Hypersparse Network Flow Analysis of Packets with GraphBLAS

Tyler Trigg; Chad Meiners; Sandeep Pisharody; Hayden Jananthan; Michael Jones; Adam Michaleas; Timothy Davis; Erik Welch; William Arcand; David Bestor; William Bergeron; Chansup Byun; Vijay Gadepally; Micheal Houle; Matthew Hubbell; Anna Klein; Peter Michaleas; Lauren Milechin; Julie Mullen; Andrew Prout; Albert Reuther; Antonio Rosa; Siddharth Samsi; Doug Stetson; Charles Yee; Jeremy Kepner

doi:10.1109/HPEC55821.2022.9926320

Hypersparse Network Flow Analysis of Packets with GraphBLAS

Tyler Trigg, Chad Meiners, Sandeep Pisharody, Hayden Jananthan, Michael Jones, Adam Michaleas, Timothy Davis, Erik Welch, William Arcand, David Bestor, William Bergeron, Chansup Byun, Vijay Gadepally, Micheal Houle, Matthew Hubbell, Anna Klein, Peter Michaleas, Lauren Milechin, Julie Mullen, Andrew ProutAlbert Reuther, Antonio Rosa, Siddharth Samsi, Doug Stetson, Charles Yee, Jeremy Kepner

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Internet analysis is a major challenge due to the volume and rate of network traffic. In lieu of analyzing traffic as raw packets, network analysts often rely on compressed network flows (netflows) that contain the start time, stop time, source, destination, and number of packets in each direction. However, many traffic analyses benefit from temporal aggregation of multiple simultaneous netflows, which can be computationally challenging. To alleviate this concern, a novel netflow compression and resampling method has been developed leveraging GraphBLAS hyperspace traffic matrices that preserve anonymization while enabling subrange analysis. Standard multi-temporal spatial analyses are then performed on each sub range to generate detailed statistical aggregates of the source packets, source fan-out, unique links, destination fan-in, and destination packets of each subrange which can then be used for background modeling and anomaly detection. A simple file format based on GraphBLAS sparse matrices is developed for storing these statistical aggregates. This method is scale tested on the MIT SuperCloud using a 50 trillion packet netflow corpus from several hundred sites collected over several months. The resulting compression achieved is significant (<0.1 bit per packet) enabling extremely large netflow analyses to be stored and transported. The single node parallel performance is analyzed in terms of both processors and threads showing that a single node can perform hundreds of simultaneous analyses at over a million packets/sec (roughly equivalent to a 10 Gigabit link).

Original language	English
Title of host publication	2022 IEEE High Performance Extreme Computing Conference, HPEC 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781665497862
DOIs	https://doi.org/10.1109/HPEC55821.2022.9926320
State	Published - 2022
Externally published	Yes
Event	2022 IEEE High Performance Extreme Computing Conference, HPEC 2022 - Virtual, Online, United States Duration: Sep 19 2022 → Sep 23 2022

Publication series

Name	2022 IEEE High Performance Extreme Computing Conference, HPEC 2022

Conference

Conference	2022 IEEE High Performance Extreme Computing Conference, HPEC 2022
Country/Territory	United States
City	Virtual, Online
Period	09/19/22 → 09/23/22

Keywords

compression
hypersparse matrices
network analyses
streaming graphs

Access to Document

10.1109/HPEC55821.2022.9926320

Cite this

Trigg, T., Meiners, C., Pisharody, S., Jananthan, H., Jones, M., Michaleas, A., Davis, T., Welch, E., Arcand, W., Bestor, D., Bergeron, W., Byun, C., Gadepally, V., Houle, M., Hubbell, M., Klein, A., Michaleas, P., Milechin, L., Mullen, J., ... Kepner, J. (2022). Hypersparse Network Flow Analysis of Packets with GraphBLAS. In 2022 IEEE High Performance Extreme Computing Conference, HPEC 2022 (2022 IEEE High Performance Extreme Computing Conference, HPEC 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/HPEC55821.2022.9926320

