Identifying anomalies in gridftp transfers for data-intensive science through application-awareness

Deepak Nadig; Byrav Ramamurthy; Brian Bockelman; David Swanson

doi:10.1145/3180465.3180469

Identifying anomalies in gridftp transfers for data-intensive science through application-awareness

Deepak Nadig, Byrav Ramamurthy, Brian Bockelman, David Swanson

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Network anomaly detection systems can be used to identify anomalous transfers or threats, which, when undetected, can trigger large-scale malicious events. Data-intensive science projects rely on high-throughput computing and high-speed networking resources for data analysis and processing. In this paper, we propose an anomaly detection framework and architecture for identifying anomalies in GridFTP transfers. Application-awareness plays an important role in our proposed architecture and is used to communicate GridFTP application metadata to the machine learning and anomaly detection system. We demonstrate the effectiveness of our architecture by evaluating the framework with a real-world, large-scale dataset of GridFTP transfers. Preliminary results show that our framework can be used to develop novel anomaly detection services with diverse feature sets for distributed and data-intensive projects.

Original language	English (US)
Title of host publication	SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018
Publisher	Association for Computing Machinery, Inc
Pages	7-12
Number of pages	6
ISBN (Electronic)	9781450356350
DOIs	https://doi.org/10.1145/3180465.3180469
Publication status	Published - Mar 14 2018
Event	2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018 - Tempe, United States Duration: Mar 21 2018 → …

Publication series

Name	SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018
Volume	2018-January

Other

Other	2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018
Country	United States
City	Tempe
Period	3/21/18 → …

Fingerprint

ASJC Scopus subject areas

Computer Science Applications
Information Systems
Software

Cite this

Nadig, D., Ramamurthy, B., Bockelman, B., & Swanson, D. (2018). Identifying anomalies in gridftp transfers for data-intensive science through application-awareness. In SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018 (pp. 7-12). (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018; Vol. 2018-January). Association for Computing Machinery, Inc. https://doi.org/10.1145/3180465.3180469

Identifying anomalies in gridftp transfers for data-intensive science through application-awareness. / Nadig, Deepak; Ramamurthy, Byrav; Bockelman, Brian; Swanson, David.

SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. Association for Computing Machinery, Inc, 2018. p. 7-12 (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018; Vol. 2018-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nadig, D, Ramamurthy, B, Bockelman, B & Swanson, D 2018, Identifying anomalies in gridftp transfers for data-intensive science through application-awareness. in SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018, vol. 2018-January, Association for Computing Machinery, Inc, pp. 7-12, 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018, Tempe, United States, 3/21/18. https://doi.org/10.1145/3180465.3180469

Nadig D, Ramamurthy B, Bockelman B, Swanson D. Identifying anomalies in gridftp transfers for data-intensive science through application-awareness. In SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. Association for Computing Machinery, Inc. 2018. p. 7-12. (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018). https://doi.org/10.1145/3180465.3180469

Nadig, Deepak ; Ramamurthy, Byrav ; Bockelman, Brian ; Swanson, David. / Identifying anomalies in gridftp transfers for data-intensive science through application-awareness. SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. Association for Computing Machinery, Inc, 2018. pp. 7-12 (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018).

@inproceedings{955bed1d54824c658e09744a53061f6c,

title = "Identifying anomalies in gridftp transfers for data-intensive science through application-awareness",

abstract = "Network anomaly detection systems can be used to identify anomalous transfers or threats, which, when undetected, can trigger large-scale malicious events. Data-intensive science projects rely on high-throughput computing and high-speed networking resources for data analysis and processing. In this paper, we propose an anomaly detection framework and architecture for identifying anomalies in GridFTP transfers. Application-awareness plays an important role in our proposed architecture and is used to communicate GridFTP application metadata to the machine learning and anomaly detection system. We demonstrate the effectiveness of our architecture by evaluating the framework with a real-world, large-scale dataset of GridFTP transfers. Preliminary results show that our framework can be used to develop novel anomaly detection services with diverse feature sets for distributed and data-intensive projects.",

author = "Deepak Nadig and Byrav Ramamurthy and Brian Bockelman and David Swanson",

year = "2018",

month = "3",

day = "14",

doi = "10.1145/3180465.3180469",

language = "English (US)",

series = "SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018",

publisher = "Association for Computing Machinery, Inc",

pages = "7--12",

booktitle = "SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018",

note = "2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018 ; Conference date: 21-03-2018",

}

TY - GEN

T1 - Identifying anomalies in gridftp transfers for data-intensive science through application-awareness

AU - Nadig, Deepak

AU - Ramamurthy, Byrav

AU - Bockelman, Brian

AU - Swanson, David

PY - 2018/3/14

Y1 - 2018/3/14

N2 - Network anomaly detection systems can be used to identify anomalous transfers or threats, which, when undetected, can trigger large-scale malicious events. Data-intensive science projects rely on high-throughput computing and high-speed networking resources for data analysis and processing. In this paper, we propose an anomaly detection framework and architecture for identifying anomalies in GridFTP transfers. Application-awareness plays an important role in our proposed architecture and is used to communicate GridFTP application metadata to the machine learning and anomaly detection system. We demonstrate the effectiveness of our architecture by evaluating the framework with a real-world, large-scale dataset of GridFTP transfers. Preliminary results show that our framework can be used to develop novel anomaly detection services with diverse feature sets for distributed and data-intensive projects.

AB - Network anomaly detection systems can be used to identify anomalous transfers or threats, which, when undetected, can trigger large-scale malicious events. Data-intensive science projects rely on high-throughput computing and high-speed networking resources for data analysis and processing. In this paper, we propose an anomaly detection framework and architecture for identifying anomalies in GridFTP transfers. Application-awareness plays an important role in our proposed architecture and is used to communicate GridFTP application metadata to the machine learning and anomaly detection system. We demonstrate the effectiveness of our architecture by evaluating the framework with a real-world, large-scale dataset of GridFTP transfers. Preliminary results show that our framework can be used to develop novel anomaly detection services with diverse feature sets for distributed and data-intensive projects.

UR - http://www.scopus.com/inward/record.url?scp=85050411010&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050411010&partnerID=8YFLogxK

U2 - 10.1145/3180465.3180469

DO - 10.1145/3180465.3180469

M3 - Conference contribution

AN - SCOPUS:85050411010

T3 - SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018

SP - 7

EP - 12

BT - SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018

PB - Association for Computing Machinery, Inc

T2 - 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018

Y2 - 21 March 2018

ER -

Access to Document

10.1145/3180465.3180469