ABSTRACT
We leverage a novel telemetry source available in public clouds today: periodic summaries of every flow that enters or leaves any VM. A key aspect is that such telemetry can be collected transparently to customers and with minimal impact on their workloads. By consuming this telemetry, we show how one may realize complete and dynamic graphs of the communication inside cloud subscriptions. We describe novel analyses over these communication graphs with implications on network security and management.
- Advanced persistent threats. https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats.Google Scholar
- Amazon redshift. https://aws.amazon.com/redshift/.Google Scholar
- Apache spark. https://www.databricks.com/spark/about.Google Scholar
- AWS: Data Transfer Costs for Common Architectures. https://go.aws/3cg5J3O.Google Scholar
- Azure: Bandwidth Pricing. https://bit.ly/3Cou81Z.Google Scholar
- Azure synapse analytics. https://learn.microsoft.com/en-us/azure/synapse-analytics/.Google Scholar
- Cisco Adaptive Security Virtual Appliance (ASAv) Data Sheet. https://bit.ly/3UldTJq.Google Scholar
- Fast ica. https://scikit-learn.org/stable/modules/generated/sklearn.decomposition.FastICA.html.Google Scholar
- Flow logging for network security groups. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview.Google Scholar
- FortiGate-VM on Amazon Web Services. https://bit.ly/3Bp5qwb.Google Scholar
- Gcp: Vpc flow logs. https://cloud.google.com/vpc/docs/flow-logs.Google Scholar
- Google Cloud: Bandwidth Pricing. https://bit.ly/3Cw83i9.Google Scholar
- Google cloud platform microservices demo. https://github.com/GoogleCloudPlatform/microservices-demo.Google Scholar
- Horizontal pod autoscaling. https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/.Google Scholar
- Infection monkey - breach and attack simulation. https://www.akamai.com/infectionmonkey/breach-and-attack-simulation.Google Scholar
- Intel tofino. https://intel.ly/3wxWT8w.Google Scholar
- Intel tofino 2. https://intel.ly/3QTeD6F.Google Scholar
- Logging ip traffic using vpc flow logs. https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html.Google Scholar
- A new walmart 'cloud factory' will accelerate digital innovation, boost business efficiency. https://shorturl.at/amwHI.Google Scholar
- Palo Alto Networks VM-Series Firewall. https://docs.paloaltonetworks.com/vm-series.Google Scholar
- tcpdump. http://ee.lbl.gov/tcpdump.tar.Z.Google Scholar
- Using netflow filtering or sampling to select the network traffic to track. https://rb.gy/83mcu.Google Scholar
- What is an advanced persistent threat (apt)? https://www.cisco.com/c/en/us/products/security/advanced- persistent- threat.html.Google Scholar
- Vfp: A virtual switch platform for host sdn in the public cloud. In NSDI, 2017.Google Scholar
- Azure accelerated networking: Smartnics in the public cloud. In NSDI, 2018.Google Scholar
- Microsegmentation - global strategic business report. https://www.researchandmarkets.com/report/microsegmentation, 2023.Google Scholar
- Akamai. Akamai Guardicore Segmentation. https://www.akamai.com/products/akamai-guardicore-segmentation.Google Scholar
- I. Antonellis, H. G. Molina, and C. C. Chang. Simrank++: Query rewriting through link analysis of the click graph. In VLDB Endowment, 2008.Google ScholarDigital Library
- P. Bahl, R. Chandra, A. Greenberg, S. Kandula, D. Maltz, and M. Zhang. Towards Highly Reliable Enterprise Network Services via Inference of Multi-level Dependencies. In SIGCOMM, 2007.Google ScholarDigital Library
- J. Bailey and B. Jensen. Walmart and azure. https://shorturl.at/vMTY0.Google Scholar
- H. Ballani, Y. Chawathe, S. Ratnasamy, T. Roscoe, and S. Shenker. Off by default! In HotNets, 2005.Google Scholar
