building a real time grid protocol analyser
play

Building a real-time Grid protocol analyser Jonathan Paisley - PowerPoint PPT Presentation

Feb 03, 2023 •551 likes •821 views

Building a real-time Grid protocol analyser Jonathan Paisley Department of Computing Science The Grid Wide-area distributed computing Lots of funding Network operators need to support it Traffic dominated by bulk data transfer Elephants and

  1. Building a real-time Grid protocol analyser Jonathan Paisley Department of Computing Science

  2. The Grid Wide-area distributed computing Lots of funding Network operators need to support it Traffic dominated by bulk data transfer

  3. Elephants and Mice

  4. Multiple Elephants and Mice

  5. Elephants and Mixed Mice

  6. Elephants and Cipher Mice ?

  7. Grid Monitoring Monitoring System Grid Application Users Signal ISP Operator Institution Network ISP's Network Monitoring point Servers with Other ISPs and the lots of storage Internet

  8. Approach Interpret protocol to learn about associated bulk connections Report on transfer sizes Be able to deal with mixed control-data flows

  9. DAG-based Network Monitor Just a PC with special network monitoring card. Example: 2.8 GHz dual Xeon, 2+ GB memory Image Source: Endace Measurement Systems

  10. Similarity to NIDS NIDS = Network Intrusion Detection System For example: Bro Does protocol analysis (FTP, SMTP, etc) Needs port-based filter Full reassembly of every monitored flow Too slow

  11. Design Goals Leverage DAG ring buffer architecture Capable of processing at GigE line rate Support full cleartext protocol analysis Efficiently handle mixed control/data

  12. Assumptions and Principles TCP only Applications under study not used maliciously Minimise memory copies Minimise heap allocation Process packets as soon as possible Single-threaded, data-driven

  13. DAG Ring Buffer Not-yet- Processed written DAG Write Pointer Unprocessed Application Acknowledged Pointer

  14. DAG Ring Buffer Not-yet- Processed written Application DAG Write Acknowledged Pointer Pointer Unprocessed Retained Application Processed Pointer

  15. DAG Ring Buffer Not-yet- Processed written Application DAG Write Acknowledged Pointer Pointer Unprocessed Retained Application Processed Pointer

  16. Writing Protocol Analysers Passive monitor sees both flow directions Code to track state -> generate events State machines can be complex Threaded programming style is easier ... but runtime cost normally higher

  17. ProtoThreads Similar to co-routines/continuations Implemented using a C switch statement State maintained in a structure Context switching by stack unwinding

  18. Analyser Example void AnalyserClass::AnalyserMain() { // Read function id and num args READ(OrigFlow, 2); func_id = *(uint16_t*)data; READ(OrigFlow, 2); num_args = *(uint16_t*)data; for (i=0;i<num_args;i++) { READ(OrigFlow, 4); len = *(uint32_t*)data; // Read the argument, but we // only need the first 200 bytes READ_AND_SKIP(OrigFlow, len, 200); // ... process the argument } READ(RespFlow, 4); result_value = *(uint32_t*)data; }

  19. Analyser Example void AnalyserClass::AnalyserMain() May { block // Read function id and num args READ(OrigFlow, 2); here! func_id = *(uint16_t*)data; READ(OrigFlow, 2); num_args = *(uint16_t*)data; for (i=0;i<num_args;i++) { READ(OrigFlow, 4); len = *(uint32_t*)data; // Read the argument, but we // only need the first 200 bytes READ_AND_SKIP(OrigFlow, len, 200); // ... process the argument } READ(RespFlow, 4); result_value = *(uint32_t*)data; }

  20. Scalability Presently limited to single processor Auxiliary flow tracing complicated by concurrent processing Could use retained packet scheme for all flows: gives extra 1-2 seconds buffering

  21. Evaluation Informal testing carried out during development Negligible load for ~900Mbps mixed control/ data SRB flow Initial testing with larger number of connections with flat-out* replay of IP header traces ~10-15% load * 250Mbps, 5000 new connections per second.

