Monitoring traffic in computer networks with dynamic distributed remote packet capturing

We present an approach for flexible distributed remote packet capturing with additional self-adaptivity and cooperation capabilities. Such techniques are needed for gaining comprehensive insight into large computer networks. With our system it is possible to operate multiple distributed remote packet capturing sensors from arbitrary locations. Advanced features like self-adaptivity or the cooperative use of sensors help to increase the performance. Empirical results obtained with a prototype indicate that our approach is efficient and allows capturing of traffic with speeds in the order of magnitude of Gigabit Ethernet. Furthermore, our approach integrates with and enables the use of existing packet processing applications.

[1]  Martin Kappes,et al.  Header Field Based Partitioning of Network Traffic for Distributed Packet Capturing and Processing , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[2]  Antonio Pescapè,et al.  Cloud monitoring: A survey , 2013, Comput. Networks.

[3]  Mary Shaw,et al.  A Design Space for Self-Adaptive Systems , 2010, Software Engineering for Self-Adaptive Systems.

[4]  Martin Kappes,et al.  Bridging the Gap between Low-Level Network Traffic Data Acquisition and Higher-Level Frameworks , 2014, 2014 IEEE 38th International Computer Software and Applications Conference Workshops.

[5]  Alessandro Margara,et al.  Processing flows of information: From data stream to complex event processing , 2012, CSUR.

[6]  Ladan Tahvildari,et al.  Self-adaptive software: Landscape and research challenges , 2009, TAAS.

[7]  Hossein Saiedian,et al.  A Complex Event Routing Infrastructure for Distributed Systems , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[8]  Walter Willinger,et al.  cSamp: A System for Network-Wide Flow Monitoring , 2008, NSDI.

[9]  Stefano Giordano,et al.  Enabling open-source high speed network monitoring on NetFPGA , 2012, 2012 IEEE Network Operations and Management Symposium.

[10]  Wei Wang,et al.  Overview of Monitor Selection in Computer Networks , 2012, ISCTCS.

[11]  Po-Ching Lin,et al.  Re-examining the performance bottleneck in a NIDS with detailed profiling , 2013, J. Netw. Comput. Appl..

[12]  Yiming Li,et al.  Software defined networking: State of the art and research challenges , 2014, Comput. Networks.

[13]  Victor W. Marek,et al.  Scalable hybrid stream and hadoop network analysis system , 2014, ICPE.

[14]  Prasad Calyam,et al.  Topology-Aware Correlated Network Anomaly Event Detection and Diagnosis , 2013, Journal of Network and Systems Management.

[15]  Antonio Pescapè,et al.  Efficient Storage and Processing of High-Volume Network Monitoring Data , 2013, IEEE Transactions on Network and Service Management.

[16]  David M. Eyers,et al.  Access control in publish/subscribe systems , 2008, DEBS.

[17]  Giuseppe Antonio Di Luna,et al.  An event-based platform for collaborative threats detection and monitoring , 2014, Inf. Syst..

[18]  Deng Bo,et al.  A High Performance Enterprise Service Bus Platform for Complex Event Processing , 2008, 2008 Seventh International Conference on Grid and Cooperative Computing.

[19]  Chen-Nee Chuah,et al.  LEISURE: A Framework for Load-Balanced Network-Wide Traffic Measurement , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[20]  G. Munz,et al.  Distributed Network Analysis Using TOPAS and Wireshark , 2008, NOMS Workshops 2008 - IEEE Network Operations and Management Symposium Workshops.

[21]  Markus Peuhkuri A method to compress and anonymize packet traces , 2001, IMW '01.

[22]  Burkhard Stiller,et al.  DiCAP: Distributed Packet Capturing architecture for high-speed network links , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).