The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware
|
|
- Dustin Parks
- 5 years ago
- Views:
Transcription
1 The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware Matthias Vallentin 1, Robin Sommer 2,3, Jason Lee 2, Craig Leres 2 Vern Paxson 3,2, and Brian Tierney 2 1 TU München 2 Lawrence Berkeley National Laboratory 3 International Computer Science Institute
2 Motivation NIDSs have reached their limits on commodity hardware Keep needing to do more analysis on more data at higher speeds However, CPU performance is not growing anymore the way it used to Single NIDS instance (e.g., Snort, Bro) cannot cope with Gbps links To overcome, we must either Restrict the amount of analysis, or Turn to expensive, custom hardware, or Employ some form of load-balancing to split analysis across multiple machines We do load-balancing with the NIDS Cluster Use many boxes instead of one Every box works on a slice of traffic Correlate analysis to create the impression of a single system 2
3 Correlation is Tricky... Most NIDS provide support for multi-system setups However, instances tend to work independent Central manager collects alerts of independent NIDS instances Aggregates results instead of correlating analysis NIDS cluster works transparently like a single NIDS Gives same results as single NIDS would if it could analyze all traffic Does not sacrifice detection accuracy Is scalable to large number of nodes Still provides a single system as the user interface (logging, configuration updates) 3
4 Architecture Internet Gbps Gbps Tap Tap Local NIDS Cluster 4
5 Architecture Internet Gbps Gbps Tap Tap Local NIDS Cluster Frontend Frontend 4
6 Architecture Internet Gbps Gbps Tap Tap Local NIDS Cluster Frontend Frontend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend 4
7 Architecture Internet Gbps Gbps Tap Tap Local NIDS Cluster Frontend Frontend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Proxy Proxy 4
8 Architecture Internet Gbps Gbps Tap Tap Local NIDS Cluster Manager Frontend Frontend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Backend Proxy Proxy 4
9 Environments Initial target environment: Lawrence Berkeley National Laboratory LBNL monitors 10 Gbps upstream link with the Bro NIDS Setup evolved into many boxes running Bro independently for sub-tasks Cluster prototype now running at LBNL with 1 frontend & 10 backends Further prototypes University of California, Berkeley 2 x 1 Gbps uplink, 2 frontends / 6 backends for 50% of the traffic Ohio State University 450 Mbps uplink, 1 frontend / 2 backends (10 planned) IEEE Supercomputing Conference 2007 Conference s 1 Gbps backbone / 10 Gbps High Speed Bandwidth Challenge network Goal: Replace operational security monitoring 5
10 Challenges Main challenges when building the NIDS Cluster 1. Distributing the traffic evenly while minimizing need for communication 2. Adapting the NIDS operation on the backend to correlate analysis with peers 3. Validating that the cluster produces sound results 6
11 Distributing Load 7
12 Distribution Schemes Frontends need to pick a backend as destination Option 1: Route packets individually Simple example: round-robin Too expensive due to communication overhead (NIDS keep per-flow state) Option 2: Flow-based schemes Send all packets belonging to the same flow to the same backend Needs communication only for inter-flow analysis Simple approach: hashing flow identifiers E.g., md5(src-addr + src-port + dst-addr + dst-port) mod n Hashing is state-less, which reduces complexity and increases robustness But how well does hashing distribute the load? 8
13 Simulation of Hashing Schemes!"#$%&'((")"$*"+%,+-%","$%&'+.)'/0.'1$% =&6!< />(!< md5 />(!<%277%$1&"+4 =&6!8!1$%75955!1$%7:955!1$%88955 ;0"%<955 1 day of UC Berkeley campus TCP traffic (231M connections), n = 10 9
14 Simulation of Hashing Schemes!"#$%&'((")"$*"+%,+-%","$%&'+.)'/0.'1$% =&6!< />(!< md5 />(!<%277%$1&"+4 =&6!8 md5-addr!1$%75955!1$%7:955!1$%88955 ;0"%<955 1 day of UC Berkeley campus TCP traffic (231M connections), n = 10 9
