NOracle: Who is communicating with whom in my network?

Patrick Kalmbach, David Hock, Fabian Lipp, Wolfgang Kellerer, Andreas Blenk

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

This demo presents NOracle: A system using Stochastic Block Models (SBMs) to infer structural roles of hosts and communication patterns of services in networks. NOracle can be used with existing monitoring systems to analyze and visualize networks in an online manner or be used to analyze stored traces. Network operators can use SBMs to monitor and verify network operation, detect possible security issues and change-points. To showcase this, NOracle combines the production-grade network management solution StableNet with an SBM based anomaly detection and network visualization module. StableNet provides network flow statistics in real-time from actual devices. The SBM extracts roles and communication patterns live from the data provided by StableNet. The result can help to reason about communication behaviors, detect anomalous hosts and indicate changes in the large scale-structure of network communication.

Original languageEnglish
Title of host publicationSIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019
PublisherAssociation for Computing Machinery, Inc
Pages48-50
Number of pages3
ISBN (Electronic)9781450368865
DOIs
StatePublished - 19 Aug 2019
Event2019 ACM SIGCOMM Conference Posters and Demos, SIGCOMM 2019 - Beijing, China
Duration: 19 Aug 201923 Aug 2019

Publication series

NameSIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019

Conference

Conference2019 ACM SIGCOMM Conference Posters and Demos, SIGCOMM 2019
Country/TerritoryChina
CityBeijing
Period19/08/1923/08/19

Keywords

  • Anomaly detection
  • Network monitoring
  • Stochastic block model

Fingerprint

Dive into the research topics of 'NOracle: Who is communicating with whom in my network?'. Together they form a unique fingerprint.

Cite this