Seminar: Innovative Internet Technologies and Mobile Communications - - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Seminar: Innovative Internet Technologies and Mobile Communications (IITM)

Topic Presentation

• Prof. Dr.-Ing. Georg Carle,

Dr.-Ing. Stephan Günther, Benedikt Jaeger

Friday 20th July, 2018 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Basic Information

Lecturer

• Prof. Dr.-Ing. Georg Carle

Organization: seminar@net.in.tum.de (only use this mail address!)

• Dr.-Ing. Stephan Günther
• Benedikt Jaeger

Overview

• Main Language: English
• paper and reviews in English
• talk can be in German or English
• Extent: 2 SWS, (5 ECTS)
• 5 ECTS · 30 h = 150 h of work expected from you
• Course Type:
• For B. Sc. Students: Advanced Seminar Course (Seminar)
• For M. Sc. Students: Master’s Seminar (Master-Seminar)
• S. Günther, B. Jaeger — IITM

2

Seminar Procedure

First version of your paper

• Agree on the content with your advisor
• Use the provided paper template (L

AT

EX)

• Keep in touch with your advisor
• Try to finish in time so your advisor can give you feedback
• Your paper must be 4 pages in IEEE 2-column style (including references etc.)
• Expected language for the paper is English

Present your topic

• German or English
• 20 min talk + 5 min discussion

Peer review

• You have review two papers of your fellow students
• Reviews are part of your final grade
• Review language is English

Final version of your paper

• Use the received reviews to improve your paper
• You will also receive feedback from the advisor
• If you and your advisor agree → publication in the seminar proceedings
• S. Günther, B. Jaeger — IITM

3

Schedule

Dates Topic presentation Jul 20, 14:00 Upload ssh key & topic preferences Until Jul 25, 23:59 Pick up literature from advisor (by mail if needed) Until Aug 3 Two advisor meetings suggested 1.) Discuss literature 2.) Discuss structure and draft Aug 6 – Sep 21 Final slides discussion with advisor (slides must be presentable) Until 1 week before your talk Upload paper, 1st version Sep 30, 23:59 Talks Oct 11/12, whole day Upload reviews Oct 28, 23.59 Upload paper, 2nd version Nov 25, 23:59

• S. Günther, B. Jaeger — IITM

4

Git

You will use Git to make your submissions

• Continuously commit your changes
• 1. git add <your file>
• 2. git commit
• 3. git push
• Do not commit any built files (e. g. use .gitignore)
• If you want to add images as PDF use:

git add -f file.pdf

• We use the last commit before the deadlines as submissions

How to get access:

• 1. Upload your public SSH key via Moodle (rsa, ecdsa, ed25519 in OpenSSH format)
• 2. ssh seminar@git.net.in.tum.de with your uploaded key for your repositories
• 3. For example:

git clone seminar@git.net.in.tum.de:2018ws-bs/material git clone seminar@git.net.in.tum.de:2018ws-bs/u117

• S. Günther, B. Jaeger — IITM

5

Git

Repositories Material repository: git clone seminar@git.net.in.tum.de:2018ws-bs/material

• Here you can find slides and templates
• We provide templates for the paper, the presentation and the reviews
• All participants have read access

Your working repository: git clone seminar@git.net.in.tum.de:2018ws-bs/<UID>

• Here you commit everything related to your paper and presentation
• Only you have write access
• Stick to the given directory structure
• Do not commit any build files or temporary L

A

T EX files

• S. Günther, B. Jaeger — IITM

6

Git

Structure your_repository paper paper.tex . . . talk slides.tex . . . review1 review2 resources literature.pdf . . . topic_preferences.txt Directory structure of your repository

• Follow this structure, otherwise
• we cannot build your source files
• we cannot collect your submissions
• You cannot push any other directories
• Use the provides templates, including Makefiles
• Make sure that your L

A

T EX code compiles directory /paper source files of your paper /talk source files of your slides /review anything related to the review process /resources literature and any other material

• S. Günther, B. Jaeger — IITM

7

Grading

• 1. Both of your paper submissions, 4 pages in IEEE (50 %)
• 1st version: 37.5 %
• 2nd version: 12.5 %
• 2. Your talk, 20 – 25 min, following discussion, and feedback (25 %)
• 3. Your reviews of papers from other seminar participants (25 %)
• S. Günther, B. Jaeger — IITM