15 Cluster Frontends We chose the address-based hash Ports not always available (e.g., ICMP, fragments) & more complex to extract Even with perfect distribution, load is hard to predict Frontends rewrite MAC addresses according to hash Two alternative frontend implementations In software with Click (SHA1) In hardware with a prototype of Force-10 s P10 appliance (XOR) 10
16 Adapting the NIDS 11
17 Cluster Backends On the backends, we run the Bro NIDS Bro is the NIDS used in our primary target environment LBNL Bro already provides extensive, low-level communication facilities Bro consists of two layers Core: Low-level, high-performance protocol analysis Event-engine: Executes scripts which implement the detection analysis Observation: Core keeps only per-flow state No need for correlation across backends Event-engine does all inter-flow analysis The scripts needs to be adapted to the cluster setting 12
18 Adapting the Scripts... Script language provides primitives to share state Almost all state is kept in tables, which can easily be synchronized across peers Main task was identifying state related to inter-flow analysis A bit cumbersome with 20K+ lines of script code... Actually it was a bit more tricky... Some programming idioms do not work well in the cluster setting and needed to be fixed Some trade-offs between gain & overhead exists are hard to assess Bro s loose synchronisation introduces inconsistencies (which can be mitigated) Many changes to scripts and few to the core Will be part of the next Bro release 13
19 Validating the Cluster 14
20 Accuracy Goal: Cluster produces same result as a single system Compared the results of cluster vs. stand-alone setup Captured a 2 hour trace at LBNL s uplink (~97GB, 134M pkts, 1.5 M host pairs) Splitted the trace into slices and copied them to the cluster nodes Setup the cluster to examine the slices just as if it would process live traffic Compared output of the manager with the output of a single Bro instance on the trace Found excellent match for the alarms & logs Cluster reported all 2661 alarms of the singe instance as well Slight differences in timing & context due to latency and synchronization semantics Some artifacts of the off-line measurement setup 15
21 CPU Load per Node Probability density node0 node1 node2 node3 node4 node5 node6 node7 node8 node CPU utilization 10 backends, ext. LBNL config, 2hr full trace, (~97GB, 134M pkts) 16
22 Scaling of CPU Probability density nodes 5 nodes 3 nodes CPU utilization ext. LBNL config, 2hr full trace, (~97GB, 134M pkts) 17
23 Load on Berkeley Campus CPU load (%) Backend 0 Backend 1 Backend 2 Backend 3 Backend 4 Backend 5 Proxy 0 Proxy 1 Manager Tue 12:00 Tue 18:00 Wed 0:00 Wed 6:00 Wed 12:00 Wed 18:00 Thu 0:00 Thu 6:00 With 1 frontend = 50% of the total traffic 18
24 Conclusion & Outlook Cluster monitors Gbps networks on commodity hardware Provides high-performance, stateful network intrusion detection Correlates analysis across its nodes rather than just aggregating results When building the cluster we Examined different load distribution schemes Adapted an open-source NIDS to the cluster setting Evaluated correctness & performance in a real-world setting Challenge was to build something which works Less to lead into fundamentally new research directions Now in the process of making it production quality We will soon release the Cluster Shell An interactive shell running on the manager 19
25 Any questions...? Robin Sommer Lawrence Berkeley National Laboratory & International Computer Science Institute This work is supported by the Office of Science and Technology at the Department of Homeland Security. Points of view in this document are those of the author(s) and do not necessarily represent the official position of the U.S. Department of Homeland Security or the Office of Science and Technology.
