| Abstract |
Passive network traffic monitoring has been increasingly used as one of the major mechanisms to ensure the efficient and secure operation of computer networks. Although substantial effort has been put in research and development in this area, current approaches focus either on collecting flow-level statistics, which makes them unsuitable for applications that perform fine-grained operations like deep packet inspection, or in full packet capture, which significantly increases their operational overhead. In addition, emerging applications such as detection of Internet worm outbreaks, detection of Distributed Denial-of-Service attacks, and accurate traffic characterization, would benefit from monitoring data gathered from multiple vantage points across the Internet. In this thesis we present an expressive programming abstraction for distributed passive network monitoring. The Distributed Monitoring Application Programming Interface (DiMAPI) enables users to clearly communicate their monitoring needs to local or remote passive monitoring sensors, choose only the amount of information they are interested in, and therefore balance the overhead they pay with the amount of information they receive. DiMAPI builds on a generalized network flow abstraction flexible enough to capture emerging application needs, and expressive enough to allow the system to exploit specialized monitoring hardware, where available. Based on our implementation experience and experimental results, we conclude that DiMAPI has more expressive power than competing approaches, enables the implementation of a wide variety of distributed network monitoring applications, and at the same time achieves significant performance improvements.
|
Μία προγραμματιστική αφαίρεση για κατανεμημένη παθητική εποπτεία δικτύων εποπτεία δικτύων