8

Grading

Influencing Factors

• First version of paper must be acceptable
• Grade worse than 4.0 → disqualification (seminar graded as 5.0)
• Less than 4 pages in the seminar template → disqualification

(not 3.1 pages + empty space, not 4 pages + references)

• Observe the deadlines
• Advisor meetings are compulsory
• You are provided with git repositories to check in your work and submissions
• Hard deadline for each submission
• No submission
• 1st version of paper → disqualification (seminar graded as 5.0)
• Other submissions → grade 5.0 for the concerning part
• Write the paper yourself
• Plagiarism → disqualification (and we will check!)
• Attempted cheating will be reported to the examination office
• Summary when and why to cite: citation guide
• Regularly push your progress to avoid misunderstandings
• Absence during talks without valid excuse
• 0.3 degrading per missed talk on your presentation grade
• Talk graded worse than 4.0 → disqualification (seminar graded as 5.0)
• S. Günther, B. Jaeger — IITM

9

Topic Handling

• You get some literature or hints where to start from your advisor
• This is just to get you started
• Find appropriate (scientific) sources yourself
• scholar.google.com
• acm.org
• ieee.org
• semanticscholar.org
• Your sources’ sources
• . . .

TUM provides access to non-free papers via eaccess.ub.tum.de. Just presenting the given literature is not enough

• S. Günther, B. Jaeger — IITM

10

The Advisor’s Role

• Advisors create topics within their research context.
• They have broad knowledge about the context of your seminar topic.
• Your task is to do research and write a scientific text about a specific topic beyond basic

lecture content.

• Your advisor is not responsible for your tasks.
• Adhering to the deadlines is your responsibility.
• Your advisor will not remind you.
• Advisors will help you if you ask them to.
• Keeping contact with your advisor allows you to write a much better seminar paper.
• Advisors can give you feedback.
• Ask for feedback about your first paper version, the peer reviews, your slides for the talk, etc.
• S. Günther, B. Jaeger — IITM

11

Talk Procedure

• Prepare your talk
• Finished slides must be discussed with your advisor 1 week before the talk.
• Advisors may offer the opportunity of rehearsal talks.
• Present your work
• Scientific talk
• Present the main results & give an interesting talk
• Session chair for one talk
• Introduce the speaker
• Watch the time constraints
• Try to get the discussion started after the talk (ask at least one question if nobody else does)
• Mandatory attendance on all sessions
• If you cannot attend for a good reason, contact seminar@net.in.tum.de in advance
• Attending the talks is mandatory for passing the course

(schedule of talks will be published after the first submission)

• S. Günther, B. Jaeger — IITM

12

Talk Procedure

Improving Your Presentations Skills

• You have the chance to get your talk recorded
• Have a look at yourself after the talk!
• Your talk was great? Share it and show it to your friends
• You fully control the access! Initially only you can access it
• Get feedback from your colleagues (not graded)
• Feedback forms to be filled out during the talks
• S. Günther, B. Jaeger — IITM

13

Seminar Proceedings

• We give the opportunity to publish your papers!
• If both you and your advisor agree
• Proceedings of the last years can be found on

www.net.in.tum.de/publications/seminar%20proceedings

• Look at old proceedings
• Examples of papers we consider "good"
• Get an idea of the topics we cover
• Best Paper Award (only published papers)
• We will choose the best paper in each seminar
• They will receive a certificate and a hardcopy of the proceedings
• S. Günther, B. Jaeger — IITM

14

Choose Topic

The advisors now present their topics

• Listen to the presentations and ask questions
• Afterwards:
• Think about which topics you find interesting
• Inform yourself about the topics (e.g. contact the advisor)

Submit your topic preferences via Git until Wednesday July 25th

• Copy topic_preferences.txt to your repository
• Adjust the preferences
• Commit and push

We perform a matching on your topic preferences and inform you by mail.