  22. Encrypted Analysis Ideas What can we know about encrypted traffic? Messages: (direction, size*, timing) Lack of messages (timeouts) If we understand framing protocol: can get application-level messages * with some bounded error

  23. Requests and Responses Monitoring Point Client Server Look out for associated bulk data flow!

  24. Approaches Hidden Markov Models? Naïve Bayesian Classifier? Other work: SSH password typing analysis HTTPS request analysis by URL lengths Sideband attacks on encryption algorithms

  25. Summary Built (hopefully) fast system for real-time protocol analysis work. Evaluation pending. Support for efficient handling of mixed control/data protocols. Coding of protocol analysers simplified by rich lightweight threaded interface. Starting work on classifying and event reporting of encrypted traffic.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic protocol for real-time traffic Protocol for the management of data flow Secure version of the protocol 2 What is real-time (time of

629 views • 33 slides
Real-Time in the Real World: Building a State of the Art Real-Time Analytics Platform INFORMS

Real-Time in the Real World: Building a State of the Art Real-Time Analytics Platform INFORMS

Real-Time in the Real World: Building a State of the Art Real-Time Analytics Platform INFORMS Analytics Conference April 14 th , 2015 Joe DeCosmo Chief Analytics Officer Enova International We are a growing global online Lender Founded

229 views • 18 slides
Real-Time Transport Protocol (RTP) August 12, 2001 RTP 2 RTP protocol goals mixers and

Real-Time Transport Protocol (RTP) August 12, 2001 RTP 2 RTP protocol goals mixers and

RTP 1 Real-Time Transport Protocol (RTP) August 12, 2001 RTP 2 RTP protocol goals mixers and translators control: awareness, QOS feedback media adaptation August 12, 2001 RTP 3 RTP the big picture application media

821 views • 42 slides
The I nCell Analyser 1 0 0 0 High throughput, high content screening The InCell Analyser 1000

The I nCell Analyser 1 0 0 0 High throughput, high content screening The InCell Analyser 1000

The I nCell Analyser 1 0 0 0 High throughput, high content screening The InCell Analyser 1000 Automated cellular and subcellular imaging system. Built around epifluorescent based microscope and image acquisition software. Fixed and live

639 views • 20 slides
REAL-TIME MICHAEL ROITZSCH OVERVIEW TU Dresden MOS Real - Time 2 SO FAR talked about

REAL-TIME MICHAEL ROITZSCH OVERVIEW TU Dresden MOS Real - Time 2 SO FAR talked about

Department of Computer Science Institute for System Architecture, Operating Systems Group REAL-TIME MICHAEL ROITZSCH OVERVIEW TU Dresden MOS Real - Time 2 SO FAR talked about in - kernel building blocks: threads memory IPC

511 views • 26 slides
RTP: Real-time Transport Protocol Krzysztof Hebel Multimedia Communications Laboratory

RTP: Real-time Transport Protocol Krzysztof Hebel Multimedia Communications Laboratory

RTP: Real-time Transport Protocol Krzysztof Hebel Multimedia Communications Laboratory Electrical &amp; Computer Engineering Department University of Waterloo February 21 st 2006 Presentation Outline Introduction Overview of RTP

475 views • 34 slides
H/2 DLC Protocol in Hard Real Time Systems H. Wijaya 23 , N. Esseling 2 , O. Klein 2 , W. Zirwas 1

H/2 DLC Protocol in Hard Real Time Systems H. Wijaya 23 , N. Esseling 2 , O. Klein 2 , W. Zirwas 1

H/2 DLC Protocol in Hard Real Time Systems H. Wijaya 23 , N. Esseling 2 , O. Klein 2 , W. Zirwas 1 , Hui Li 1 , J. M. Eichinger 1 , A. Vidal 2 1 = Siemens AG, 2 = ComNets, RWTH Aachen, 3 = AixCom GmbH GERMANY COVERAGE Initiated by Siemens AG

342 views • 13 slides
Building Real-Time Visualizations at Scale Mike Barry @msb5014 Kevin Robinson @krob Hello!

Building Real-Time Visualizations at Scale Mike Barry @msb5014 Kevin Robinson @krob Hello!

Building Real-Time Visualizations at Scale Mike Barry @msb5014 Kevin Robinson @krob Hello! Hello! analytics.twitter.com Hello! Answers Building Real-time Visualizations Real-time Actionable User-focused Analytics at Twitter

1.08k views • 76 slides
Outline The electric grid as it is The smart grid

Outline The electric grid as it is The smart grid

12-06-13 Real-Time Distributed Conges5on Control for Electrical Vehicle Charging Catherine Rosenberg (University of Waterloo) Joint work with Omid Ardakanian

810 views • 22 slides
Real-Time Protocol (RTP) bag of tricks use UDP to avoid TCP congestion control (delays)

Real-Time Protocol (RTP) bag of tricks use UDP to avoid TCP congestion control (delays)

Real-Time (Phone) Over IPs Multimedia Networking Best-Effort Last time Principles Classify multimedia Multimedia Networking Applications Settings applications Streaming stored audio and video Identify the network talk

372 views • 9 slides
Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing Dong1, Zheng ONeill2 1 University of T exas, San Antonio, TX, USA 2 University of Alabama, AL, USA The work was done at the United Technologies

