Situational Awareness: Detecting Critical Dependencies and Devices in a Network

Laštovička, Martin; Čeleda, Pavel

doi:10.1007/978-3-319-60774-0_17

Cited by 10 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Correct estimation of criticality and dependencies is vital for securing and hardening the networks but is hard to achieve in large networks due to the lack of detailed situational awareness and local knowledge [22], [18]. Passive network measurement, e.g., NetFlow [23], is the most widely used for dependency detection and is briefly described later in this section.…”

Section: Related Workmentioning

confidence: 99%

“…Zand et al [3] proposed the automatic detection of critical services in the network based on finding cliques in the graphs of correlated services, i.e., services active at similar times. Laštovička and Čeleda [22] proposed graph centrality-based approaches. Lange et al [9] used the time series-based analysis of network traffic to detect dependencies of network services.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Identification of Device Dependencies Using Link Prediction

Sadlek,

Husák,

Čeleda

2024

NOMS 2024-2024 IEEE Network Operations and Management Symposium

Self Cite

View full text Add to dashboard Cite

Devices in computer networks cannot work without essential network services provided by a limited count of devices. Identification of device dependencies determines whether a pair of IP addresses is a dependency, i.e., the host with the first IP address is dependent on the second one. These dependencies cannot be identified manually in large and dynamically changing networks. Nevertheless, they are important due to possible unexpected failures, performance issues, and cascading effects. We address the identification of dependencies using a new approach based on graph-based machine learning. The approach belongs to link prediction based on a latent representation of the computer network's communication graph. It samples random walks over IP addresses that fulfill time conditions imposed on network dependencies. The constrained random walks are used by a neural network to construct IP address embedding, which is a space that contains IP addresses that often appear close together in the same communication chain (i.e., random walk). Dependency embedding is constructed by combining values for IP addresses from their embedding and used for training the resulting dependency classifier. We evaluated the approach using IP flow datasets from a controlled environment and university campus network that contain evidence about dependencies. Evaluation concerning the correctness and relationship to other approaches shows that the approach achieves acceptable performance. It can simultaneously consider all types of dependencies and is applicable for batch processing in operational conditions.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Identification of Device Dependencies Using Link Prediction

Sadlek,

Husák,

Čeleda

2024

NOMS 2024-2024 IEEE Network Operations and Management Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…Larger networks, such as IoT networks, can be monitored to determine device type [69]. Another simple method is to use protocols to ask the device for identification [70].…”

Section: • Consumer Networkmentioning

confidence: 99%

An Approach to Guide Users Towards Less Revealing Internet Browsers

Mohsen

Shtayyeh²,

Struijk³

et al. 2022

Emerging Trends in Cybersecurity Applications

View full text Add to dashboard Cite

translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

show abstract

“…Husák et al focused on the predictive aspects of CSA [46,47]. Other team members investigated criticality and dependency detection [62] or data models for CSA [56].…”

Section: Research Groupsmentioning

confidence: 99%

SoK

Husák

Jirsík

Yang

2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization. CCS CONCEPTS • Security and privacy → Formal security models; • Networks → Network security.

show abstract

Situational Awareness: Detecting Critical Dependencies and Devices in a Network

Cited by 10 publications

References 10 publications

Identification of Device Dependencies Using Link Prediction

Identification of Device Dependencies Using Link Prediction

An Approach to Guide Users Towards Less Revealing Internet Browsers

SoK

Contact Info

Product

Resources

About