• S. Günther, B. Jaeger — IITM

15

In General, write emails only to seminar@net.in.tum.de

• S. Günther, B. Jaeger — IITM

16

Models for packet loss and delay

Stephan Günther, Maurice Leclaire From the perspective of the application / transport layer, communication channels induce

• packet loss, e. g. due to buffer overflows or imperfect channels that cannot fully be com-

pensated by ARQ schemes, and

• delay patterns, e. g. due to buffering delays, serialization times, propagation time, and

processing delays. R D L parameters parameters parameters Input pattern Output pattern

X X

Your task

• Find related work coping with the simulation of those effects.
• Are there specific models for specific channel types, e. g. wireless vs. wireline?
• Compare the approaches:
• How well are real channel effects resembled?
• Which parameters can be adapted? Remain results valid?
• S. Günther, B. Jaeger — IITM

17

Robustness of Scanner Exams with TUMexam

Stephan Günther, Georg Carle TUMexam is a system for scanner exams developed since 2015 at our chair:

• exams are written and corrected on paper
• credits are marked via cross boxes
• after scanning, credits are counted using image recognition

From the past we know that counting credits is prone to errors. Your task

• Check old written exams for errors in total credit counts
• estimate the time needed for summing up credits
• derive the error probability
• Apply statistical methods if applicable
• Determine the improvement in reliability and time savings between conventional exams

and scanner exams

• Compare scan error ratios between TUMexam and other systems for scanner exams, e. g.

EvaExam

• S. Günther, B. Jaeger — IITM

18

A survey on Network Coding implementations

Maurice Leclaire There exist various different implementations that claim to improve the network performance by using network coding [1], e.g. COPE [2], MORE [3], DCAR [4], CCACK, C3ACK, and many more. The implementations work on different layers of the OSI model, e.g. on layer 2 or layer 4 and, therefore, exploit different aspects of network coding like opportunistic routing and/or forward error correction. There are also other differences in concepts like intra-/inter-session and unidi- rectional/bidirectional network coding. Your task

• Compare concepts, e.g. OSI layer, features
• Compare theoretically possible performance improvements based on the used concepts
• Compare practically achieved performance improvements

[1] Ahlswede, et al. “Network information flow”. IEEE Transactions on Information Theory 46.4, 2000. [2] Katti, et al. “The importance of being opportunistic: Practical network coding for wireless environments”. 43rd Allerton

• Conference. 2005.

[3] Chachulski, et al. “Trading Structure for Randomness in Wireless Opportunistic Routing”. ACM SIGCOMM 2007. [4] Jilin Le, et al. “Dcar: Distributed Coding-Aware Routing in Wireless Networks”. Mobile Computing 9.4, 2010. [5] Dehkordi, et al. “Optimal routing for bidirectional flows with network coding in asymmetric wireless networks”. ICCNC 2014.

• S. Günther, B. Jaeger — IITM

19

Investigating TCP SYN flood mitigation techniques in the wild

Minoo Rouhi, Dominik Scholz TCP SYN flood

• is a typical DDoS attack in the Internet
• goal to overwhelm TCP services with many half-open connections
• curb normal sever/network operation
• several defense techniques exist, e.g. SYN cookies, SYN authentication, . . .
• typically deployed as black box proxies

Your task:

• Get familiar with the concept of SYN flood attacks as a DDoS method
• Research the literature for state-of-the-art SYN flood mitigation techniques
• Elaborate on each method, also stating its Pros and Cons
• Summerize your results

[1] Eddy, Wesley. TCP SYN flooding attacks and common mitigations. No. RFC 4987. 2007. [2] Nagai, Ryosuke, et al. "Design and Implementation of an OpenFlow-Based TCP SYN Flood Mitigation." Mobile Cloud Com- puting, Services, and Engineering (MobileCloud), 2018 6th IEEE International Conference on. 2018 [3] Salunkhe, H., Sanjay Jadhav, and Vijay Bhosale. "Analysis and review of TCP SYN flood attack on network with its detection and performance metrics." IJERT 6.1 (2017): 250-256.

• S. Günther, B. Jaeger — IITM

20

Recent Activity in P4

Dominik Scholz, Sebastian Gallenmüller Programming Protocol-independent Packet Processing

• Softwareization of the data plane
• Domain specific language for low-level packet processing
• Featured on more and more conferences, workshops, summer schools, . . .
• Extensions, reworks, sample programs, target platforms, . . .

Your task: Summarize recent activity

• P416, PSA and beyond
• p4runtime
• Recent workshop/developer day
• Working group activity
• New (hardware) backends

Knowledge in SDN-related topics recommended!

