Network Probe for Flexible Flow Monitoring

Research in measurement and monitoring of Internet traffic is evolving rapidly but network tools that would be able to follow it are still rare. New approaches and methods are often tested in offline environment or on low-speed links using software solutions, but consecutive real-time deployment on high-speed links is missing. In this context we propose a flexible network probe which is a foundation stone for further network measurement and monitoring. The architecture of the probe is based on a network acceleration card with Field-Programmable Gate Arrays (FPGA) and a host computer. The configuration for FPGA chips is automatically generated by a configuration program according to the user's definition of the monitored values in order to save hardware resources and increase the throughput. The definition of the monitoring process is described using XML, transformed to VHDL and synthesized. This enables the probe to gain any information about network traffic, assign it to the flow and process it, all of which can be arbitrarily defined by the user.

[1]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[2]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[3]  Martin Kosek,et al.  FlowContext: Flexible Platform for Multigigabit Stateful Packet Processing , 2007, 2007 International Conference on Field Programmable Logic and Applications.

[4]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[5]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[6]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[7]  Anja Feldmann,et al.  Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection , 2006, USENIX Security Symposium.

[8]  Carey L. Williamson,et al.  Identifying and discriminating between web and peer-to-peer traffic in the network core , 2007, WWW '07.

[9]  Tomas Dedek,et al.  High Level Abstraction Language as an Alternative to Embedded Processors for Internet Packet Processing in FPGA , 2007, 2007 International Conference on Field Programmable Logic and Applications.

[10]  Catherine Rosenberg,et al.  Behavioral authentication of server flows , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[11]  W MooreAndrew,et al.  Internet traffic classification using bayesian analysis techniques , 2005 .

[12]  Zihui Ge,et al.  Lightweight application classification for network management , 2007, INM '07.

[13]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[14]  Jake D. Brutlag,et al.  Aberrant Behavior Detection in Time Series for Network Monitoring , 2000, LISA.

[15]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[16]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[17]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.