The Bro Cluster The Bro Cluster
The Bro Cluster The Bro Cluster Intrusion Detection at 10 Gig and A High-Performance beyond using the NIDS Bro Architecture IDS for the Lawrence Berkeley National Lab Robin International Computer Science
More informationThe Bro Network Intrusion Detection System
The Bro Network Intrusion Detection System Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org Outline Design of the Bro NIDS Philosophy Architecture LBNL s Bro Installation
More informationOperational Experiences With High-Volume Network Intrusion Detection
Operational Experiences With High-Volume Network Intrusion Detection Holger Dreger 1 Anja Feldmann 1 Vern Paxson 2 Robin Sommer 1 1 TU München Germany 2 ICSI / LBNL Berkeley, CA, USA ACM Computer and Communications
More informationExploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention
Exploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationBroker. Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16
Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16 Communication in Bro Exploiting Independent State For Network Intrusion Detection Tap Broccoli, Independent
More informationDistributed Cooperative Security Monitoring
Distributed Cooperative Security Monitoring Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org/robin Cooperative Security Monitoring Internet sites monitor their network
More informationNetwork Security Today: Finding Complex Attacks at 100Gb/s
: Finding Complex Attacks at 100Gb/s Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin The Old Days Border
More informationMalicious Activity and Risky Behavior in Residential Networks
Malicious Activity and Risky Behavior in Residential Networks Gregor Maier 1, Anja Feldmann 1, Vern Paxson 2,3, Robin Sommer 2,4, Matthias Vallentin 3 1 TU Berlin / Deutsche Telekom Laboratories 2 International
More informationStrategies for Sound Internet Measurement
Strategies for Sound Internet Measurement Vern Paxson Presented by Hossein Falaki Vern Paxson M.S. and Ph.D. degrees Berkeley Staff scientist at the Lawrence Berkeley National Laboratory Founder of the
More informationSeeking Visibility Into Network Activity for Security Analysis
Seeking Visibility Into Network Activity for Security Analysis Robin Sommer Lawrence Berkeley National Laboratory & International Computer Science Institute robin@icsi.berkeley.org http://www.icir.org
More informationHILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis
HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu
More informationInside Broker How Broker Leverages the C++ Actor Framework (CAF)
Inside Broker How Broker Leverages the C++ Actor Framework (CAF) Dominik Charousset inet RG, Department of Computer Science Hamburg University of Applied Sciences Bro4Pros, February 2017 1 What was Broker
More informationVAST. AUnifiedPlatformforInteractiveNetworkForensics. Matthias Vallentin 1,2 Vern Paxson 1,2 Robin Sommer 2,3. March 17, 2016 USENIX NSDI
VAST AUnifiedPlatformforInteractiveNetworkForensics Matthias Vallentin 1,2 Vern Paxson 1,2 Robin Sommer 2,3 1 UC Berkeley 2 International Computer Science Institute (ICSI) 3 Lawrence Berkeley National
More informationicast / TRUST Collaboration Year 2 - Kickoff Meeting
icast / TRUST Collaboration Year 2 - Kickoff Meeting Robin Sommer International Computer Science Institute robin@icsi.berkeley.edu http://www.icir.org Projects Overview Project 1 NIDS Evasion Testing in
More informationEnabling Science Through Cyber Security At 100G
Enabling Science Through Cyber Security At 100G Submitted by: Rosio Alvarez, Ph.D. Chief Information Officer, Berkeley Lab RAlvarez@lbl.gov Project team: IT Division, Cyber Security Team Aashish Sharma
More informationLecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations
Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations Prateek Saxena March 3 2008 1 The Problems Today s lecture is on the discussion of the critique on 1998 and 1999 DARPA IDS evaluations conducted