Sources

• p4.org,p4.org/events,p4.org/specs
• https://p4.org/events/2018-06-05-p4-workshop/
• https://p4.org/events/2018-06-06-p4-developer-day/
• S. Günther, B. Jaeger — IITM

21

P416 INT Applications

Sebastian Gallenmüller, Dominik Scholz In-Band Telemetry using P4

• Comparable to “traceroute” but on layer 2
• Can provide per-hop switch utlization and per-hop latency information
• Allows detailed monitoring of network

Your task:

• Brief summary of P416 and INT
• Create a suitable mininet setup
• Apply existing P4/INT examples
• Start with simple introductory applications
• Include advanced topics (INT)

Applied topic: lower page requirements, but you need to program P4

Sources

• p4.org,p4.org/events,p4.org/specs
• https://github.com/p4lang/p4-applications/blob/master/docs/INT.pdf
• https://github.com/p4lang/tutorials/tree/master/exercises
• S. Günther, B. Jaeger — IITM

22

Resource Management with Learning Algorithms

Cora Perner (clperner@net.in.tum.de) Recent works [1] have shown that learning algorithms can be used to

• decentralise network resource management,
• dynamically and opportunistically allocate resources depend-

ing on demand, and

• improve maximum number of network requests.

user_1 user_2 user_n

…

Your tasks:

• Get familiar with network resource management and Q-learning.
• Find related work, e. g. using different algorithms. How does it compare to the results

presented in [1]?

• What are the advantages of using learning algorithms compared to traditional methods?
• What limitations are there to the proposed approach? How could these be remedied?

[1] R. Mijumbi, J. L. Forricho, J. Serrat, M. Claeys, F. De Turck and S. Latré, ”Design and Evaluation of Learning Algorithms for Dynamic Resource Management in Virtual Networks”, 2014 IEEE Network Operations and Management Symposium (NOMS), Krakow, 2014, pp. 1–9

• S. Günther, B. Jaeger — IITM

23

Fault tolerance in SDN

Cora Perner (clperner@net.in.tum.de) Recent research e. g. [1,2] has shown that SDN can be used to tolerate faults and/or recover from failures. Your tasks:

• What mechanisms are available to tolerate switch and link failures in SDN?
• Which algorithms are used to calculate backup paths?
• Summarize advantages and disadvantages of said algorithms

[1] Petroulakis, N. E., Spanoudakis, G., Askoxylakis, I. G., “Fault Tolerance Using an SDN Pattern Framework”, Globecom, IEEE Global Communications Conference, 2017 [2] Paris, S., Paschos, G. S., Leguay, J., “Dynamic Control for Failure Recovery and Flow Reconfiguration in SDN”, 12th Interna- tional Conference on the Design of Reliable Communication Networks (DRCN), 2016

• S. Günther, B. Jaeger — IITM

24

Survey of Workflow Management Systems

Marcel von Maltitz, Holger Kinkelin A common method to structure recurring kinds of work is to define multi-step processes. Here, a process is a graph of depending steps (of work) and a marker which denotes the current state. This structure is state of the art in businesses and other areas (e.g. in software development processes). Software to support process-oriented modelling and management of work flourished in the last years. Your tasks:

• Get familiar with the basic concept of process oriented modelling
• Extensively research approaches and software available for process modelling
• How can created models be used to implement software?
• What is common, what is different?
• Develop a taxonomy to categorize them

Examples: [1] Airbnb Engineering & Data Science: Airflow [2] Atlassian: Jira [3] Business Process Model and Notation (BPMN), Camunda

• S. Günther, B. Jaeger — IITM

25

Performance of Secure Multiparty Computation

Marcel von Maltitz Secure Multiparty Computation is a cryptographical concept to perform privacy-preserving com-

• putations. Implementations exist.

E.g. 2 parties compute the intersection of individual sets without telling their set to the other party. Or: 2 parties perform an AES encryption, where one party holds the plaintext and the other one the key. The former gets the cyphertext, the latter gets nothing.

Typically, these kind of computations have a major communication overhead. So a vital question is whether they are applicable in real world use cases. Your task:

• Get familiar with the concept of Secure Multiparty Computation
• Use the FRESCO framework to understand how algorithms can be written
• We select one or more demo applications shipped with FRESCO
• You perform performance measurements, investigating how CPU power, network latency,
• etc. influence computing speed.1

Note: This is a practical topic. Not much paper research. Necessary skills: Reading and writing code (Java 8). Familiarity with the command line. Some knowledge about performing system administration tasks2. You should like data analysis and evaluation.

