next generation application aware flow monitoring
play

Next Generation Application-Aware Flow Monitoring Petr Velan } , - PowerPoint PPT Presentation

Mar 24, 2023 •246 likes •363 views

Next Generation Application-Aware Flow Monitoring Petr Velan } , ! " # $ % & ' ( ) + - A| / 0 1 2 3 4 5 < y . w

  1. Next Generation Application-Aware Flow Monitoring Petr Velan } , ! " # $ % & ' ( ) + - A| � / 0 1 2 3 4 5 < y . � � w � � � � � � � � � � � � � � � � � � � � � Æ velan@ics.muni.cz AIMS 2014 July 3, 2014 Brno Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 1 / 10

  2. Application Flow Monitoring • Passive network monitoring • IP flow monitoring + application protocol information • More accurate traffic classification • Threat detection on application level • Phishing • Invalid X.509 certificates • . . . • Emerging trend in network monitoring • More work in implementation than research Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 2 / 10

  3. Application Flow Monitoring Metering Process Exporting Process L2-L4 Header Application Packets Processing Processing IPFIX Transport Flow Message Protocol records Flow Cache Flow Processing IP flow example Flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Packets Bytes 09:41:21.763 0.101 TCP 172.16.96.48:15094 -> 209.85.135.147:80 .AP.SF 4 715 09:41:21.893 0.031 TCP 209.85.135.147:80 -> 172.16.96.48:15094 .AP.SF 4 1594 Application flow extension example HTTP RT HTTP Host HTTP Path HTTP Code HTTP Type GET www.seznam.cz /favicons/019/194-DBrJCJ.png - - HTTP - - 200 OK image/x-icon Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 3 / 10

  4. Application Flow Impacts • R.Q. (1): What are the impacts of application protocol measurement on flow exporters? • CPU intensive processing • Flow cache memory requirements • Increasing bandwidth requirements • Results • Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement 1 • FlowMon - Plugins for HTTP Monitoring (2012) • Future work • Quantify the impacts • Propose solution for flow cache size • Specific compression of flow data stream [1] Petr Velan, Tomáš Jirsík and Pavel ˇ Celeda. Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement. In Lecture Notes in Computer Science, Vol. 8115 , pages 136-147, Chemnitz, Germany, 2013. Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 4 / 10

  5. HTTP Parsers Performance Decline 11 no HTTP 6 optimized strcmp strcmp Packets/s (x 10 6 ) 5 optimized flex flex 4 pcre 3 2 1 0 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Portion of HTTP traffic in the mix (0 % - no HTTP , 100 % - only HTTP headers) Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 5 / 10

  6. Application Flow Performance • R.Q. (2): What are the limits of application protocol measurement on high-speed networks? • IP flow is capable of monitoring 40/100 Gbps • Application flow causes significant performance decline • No framework for performance comparison of flow measurement • Different results on different data sets • Future Work • Create a methodology for comparison of flow measurement performance • Create data sets for testing application protocol parsers Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 6 / 10

  7. Application Flow Benefits • R.Q. (3): How can application protocol information be used to improve flow measurement quality? • Use application information to improve flow measurement • Better flow aggregation • Results • Large-Scale Geolocation for NetFlow 1 • An Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis 2 • Future Work • Split flows based on application • Application protocol specific timeouts [1] Pavel ˇ Celeda, Petr Velan, Martin Rábek, Rick Hofstede and Aiko Pras. Large-Scale Geolocation for NetFlow. In IFIP/IEEE International Symposium on Integrated Network Management (IM 2013) , pages 1015-1020, Ghent, Belgium, 2013. [2] Martin Elich, Petr Velan, Tomáš Jirsík and Pavel ˇ Celeda. An Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis. In 38th Annual IEEE Conference on Local Computer Networks (LCN 2013) , pages 1046-1052, Sydney, Australia, 2013. Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 7 / 10

  8. Next Generation Flow • R.Q. (4): How can information from multiple packet streams be aggregated to single application event and how can we utilize application events to design the next generation flow monitoring? GET bits.wikimedia.org IP wikipedia.org 208.80.154.224 Response style.css DNS server 91.198.174.202 GET wikipedia.org G E T u p l o a d Response HTML . w R i e k s i m p o e n d s i a e l . o o r g g o . p n g Open wikipedia.org 208.80.154.224 91.198.174.208 Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 8 / 10

  9. Plan of Work Research Questions (1) Application Flow Impacts (2) Application Flow Performance (3) Application Flow Benefits (4) Next Generation Flow Spring '14 Spring '15 Spring '16 Autumn '14 Autumn '15 R.Q. 1 R.Q. 2 R.Q. 4 R.Q. 3 Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 9 / 10

  10. Thank You For Your Attention! Next Generation Application-Aware Flow Monitoring } w , " # $ % & ' ( ) + / - . 0 1 2 3 4 5 < y A| ! � � � � � � � � � � � � � � � � � Æ � � � � � � � Petr Velan velan@ics.muni.cz Petr Velan (AIMS 2014) Next Generation Flow Monitoring July 3, 2014, Brno 10 / 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

