1 / 14

Semantic Interpretation of Internet Monitoring Data

This workshop explores the challenges and solutions for interpreting and combining internet monitoring data, addressing issues such as inconsistent formats and conflicting data. It also discusses the use of ontologies and RDF data models for encapsulating domain expertise. The workshop aims to develop queries and applications for accessing and understanding internet monitoring data.

lolitae
Download Presentation

Semantic Interpretation of Internet Monitoring Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Semantic Interpretation of Internet Monitoring Data Ian Napier PhD Student, Dept of Computer Science Loughborough University Supervisors : Dr Iain Phillips Dr Lin Guan Multi-Service Networks Workshop, Cosener’s House 2009

  2. Example Scenario : Intersite VPN Multi-Service Networks Workshop, Cosener’s House 2009

  3. Where’s the gap? Multi-Service Networks Workshop, Cosener’s House 2009

  4. Data Usage Problems • Different published formats (PCAP files, CSV, HTML, spreadsheets, databases etc.) How to access and combine these? • Inconsistent or Conflicting data (eg : AS level topology from BGP updates or Active probing methods [4]). How to mediate? • Understanding the significance of, and relationship between disparate data. Interpretation and semantics need domain expertise. How to encapsulate this knowledge? • RDF data models and Ontologies are one approach. Multi-Service Networks Workshop, Cosener’s House 2009

  5. Ontology Summary A nice general definition : “An Ontology is a structure capturing semantic knowledge about a certain domain by describing relevant concepts and relations between them.” [5] data Ontology (knowledge model) metadata ‘knowledge’ High-Level Information Multi-Service Networks Workshop, Cosener’s House 2009

  6. Introduction to Semantic Web Tools Layered Approach, built on the foundation of the Resource Description Framework (RDF) and the RDF ‘triple’ Statement : predicate (property) SUBJECT OBJECT cos:locatedIn cos:Cosener’s Hotel cos:Oxfordshire cos:hasCountyTown “149,100” cos:Oxford cos:hasPopulation cos = “http://nets.lboro.ac.uk/home/coidn/cosenersontology.rdf/” Multi-Service Networks Workshop, Cosener’s House 2009

  7. Semantic Web Languages Query (SPARQL) Reasoners (Pellet,Fact) / Rules (SWRL) Ontology Languages (RDFS and OWL) Data Modelling (RDF) Multi-Service Networks Workshop, Cosener’s House 2009

  8. Conceptual System Outline Application “Local” data (eg:Packet traces, traceroutes) Queries Reasoner/Rules Ontology Data Converters (eg: PCAP to RDF) RDF Triple Store RDF/XML files Serialisers/Parsers “Public” data (eg: RIPE) Multi-Service Networks Workshop, Cosener’s House 2009

  9. Sample Ontology : Graph snippet Multi-Service Networks Workshop, Cosener’s House 2009

  10. Sample Ontology : RDF/XML snippet <rdf:Description rdf:about="http://nets.lboro.ac.uk/TCPFLOW72"> <lboro:hasRESET>false</lboro:hasRESET> <lboro:hasSRCIPAddr rdf:resource="http://nets.lboro.ac.uk/SRCIP72"/> <lboro:hasDSTPort>80</lboro:hasDSTPort> <rdf:type rdf:resource="http://nets.lboro.ac.uk/TCPFlow"/> </rdf:Description> − <rdf:Description rdf:about="http://nets.lboro.ac.uk/UDPFlow"> <owl:disjointWith rdf:resource="http://nets.lboro.ac.uk/TCPFlow"/> <rdfs:subClassOf rdf:resource="http://nets.lboro.ac.uk/IPCommunication"/> <rdf:type rdf:resource="http://www.w3.org/2002/07/owl#Class"/> </rdf:Description> Multi-Service Networks Workshop, Cosener’s House 2009

  11. Next Steps • Expand ontology domain to include more data, specifically more converters. • Develop richer semantics (predicates). • Develop queries and application, liaising with industry. • Initially concentrate on AS topology data and local packet captures. Thank You. Any questions? Multi-Service Networks Workshop, Cosener’s House 2009

  12. References and Reading References [1] RIPE. www.ripe.net. [2] Colleen Shannon; David Moore; Ken Keys; Marina Fomenkov; Brad- ley Huffaker; K.Claffy. The internet measurement data catalog. ACM SIG- COMM Computer Communication Review, 35:97100, 2005. [3] MOME. www.ist-mome.org. [4] Mahadevan; Krioukov; Formenkov; Huffaker; Dimitropoulos;Claffy;Vahdat. The internet as-level topology:three data sources and one definitive metric. In ACM/SIGCOMM Computer Communications Review Vol 36 Jan2006, 2006. [5] Marko Grobelnik; Dunja Mladenic. Semantic Web Technologies: Trends and Research in Ontology Based Systems, chapter 2. Knowledge Discovery for Ontology Construction. John Wiley and Sons, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, England, first edition, 2006. Recommended Reading Grigoris Antoniou; Frank van Harmelen. A Semantic Web Primer. The MIT Press, Cambridge, Massachusetts, second edition, 2008. Dean Allemang; Jim Hendler. Semantic Web for the Working Ontologist, Elsever Inc, Burlington, Massachusetts, first edition, 2007. Related Work http://www.fp7-moment.eu/ Multi-Service Networks Workshop, Cosener’s House 2009

  13. Supplementary Notes : Some Properties rdf :type rdfs :subClassOf :domain :range :subPropertyOf owl :class :ObjectProperty :datatypeProperty :inverseOf :SymmetricProperty :ReflexiveProperty A p A for allA :IrreflexiveProperty :TransitiveProperty Multi-Service Networks Workshop, Cosener’s House 2009

  14. Supplementary Notes : Some Possible Data Sources • “Locally generated” data, including Passive packet captures at Internet gateways, Active traceroute data, etc. • Regional Internet Registry data (eg: RIPE): delay measurements, AS to IP Address mappings etc [1]. • CAIDA: Many ongoing projects, including Archipelago (ARK) for AS level topology updates. Also CAIDA Internet Data Catalog [2]. • MoMe : EU FP6 initiative which gives a standardised interface to data from several ongoing projects and a data catalog [3]. Multi-Service Networks Workshop, Cosener’s House 2009

More Related