1 Hardware for measurements is available 2 Ansible is a plus

• S. Günther, B. Jaeger — IITM

26

A Survey of Network Layer Anonymity Protocols

Sree Harsha Totakura

• Anonymity in communications is traditionally provided by Chaumian Mixes and Onion Rout-

ing

• Both Chaumian mixes and Onion Routing work by having nodes create an overlay layer.

Network Layer Anonymity:

• This is a recent approach for providing anonymity where the functionality is shifted from

the overlay to the network forwarding layer

• The network routers provide a service similar to onion routing at the network layer
• The goal of these protocols is to provide low latency anonymity while keeping bandwidth
• verhead low and throughput high

Your tasks for this topic are to study the various protocols which provide Network Layer Anonymity, their defences against attacks, and summarize them.

Sources:

• Chen, Chen, and Adrian Perrig. "Phi: Path-hidden lightweight anonymity protocol at network layer." Proceedings on

Privacy Enhancing Technologies 2017.1 (2017): 100-117

• S. Günther, B. Jaeger — IITM

27

Overview of TCP Congestion Control Algorithms

Benedikt Jaeger Popular TCP Algorithms:

• Reno, BIC, CUBIC, CTCP

, Vegas, BBR, . . . But what about these?

• Westwood, Illinois, HTCP

, HSTCP , Veno, YEAH, FAST, Verus, LEDBAT, Sprout, PCC, Copa, Indigo, SCReAM, . . . Your Task:

• Pick 2 – 3 interesting, less popular algorithms
• For what purpose were the algorithms designed?

(e.g. wireless, mobile, gigabit, lossy-link, . . . )

• How do the algorithms detect congestion?
• Identify strengths and weaknesses of each algorithm
• Explain why these algorithms are in use or why not

2 4 6 8 10 50 100 150 Time [s] RTT [ms] BBR CUBIC

[1] https://pantheon.stanford.edu/ [2] Yang, Peng, et al. 2013. TCP congestion avoidance algo- rithm identification. [3] Saverio Mascolo, Claudio Casetti, et al. 2001. TCP West- wood: Bandwidth estimation for enhanced transport over wireless links. [4] Liu, Shao, Tamer Ba¸ sar, and Ravi Srikant. 2008. TCP- Illinois: A loss-and delay-based congestion control algorithm for high-speed networks. [5] Rossi, Dario, et al. 2010. LEDBAT: the new BitTorrent con- gestion control protocol. [6] Arun, Venkat, and Hari Balakrishnan. 2018. Copa: Practical Delay-Based Congestion Control for the Internet. [7] . . .

• S. Günther, B. Jaeger — IITM

28

From FIFO to predictive cache replacement

Stephan Liebald From the many parameters one can look at when optimizing caching, cache replacement is certainly one of the most important ones. Starting with simple strategies many algorightms were developed and optimized over time, often towards specific scenarios. Approaches

• simple: FIFO, LRU (Least Recently Used),...
• combinations: ARC (Adaptive Cache replacements), Shepherd Cache..
• predictive: predictive algorithms, ML
• ...: ...

Your task: Summarize the development of cache replacement strategies

• 1-2 algorithms per approach
• Types of scenarios
• Parameters usable to evaluate their efficiency/performance
• Aproaches for predictive caching
• Active (predictive) cache replacement

Sources

• Famaey et. al.: Towards a predictive cache replacement strategy for multimedia content
• Rajan K., Ramaswamy G.: Emulating Optimal Replacement with a Shepherd Cache
• https://en.wikipedia.org/wiki/Cache_replacement_policies
• S. Günther, B. Jaeger — IITM

29

Micro-sized Triplestores and their Capabilities

Jan Seeger (seeger@in.tum.de) With the growing number of devices that are part of Internet-of-Things systems, a growing trend is the description of such devices in a semantic manner. Triplestores are databases that are optimized for the storage and processing of such semantic

• data. For embedded devices, these triplestores need to be efficient in storage and processing,

and may have reduced capabilities as compared to “regular” triplestores. Your mission, should you choose to accept it: Summarize and classify the tradeoffs that have been made to reduce the size of some embedded triple stores. For some embedded triple stores selected from literature, you will

• explore the optimizations that were used.
• describe which scenarios the store is optimized for.
• classify the support for reasoning on semantic data.

