Know Your Achilles' Heel: Automatic Detection of Network Critical Services

Presentation pdf 4.8MB

Administrators need effective tools to quickly and automatically obtain a succinct, yet informative, overview of the status of their networks to make critical administrative decisions in a timely and effective manner. While the existing tools might help in pointing out machines that are heavily used or services that are failing, more subtle relationships, such as indirect dependencies between services, are not made apparent. In this paper, we propose novel techniques to automatically provide insights into the state of a network and the importance of the network components. We developed a tool, called Paris, which receives traffic information from various off-the-shelf network monitoring devices. Paris computes an importance metric for the network’s components based on which the administrators can prioritize their defensive and prohibitive actions. We evaluated Paris by running it on a mid-size, real-world network. The results show that Paris is able to automatically provide situation awareness in a timely, effective manner.

Author(s):

Ali Zand    
UC Santa Barbara
United States

Amir Houmansadr    
University of Massachusetts Amherst
United States

Giovanni Vigna    
UC Santa Barbara
United States

Richard Kemmerer    
UC Santa Barbara
United States

Christopher Kruegel    
UC Santa Barbara
United States