Papers
Topics
Authors
Recent
Search
2000 character limit reached

Identification of Device Dependencies Using Link Prediction

Published 3 Jul 2024 in cs.CR | (2407.03019v1)

Abstract: Devices in computer networks cannot work without essential network services provided by a limited count of devices. Identification of device dependencies determines whether a pair of IP addresses is a dependency, i.e., the host with the first IP address is dependent on the second one. These dependencies cannot be identified manually in large and dynamically changing networks. Nevertheless, they are important due to possible unexpected failures, performance issues, and cascading effects. We address the identification of dependencies using a new approach based on graph-based machine learning. The approach belongs to link prediction based on a latent representation of the computer network's communication graph. It samples random walks over IP addresses that fulfill time conditions imposed on network dependencies. The constrained random walks are used by a neural network to construct IP address embedding, which is a space that contains IP addresses that often appear close together in the same communication chain (i.e., random walk). Dependency embedding is constructed by combining values for IP addresses from their embedding and used for training the resulting dependency classifier. We evaluated the approach using IP flow datasets from a controlled environment and university campus network that contain evidence about dependencies. Evaluation concerning the correctness and relationship to other approaches shows that the approach achieves acceptable performance. It can simultaneously consider all types of dependencies and is applicable for batch processing in operational conditions.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (38)
  1. SolarWinds, “Application Discovery and Dependency Mapping Software,” 2023, accessed on Sep 6, 2023. [Online]. Available: https://www.solarwinds.com/server-application-monitor/use-cases/application-dependency-mapping
  2. “Service Dependency Mapping,” The MITRE Corporation, 2022, accessed on Oct 2, 2023. [Online]. Available: https://d3fend.mitre.org/technique/d3f:ServiceDependencyMapping/
  3. A. Zand, A. Houmansadr, G. Vigna, R. Kemmerer, and C. Kruegel, “Know Your Achilles’ Heel: Automatic Detection of Network Critical Services,” in Proceedings of the 31st Annual Computer Security Applications Conference, ser. ACSAC ’15.   ACM, 2015, p. 41–50, doi: 10.1145/2818000.2818012.
  4. X. Chen, M. Zhang, Z. M. Mao, and P. Bahl, “Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions.” in USENIX Symposium on Operating Systems Design and Implementation (OSDI), vol. 8, 2008, pp. 117–130. [Online]. Available: https://www.usenix.org/legacy/event/osdi08/tech/full_papers/chen_xu/chen_xu_html/
  5. P. Bahl, R. Chandra, A. Greenberg, S. Kandula, D. A. Maltz, and M. Zhang, “Towards Highly Reliable Enterprise Network Services via Inference of Multi-Level Dependencies,” in Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ser. SIGCOMM ’07.   New York, NY, USA: Association for Computing Machinery, 2007, p. 13–24, doi: 10.1145/1282380.1282383.
  6. A. Natarajan, P. Ning, Y. Liu, S. Jajodia, and S. E. Hutchinson, “NSDMiner: Automated discovery of Network Service Dependencies,” in 2012 Proceedings IEEE INFOCOM, 2012, pp. 2507–2515, doi: 10.1109/INFCOM.2012.6195642.
  7. A. Zand, G. Vigna, R. Kemmerer, and C. Kruegel, “Rippler: Delay injection for service dependency detection,” in IEEE INFOCOM 2014 - IEEE Conference on Computer Communications, 2014, pp. 2157–2165, doi: 10.1109/INFOCOM.2014.6848158.
  8. Y. Lan, L. Fang, M. Zhang, J. Su, Z. Yang, and H. Li, “Service dependency mining method based on service call chain analysis,” in 2021 International Conference on Service Science (ICSS), 2021, pp. 84–89, doi: 10.1109/ICSS53362.2021.00021.
