@inproceedings{3d3d9e22c6de41869b7bf526c1a058e4,
title = "NOracle: Who is communicating with whom in my network?",
abstract = "This demo presents NOracle: A system using Stochastic Block Models (SBMs) to infer structural roles of hosts and communication patterns of services in networks. NOracle can be used with existing monitoring systems to analyze and visualize networks in an online manner or be used to analyze stored traces. Network operators can use SBMs to monitor and verify network operation, detect possible security issues and change-points. To showcase this, NOracle combines the production-grade network management solution StableNet with an SBM based anomaly detection and network visualization module. StableNet provides network flow statistics in real-time from actual devices. The SBM extracts roles and communication patterns live from the data provided by StableNet. The result can help to reason about communication behaviors, detect anomalous hosts and indicate changes in the large scale-structure of network communication.",
keywords = "Anomaly detection, Network monitoring, Stochastic block model",
author = "Patrick Kalmbach and David Hock and Fabian Lipp and Wolfgang Kellerer and Andreas Blenk",
note = "Publisher Copyright: {\textcopyright} 2019 Copyright held by the owner/author(s).; 2019 ACM SIGCOMM Conference Posters and Demos, SIGCOMM 2019 ; Conference date: 19-08-2019 Through 23-08-2019",
year = "2019",
month = aug,
day = "19",
doi = "10.1145/3342280.3342303",
language = "English",
series = "SIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019",
publisher = "Association for Computing Machinery, Inc",
pages = "48--50",
booktitle = "SIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019",
}