More informationImproving Application Performance and Predictability using Multiple Virtual Lanes in Modern Multi-Core InfiniBand Clusters
Improving Application Performance and Predictability using Multiple Virtual Lanes in Modern Multi-Core InfiniBand Clusters Hari Subramoni, Ping Lai, Sayantan Sur and Dhabhaleswar. K. Panda Department of
More informationDesigning Next Generation Data-Centers with Advanced Communication Protocols and Systems Services
Designing Next Generation Data-Centers with Advanced Communication Protocols and Systems Services P. Balaji, K. Vaidyanathan, S. Narravula, H. W. Jin and D. K. Panda Network Based Computing Laboratory
More informationOn Optimizing Traffic Distribution for Clusters of Network Intrusion Detection and Prevention Systems
On Optimizing Traffic Distribution for Clusters of Network Intrusion Detection and Prevention Systems by Anh Le A thesis presented to the University of Waterloo in fulfillment of the thesis requirement
More informationA First Look at Modern Enterprise Traffic
A First Look at Modern Enterprise Traffic Ruoming Pang, Princeton University Mark Allman (ICSI), Mike Bennett (LBNL), Jason Lee (LBNL), Vern Paxson (ICSI/LBNL), and Brian Tierney (LBNL) The Question What
More informationEECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture
EECS : Introduction to Computer Networks Switch and Router Architectures Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
More informationLayer 2 Implementation
CHAPTER 3 In the Virtualized Multiservice Data Center (VMDC) 2.3 solution, the goal is to minimize the use of Spanning Tree Protocol (STP) convergence and loop detection by the use of Virtual Port Channel
More informationOn Optimizing Load Balancing of Intrusion Detection and Prevention Systems. Anh Le, Ehab Al-Shaer, and Raouf Boutaba
On Optimizing Load Balancing of Intrusion Detection and Prevention Systems Anh Le, Ehab Al-Shaer, and Raouf Boutaba Outline 1. Motivation 2. Approach Overview 3. Problem Formalization 4. Online Clustering
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationThe Bro Network Security Monitor. Broadmap. Bro Workshop NCSA, Urbana-Champaign, IL. Bro Workshop 2011
The Bro Network Security Monitor Broadmap NCSA, Urbana-Champaign, IL Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Version 2.0 Final 3 Version 2.0 Final Timeline: Early
More informationGeneric Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture
Generic Architecture EECS : Introduction to Computer Networks Switch and Router Architectures Computer Science Division Department of Electrical Engineering and Computer Sciences University of California,
More informationSDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich
SDN-based Network Obfuscation Roland Meier PhD Student ETH Zürich This Talk This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Hi Bob, Hi Bob, Payload encryption ǾǼōĦ
More informationA Graphical User Interface Framework for Detecting Intrusions using Bro IDS
A Graphical User Interface Framework for Detecting Intrusions using Bro IDS Shaffali Gupta M.Tech Scholar Thapar University, Patiala Rachit Goel M.tech Scholar Doon Valley, Karnal ABSTRACT Internet has
More informationCorrelation-Based Load Balancing for Network Intrusion Detection and Prevention Systems
Correlation-Based Load Balancing for Network Intrusion Detection and Prevention Systems Anh Le David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, N2L 3G1, Canada a4le@uwaterloo.ca
More informationRobust Firewalls with OpenBSD and PF
Robust Firewalls with OpenBSD and PF Overview Design Philosophy (and what PF doesn t do) The Basics Normalisation Filtering Translation Advanced Toolkits Denial of Service Mitigation Firewall Redundancy
More informationFlow-Based per Port-Channel Load Balancing
The feature allows different flows of traffic over a Gigabit EtherChannel (GEC) interface to be identified based on the packet header and then mapped to the different member links of the port channel.