  9. M. Lange and R. Möller, “Time series data mining for network service dependency analysis,” in International Joint Conference SOCO’16-CISIS’16-ICEUTE’16, M. Graña, J. M. López-Guede, O. Etxaniz, Á. Herrero, H. Quintián, and E. Corchado, Eds.   Cham: Springer International Publishing, 2017, pp. 584–594, doi: 10.1007/978-3-319-47364-2_57.
  10. S. Slimani, T. Hamrouni, and F. B. Charrada, “SCoRMiner: Automated Discovery of Network Service and Application Dependencies using a graph mining approach,” Procedia Computer Science, vol. 176, pp. 985–994, 2020, Knowledge-Based and Intelligent Information & Engineering Systems: Proceedings of the 24th International Conference KES2020, doi: 10.1016/j.procs.2020.09.094.
  11. “The Complete Guide to Application Dependency Mapping,” Faddom, accessed on Oct 9, 2023. [Online]. Available: https://faddom.com/wp-content/uploads/2023/08/FD-ADM_Guide.pdf
  12. A. Kumar, S. S. Singh, K. Singh, and B. Biswas, “Link prediction techniques, applications, and performance: A survey,” Physica A: Statistical Mechanics and its Applications, vol. 553, p. 124289, 2020, doi: 10.1016/j.physa.2020.124289.
  13. D. Zhang, J. Yin, X. Zhu, and C. Zhang, “Network Representation Learning: A Survey,” IEEE Transactions on Big Data, vol. 6, no. 1, pp. 3–28, 2020, doi: 10.1109/TBDATA.2018.2850013.
  14. A. Grover and J. Leskovec, “Node2vec: Scalable Feature Learning for Networks,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ser. KDD ’16.   New York, NY, USA: Association for Computing Machinery, 2016, p. 855–864, doi: 10.1145/2939672.2939754.
  15. K. Kaynar, “A taxonomy for attack graph generation and usage in network security,” Journal of Information Security and Applications, vol. 29, pp. 27–56, 2016, doi: 10.1016/j.jisa.2016.02.001.
  16. L. Akoglu, H. Tong, and D. Koutra, “Graph based anomaly detection and description: a survey,” Data Mining and Knowledge Discovery, vol. 29, no. 3, p. 626–688, 2014, doi: 10.1007/s10618-014-0365-y.
  17. B. Bowman and H. H. Huang, “Towards Next-Generation Cybersecurity with Graph AI,” SIGOPS Operating Systems Review, vol. 55, no. 1, p. 61–67, jun 2021, doi: 10.1145/3469379.3469386.
  18. M. Atzmueller and R. Kanawati, “Explainability in cyber security using complex network analysis: A brief methodological overview,” in Proceedings of the 2022 European Interdisciplinary Cybersecurity Conference, ser. EICC ’22.   ACM, 2022, p. 49–52, doi: 10.1145/3528580.3532839.
  19. S. Lagraa, M. Husák, H. Seba, S. Vuppala, R. State, and M. Ouedraogo, “A review on graph-based approaches for network security monitoring and botnet detection,” International Journal of Information Security, pp. 1–22, 2023, doi: 10.1007/s10207-023-00742-7.
  20. M. Laštovička and P. Čeleda, “Situational awareness: Detecting critical dependencies and devices in a network,” in Security of Networks and Services in an All-Connected World.   Cham: Springer International Publishing, 2017, pp. 173–178, doi: 10.1007/978-3-319-60774-0_17.
  21. R. Hofstede, P. Čeleda, B. Trammell, I. Drago, R. Sadre, A. Sperotto, and A. Pras, “Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX,” IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 2037–2064, 2014, doi: 10.1109/COMST.2014.2321898.
  22. S. G. Aksoy, E. Purvine, and S. J. Young, “Directional Laplacian Centrality for Cyber Situational Awareness,” Digital Threats: Research and Practice, vol. 2, no. 4, oct 2021, doi: 10.1145/3450286.
