ESnet Highlights from ZeekWeek’21

Fatema Bannat Wala presenting at ZeekWeek21

Slides and videos from ZeekWeek have just been made available — here are links to ESnet highlights.


ZeekWeek, an annual Fall conference organized by the Zeek Project, took place online from October 13-15 this year. The conference had over 2000 registered participants from the open source user community this year, who got together to share the latest and greatest about this cyber-security and network monitoring software tool.

Berkeley Lab staff member Vern Paxson developed the precursor to the Zeek intrusion detection software, then called Bro, in 1994. As an early adopter, ESnet’s cybersecurity team has strong relationships with the Zeek community, and this ZeekWeek was an opportunity to showcase advances and uses made by the software by ESnet and the entire Research and Educational Networking Community.


The talk “DNS and Spoofed traffic investigation with Zeek,” presented by Fatema Bannat Wala, discussed how Zeek is being used to do network traffic analysis/investigations at ESnet by triaging abnormal activities when these occur on our network.

The talks “A Better Way to Capture Packets with DPDK” and “Details for DPDK plugin development and performance measurement presented by Vlad Grigorescu and Scott Campbell, detailed the development process of the plugin and the performance enhancements it brings to the network packet capture technology.

Fatema Bannat Wala also did a training session on “Introduction to Zeek,” which provided hands-on experience with Zeek tools and information about how to get involved with the collaboration.

ESnet’s cybersecurity team looks forward to continued collaboration with the Zeek community, attending next year’s ZeekWeek, and to contributing future code enhancements to this great software ecosystem.

3 Questions with Michael Haberman

Michael comes to ESnet’s Cybersecurity group after working as a software engineer at the National Center for Supercomputing Applications (NCSA), and in the Automated Learning Group at the University of Illinois, Champaign/Urbana (UIUC). Recently, he has also been an instructor for a data science and machine learning course within the School of Informatics (iSchool).

Michael Haberman
Michael Haberman

What brought you to ESnet?
The classes I taught at UIUC were designed around mastery-based learning and evidence-based teaching. I built a framework that instrumented the assignments (similar to observability) so that I could get a good pulse on where students were struggling and where they weren’t. Creating the end-to-end workflows for the students made me realize how much I missed architecting (and building) software. I knew several great ESnet people and it was just perfect timing that the security group had an opening where they were receptive to bringing on someone with a software design background and also enthusiastic about letting me continue climbing the data analytics and machine learning mountain (I’m at the base). I also love that ESnet’s mission enables science.

What’s the most exciting thing happening in your field?
There’s a lot going on and staying current is a challenge. If I had to pick a topic that is ripe for potential (or hype) it’s using blockchain “decentralized ledger” technology (now being used for databases, voting, and electronic currencies), to create applications in digital identity, and remove unnecessary intermediaries from transactions. It seems like there are new application ideas for blockchain every day.

Although I do not know much about cryptocurrency (or its future), the idea of using their decentralized ‘bookkeeping’ architecture for secure transactions with provenance seems intriguing.

What book would you recommend?
I remember reading The Cuckoo’s Egg in high school and it’s one of the books that got me interested in both computer science and security. When I saw this question I remembered that the main character is from LBL! Perhaps the security group will want me to look into an accounting discrepancy?

ESnet Machine Learning Researchers Win Best Paper at MLN ‘2021!

MLN '2021 Best Paper Award Notification

Sheng Shen, Mariam Kiran, and Bashir Mohammed have just been awarded the Best Paper award at the International Conference on Machine Learning for Networking (MLN). Sponsored by the Conservatoire National des Arts et Métiers (CNAM), the École Supérieure d’Ingénieurs en Électrotechnique et Électronique (ESIEE), and Laboratoire d’Informatique Gaspard-Monge (LIGM), MLN is being held virtually 1-3 December 2021.

The paper, “DynamicDeepFlow: An Approach for Identifying Changes in Network Traffic Flow Using Unsupervised Clustering,” uses a hybrid of deep learning variational autoencoder model and a shallow learning k-means to help identify unique traffic patterns across ESnet. These unique patterns can help identify if a new experiment has started or whether current network bandwidth is changing.

DynamicDeepFlow (DDF) model structure

“We’re very excited to receive this recognition and the conference was a wonderful opportunity to exchange thoughts and ideas with peers in France. MLN is a conference dedicated to discussing machine learning applications in networks. Our next task is to integrate DynamicDeepflow with Netpredict to show real-time information in ESnet data” — Mariam Kiran

Papers from MLN will be published as post-proceedings in Springer’s Lecture Notes in Computer Science (LNCS).

ESnet Highlights from the National Science Foundation’s Cybersecurity Summit ’21

The National Science Foundation (NSF) Cybersecurity Center of Excellence, Trusted CI Project hosts a yearly cybersecurity summit, inviting people from various NSF-funded research organizations to share innovations and ideas. Here are some videos of ESnet presentations.

Scott Campbell presented “ESnet Security Group Impact on Network Architecture” where he discussed some of the social, technical, and architectural outcomes of the ESnet6 network upgrade that were beneficial to the organization. By being involved early, security design elements were incorporated into workflows at early stages and were both tightly integrated and vetted during the core design process. This early involvement also heightened the security group’s visibility, which led to a better understanding of how the various groups interact and their different methods of problem-solving and time management.

Eli Dart and Fatema Bannat Wala presented “Best practices for securing Science DMZ,” focusing on disentangling security policies and enforcement for science flows from traditional security approaches for business systems, and use of the Science DMZ model to protect high-performance science flows. They discussed thinking of the Science DMZ as a security architecture that provides useful and implementable security controls without impacting performance.