9 research outputs found
Large Scale Enrichment and Statistical Cyber Characterization of Network Traffic
Modern network sensors continuously produce enormous quantities of raw data
that are beyond the capacity of human analysts. Cross-correlation of network
sensors increases this challenge by enriching every network event with
additional metadata. These large volumes of enriched network data present
opportunities to statistically characterize network traffic and quickly answer
a key question: "What are the primary cyber characteristics of my network
data?" The Python GraphBLAS and PyD4M analysis frameworks enable anonymized
statistical analysis to be performed quickly and efficiently on very large
network data sets. This approach is tested using billions of anonymized network
data samples from the largest Internet observatory (CAIDA Telescope) and tens
of millions of anonymized records from the largest commercially available
background enrichment capability (GreyNoise). The analysis confirms that most
of the enriched variables follow expected heavy-tail distributions and that a
large fraction of the network traffic is due to a small number of cyber
activities. This information can simplify the cyber analysts' task by enabling
prioritization of cyber activities based on statistical prevalence.Comment: 8 pages, 8 figures, HPE
Hypersparse Traffic Matrix Construction using GraphBLAS on a DPU
Low-power small form factor data processing units (DPUs) enable offloading
and acceleration of a broad range of networking and security services. DPUs
have accelerated the transition to programmable networking by enabling the
replacement of FPGAs/ASICs in a wide range of network oriented devices. The
GraphBLAS sparse matrix graph open standard math library is well-suited for
constructing anonymized hypersparse traffic matrices of network traffic which
can enable a wide range of network analytics. This paper measures the
performance of the GraphBLAS on an ARM based NVIDIA DPU (BlueField 2) and, to
the best of our knowledge, represents the first reported GraphBLAS results on a
DPU and/or ARM based system. Anonymized hypersparse traffic matrices were
constructed at a rate of over 18 million packets per second
Deployment of Real-Time Network Traffic Analysis using GraphBLAS Hypersparse Matrices and D4M Associative Arrays
Matrix/array analysis of networks can provide significant insight into their
behavior and aid in their operation and protection. Prior work has demonstrated
the analytic, performance, and compression capabilities of GraphBLAS
(graphblas.org) hypersparse matrices and D4M (d4m.mit.edu) associative arrays
(a mathematical superset of matrices). Obtaining the benefits of these
capabilities requires integrating them into operational systems, which comes
with its own unique challenges. This paper describes two examples of real-time
operational implementations. First, is an operational GraphBLAS implementation
that constructs anonymized hypersparse matrices on a high-bandwidth network
tap. Second, is an operational D4M implementation that analyzes daily cloud
gateway logs. The architectures of these implementations are presented.
Detailed measurements of the resources and the performance are collected and
analyzed. The implementations are capable of meeting their operational
requirements using modest computational resources (a couple of processing
cores). GraphBLAS is well-suited for low-level analysis of high-bandwidth
connections with relatively structured network data. D4M is well-suited for
higher-level analysis of more unstructured data. This work demonstrates that
these technologies can be implemented in operational settings.Comment: Accepted to IEEE HPEC, 8 pages, 8 figures, 1 table, 69 references.
arXiv admin note: text overlap with arXiv:2203.13934. text overlap with
arXiv:2309.0180
Zero Botnets: An Observe-Pursue-Counter Approach
Adversarial Internet robots (botnets) represent a growing threat to the safe
use and stability of the Internet. Botnets can play a role in launching
adversary reconnaissance (scanning and phishing), influence operations
(upvoting), and financing operations (ransomware, market manipulation, denial
of service, spamming, and ad click fraud) while obfuscating tailored tactical
operations. Reducing the presence of botnets on the Internet, with the
aspirational target of zero, is a powerful vision for galvanizing policy
action. Setting a global goal, encouraging international cooperation, creating
incentives for improving networks, and supporting entities for botnet takedowns
are among several policies that could advance this goal. These policies raise
significant questions regarding proper authorities/access that cannot be
answered in the abstract. Systems analysis has been widely used in other
domains to achieve sufficient detail to enable these questions to be dealt with
in concrete terms. Defeating botnets using an observe-pursue-counter
architecture is analyzed, the technical feasibility is affirmed, and the
authorities/access questions are significantly narrowed. Recommended next steps
include: supporting the international botnet takedown community, expanding
network observatories, enhancing the underlying network science at scale,
conducting detailed systems analysis, and developing appropriate policy
frameworks.Comment: 26 pages, 13 figures, 2 tables, 72 references, submitted to PlosOn
Focusing and Calibration of Large Scale Network Sensors using GraphBLAS Anonymized Hypersparse Matrices
Defending community-owned cyber space requires community-based efforts.