  23. A. S. Pope, D. R. Tauritz, and M. Turcotte, “Automated design of tailored link prediction heuristics for applications in enterprise network security,” in Proceedings of the Genetic and Evolutionary Computation Conference Companion, ser. GECCO ’19.   New York, NY, USA: Association for Computing Machinery, 2019, p. 1634–1642, doi: 10.1145/3319619.3326861.
  24. S. Noel and V. Swarup, “Dependency-based link prediction for learning microsegmentation policy,” in Information and Communications Security.   Cham: Springer International Publishing, 2022, pp. 569–588, doi: 10.1007/978-3-031-15777-6_31.
  25. B. Perozzi, R. Al-Rfou, and S. Skiena, “DeepWalk: Online Learning of Social Representations,” in Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ser. KDD ’14.   New York, NY, USA: Association for Computing Machinery, 2014, p. 701–710, doi: 10.1145/2623330.2623732.
  26. W. W. Lo, S. Layeghy, M. Sarhan, M. Gallagher, and M. Portmann, “E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT,” in NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, doi: 10.1109/NOMS54207.2022.9789878.
  27. J. Busch, A. Kocheturov, V. Tresp, and T. Seidl, “NF-GNN: Network Flow Graph Neural Networks for Malware Detection and Classification,” in Proceedings of the 33rd International Conference on Scientific and Statistical Database Management, ser. SSDBM ’21.   New York, NY, USA: Association for Computing Machinery, 2021, p. 121–132, doi: 10.1145/3468791.3468814.
  28. H. Wang, Y. Wu, G. Min, and W. Miao, “A graph neural network-based digital twin for network slicing management,” IEEE Transactions on Industrial Informatics, vol. 18, no. 2, pp. 1367–1376, 2022, doi: 10.1109/TII.2020.3047843.
  29. J. S. Vitter, “Random sampling with a reservoir,” ACM Transactions on Mathematical Software, vol. 11, no. 1, p. 37–57, mar 1985, doi: 10.1145/3147.3165.
  30. “PyG Documentation,” PyG Team, 2023, accessed: Jul 31, 2023. [Online]. Available: https://pytorch-geometric.readthedocs.io/en/latest/
  31. L. Sadlek, M. Husák, and P. Čeleda, “Supplementary Materials: Identification of Device Dependencies Using Link Prediction,” Zenodo, jan 2024, doi: 10.5281/zenodo.10548433.
  32. M. Fey and J. E. Lenssen, “Fast Graph Representation Learning with PyTorch Geometric,” arXiv preprint arXiv:1903.02428, 2019, accessed on Sep 6, 2023. [Online]. Available: https://arxiv.org/abs/1903.02428
  33. D. Tovarňák, S. Špaček, and J. Vykopal, “Traffic and log data captured during a cyber defense exercise,” Data in Brief, vol. 31, p. 105784, 2020, doi: 10.1016/j.dib.2020.105784.
  34. D. Tovarňák, S. Špaček, and J. Vykopal, “Traffic and Log Data Captured During a Cyber Defense Exercise,” Zenodo, apr 2020, doi: 10.5281/zenodo.3746129.
  35. B. Peddycord, A. Natarajan, and P. Ning, “NSDMiner: Tool for identifying Network Service Dependencies,” 2015, accessed on Sep 6, 2023. [Online]. Available: https://sourceforge.net/projects/nsdminer/
  36. Y. Yang, R. N. Lichtenwalter, and N. V. Chawla, “Evaluating link prediction methods,” Knowledge and Information Systems, vol. 45, pp. 751–782, 2015, doi: 10.1007/s10115-014-0789-0.
  37. P. L. H. Yu, J. Gu, and H. Xu, “Analysis of ranking data,” Wiley Interdisciplinary Reviews: Computational Statistics, vol. 11, no. 6, p. e1483, 2019, doi: 10.1002/wics.1483.
  38. L. Yang and A. Shami, “On hyperparameter optimization of machine learning algorithms: Theory and practice,” Neurocomputing, vol. 415, pp. 295–316, 2020, doi: 10.1016/j.neucom.2020.07.061.

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up