More informationA man, a plan, an Arista, Panama? Bob Bregant BroCon 14
A man, a plan, an Arista, Panama? Bob Bregant BroCon 14 Bro/Arista Integration Bob Bregant BroCon 14 Bro Tap/Span Networking (with Arista-specific examples) Bob Bregant BroCon 14 Quick Introduction Bob
More informationCisco Intelligent Traffic Director Deployment Guide with Cisco ASA
Cisco Intelligent Traffic Director with Cisco ASA Cisco Intelligent Traffic Director Deployment Guide with Cisco ASA 2016 Cisco and/or its affiliates. All rights reserved. 1 Cisco Intelligent Traffic Director
More informationThe Measurement Manager Modular End-to-End Measurement Services
The Measurement Manager Modular End-to-End Measurement Services Ph.D. Research Proposal Department of Electrical and Computer Engineering University of Maryland, College Park, MD Pavlos Papageorgiou pavlos@eng.umd.edu
More informationCPSC 641: WAN Measurement. Carey Williamson Department of Computer Science University of Calgary
CPSC 641: WAN Measurement Carey Williamson Department of Computer Science University of Calgary WAN Traffic Measurements There have been several studies of wide area network traffic (i.e., Internet traffic)
More informationLightstreamer. The Streaming-Ajax Revolution. Product Insight
Lightstreamer The Streaming-Ajax Revolution Product Insight 1 Agenda Paradigms for the Real-Time Web (four models explained) Requirements for a Good Comet Solution Introduction to Lightstreamer Lightstreamer
More informationTitan: Fair Packet Scheduling for Commodity Multiqueue NICs. Brent Stephens, Arjun Singhvi, Aditya Akella, and Mike Swift July 13 th, 2017
Titan: Fair Packet Scheduling for Commodity Multiqueue NICs Brent Stephens, Arjun Singhvi, Aditya Akella, and Mike Swift July 13 th, 2017 Ethernet line-rates are increasing! 2 Servers need: To drive increasing
More informationFirepower Threat Defense Cluster for the Firepower 4100/9300
Firepower Threat Defense Cluster for the Firepower 4100/9300 Clustering lets you group multiple Firepower Threat Defense units together as a single logical device. Clustering is only supported for the
More informationOn the Difficulty of Scalably Detecting Network Attacks
On the Difficulty of Scalably Detecting Network Attacks Background Traditionally Firewall uses basic ACL rules to control the network traffic Packet filtering : ACL rules based on packet headers Stateful
More informationTCP Nice: A Mechanism for Background Transfers
Improving Internet Availability and Reliability TCP : A Mechanism for Background Transfers Z. Morley Mao Lecture 7 Feb 2, 2004 Arun Venkataramani, Ravi Kokku, Mike Dahlin Laboratory of Advanced Systems
More informationOn the Scalability of Hierarchical Ad Hoc Wireless Networks
On the Scalability of Hierarchical Ad Hoc Wireless Networks Suli Zhao and Dipankar Raychaudhuri Fall 2006 IAB 11/15/2006 Outline Motivation Ad hoc wireless network architecture Three-tier hierarchical
More informationPower Management for Networked Systems
Power Management for Networked Systems Sylvia Ratnasamy (Intel Research Berkeley) Work in collaboration with UC Berkeley, Univ. of Washington and Lawrence Berkeley National Lab How do networks contribute
More informationT U M. Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic
T U M I N S T I T U T F Ü R I N F O R M A T I K Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic Stefan Kornexl, Vern Paxson, Holger Dreger, Anja Feldmann, Robin
More informationIntrusion Detection Systems. Evan Misshula
Intrusion Detection Systems Evan Misshula emisshula@qc.cuny.edu How old is hacking? In 1972, the US Air Force was worried about computer security problems. https://www.sans.org/reading-room/whitepapers/detection/historyevolution-intrusion-detection-344
More informationGame Traffic Analysis: An MMORPG Perspective
Appeared in ACM NOSSDAV 2005 (15th International Workshop on Network and Operating System Support for Digital Audio and Video) Game Traffic Analysis: An MMORPG Perspective (MMORPG: Massive Multiplayer
More informationLAN design. Chapter 1
LAN design Chapter 1 1 Topics Networks and business needs The 3-level hierarchical network design model Including voice and video over IP in the design Devices at each layer of the hierarchy Cisco switches
More informationSimulating satellite Internet performance on a small island
Simulating satellite Internet performance on a small island Ulrich Speidel Lei Qian Department of Computer Science August 2018 Fibre connectivity in the Pacific From: www.submarinecablemap.com Fibre connectivity
More information- Hubs vs. Switches vs. Routers -
1 Layered Communication - Hubs vs. Switches vs. Routers - Network communication models are generally organized into layers. The OSI model specifically consists of seven layers, with each layer representing
More informationA Policy-aware Switching Layer for Data Centers
A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley 1 Problem: Middleboxes are hard to deploy Place on network path Overload path
More informationConfiguring Logging for Access Lists
CHAPTER 17 This chapter describes how to configure access list logging for extended access lists and Webytpe access lists, and it describes how to manage deny flows. This section includes the following
More informationComputer Science 461 Final Exam May 22, :30-3:30pm
NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge
More information6.033 Spring Lecture #12. In-network resource management Queue management schemes Traffic differentiation spring 2018 Katrina LaCurts
6.033 Spring 2018 Lecture #12 In-network resource management Queue management schemes Traffic differentiation 1 Internet of Problems How do we route (and address) scalably, while dealing with issues of
More informationLS Example 5 3 C 5 A 1 D
Lecture 10 LS Example 5 2 B 3 C 5 1 A 1 D 2 3 1 1 E 2 F G Itrn M B Path C Path D Path E Path F Path G Path 1 {A} 2 A-B 5 A-C 1 A-D Inf. Inf. 1 A-G 2 {A,D} 2 A-B 4 A-D-C 1 A-D 2 A-D-E Inf. 1 A-G 3 {A,D,G}
More informationPrepKing. PrepKing
PrepKing Number: 642-961 Passing Score: 800 Time Limit: 120 min File Version: 6.8 http://www.gratisexam.com/ PrepKing 642-961 Exam A QUESTION 1 Which statement best describes the data center core layer?
