sf tap scalable and flexible traffic analysis platform
play

SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on - PowerPoint PPT Presentation

Oct 30, 2023 •117 likes •303 views

SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware Yuuki Takano, Ryosuke Miura, Shingo Yasuda Kunio Akashi, Tomoya Inoue 1 in USENIX LISA 2015 NICT, JAIST (Japan) Table of Contents 2 1. Motivation 2.

  1. SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware Yuuki Takano, Ryosuke Miura, Shingo Yasuda Kunio Akashi, Tomoya Inoue 1 in USENIX LISA 2015 NICT, JAIST (Japan)

  2. Table of Contents 2 1. Motivation 2. Related Work 3. Design of SF-TAP 4. Implementation of SF-TAP 5. Performance Evaluation 6. Conclusion

  3. Motivation (1) as Python, Ruby, C++, for many purposes (IDS/ IPS, forensic, machine learning). reconstruction (quite complex). 3 • Programmable application level traffic analyzer • We want … • to write traffic analyzers in any languages such • **not** to write codes handling TCP stream • modularity for many application protocols.

  4. 4 Motivation (2) • High speed application level traffic analyzer • We want … • to handle high bandwidth traffic. • to handle high connections per second. • horizontal and CPU core scalable analyzer.

  5. Motivation (3) 5 • Running on Commodity Hardware • We want … • open source software. • not to use expensive appliances.

  6. Related Work libprotoident SF-TAP (application traffic detector) (flow oriented analyzer) (low level traffic capture) l7-filter nDPI libnids 6 SCAP [IMC 2012] GASPP [USENIX ATC 2014] pcap DPDK netmap [USENIX ATC 2012] BPF [USENIX ATC 1993] + modularity and scalability

  7. High-level Architecture Core Scaling SF-TAP Cell SF-TAP Cell SF-TAP Cell SF-TAP Cell Intra Network Core Scaling Core Scaling Core Scaling Horizontal Scaling Cell Incubator Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer Analyzer 10GbE The Internet Flow Abstractor of SF-TAP CPU 7 CPU CPU CPU CPU Flow Abstractor CPU CPU CPU CPU Flow Abstractor CPU CPU CPU CPU Flow Abstractor CPU CPU CPU 10GbE

  8. 8 Design Principle (1) • Flow Abstraction • abstract flows by application level protocols • provide flow abstraction interfaces like /dev, /proc or BPF • for multiple programming languages • Modular Architecture • separate analyzing and capturing logic • easily replace analyzing logic

  9. Design Principle (2) computer resources be core scalable for efficiency 9 • Horizontal Scalable • analyzing logic tends to require many • volume effect should solve the problem • CPU Core Scalable • both analyzing and capturing logic should

  10. Design of SF-TAP (1) Packet Forwarder Separator Plane separated traffic SF-TAP Cell L3/L7 Sniffer SSL Proxy etc... other SF-TAP cells IP Packet Defragmenter L2 Bridge mirroring traffic IP Fragment Flow Handler defined 4 planes Analyzer Plane application level analyzers Forensic, IDS/IPS, etc… Abstractor Plane flow abstraction Separator Plane flow separation Capturer Plane traffic capturing (ordinary tech.) (users of SF-TAP implements here) (we implemented) Separator Identifier 10 L7 Loopback I/F NW I/F HTTP I/F TLS I/F Flow Abstractor Flow Classifier TLS Analyzer HTTP Analyzer HTTP Proxy TCP and UDP Handler filter and classifier rule DB Flow Forensic IDS/IPS etc... Application Protocol Analyzer etc... TCP Default I/F UDP Default I/F Analyzer Plane Abstractor Plane Capturer Plane SF-TAP Cell Incubator (we implemented)

  11. Design of SF-TAP (2) IP Fragment Flow Separator handle fragmented packets IP Fragment Handler layer 2 frame capture layer 2 bridge Packet Forwarder Handler Packet Forwarder SF-TAP Cell Incubator L2 Bridge other SF-TAP cells separated traffic Separator Flow Incubator SF-TAP Cell 11 separate flows to multiple Ifs

  12. Design of SF-TAP (3) TCP Default I/F nothing to do for UDP identify flows by IP and port reconstruct TCP flows IP Packet Defragmenter Flow Identifier TCP and UDP Handler Defragmenter IP Packet Identifier Flow UDP Default I/F L7 Loopback I/F SF-TAP Flow Abstractor rule classifier filter and Handler TCP and UDP Classifier Flow Flow Abstractor TLS I/F HTTP I/F NW I/F 12 defragment IP packets if needed

  13. Design of SF-TAP (4) rule regular expressions classify flows by Flow Classifier Defragmenter IP Packet Identifier Flow UDP Default I/F TCP Default I/F L7 Loopback I/F classifier SF-TAP Flow Abstractor filter and Handler TCP and UDP Classifier Flow Flow Abstractor TLS I/F HTTP I/F NW I/F 13 output to abstraction IFs

