Improving the Performance of Passive Network Monitoring Applications using Locality Buffering

Multi-core systems are the current dominant trend in computer processors. However, kernel network layers often do not fully exploit multi-core architectures. This is due to issues such as legacy code, resource competition of the RXqueues in network interfaces, as well as unnecessary memory copies between the OS layers. The result is that packet capture, the core operation in every network monitoring application, may even experience performance penalties when adapted to multi-core architectures. This work presents common pitfalls of network monitoring applications when used with multi-core systems, and presents solutions to these issues. We describe the design and implementation of a novel multi-core aware packet capture kernel module that enables monitoring applications to scale with the number of cores. We showcase that we can achieve high packet capture performance on modern commodity hardware.

show abstract

“…Papadogiannakis and others [22] show how to preserve cache locality for improving traffic analysis performance by means of traffic reordering.…”

Section: Related Workmentioning

confidence: 99%

High speed network traffic analysis with commodity multi-core systems

Fusco

Deri²

2010

Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement

132

View full text Add to dashboard Cite

show abstract

“…Server side can get full report about transmission medium such as number of packets, loss of packets, throughput, bandwidth, protocol type, delay time, source IP address, destination IP address, destination port address, and source port address. On other hands, passive monitor may be as a device that can be deploy only in one side (either on client side or on server side) [22]. It is used as packet sniffer to gather information in order to analyses or examine packets or flows to identify malicious activities.…”

Section: Data In Motionmentioning

confidence: 99%

Data loss prevention (DLP) by using MRSH-v2 algorithm

Ali

Jalal

Al-Obaydy

2020

IJECE

View full text Add to dashboard Cite

Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.

show abstract

“…Papadogiannakis et al [59] proposed a novel approach named Locality Buffering (LB) to improve the performance of network data collection. They found that the application code, data storage structure (e.g., hash table) and attack signatures of network monitoring system all have the locality property of memory access.…”

Section: C: Locality Buffering Based Data Collectionmentioning

confidence: 99%

A Survey on Network Security-Related Data Collection Technologies

et al. 2018

View full text Add to dashboard Cite

Security threats and economic loss caused by network attacks, intrusions, and vulnerabilities have motivated intensive studies on network security. Normally, data collected in a network system can reflect or can be used to detect security threats. We define these data as network security-related data. Studying and analyzing security-related data can help detect network attacks and intrusions, thus making it possible to further measure the security level of the whole network system. Obviously, the first step in detecting network attacks and intrusions is to collect security-related data. However, in the context of big data and 5G, there exist a number of challenges in collecting these security-related data. In this paper, we first briefly introduce network security-related data, including its definition and characteristics, and the applications of network data collection. We then provide the requirements and objectives for security-related data collection and present a taxonomy of data collection technologies. Moreover, we review existing collection nodes, collection tools, and collection mechanisms in terms of network data collection and analyze them based on the proposed requirements and objectives toward high quality security-related data collection. Finally, we discuss open research issues and conclude with suggestions for future research directions.INDEX TERMS Network security, security-related data, data collection technologies, large-scale heterogeneous networks.

show abstract

Improving the Performance of Passive Network Monitoring Applications using Locality Buffering

Cited by 9 publications

References 3 publications

High speed network traffic analysis with commodity multi-core systems

High speed network traffic analysis with commodity multi-core systems

Data loss prevention (DLP) by using MRSH-v2 algorithm

A Survey on Network Security-Related Data Collection Technologies

Contact Info

Product

Resources

About