- D. Bansal, G. DeGrace, R. Tewari, M. Zygmunt, J. Grantham, S. Gai, M. Baldi, K. Doddapaneni, A. Selvarajan, A. Arumugam, B. Raman, A. Gupta, S. Jain, D. Jagasia, E. Langlais, P. Srivastava, R. Hazarika, N. Motwani, S. Tiwari, S. Grant, R. Chandra, and S. Kandula. Disaggregating stateful network functions. In NSDI, 2023.Google Scholar
- V. D. Blondel, J.-L. Guillaume, R. Lambiotte, and E. Lefebvre. Fast unfolding of communities in large networks, 2008.Google ScholarCross Ref
- P. Bodík, I. Menache, M. Chowdhury, P. Mani, D. A. Maltz, and I. Stoica. Surviving failures in bandwidth-constrained datacenters, 2012.Google ScholarDigital Library
- A. Broder. On the resemblance and containment of documents. In Proceedings of the Compression and Complexity of Sequences 1997. IEEE Computer Society, 1997.Google ScholarDigital Library
- P. Carbone, A. Katsifodimos, S. Ewen, V. Markl, S. Haridi, et al. Apache Flink: Stream and batch processing in a single engine. In ICDE, 2015.Google Scholar
- M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: Taking Control of the Enterprise. ACM SIGCOMM Computer Communication Review, 37(4):1, Oct. 2007.Google ScholarDigital Library
- N. M. M. K. Chowdhury and R. Boutaba. Network Virtualization: State of the Art and Research Challenges. IEEE ComSoc, 2009.Google Scholar
- Cisco. Cisco Tetration. https://www.cisco.com/c/en_sg/products/data-center-analytics/tetration-analytics/index.html.Google Scholar
- C. Cranor, Y. Gao, T. Johnson, V. Shkapenyuk, and O. Spatscheck. Gigascope: High performance network monitoring with an sql interface. In SIGMOD, 2002.Google ScholarDigital Library
- C. Cranor, T. Johnson, O. Spataschek, and V. Shkapenyuk. Gigascope: A stream database for network applications. In SIGMOD, 2003.Google ScholarDigital Library
- C. Cranor, T. Johnson, O. Spatscheck, and V. Shkapenyuk. The gigascope stream database. IEEE Data Eng. Bull., 2003.Google Scholar
- M. Dalton et al. Andromeda: Performance, Isolation, and Velocity at Scale in Cloud Network Virtualization. In NSDI, 2018.Google Scholar
- J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova. Bert: Pre-training of deep bidirectional transformers for language understanding, 2019.Google Scholar
- O. Ertl. Superminhash -- a new minwise hashing algorithm for jaccard similarity estimation. https://arxiv.org/pdf/1706.05698.pdf.Google Scholar
- C. Estan, S. Savage, and G. Varghese. Automatically Inferring Patterns of Resource Consumption in Network Traffic. In SIGCOMM, 2003.Google ScholarDigital Library
- B. Evans. Walmart cio: We picked microsoft for huge cloud deal to accelerate digital transformation. https://shorturl.at/aABI3.Google Scholar
- A. Gember-Jacobson, R. Viswanathan, C. Prakash, R. Grandl, J. Khalid, S. Das, and A. Akella. Opennf: Enabling innovation in network function control. In SIGCOMM, 2014.Google ScholarDigital Library
- C. Guo, L. Yuan, D. Xiang, Y. Dang, R. Huang, D. Maltz, Z. Liu, V. Wang, B. Pang, H. Chen, Z.-W. Lin, and V. Kurien. Pingmesh: A large-scale system for data center network latency measurement and analysis. In SIGCOMM, 2015.Google ScholarDigital Library
- K. He, X. Zhang, S. Ren, and J. Sun. Deep residual learning for image recognition, 2015.Google Scholar
- K. Henderson, B. Gallagher, T. Eliassi-Rad, H. Tong, S. Basu, L. Akoglu, D. Koutra, C. Faloutsos, and L. Li. Rolx: Structural role extraction & mining in large graphs. In KDD, 2012.Google ScholarDigital Library
- M. Iliofotou, P. Pappu, M. Faloutsos, M. Mitzenmacher, S. Singh, and G. Varghese. Network monitoring using traffic dispersion graphs (tdgs). In IMC, 2007.Google ScholarDigital Library
- Illumio. Zero Trust: the security paradigm for the modern organization. https://www.illumio.com/solutions/zero-trust.Google Scholar
- G. Jeh and J. Widom. Simrank: A measure of structural-context similarity. In KDD, 2002.Google ScholarDigital Library