More informationImproving the Database Logging Performance of the Snort Network Intrusion Detection Sensor
-0- Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor Lambert Schaelicke, Matthew R. Geiger, Curt J. Freeland Department of Computer Science and Engineering University
More informationLoad Balancing with McAfee Network Security Platform
Load Balancing with McAfee Network Security Platform Optimizing intrusion prevention system performance 1 Load Balancing with McAfee Network Security Platform Load Balancing with McAfee Network Security
More informationMemory Management Virtual Memory
Memory Management Virtual Memory Part of A3 course (by Theo Schouten) Biniam Gebremichael http://www.cs.ru.nl/~biniam/ Office: A6004 April 4 2005 Content Virtual memory Definition Advantage and challenges
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More informationClick to edit Master title style
Click to edit Master title style SCALING NETWORK MONITORING IN A LARGE ENTERPRISE BroCon 2016 Austin, TX Click to edit Master Who title am style I? I work for Amazon s Worldwide Consumer Information Security
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationIntroduction. Executive Summary. Test Highlights
Introduction Cisco commissioned EANTC to conduct an independent performance test of its new Catalyst 9000 family switches. The switches are designed to work in enterprise campus environments. Cisco offers
More informationFloodless in SEATTLE: A Scalable Ethernet Architecture for Large Enterprises
Floodless in SEATTLE: A Scalable Ethernet Architecture for Large Enterprises Full paper available at http://www.cs.princeton.edu/~chkim Changhoon Kim, Matthew Caesar, and Jennifer Rexford Outline of Today
More informationA Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models
A Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models Marc Ph. Stoecklin Jean-Yves Le Boudec Andreas Kind
More informationConfiguring Logging for Access Lists
CHAPTER 20 This chapter describes how to configure access list logging for extended access lists and Webytpe access lists, and it describes how to manage deny flows. This chapter includes the following
More informationIntrusion Detection System
Intrusion Detection System Time Machine Dynamic Application Detection 1 NIDS: Two generic problems Attack identified But what happened in the past??? Application identification Only by port number! Yet
More informationWLCG SOC Working Group
WLCG SOC Working Group David Crooks david.crooks@cern.ch Liviu Vâlsan liviu.valsan@cern.ch Introduction Following on from ISGC 2017 WLCG Security Operations Centres Working Group Security Operations Centres
More informationPerformance and Scalability with Griddable.io
Performance and Scalability with Griddable.io Executive summary Griddable.io is an industry-leading timeline-consistent synchronized data integration grid across a range of source and target data systems.