@inproceedings{03444ae6bd504c6ab2ce41e0cadc3cce,

title = "Hypersparse Network Flow Analysis of Packets with GraphBLAS",

abstract = "Internet analysis is a major challenge due to the volume and rate of network traffic. In lieu of analyzing traffic as raw packets, network analysts often rely on compressed network flows (netflows) that contain the start time, stop time, source, destination, and number of packets in each direction. However, many traffic analyses benefit from temporal aggregation of multiple simultaneous netflows, which can be computationally challenging. To alleviate this concern, a novel netflow compression and resampling method has been developed leveraging GraphBLAS hyperspace traffic matrices that preserve anonymization while enabling subrange analysis. Standard multi-temporal spatial analyses are then performed on each sub range to generate detailed statistical aggregates of the source packets, source fan-out, unique links, destination fan-in, and destination packets of each subrange which can then be used for background modeling and anomaly detection. A simple file format based on GraphBLAS sparse matrices is developed for storing these statistical aggregates. This method is scale tested on the MIT SuperCloud using a 50 trillion packet netflow corpus from several hundred sites collected over several months. The resulting compression achieved is significant (<0.1 bit per packet) enabling extremely large netflow analyses to be stored and transported. The single node parallel performance is analyzed in terms of both processors and threads showing that a single node can perform hundreds of simultaneous analyses at over a million packets/sec (roughly equivalent to a 10 Gigabit link).",

keywords = "compression, hypersparse matrices, network analyses, streaming graphs",

author = "Tyler Trigg and Chad Meiners and Sandeep Pisharody and Hayden Jananthan and Michael Jones and Adam Michaleas and Timothy Davis and Erik Welch and William Arcand and David Bestor and William Bergeron and Chansup Byun and Vijay Gadepally and Micheal Houle and Matthew Hubbell and Anna Klein and Peter Michaleas and Lauren Milechin and Julie Mullen and Andrew Prout and Albert Reuther and Antonio Rosa and Siddharth Samsi and Doug Stetson and Charles Yee and Jeremy Kepner",

note = "Funding Information: This material is based upon work supported by the Assistant Secretary of Defense for Research and Engineering under Air Force Contract No. FA8702-15-D-0001, National Science Foundation CCF-1533644, and United States Air Force Research Laboratory and Artificial Intelligence Accelerator Cooperative Agreement Number FA8750-19-2-1000. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Assistant Secretary of Defense for Research and Engineering, the National Science Foundation, or the United States Air Force. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein. Publisher Copyright: {\textcopyright} 2022 IEEE.; null ; Conference date: 19-09-2022 Through 23-09-2022",

year = "2022",

doi = "10.1109/HPEC55821.2022.9926320",

language = "English",

series = "2022 IEEE High Performance Extreme Computing Conference, HPEC 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2022 IEEE High Performance Extreme Computing Conference, HPEC 2022",

}

Trigg, T, Meiners, C, Pisharody, S, Jananthan, H, Jones, M, Michaleas, A, Davis, T, Welch, E, Arcand, W, Bestor, D, Bergeron, W, Byun, C, Gadepally, V, Houle, M, Hubbell, M, Klein, A, Michaleas, P, Milechin, L, Mullen, J, Prout, A, Reuther, A, Rosa, A, Samsi, S, Stetson, D, Yee, C & Kepner, J 2022, Hypersparse Network Flow Analysis of Packets with GraphBLAS. in 2022 IEEE High Performance Extreme Computing Conference, HPEC 2022. 2022 IEEE High Performance Extreme Computing Conference, HPEC 2022, Institute of Electrical and Electronics Engineers Inc., 2022 IEEE High Performance Extreme Computing Conference, HPEC 2022, Virtual, Online, United States, 09/19/22. https://doi.org/10.1109/HPEC55821.2022.9926320

Hypersparse Network Flow Analysis of Packets with GraphBLAS. / Trigg, Tyler; Meiners, Chad; Pisharody, Sandeep et al.

2022 IEEE High Performance Extreme Computing Conference, HPEC 2022. Institute of Electrical and Electronics Engineers Inc., 2022. (2022 IEEE High Performance Extreme Computing Conference, HPEC 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Hypersparse Network Flow Analysis of Packets with GraphBLAS