- S. Kandula, R. Chandra, and D. Katabi. What's Going On? Learning Communication Rules in Edge Networks. In SIGCOMM, 2008.Google ScholarDigital Library
- S. Kandula, S. Sengupta, A. Greenberg, P. Patel, and R. Chaiken. The Nature of Datacenter Traffic: Measurements & Analysis. In IMC, 2009.Google ScholarDigital Library
- T. Koponen, K. Amidon, P. Balland, M. Casado, A. Chanda, B. Fulton, I. Ganichev, J. Gross, P. Ingram, E. Jackson, A. Lambeth, R. Lenglet, S.-H. Li, A. Padmanabhan, J. Pettit, B. Pfaff, R. Ramanathan, S. Shenker, A. Shieh, J. Stribling, P. Thakkar, D. Wendlandt, A. Yip, and R. Zhang. Network virtualization in multi-tenant datacenters. In NSDI, 2014.Google ScholarDigital Library
- A. Lakhina, M. Crovella, and C. Diot. Mining anomalies using traffic feature distributions. SIGCOMM CCR, 2005.Google ScholarDigital Library
- Y. Li, R. Miao, C. Kim, and M. Yu. Flowradar: A better netflow for data centers. In NSDI, 2016.Google ScholarDigital Library
- D. Lizorkin, P. Velikhov, M. Grinev, and D. Turdakov. Accuracy estimate and optimization techniques for simrank computation. In VLDB Endowment, 2008.Google ScholarDigital Library
- Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai. Kitsune: An ensemble of autoencoders for online network intrusion detection. In NDSS, 2018.Google ScholarCross Ref
- J. C. Mogul, D. Goricanec, M. Pool, A. Shaikh, D. Turk, B. Koley, and X. Zhao. Experiences with modeling network topologies at multiple levels of abstraction. In NSDI, 2020.Google Scholar
- B. Perozzi, R. Al-Rfou, and S. Skiena. Deepwalk: Online learning of social representations. In KDD, 2014.Google ScholarDigital Library
- B. Pfaff, J. Pettit, T. Koponen, E. Jackson, A. Zhou, J. Rajahalme, J. Gross, A. Wang, J. Stringer, P. Shelar, K. Amidon, and M. Casado. The design and implementation of open vSwitch. In NSDI, 2015.Google ScholarDigital Library
- A. Rawashdeh and A. Ralescu. Similarity measure for social networks -- a brief survey. volume 1353, 2015.Google Scholar
- A. Roy, H. Zeng, J. Bagga, G. Porter, and A. C. Snoeren. Inside the social network's (datacenter) network. In SIGCOMM, 2015.Google ScholarDigital Library
- S. Singh, F. Baboescu, G. Varghese, and J. Wang. Packet Classification Using Multidimensional Cutting. In ACM SIGCOMM 2003.Google Scholar
- Verizon. 2023 data breach investigations report. https://www.verizon.com/business/resources/reports/dbir/.Google Scholar
- Verizon. Data breach investigations report: 2008-2022. https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf.Google Scholar
- VMWare. VMware NSX. https://www.vmware.com/products/nsx.html.Google Scholar
- K. Zhao, P. Goyal, M. Alizadeh, and T. E. Anderson. Scalable tail latency estimation for data center networks. In NSDI, 2023.Google Scholar
Recommendations
Dynamic chromatic number of regular graphs
A k-dynamic coloring of a graph G is a proper coloring of G with k colors such that for every vertex v@?V(G) of degree at least 2, the neighbors of v receive at least 2 colors. The dynamic chromatic number of a graph G, @g"2(G), is the least number k ...
Building Dynamic Computing Infrastructures over Distributed Clouds
NCCA '11: Proceedings of the 2011 First International Symposium on Network Cloud Computing and ApplicationsThe emergence of cloud computing infrastructures brings new ways to build and manage computing systems, with the flexibility offered by virtualization technologies. In this context, this PhD thesis focuses on two principal objectives. First, leveraging ...
On r -dynamic coloring of graphs
An r -dynamic proper k -coloring of a graph G is a proper k -coloring of G such that every vertex in V ( G ) has neighbors in at least min { d ( v ) , r } different color classes. The r -dynamic chromatic number of a graph G , written r ( G ) , is the ...
Comments