More informationVisualization of Internet Traffic Features
Visualization of Internet Traffic Features Jiraporn Pongsiri, Mital Parikh, Miroslova Raspopovic and Kavitha Chandra Center for Advanced Computation and Telecommunications University of Massachusetts Lowell,
More informationLecture 17: Network Layer Addressing, Control Plane, and Routing
Lecture 17: Network Layer Addressing, Control Plane, and Routing COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition:
More informationDecision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA
Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA Weirong Jiang, Viktor K. Prasanna University of Southern California Norio Yamagaki NEC Corporation September 1, 2010 Outline
More informationThe Best Protocol for Real-time Data Transport
The Definitive Guide to: The Best Protocol for Real-time Data Transport Assessing the most common protocols on 6 important categories Identifying the Best Protocol For strategic applications using real-time
More informationModeling the Routing of an ISP with C-BGP
Modeling the Routing of an ISP with C-BGP Bruno Quoitin bruno.quoitin@uclouvain.be IP Networking Lab (INL) Computer Science & Engineering Department Université catholique de Louvain, Belgium 2009 B. Quoitin
More informationStager. A Web Based Application for Presenting Network Statistics. Arne Øslebø
Stager A Web Based Application for Presenting Network Statistics Arne Øslebø Keywords: Network monitoring, web application, NetFlow, network statistics Abstract Stager is a web based
More informationScalability of web applications
Scalability of web applications CSCI 470: Web Science Keith Vertanen Copyright 2014 Scalability questions Overview What's important in order to build scalable web sites? High availability vs. load balancing
More informationRouters: Forwarding EECS 122: Lecture 13
Routers: Forwarding EECS 122: Lecture 13 epartment of Electrical Engineering and Computer Sciences University of California Berkeley Router Architecture Overview Two key router functions: run routing algorithms/protocol
More informationSoftware-Defined Networking (Continued)
Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations
More informationDynamic Protocol Analysis for Network Intrusion Detection Systems
TECHNISCHE UNIVERSITÄT MÜNCHEN INSTITUT FÜR INFORMATIK Diplomarbeit Dynamic Protocol Analysis for Network Intrusion Detection Systems Michael Mai Aufgabensteller: Betreuer: Prof. Anja Feldmann, Ph.D. Dipl.-Inf.
More information소프트웨어기반고성능침입탐지시스템설계및구현
소프트웨어기반고성능침입탐지시스템설계및구현 KyoungSoo Park Department of Electrical Engineering, KAIST M. Asim Jamshed *, Jihyung Lee*, Sangwoo Moon*, Insu Yun *, Deokjin Kim, Sungryoul Lee, Yung Yi* Department of Electrical
More informationDPDK Load Balancers RSS H/W LOAD BALANCER DPDK S/W LOAD BALANCER L4 LOAD BALANCERS L7 LOAD BALANCERS NOV 2018
x DPDK Load Balancers RSS H/W LOAD BALANCER DPDK S/W LOAD BALANCER L4 LOAD BALANCERS L7 LOAD BALANCERS NOV 2018 Contact Vincent, Jay L - Your Contact For Load Balancer Follow up jay.l.vincent@intel.com
More informationI Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks.
I Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks. Paper by: Nikhil Handigol, Brandon Heller, Vimalkumar Jeyakumar, David Mazières, and Nick McKeown, Stanford University
More informationLoad Balancing Technology White Paper
Load Balancing Technology White Paper Keywords: Server, gateway, link, load balancing, SLB, LLB Abstract: This document describes the background, implementation, and operating mechanism of the load balancing
More informationBe Fast, Cheap and in Control with SwitchKV. Xiaozhou Li
Be Fast, Cheap and in Control with SwitchKV Xiaozhou Li Goal: fast and cost-efficient key-value store Store, retrieve, manage key-value objects Get(key)/Put(key,value)/Delete(key) Target: cluster-level
More informationOverview of the ML-Series Card
CHAPTER 1 This chapter provides an overview of the ML-100T-8 card for Cisco ONS 15310-CL and the Cisco ONS 15310-MA. It lists Ethernet and SONET capabilities and Cisco IOS and Cisco Transport Controller
More informationUnderstanding Your Network Using NetSage
Understanding Your Network Using NetSage Jennifer Schopf, Ed Balas, Brian Tierney International Networks, Indiana University Sean Peisert LBNL, and UC Davis Jason Leigh Laboratory for Advanced Visualization
More informationFault-Tolerant and Scalable TCP Splice and Web Server Architecture ; CU-CS
University of Colorado, Boulder CU Scholar Computer Science Technical Reports Computer Science Winter 1-1-2006 Fault-Tolerant and Scalable TCP Splice and Web Server Architecture ; CU-CS-1003-06 Manish
More informationHash-Based Indexes. Chapter 11
Hash-Based Indexes Chapter 11 1 Introduction : Hash-based Indexes Best for equality selections. Cannot support range searches. Static and dynamic hashing techniques exist: Trade-offs similar to ISAM vs.