275 views • 14 slides
Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund New in

Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund New in

Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund New in draft-01 Header table in chapter 12 Updated all HTTP references to RFC 2616 State machine chapter totally rewritten Added PING method

512 views • 11 slides
Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #15 Updated 2009-03-03 Dependable Distributed Dependable Distributed Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real Aircraft/automotive

501 views • 9 slides
The Real-Time Transport Protocol Framework, HDTV and Standards Development Ladan Gharai

The Real-Time Transport Protocol Framework, HDTV and Standards Development Ladan Gharai

The Real-Time Transport Protocol Framework, HDTV and Standards Development Ladan Gharai University of Southern California/ISI HDTV Transport over IP The Audio/Video Transport (AVT) working group of Internet Engineering Task Force (IETF) is

447 views • 28 slides
MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise

MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise

MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise P Precise Positioning sitioning Real-Time Kinematic (RTK) positioning Precise Point Positioning (PPP) Requires additional correction!

340 views • 14 slides
RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS Real-time extensions to general-purpose OS Chenyang Lu 2 RTOS: Features for Efficiency Small Minimal set of functionality Fast context switch

504 views • 16 slides
Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors

Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors

Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors Aranya Chakrabortty North Carolina State University, Raleigh, NC Information Trust Institute at UIUC 7 th October, 2011 Wide Area Measurements (WAMS)

973 views • 56 slides
Monitoring and Debugging of Deployed Sensor Networks Matthias Ringwald, Kay Rmer, ETH Zrich

Monitoring and Debugging of Deployed Sensor Networks Matthias Ringwald, Kay Rmer, ETH Zrich

Monitoring and Debugging of Deployed Sensor Networks Matthias Ringwald, Kay Rmer, ETH Zrich Overview Wireless Sensor Network (WSN) Deployment State of the Art in WSN Debugging Non-Intrusive Debugging of WSNs Summary &amp;

267 views • 14 slides
Communication in Power Grid Cyber Infrastructure to Mislead Cyber Attackers Hui Lin, Zbigniew

Communication in Power Grid Cyber Infrastructure to Mislead Cyber Attackers Hui Lin, Zbigniew

RAINCOAT: Randomize Network Communication in Power Grid Cyber Infrastructure to Mislead Cyber Attackers Hui Lin, Zbigniew Kalbarczyk , Ravishankar Iyer University of Illinois at Urbana-Champaign UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN |

309 views • 20 slides
Building to a Billion, and Beyond Inside one of the worlds largest digital radio deployments

Building to a Billion, and Beyond Inside one of the worlds largest digital radio deployments

Building to a Billion, and Beyond Inside one of the worlds largest digital radio deployments Agenda The scope of the project Background Rakesh Aggarwal Comcon, New Delhi The plan Building and testing the systems Installations

898 views • 46 slides
Deploying OpenAirInterface in R2lab Thierry Parmentelat Inria Demo Outline Deploy a

Deploying OpenAirInterface in R2lab Thierry Parmentelat Inria Demo Outline Deploy a

Deploying OpenAirInterface in R2lab Thierry Parmentelat Inria Demo Outline Deploy a private LTE network inside the chamber Connect a commercial phone ( inside as well ) achieve full IP connectivity / i.e. no phone calls measure

378 views • 22 slides
Romain Brette &amp; Dan Goodman Ecole Normale Suprieure brette@di.ens.fr goodman@di.ens.fr

Romain Brette &amp; Dan Goodman Ecole Normale Suprieure brette@di.ens.fr goodman@di.ens.fr

http://brian.di.ens.fr Romain Brette &amp; Dan Goodman Ecole Normale Suprieure brette@di.ens.fr goodman@di.ens.fr Projet Odysse Brian: a pure Python simulator What is Brian for? Quick model coding for every day use Easy to learn

378 views • 16 slides
Geomaterial Characterization Using Electrical Properties (EP) EP of geomaterials are their

Geomaterial Characterization Using Electrical Properties (EP) EP of geomaterials are their

Geomaterial Characterization Using Electrical Properties (EP) EP of geomaterials are their response to applied electric field Electrical resistivity for a material is Dielectric constant for a material is defined as: k = s / o

405 views • 11 slides
Theia: Networking for Ultra- Dense Data Centers meg walraed-sullivan,

Theia: Networking for Ultra- Dense Data Centers meg walraed-sullivan,

Simple and Cheap Theia: Networking for Ultra- Dense Data Centers meg walraed-sullivan, Jitendra Padhye, David A. Maltz Microso= HotNets 2014 Ultra-Dense Data

376 views • 24 slides

More recommend