Who is communicating with whom in my network?
TUM and Infosim® PoC
Demonstrated live at SIGCOMM’19 held in Beijing, the PoC showed a system that uses Stochastic Block Models (SBMs) to infer structural roles of hosts and communication patterns of services in networks. The system, called NOracle, can be used with StableNet® to analyze and visualize networks in an online manner or it can be used to analyze stored traces. Network operators can use SBMs to monitor and verify network operation, detect possible security issues and change-points. To showcase this, NOracle combines StableNet® with an SBM based anomaly detection and network visualization module. StableNet® provides network flow statistics in real-time from actual devices. The SBM extracts roles and communication patterns live from the data provided by StableNet®. The result can help to reason about communication behaviors, detect anomalous hosts and indicate changes in the large scale-structure of network communication.
Data is taken live from the enterprise network testbed located at Infosim’s HQ. The enterprise network provides a testbed for trying out network management operations — it consists of more than 100 devices. StableNet® is the core part “glueing” everything together, i.e., it fetches networking data from all devices and makes it available. The demo showed how a network operator can inspect the communication behavior of the users and services live at run-time. Using NOracle’s GUI, a network operator/administrator can investigate the evolution of the network over time, or investigate details of the communication structures within or between groups. Clients that should be blocked from the outside world should not show any communication with “external” groups. In the end, human knowledge is useful or even required to finally infer the semantic meaning of the communication groups.
Want to see more? Look at our Video!
An interview about how Infosim partner Frequentis uses StableNet® as a core part of their Advanced Network Management Solution (ANMS)
It’s autumn. As days become shorter and evenings longer, it is the perfect time to issue another series of blog posts. This is the first of a set of four posts that will look at – amongst numerous closely related things – StableNet® implementations for monitoring automation.
Take a look at how our Director of Marketing describes consolidation and integration in Network Management. See where they overlap, how they differ and why the terms are important for StableNet®.