More informationLecture 9. Quality of Service in ad hoc wireless networks
Lecture 9 Quality of Service in ad hoc wireless networks Yevgeni Koucheryavy Department of Communications Engineering Tampere University of Technology yk@cs.tut.fi Lectured by Jakub Jakubiak QoS statement
More informationDistributed Scheduling for the Sombrero Single Address Space Distributed Operating System
Distributed Scheduling for the Sombrero Single Address Space Distributed Operating System Donald S. Miller Department of Computer Science and Engineering Arizona State University Tempe, AZ, USA Alan C.
More informationScalable Ethernet Clos-Switches. Norbert Eicker John von Neumann-Institute for Computing Ferdinand Geier ParTec Cluster Competence Center GmbH
Scalable Ethernet Clos-Switches Norbert Eicker John von Neumann-Institute for Computing Ferdinand Geier ParTec Cluster Competence Center GmbH Outline Motivation Clos-Switches Ethernet Crossbar Switches
More informationWIND: Workload-aware INtrusion Detection
WIND: Workload-aware INtrusion Detection Sushant Sinha, Farnam Jahanian, and Jignesh M. Patel Electrical Engineering and Computer Science, University of Michigan, Ann Arbor, MI-48109 {sushant, farnam,
More informationThe Need for Collaboration between ISPs and P2P
The Need for Collaboration between ISPs and P2P 1 P2P systems from an ISP view Structured DHTs (distributed hash tables), e.g., Chord, Pastry, Tapestry, CAN, Tulip, Globally consistent protocol with efficient
More informationThe Need for Collaboration between ISPs and P2P
The Need for Collaboration between ISPs and P2P 1 P2P systems from an ISP view Structured DHTs (distributed hash tables), e.g., Chord, Pastry, Tapestry, CAN, Tulip, Globally consistent protocol with efficient
More informationMultimedia Streaming. Mike Zink
Multimedia Streaming Mike Zink Technical Challenges Servers (and proxy caches) storage continuous media streams, e.g.: 4000 movies * 90 minutes * 10 Mbps (DVD) = 27.0 TB 15 Mbps = 40.5 TB 36 Mbps (BluRay)=
More informationModular Platforms Market Trends & Platform Requirements Presentation for IEEE Backplane Ethernet Study Group Meeting. Gopal Hegde, Intel Corporation
Modular Platforms Market Trends & Platform Requirements Presentation for IEEE Backplane Ethernet Study Group Meeting Gopal Hegde, Intel Corporation Outline Market Trends Business Case Blade Server Architectures
More informationIOS: A Middleware for Decentralized Distributed Computing
IOS: A Middleware for Decentralized Distributed Computing Boleslaw Szymanski Kaoutar El Maghraoui, Carlos Varela Department of Computer Science Rensselaer Polytechnic Institute http://www.cs.rpi.edu/wwc
More informationScaleArc for SQL Server
Solution Brief ScaleArc for SQL Server Overview Organizations around the world depend on SQL Server for their revenuegenerating, customer-facing applications, running their most business-critical operations
More informationPolicy Scripts to Detect Network Intrusions
Policy Scripts to Detect Network Intrusions Sanmeet Kaur, Maninder Singh Abstract Security is a big issue for all networks in today s enterprise environment. Hackers and intruders have made many successful
More informationWhy can t I just do that with a switch? Joseph Magee Chief Security Officer Top Layer Networks
Why can t I just do that with a switch? Joseph Magee Chief Security Officer Top Layer Networks - 1 - Introduction In the field you may come across the following question: Why can t I do what your IDS Balancer
More information