Sources

• V. Charpenay, S. Käbisch, and H. Kosch, “µRDF Store: Towards Extending the Semantic Web to Embedded Devices,”

in The Semantic Web: ESWC 2017 Satellite Events, 2017, pp. 76–80.

• S. Álvarez-García, N. R. Brisaboa, J. D. Fernández, and M. A. Martínez-Prieto, “Compressed k2-Triples for Full-In-

Memory RDF Engines,” arXiv:1105.4004 [cs], May 2011.

• H. Hasemann, A. Kröller, and M. Pagel, “The Wiselib TupleStore: A Modular RDF Database for the Internet of Things,”

arXiv:1402.7228 [cs], Feb. 2014.

• S. Günther, B. Jaeger — IITM

30

Resilient Service Compositions

Jan Seeger (seeger@in.tum.de) Service composition is a time-tested approach for the creation of new services from existing

• nes. The composition of such services has often been explored in the Internet, or for business

processes, where transient failures are not frequent. Your mission, should you choose to accept it: Survey mechanisms to build resilient service com-

• positions. For a selection of resilient composition approaches from literature, you will classify the

approaches taken to ensure reliable operation. Some approaches are:

• Redundancy
• Adaption
• Reconfiguration
• . . .

Sources

• X. Gu, K. Nahrstedt, and B. Yu, “SpiderNet: an integrated peer-to-peer service composition framework,” in Proceedings. 13th IEEE International

Symposium on High performance Distributed Computing, 2004., 2004, pp. 110–119.

• B. Lagesse, M. Kumar, and M. Wright, “ReSCo: A middleware component for Reliable Service Composition in pervasive systems,” in 2010 8th

IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), 2010, pp. 486–491.

• J. Seeger, R. A. Deshmukh, and A. Bröring, “Dynamic IoT Choreographies – Managing Discovery, Distribution, Failure and Reconfiguration,”

arXiv:1803.03190 [cs], Mar. 2018.

• S. Günther, B. Jaeger — IITM

31

Open vSwitch config for separation of KVM/libvirt VMs

Johannes Naab Running multiple untrusted virtual machines (like in GRNVS) requires careful network design

• Spoofing: MAC, IP

, ARP , DHCP , ND, RA

• Denial of Service attacks
• Avoiding unnecessary broadcasts

The software switch Open vSwitch can help secure such a network, by filtering and/or micro

• segmentation. For reliability and ease of usability, those features need to be integrated into the

VM management stack libvirt.

• You know how networks work
• Familiarity with man(1) and /usr/share/doc
• You know where/how to start investigating when things go wrong: journalctl(1), GIYF-

based work approaches Applied topic: lower page requirements, running code required

• S. Günther, B. Jaeger — IITM

32

Experiment/Hardware Scheduling

Dominik Scholz, Johannes Naab The Baltikum testbed provided multiple different machines. Multiple users run experiments in this

• environment. An external/separate calendar is used to schedule and reserve machines for the

experiment. This calendar is not integrated in the existing orchestration service. Your task:

• What are the requirements for an integrated scheduling service?
• What does/can existing solutions provide? Are they applicable in our context?
• Design a proper calender/scheduling for use in the Baltikum testbed.

This is an open ended topic, it should result in an BA/IDP to implement3 the solution

3 Python, PostgreSQL

• S. Günther, B. Jaeger — IITM

33

Flow-based Network Monitoring

Simon Bauer Flow Monitoring Network flows are sequences of packets between two communication entities, also referred to as end points. Flow monitoring is purposed to identify communicating end points in the network, to detect anomalies in the network traffic and to understand reliability and performance incidents. Your Task

• Research existing literature and tools for flow-based network monitoring (e.g. nProbe,

ntop, Vermont, . . . )

• Compare scope and features of considered tools
• Understand required functionality (export, collect, analyse) to process metadata of flows

and identify different implementation approaches

• What are problems and weaknesses of flow-based network monitoring (in the future)?

Sources

• https://github.com/tumi8/vermont/wiki
• L. Deri, M. Martinelli, A. Cardigliano: "Realtime High-speed Network Traffic Monitoring Using Ntopng", Proceedings of

the 28th USENIX Conference on Large Installation System Administration, 2014

• L. Deri: nProbe: an Open Source NetFlow Probe for Gigabit Networks, Proc. of Terena TNC 2003, 2003
• S. Günther, B. Jaeger — IITM

34