Automated Inference of Dependencies of Network Services and Applications via Transfer Entropy

As the scale and complexity of modern computer networks increases, administrators and operators of such networks need tools to accurately infer dependencies between different network services and applications. Such tools can aid in (1) detecting misconfigurations, (2) effectively scheduling major software and hardware maintenance operations with minimal disruptions, and (3) exposing potential anomalies in a timely manner. Existing tools either only consider temporal correlations which require installing additional software to monitor interfaces, ignore network service profiles of more than two services, or do not necessarily capture actual causations. Such shortcomings result in high false detection rates of inferred dependencies. This paper presents the design and evaluation of an algorithm that utilizes the notion of Transfer Entropy (TE) to passively analyze and identify dependencies between various network services and applications. With TE, our algorithm formalizes and measures the amount of information exchanged between two entities (services or applications) in a computer network. By constructing time series of the interactions of such services and applications and computing the pairwise TE from such time series, our algorithm accurately infers dependencies based on causation with low false (positive and negative) alarms. Using collected network traffic from a test and production network, we demonstrate that the algorithm provides lower false alarms with efficient run time and computational requirements.

[1]  Jaideep Chandrashekar,et al.  Macroscope: end-point approach to networked application dependency discovery , 2009, CoNEXT '09.

[2]  Richard Mortier,et al.  Constellation: automated discovery of service and host dependencies in networked systems , 2008 .

[3]  Sushil Jajodia,et al.  NSDMiner: Automated discovery of Network Service Dependencies , 2012, 2012 Proceedings IEEE INFOCOM.

[4]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[5]  Sushil Jajodia,et al.  On the Accurate Identification of Network Service Dependencies in Distributed Systems , 2012, LISA.

[6]  Schreiber,et al.  Measuring information transfer , 2000, Physical review letters.

[7]  Ranveer Chandra,et al.  What's going on?: learning communication rules in edge networks , 2008, SIGCOMM '08.

[8]  Scott Marshall,et al.  CANDID: Classifying Assets in Networks by Determining Importance and Dependencies , 2013 .

[9]  Andy Dominey,et al.  Microsoft Operations Manager 2005 Field Guide (Expert's Voice) , 2006 .

[10]  Naren Ramakrishnan,et al.  Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery , 2014, AsiaCCS.

[11]  Mary J. Norton Tivoli , 1958 .

[12]  Paramvir Bahl,et al.  Towards highly reliable enterprise network services via inference of multi-level dependencies , 2007, SIGCOMM.

[13]  Xu Chen,et al.  Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions , 2008, OSDI.