Toward Network Configuration Randomization for Moving Target Defense , 2011, Moving Target Defense.

[5]  Richard Mortier,et al.  Constellation: automated discovery of service and host dependencies in networked systems , 2008 .

[6]  Randy H. Katz,et al.  X-Trace: A Pervasive Network Tracing Framework , 2007, NSDI.

[7]  Sushil Jajodia,et al.  NSDMiner: Automated discovery of Network Service Dependencies , 2012, 2012 Proceedings IEEE INFOCOM.

[8]  Aaron B. Brown,et al.  An active approach to characterizing dynamic dependencies for problem determination in a distributed environment , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[9]  Paramvir Bahl,et al.  Towards highly reliable enterprise network services via inference of multi-level dependencies , 2007, SIGCOMM.

[10]  Sushil Jajodia,et al.  On the Accurate Identification of Network Service Dependencies in Distributed Systems , 2012, LISA.

[11]  Xu Chen,et al.  Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions , 2008, OSDI.

[12]  Thomas E. Carroll,et al.  Security informatics research challenges for mitigating cyber friendly fire , 2014, Security Informatics.