Large-scale network observations that uphold the highest regard for privacy are
key to protecting our shared cyberspace. Deployment of the necessary network
sensors requires careful sensor placement, focusing, and calibration with
significant volumes of network observations. This paper demonstrates novel
focusing and calibration procedures on a multi-billion packet dataset using
high-performance GraphBLAS anonymized hypersparse matrices. The run-time
performance on a real-world data set confirms previously observed real-time
processing rates for high-bandwidth links while achieving significant data
compression. The output of the analysis demonstrates the effectiveness of these
procedures at focusing the traffic matrix and revealing the underlying stable
heavy-tail statistical distributions that are necessary for anomaly detection.
A simple model of the corresponding probability of detection () and
probability of false alarm () for these distributions highlights
the criticality of network sensor focusing and calibration. Once a sensor is
properly focused and calibrated it is then in a position to carry out two of
the central tenets of good cybersecurity: (1) continuous observation of the
network and (2) minimizing unbrokered network connections.Comment: Accepted to IEEE HPEC, 9 pages, 12 figures, 1 table, 63 references, 2
appendice
Recurrence of membranous nephropathy three weeks' postrenal transplant: A surprise in store
Membranous nephropathy (MN) may occur in the transplanted kidney, either as recurrent disease in patients who had MN as the cause of end-stage renal disease (ESRD) in the native kidney or de novo, in patients who had another cause of ESRD initially. The reported incidence of recurrent MN ranges between 10% and 45%. Clinical manifestations of recurrent MN are typically observed 13-15 months after transplantation, although they may be observed much earlier (within weeks). Our patient had a recurrence in three weeks. Recurrent disease can lead to loss of the allograft
Recommended from our members
Enriquecimiento a gran escala y caracterización cibernética estadÃstica del tráfico de red
Modern network sensors continuously produce enormous quantities of raw data that are beyond the capacity of human analysts. Cross-correlation of network sensors increases this challenge by enriching every network event with additional metadata. These large volumes of enriched network data present opportunities to statistically characterize network traffic and quickly answer a key question: 'What are the primary cyber characteristics of my network data?' The Python GraphBLAS and PyD4M analysis frameworks enable anonymized statistical analysis to be performed quickly and efficiently on very large network data sets. This approach is tested using billions of anonymized network data samples from the largest Internet observatory (CAIDA Telescope) and tens of millions of anonymized records from the largest commercially available background enrichment capability (GreyNoise). The analysis confirms that most of the enriched variables follow expected heavy-tail distributions and that a large fraction of the network traffic is due to a small number of cyber activities. This information can simplify the cyber analysts' task by enabling prioritization of cyber activities based on statistical prevalence. Los sensores de red modernos producen enormes
cantidades de datos sin procesar que están más allá de la
capacidad del análisis humano. Una correlación cruzada de
sensores de red se convierte en un desafÃo al enriquecer cada
evento de red con metadatos adicionales. Estos grandes volúmenes
de datos de red enriquecidos presentan una oportunidad para
caracterizar estadÃsticamente el tráfico de red y responder a la
pregunta: "¿Cuáles son las principales caracterÃsticas cibernéticas
de mis datos de red?" Los esquemas de análisis de Python
GraphBLAS y D4M permiten realizar análisis estadÃsticos
anónimos, rápidos y eficientes en conjuntos grandes de datos de
red. Este enfoque se prueba utilizando miles de millones de
muestras de datos de red anónimos del observatorio de Internet
más grande (Telescopio CAIDA) y decenas de millones de
registros anónimos del fondo comercial con la mayor capacidad de
enriquecimiento (GreyNoise). El análisis confirma que la mayorÃa
de las variables enriquecidas siguen las distribuciones de cola
pesada y que una gran fracción del tráfico de red se debe a una
pequeña cantidad de actividades cibernéticas. Esta información
puede simplificar la tarea de los analistas cibernéticos al permitir
la priorización de las actividades cibernéticas en función de la
prevalencia estadÃstica.National Science FoundationImmediate accessThis item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at [email protected]