NOracle: Who is communicating with whom in my network?

This demo presents NOracle: a system using Stochastic Block Models (SBMs) to infer structural roles of hosts and communication patterns of services in networks. NOracle can be used with existing monitoring systems to analyze and visualize networks in an online manner or be used to analyze stored traces. Network operators can use SBMs to monitor and verify network operation, detect possible security issues and change-points. To showcase this, NOracle combines the production-grade network management solution StableNet with an SBM based anomaly detection and network visualization module. StableNet provides network flow statistics in real-time from actual devices. The SBM extracts roles and communication patterns live from the data provided by StableNet. The result can help to reason about communication behaviors, detect anomalous hosts and indicate changes in the large scale-structure of network communication.

[1]  Mohammad Marufuzzaman,et al.  Botnet detection using graph-based feature clustering , 2017, Journal of Big Data.

[2]  Wolfgang Kellerer,et al.  o'zapft is: Tap Your Network Algorithm's Big Data! , 2017, Big-DAMA@SIGCOMM.

[3]  Mark E. J. Newman,et al.  Stochastic blockmodels and community structure in networks , 2010, Physical review. E, Statistical, nonlinear, and soft matter physics.

[4]  Wolfgang Kellerer,et al.  Boost online virtual network embedding: Using neural networks for admission control , 2016, 2016 12th International Conference on Network and Service Management (CNSM).

[5]  Tiago P. Peixoto The entropy of stochastic blockmodel ensembles , 2011, Physical review. E, Statistical, nonlinear, and soft matter physics.

[6]  Nir Friedman,et al.  Probabilistic Graphical Models: Principles and Techniques - Adaptive Computation and Machine Learning , 2009 .

[7]  Wolfgang Kellerer,et al.  Adaptable and Data-Driven Softwarized Networks: Review, Opportunities, and Challenges , 2019, Proceedings of the IEEE.

[8]  Wolfgang Kellerer,et al.  Modeling IP-to-IP Communication using the Weighted Stochastic Block Model , 2018, SIGCOMM Posters and Demos.

[9]  Wolfgang Kellerer,et al.  Ahab: Data-Driven Virtual Cluster Hunting , 2018, 2018 IFIP Networking Conference (IFIP Networking) and Workshops.

[10]  Wolfgang Kellerer,et al.  Generating synthetic Internet- and IP-topologies using the Stochastic-Block-Model , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[11]  Wolfgang Kellerer,et al.  Poster abstract: Themis: A data-driven approach to bot detection , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[12]  Wolfgang Kellerer,et al.  Empowering Self-Driving Networks , 2018, SelfDN@SIGCOMM.

[13]  Mark E. J. Newman,et al.  Structure and inference in annotated networks , 2015, Nature Communications.

[14]  Stefan Schmid,et al.  NetSlicer: Automated and Traffic-Pattern Based Application Clustering in Datacenters , 2018, Big-DAMA@SIGCOMM.

[15]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..