AU - Trigg, Tyler

AU - Meiners, Chad

AU - Pisharody, Sandeep

AU - Jananthan, Hayden

AU - Jones, Michael

AU - Michaleas, Adam

AU - Davis, Timothy

AU - Welch, Erik

AU - Arcand, William

AU - Bestor, David

AU - Bergeron, William

AU - Byun, Chansup

AU - Gadepally, Vijay

AU - Houle, Micheal

AU - Hubbell, Matthew

AU - Klein, Anna

AU - Michaleas, Peter

AU - Milechin, Lauren

AU - Mullen, Julie

AU - Prout, Andrew

AU - Reuther, Albert

AU - Rosa, Antonio

AU - Samsi, Siddharth

AU - Stetson, Doug

AU - Yee, Charles

AU - Kepner, Jeremy

N1 - Funding Information: This material is based upon work supported by the Assistant Secretary of Defense for Research and Engineering under Air Force Contract No. FA8702-15-D-0001, National Science Foundation CCF-1533644, and United States Air Force Research Laboratory and Artificial Intelligence Accelerator Cooperative Agreement Number FA8750-19-2-1000. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Assistant Secretary of Defense for Research and Engineering, the National Science Foundation, or the United States Air Force. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein. Publisher Copyright: © 2022 IEEE.

PY - 2022

Y1 - 2022

N2 - Internet analysis is a major challenge due to the volume and rate of network traffic. In lieu of analyzing traffic as raw packets, network analysts often rely on compressed network flows (netflows) that contain the start time, stop time, source, destination, and number of packets in each direction. However, many traffic analyses benefit from temporal aggregation of multiple simultaneous netflows, which can be computationally challenging. To alleviate this concern, a novel netflow compression and resampling method has been developed leveraging GraphBLAS hyperspace traffic matrices that preserve anonymization while enabling subrange analysis. Standard multi-temporal spatial analyses are then performed on each sub range to generate detailed statistical aggregates of the source packets, source fan-out, unique links, destination fan-in, and destination packets of each subrange which can then be used for background modeling and anomaly detection. A simple file format based on GraphBLAS sparse matrices is developed for storing these statistical aggregates. This method is scale tested on the MIT SuperCloud using a 50 trillion packet netflow corpus from several hundred sites collected over several months. The resulting compression achieved is significant (<0.1 bit per packet) enabling extremely large netflow analyses to be stored and transported. The single node parallel performance is analyzed in terms of both processors and threads showing that a single node can perform hundreds of simultaneous analyses at over a million packets/sec (roughly equivalent to a 10 Gigabit link).

AB - Internet analysis is a major challenge due to the volume and rate of network traffic. In lieu of analyzing traffic as raw packets, network analysts often rely on compressed network flows (netflows) that contain the start time, stop time, source, destination, and number of packets in each direction. However, many traffic analyses benefit from temporal aggregation of multiple simultaneous netflows, which can be computationally challenging. To alleviate this concern, a novel netflow compression and resampling method has been developed leveraging GraphBLAS hyperspace traffic matrices that preserve anonymization while enabling subrange analysis. Standard multi-temporal spatial analyses are then performed on each sub range to generate detailed statistical aggregates of the source packets, source fan-out, unique links, destination fan-in, and destination packets of each subrange which can then be used for background modeling and anomaly detection. A simple file format based on GraphBLAS sparse matrices is developed for storing these statistical aggregates. This method is scale tested on the MIT SuperCloud using a 50 trillion packet netflow corpus from several hundred sites collected over several months. The resulting compression achieved is significant (<0.1 bit per packet) enabling extremely large netflow analyses to be stored and transported. The single node parallel performance is analyzed in terms of both processors and threads showing that a single node can perform hundreds of simultaneous analyses at over a million packets/sec (roughly equivalent to a 10 Gigabit link).

KW - compression

KW - hypersparse matrices

KW - network analyses

KW - streaming graphs

UR - http://www.scopus.com/inward/record.url?scp=85142236749&partnerID=8YFLogxK

U2 - 10.1109/HPEC55821.2022.9926320

DO - 10.1109/HPEC55821.2022.9926320

M3 - Conference contribution

AN - SCOPUS:85142236749

T3 - 2022 IEEE High Performance Extreme Computing Conference, HPEC 2022

BT - 2022 IEEE High Performance Extreme Computing Conference, HPEC 2022

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 19 September 2022 through 23 September 2022

ER -

Trigg T, Meiners C, Pisharody S, Jananthan H, Jones M, Michaleas A et al. Hypersparse Network Flow Analysis of Packets with GraphBLAS. In 2022 IEEE High Performance Extreme Computing Conference, HPEC 2022. Institute of Electrical and Electronics Engineers Inc. 2022. (2022 IEEE High Performance Extreme Computing Conference, HPEC 2022). doi: 10.1109/HPEC55821.2022.9926320

Hypersparse Network Flow Analysis of Packets with GraphBLAS

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this