Personal tools
You are here: Home ProjectDetails Design and development of novel methods for network monitoring
Log in


Forgot your password?
« July 2010 »
July
MoTuWeThFrSaSu
1234
567891011
12131415161718
19202122232425
262728293031
 

Design and development of novel methods for network monitoring

The INTERSECTION project aims to develop novel techniques and tools for fast online monitoring through:

–      the design of new algorithms;

–      the integration with well known methodologies;

–      the use of dedicated hardware equipments such as network processors and cards;

–      the use of visual analytics to detect and identify anomalies.

 

Fast online monitoring is used to gain a deep and accurate knowledge of communication network status, which allows for the adoption of suitable strategies for resource management and traffic engineering. The aim is to assure a good quality of service in terms of network performance to traffic flows with high priority, e. g. flows transporting control and management information in case of specific events concerning the operation of critical infrastructures.

Furthermore, by carefully deploying a number of monitoring sensors, it is possible to assess network traffic parameters which help evaluate and classify the current security status of the monitored network according to a defined behaviour model. In order to evaluate the chosen metrics, two measurement approaches exist: active monitoring and passive monitoring.

Active measurements inject test traffic into the network in order to measure network performance. In contrast to this, passive measurements rely on the traffic that already exists in the network. The development of active measurement methods to accurately analyse large parts of the Internet is an active field of research. Active measurements give a prediction of the expected treatment of traffic in the observed part of the network. Active measurements are controllable experiments, which can be performed at any time and with any kind of traffic pattern that is of interest for the specific measurement objective.

However, active measurement techniques are characterized by a number of disadvantages, mostly due to the approach of sending additional test traffic into the network under test. In order to get measurement results that are representative for certain applications, active measurements require the generation of appropriate (synthetic) test traffic to emulate the expected traffic mix. In most cases this task is not trivial. Furthermore, test traffic always generates additional load on network links and routers and can significantly affect the measurement results.

On the other hand, passive measurement methods rely on traffic already existing in the network. They provide a statement about the treatment of the current traffic in the observed network section. Since no test traffic is generated, passive measurements can only be applied in cases where the kind of traffic we are interested in is already present in the network.

However, a drawback of such an approach resides in the increased system overhead [4] [5] [6] [7] [8].

The INTERSECTION project aims at developing novel monitoring techniques capable to control traffic flows and provide a security system, e.g. an Intrusion Detection System (IDS), with useful and accurate information. In particular, a flow monitoring framework will be designed and developed. Such framework can be seen as the component of an intrusion detection system responsible for packet capturing and flow information exporting.

Traffic flows which are of interest to an IDS can be classified in two main categories: fine-grain flows and coarse grain flows. Fine-grain flows refer to traffic generated by a single user. Monitoring this fine-grain flow aims to detect specific attacks. On the other hand, coarse-grain flows are composed of a number of fine-grain flows and transport information describing the whole network context. They are analyzed with the aim to identify largely distributed attacks, such as a Distributed Denial of Service (DDoS). This classification drives the metric definition process in that the IDS requires monitoring system to measure specific metrics on a certain class of flows depending on the attacks to be identified. The INTERSECTION flow monitoring framework will allow users to customize both flow definition and metrics specification so as to get information on the current network status in a flexible and accurate way.

 

References

[4] Marcia Zangrilli and Bruce B. Lowekamp “Comparing Passive Network Monitoring of Grid Application Traffic with Active Probes”, Fourth International Workshop on Grid Computing

[5] G. He and J. C. Hou, “On Exploiting Long Range Dependence of Network Traffic in Measuring Cross Traffic on an End-to-end Basis”, Proceedings of IEEE Infocom, 2003 

[6] K. G. Anagnostakis, S. Ioannidis, S. Miltchev, M. Greenwald, J. M. Smith, J. Ioannidis “Efficient Packet Monitoring for Network Management”, Proceedings of the 8th IEEE/IFIP Network Operations and Management Symposium (NOMS)

[7] K.C. Claffy, H.W. Braun, G.C. Polyzos, “A parameterizable methodology for Internet traffic flow profiling”, IEEE JSAC 1997

[8] K.C. Claffy, G.C. Polyzos and H.W. Braun, “Application of Sampling Methodologies to Network Traffic Characterization”, Proceedings of ACM Sigcomm 1993

 

Back to Project Detail

Document Actions
Next: Design and development of innovative techniques for intrusion detection Right arrow  
EU-Flag

 

 

 
FP7 Cooperation