APPLICATION-AWARE FLOW MONITORING Thursday 11 th April, 2019 Petr Velan Motivation

APPLICATION-AWARE FLOW MONITORING Thursday 11 th April, 2019 Petr Velan Motivation

APPLICATION-AWARE FLOW MONITORING Thursday 11 th April, 2019 Petr Velan Motivation Application-Aware Flow Monitoring Page 2 / 22 Internet Basic Flow Monitoring TAP Probe Flow monitoring is widely used for: Collector Accounting Router

367 views • 23 slides
On the Impact of Flow Monitoring Configuration Petr Velan et al. velan@ics.muni.cz Institute of

On the Impact of Flow Monitoring Configuration Petr Velan et al. velan@ics.muni.cz Institute of

On the Impact of Flow Monitoring Configuration Petr Velan et al. velan@ics.muni.cz Institute of Computer Science, Masaryk University April 20, 2020 Flow Monitoring Recapitulation Network Flow Monitoring Network Flow Monitoring Used for

383 views • 24 slides
The Future of Network Flow Monitoring Prague Embedded Systems Workshop (PESW 2019) Friday 28 th

The Future of Network Flow Monitoring Prague Embedded Systems Workshop (PESW 2019) Friday 28 th

The Future of Network Flow Monitoring Prague Embedded Systems Workshop (PESW 2019) Friday 28 th June, 2019 Petr Velan Flow Monitoring Introduction Internet Flow monitoring is widely used for: Accounting Probe TAP Security (IDS, forensics)

367 views • 20 slides
CAM: CONSTRAINT AWARE APPLICATION MAPPING FOR APPLICATION MAPPING FOR EMBEDDED SYSTEMS Luis

CAM: CONSTRAINT AWARE APPLICATION MAPPING FOR APPLICATION MAPPING FOR EMBEDDED SYSTEMS Luis

CAM: CONSTRAINT AWARE APPLICATION MAPPING FOR APPLICATION MAPPING FOR EMBEDDED SYSTEMS Luis A. Bathen, Nikil D. Dutt Outline 2 Introduction &amp; Motivation Introduction &amp; Motivation CAM Overview Memory aware Macro

508 views • 40 slides
On Flow-Aware CSMA in Multi-Channel Wireless Networks Mathieu Feuillet Joint work with Thomas

On Flow-Aware CSMA in Multi-Channel Wireless Networks Mathieu Feuillet Joint work with Thomas

On Flow-Aware CSMA in Multi-Channel Wireless Networks Mathieu Feuillet Joint work with Thomas Bonald CISS 2011 Outline Model Background Standard CSMA Flow-aware CSMA Conclusion Outline Model Background Standard CSMA Flow-aware CSMA

903 views • 58 slides
One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon Zaoxing Liu, Antonis

One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon Zaoxing Liu, Antonis

One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon Zaoxing Liu, Antonis Manousis, Greg Vorsanger, Vyas Sekar, and Vladimir Braverman Many Monitoring Requirements Traffic Engineering Anomaly Detection Flow Size

511 views • 28 slides
Flow Monitoring Deniz zharar Sales &amp; Market Devlopment Engineer

Flow Monitoring Deniz zharar Sales &amp; Market Devlopment Engineer

BRIGHTSENSE: SMART WAY OF FLOW MONITORING Digitalize &amp; Manage Intelligent Mold Coolant Flow Monitoring Deniz zharar Sales &amp; Market Devlopment Engineer www.brightworksengineering.com Digital Revolution for Mold Temperature Management

142 views • 11 slides
The Measured Performance of Database-Aware Test Coverage Monitoring Gregory M. Kapfhammer

The Measured Performance of Database-Aware Test Coverage Monitoring Gregory M. Kapfhammer

Introduction to Database Applications Introduction to Software Testing Database-Aware Test Coverage Monitoring Experimental Study The Measured Performance of Database-Aware Test Coverage Monitoring Gregory M. Kapfhammer Department of

553 views • 30 slides
Automating the Automating the configuration of flow configuration of flow monitoring probes

Automating the Automating the configuration of flow configuration of flow monitoring probes

Zurich Research Laboratory Automating the Automating the configuration of flow configuration of flow monitoring probes monitoring probes Xenofontas (Fontas) Dimitropoulos (xed@zurich.ibm.com) Andreas Kind (ank@zurich.ibm.com) IBM | Dec 07

303 views • 14 slides
Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow monitoring extended by application layer

1.99k views • 184 slides
Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 29,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 29,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 29, 2016 Agenda Model Overview Application and Selection Timeline Letter of Intent Application Overview 2 Next Generation ACO Model

750 views • 27 slides
Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 14,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 14,

Next Generation ACO Model Open Door Forum: Next Generation ACO Application Overview March 14, 2017 Agenda Model Overview Application and Selection Timeline Letter of Intent Application Overview 2 Next Generation ACO Model

