Who is communicating with whom in my network?
TUM and Infosim® PoC
Demonstrated live at SIGCOMM’19 held in Beijing, the PoC showed a system that uses Stochastic Block Models (SBMs) to infer structural roles of hosts and communication patterns of services in networks. The system, called NOracle, can be used with StableNet® to analyze and visualize networks in an online manner or it can be used to analyze stored traces. Network operators can use SBMs to monitor and verify network operation, detect possible security issues and change-points. To showcase this, NOracle combines StableNet® with an SBM based anomaly detection and network visualization module. StableNet® provides network flow statistics in real-time from actual devices. The SBM extracts roles and communication patterns live from the data provided by StableNet®. The result can help to reason about communication behaviors, detect anomalous hosts and indicate changes in the large scale-structure of network communication.
Data is taken live from the enterprise network testbed located at Infosim’s HQ. The enterprise network provides a testbed for trying out network management operations — it consists of more than 100 devices. StableNet® is the core part “glueing” everything together, i.e., it fetches networking data from all devices and makes it available. The demo showed how a network operator can inspect the communication behavior of the users and services live at run-time. Using NOracle’s GUI, a network operator/administrator can investigate the evolution of the network over time, or investigate details of the communication structures within or between groups. Clients that should be blocked from the outside world should not show any communication with “external” groups. In the end, human knowledge is useful or even required to finally infer the semantic meaning of the communication groups.
Want to see more? Look at our Video!
Quantum Computing – Threat or Opportunity for Network Security
Are you curious about quantum computing’s influence on our current network security? Find out how businesses can take advantage of this technology while minimizing risk.
Recruiting at Infosim® – An interview with our Human Resources Manager
An internal interview with our Human Resources Manager about the importance of an effective recruiting process design.
FNT Command, StableNet® and Splunk – The All-in-One Solution for effective data integration and utilization
An interview about how Controlware integrates FNT-Command, Splunk and StableNet® into a holistic solution for effective data integration and utilization.