  14. 14 Implementation (updated from the paper) • SF-TAP cell incubator • C++11 • it uses netmap, available on FreeBSD • SF-TAP flow abstractor • C++11 • it uses pcap or netmap • available on Linux, *BSD, and MacOS • Source Code • https://github.com/SF-TAP • License • 3-clauses BSD

  15. Performance Evaluation (1) 15 packet drop against connections per second (pcap) 4K 10K 50K

  16. Performance Evaluation (1) (2) α->β β α to β and γ to β to γ cell incubator γ β α 10 GbE x 2 1 GbE x 12 (3) α->γ (3) α->β (1) α->γ 16 ideal 1024 512 256 128 64 fragment size (bytes) 16 12 8 4 0 Mpps forwarding performance of SF-TAP cell incubator γ

  17. Other Features protocol analysers incubator 17 • L7 Loopback interface for encapsulated flows • Load balancing mechanism for application • Separating and mirroring modes of SF-TAP cell • See more detains in our paper

  18. Conclusion analysis. in our experiments. 18 • We proposed SF-TAP for application level traffic • SF-TAP has following features. • flow abstraction • running on commodity hardware • modularity • scalability • We showed SF-TAP has achieved high performance

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

1 Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE KEY FEATURES LEARN MORE 3 OVERVIEW Vulcan generates stateful Ethernet traffic to analyze how

349 views • 34 slides
Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

1 Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless traffic

720 views • 43 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Model-Gra*: Accurate, Scalable and Flexible Analysis of Cache Networks 23rd ICNRG MeeIng

Model-Gra*: Accurate, Scalable and Flexible Analysis of Cache Networks 23rd ICNRG MeeIng

Michele TORTELLI Dario ROSSI Emilio LEONARDI Model-Gra*: Accurate, Scalable and Flexible Analysis of Cache Networks 23rd ICNRG MeeIng (Interim) 14/15-01-2016 michele.tortelli@telecom-paristech.fr M OTIVATION Simula2on is the primary tool

680 views • 29 slides
Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David Lazar, Matei Zaharia, Nickolai Zeldovich MIT CSAIL Symposium on Operating Systems Principles (SOSP), 2015 1 / 12 Motivation Encryption systems hide

608 views • 14 slides
Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2

Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2

1 Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless

805 views • 43 slides
RAY A Scalable computation engine Ray is a flexible, high-performance, distributed

RAY A Scalable computation engine Ray is a flexible, high-performance, distributed

RAY A Scalable computation engine Ray is a flexible, high-performance, distributed execution framework for Emerging AI Applications (UC Berkeley) A scalable system for parallel and distributed Python. Shortens path to production

389 views • 35 slides
Totality Traffic Jam Ted Trepanier 1 INRIX Technology Platform Big data & analytics

Totality Traffic Jam Ted Trepanier 1 INRIX Technology Platform Big data & analytics

Totality Traffic Jam Ted Trepanier 1 INRIX Technology Platform Big data & analytics platform ingests multiple sources of data and combines technologies to create innovative solutions Incide ident data ta Mobile dat data Traffic Par

745 views • 28 slides
Using ElasticSearch as a fast, flexible, and scalable solution to search occurrence records and

Using ElasticSearch as a fast, flexible, and scalable solution to search occurrence records and

Using ElasticSearch as a fast, flexible, and scalable solution to search occurrence records and checklists Christian Gendreau, Canadensys Marie-Elise Lecoq, GBIF France Introduction ElasticSearch is an open source, document oriented, distributed

612 views • 20 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Flexible and Scalable Acceleration Techniques for Low-Power Edge Computing 2nd Italian Workshop

Flexible and Scalable Acceleration Techniques for Low-Power Edge Computing 2nd Italian Workshop

Flexible and Scalable Acceleration Techniques for Low-Power Edge Computing 2nd Italian Workshop on Embedded Systems 8.9.2017 Universit degli Studi di Roma La Sapienza Francesco Conti 1,2 , Davide Rossi 1 , Luca Benini 1,2

873 views • 53 slides
Beyond pheromones: evolving error-tolerant, flexible, and scalable ant-inspired robot swarms

Beyond pheromones: evolving error-tolerant, flexible, and scalable ant-inspired robot swarms

Beyond pheromones: evolving error-tolerant, flexible, and scalable ant-inspired robot swarms Written by Joshua P. Hecker and Melanie E. Moses Presented by Nitin Bhandari, Antonio Griego, Jacob McCullough, and Noah Lewis Topics to be

1.04k views • 38 slides
Scalable Mul*-Class Traffic Management in Data Center Backbone

Scalable Mul*-Class Traffic Management in Data Center Backbone

Scalable Mul*-Class Traffic Management in Data Center Backbone Networks Amitabha Ghosh (UtopiaCompression) Sangtae Ha (Princeton) Edward Crabbe (Google) Jennifer

391 views • 28 slides
SAMOA: A Platform for Mining Big Data Streams Nicolas Kourtellis Associate Researcher

SAMOA: A Platform for Mining Big Data Streams Nicolas Kourtellis Associate Researcher