1.04k views • 67 slides
Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu,

Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu,

Interconnect Delay Aware RTL Verilog Bus Architecture Generation for an SoC Kyeong Ryu, Alexandru Talpasanu, Vincent Mooney and Jeffrey Davis School of Electrical and Computer Engineering Georgia Institute of Technology August 2004 Outline

472 views • 21 slides
A New Cache Monitoring Scheme for Memory-Aware Scheduling and Partitioning G. Edward Suh

A New Cache Monitoring Scheme for Memory-Aware Scheduling and Partitioning G. Edward Suh

A New Cache Monitoring Scheme for Memory-Aware Scheduling and Partitioning G. Edward Suh Srinivas Devadas Larry Rudolph Massachusetts Institute of Technology February 5, 2002 HPCA-8: 1 Problem Memory system performance is critical

415 views • 18 slides
Metering Pump Station Flow Monitoring Presented by: Glenn Hummel Presentation Objective Keep

Metering Pump Station Flow Monitoring Presented by: Glenn Hummel Presentation Objective Keep

Laser for Open Channel Flow Metering Pump Station Flow Monitoring Presented by: Glenn Hummel Presentation Objective Keep your Toolbox equipped with Flow Metering Solutions Introduce a New Technology for Open Channel Flow Measurement

1k views • 72 slides
Lead Generation Keeping a steady stream of leads flow ing into your sales pipeline Dale

Lead Generation Keeping a steady stream of leads flow ing into your sales pipeline Dale

Lead Generation Keeping a steady stream of leads flow ing into your sales pipeline Dale DataDale Filhaber President, Dataman Group Direct Author, Lead Generation Made Easier Lead Generation is not an event. It is a well-thought

676 views • 40 slides
Novel Network Services for Supporting Big Data Science Research

Novel Network Services for Supporting Big Data Science Research

Novel Network Services for Supporting Big Data Science Research JO JOAQUIN CHUNG , SEAN DONOVAN, JERONIMO BEZERRA, HEIDI MORGAN, JULIO IBARRA, RUSS CLARK,

974 views • 28 slides
Brief and Yet Bountiful Brief and Yet Bountiful the History of Computing, Why the History of

Brief and Yet Bountiful Brief and Yet Bountiful the History of Computing, Why the History of

Brief and Yet Bountiful Brief and Yet Bountiful the History of Computing, Why the History of Computing, Why do Students Need it? do Students Need it? John Howland John Howland Trinity University, San Antonio, TX Trinity University, San

484 views • 22 slides
Collecting data by species, establishing technical units of measurements and indicators. State

Collecting data by species, establishing technical units of measurements and indicators. State

Collecting data by species, establishing technical units of measurements and indicators. State of play Jordi Torren/ Kari Grave/ Arno Muller/ David Mackay European Medicines Agency Animal and Public Health ESVAC Stakeholders meeting 18

271 views • 13 slides
A Review of Milestones in the History of GUI Prototyping Tools IFIP WG 13.2 Workshop on User

A Review of Milestones in the History of GUI Prototyping Tools IFIP WG 13.2 Workshop on User

A Review of Milestones in the History of GUI Prototyping Tools IFIP WG 13.2 Workshop on User Experience and User-Centered Development Processes September 14 th 2015, Bamberg, Germany Thiago R. Silva, Jean-Luc Hak, Marco Winckler User-Centered

549 views • 17 slides
+ Normal node Clusterhead 2. 2. Clusters at the edge of network perform initial routing

+ Normal node Clusterhead 2. 2. Clusters at the edge of network perform initial routing

Overview Overview Motivation Motivation Self- Self -Organized Data Organized Data- -Energy Energy- -Aware Clustering Aware Clustering Self Self- -Organization Organization and Routing for Wireless Sensor Networks and

59 views • 3 slides
Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA SCHOOL OF ELECTRICAL &amp; COMPUTER ENGINEERING NETWORK MANAGEMENT &amp; OPTIMAL DESIGN LABORATORY (NETMODE) A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN

631 views • 9 slides
INTERNAL FAMILY SYSTEMS THERAPY Works with parts User Friendly Powerful, effective

INTERNAL FAMILY SYSTEMS THERAPY Works with parts User Friendly Powerful, effective

INTERNAL FAMILY SYSTEMS THERAPY Works with parts User Friendly Powerful, effective Non-pathological Spiritual Effective for trauma Created by Richard Schwartz, PhD SELF-THERAPY Manual for doing IFS For therapists

912 views • 32 slides
Presentation by: Debendra Dalai, IFS Director Science, Technology and Renewable Energy

Presentation by: Debendra Dalai, IFS Director Science, Technology and Renewable Energy

Presentation by: Debendra Dalai, IFS Director Science, Technology and Renewable Energy Chandigarh is one of the early planned cities in post- independence India and is internationally known for its architecture and urban design.

338 views • 20 slides

More recommend