Abstract
Enterprise networks are large, complex, and dynamic networks that must simultaneously satisfy an often disparate set of objectives. Comprising of multitude of network services and applications, understanding the functional relationships—a superset of dependencies--between components is paramount in support of business and missions. Understanding these relationships directly bolsters network management, fault detection and localization, and proactive and resilient cybersecurity defenses. The overview of the invention is as follows: starting from network flow information (NetFlow, IPFIX, etc.), a network flow information record is transformed, providing user-defined labels to the addresses and network engineering labels to other elements of the record. A tuple is created comprising elements of the record information, along with the transformed information. In the proof of concept, we define the tuple as (local network label, remote network label, remote network (IP) address, protocol, protocol information). Depending on the observation point of the flow sensor, the tuple can be expanded to included application, e.g, ('outlook", local network label, remote network label, remote network (IP) address, protocol, protocol information). An association rule algorithms—in our case, reinforced executions of frequent pattern (FP) growth—discovers relations between the elements of all the tuples. In simulated network testing, these relationships have characterized host-based network and application dependencies.
Application Number
15/486,162
Inventors
Chikkagoudar,Satish
Carroll,Tom E
Arthur-Durett,Kristine M
Thomas,Dennis G
Market Sector
Security