SAMOA: Scalable Advanced Machine Online Analysis 30/09/15 1 SAMOA: A Platform for Mining Big Data Streams Nicolas Kourtellis Associate Researcher Telefonica I+D, Barcelona SAMOA: Scalable Advanced Machine Online Analysis 30/09/15 2

571 views • 29 slides
Omega: flexible, scalable schedulers for large compute clusters A 2013 paper by Malte

Omega: flexible, scalable schedulers for large compute clusters A 2013 paper by Malte

Omega: flexible, scalable schedulers for large compute clusters A 2013 paper by Malte Schwarzkopf, Andy Konwinski, Michael Abd-El-Malek, and John Wilkes Presented by Matt Levan Outline Abstract Background Problem

369 views • 26 slides
I N the past few years, network traffic characterization has several consecutive transitions lead

I N the past few years, network traffic characterization has several consecutive transitions lead

Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Rafael Antonello, Stenio Fernandes, Djamel Sadok, Judith Gza Szabo Kelner Ericsson Traffic Lab Federal University of Pernambuco (UFPE)

406 views • 8 slides
2019 28.08.2019 Analysis lysis of Intraday day Trading ing in 2018 Absolut ute price ce

2019 28.08.2019 Analysis lysis of Intraday day Trading ing in 2018 Absolut ute price ce

The value of intrad raday ay electr trici city ty trad ading ng Evalua uatin ting situa uati tion-depend ndent nt opportunity tunity costs ts of flexible assets ts Timo Kern 2019 28.08.2019 Analysis lysis of Intraday day

925 views • 23 slides
Zuverlssigkeit, Qualitt Seit dem Jahre 1921 Rok 2018 Strukturorganisation International BEZ

Zuverlssigkeit, Qualitt Seit dem Jahre 1921 Rok 2018 Strukturorganisation International BEZ

Tradition, Zuverlssigkeit, Qualitt Seit dem Jahre 1921 Rok 2018 Strukturorganisation International BEZ Group 100 % 100 % 100 % ELEKTRICK ETD BEZ BEZ TRANSFORMTORY TRANSFORMTORY TRANSFORMTORY STROJE Distributions- Reparaturen

506 views • 26 slides
GREEN PORT CRUISE Barcelona, 14th October, 2014 Sustainable Growth 2 10 Vessels most modern

GREEN PORT CRUISE Barcelona, 14th October, 2014 Sustainable Growth 2 10 Vessels most modern

GREEN PORT CRUISE Barcelona, 14th October, 2014 Sustainable Growth 2 10 Vessels most modern fleet in the world Success one of the fastest growing and successful travel companies in Germany Future two new vessels until 2016

473 views • 26 slides
New 3G Services New 3G Services Strategy Toward Growth Strategy Toward Growth May 24, 2006 May

New 3G Services New 3G Services Strategy Toward Growth Strategy Toward Growth May 24, 2006 May

New 3G Services New 3G Services Strategy Toward Growth Strategy Toward Growth May 24, 2006 May 24, 2006 3G CDMA Latin America Regional Conference 3G CDMA Latin America Regional Conference 0 Table of Contents Table of Contents Wireless

436 views • 27 slides
SIMPLY COMPLEX TASK OF KUBERNETES INGRESS Richard Li 1 WHAT IS INGRESS? Pod Pod Pod Pod

SIMPLY COMPLEX TASK OF KUBERNETES INGRESS Richard Li 1 WHAT IS INGRESS? Pod Pod Pod Pod

SIMPLY COMPLEX TASK OF KUBERNETES INGRESS Richard Li 1 WHAT IS INGRESS? Pod Pod Pod Pod Kubernetes External Load routing Static IP Balancer service Pod address Get traffic Route traffic into cluster inside your cluster Pod Pod

539 views • 41 slides
Enel Amricas Corporate Presentation, April 2019 Enel Amricas Overview Enel Amricas overview

Enel Amricas Corporate Presentation, April 2019 Enel Amricas Overview Enel Amricas overview

Enel Amricas Corporate Presentation, April 2019 Enel Amricas Overview Enel Amricas overview 1 Enel Amricas is Latin America s largest private power company Brazil Colombia Generation Generation 1,354 MW 3,499 MW 1% Market Share

1.08k views • 40 slides
TSX.V:TGM High Value Projects Located in the Red Lake Mining Camp OCTOBER 2020 TSX.V:TGM

TSX.V:TGM High Value Projects Located in the Red Lake Mining Camp OCTOBER 2020 TSX.V:TGM

TSX.V:TGM High Value Projects Located in the Red Lake Mining Camp OCTOBER 2020 TSX.V:TGM DISCLAIMER This presentation contains forward-looking involves known and unknown risks, uncertainties and require. Prospective investors are

278 views • 24 slides
Lakota Schools Compensation Study prepared by Executive Service Corps of Cincinnati University

Lakota Schools Compensation Study prepared by Executive Service Corps of Cincinnati University

Lakota Schools Compensation Study prepared by Executive Service Corps of Cincinnati University of Cincinnati Economics Center January 28, 2013 Executive Service Corps of Cincinnati All volunteer organization with 130 members Provide

564 views • 34 slides

More recommend