Stream-Oriented Network Traffic Capture and Analysis for High-Speed Networks

Papadogiannakis, Antonis; Polychronakis, Michalis; Markatos, Evangelos P.

doi:10.1109/jsac.2014.2358831

Cited by 12 publications

(9 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, Woods proposed to use a shared memory to exchange network data packets between kernel space and user space in order to avoid a large number of replication and interrupt operations, thus improving packet capture efficiency [66]. Papsadogiannakis et al [30] introduced a technique called subzero packet copy that can avoid copying uninteresting packets across different memory areas and another technique named prioritized packet loss that can be adapted to overload conditions by dropping the packets with lower priority. Moreover, they proposed a streamoriented network monitoring library named Stream capture library (Scap) based on the proposed two technologies.…”

Section: B: Improved Libpcapmentioning

confidence: 99%

“…The use of the underlying NIC is inevitable for any kinds of traffic capture technologies. Network cards and corresponding software applications can be customized in order to achieve special purposes [2], [26], [29], [30]. Unfortunately, the capturing tools relying on standard NICs have several limitations.…”

Section: F: Network Interface Cardmentioning

confidence: 99%

“…Their simulation results showed that the proposed scheme significantly reduces the ratio of packet loss and improves the efficiency of data collection system. Moreover, Scap in [30] used a dynamic load balancing mechanism, which applies flow director filters to balance the network traffic load across available queues and cores. It also applies a technique named Receive Side Scaling (RSS) that uses a hash function based on a 5-tuple of packets.…”

Section: F: Load Balancing Based Data Collectionmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Network Security-Related Data Collection Technologies

et al. 2018

View full text Add to dashboard Cite

Security threats and economic loss caused by network attacks, intrusions, and vulnerabilities have motivated intensive studies on network security. Normally, data collected in a network system can reflect or can be used to detect security threats. We define these data as network security-related data. Studying and analyzing security-related data can help detect network attacks and intrusions, thus making it possible to further measure the security level of the whole network system. Obviously, the first step in detecting network attacks and intrusions is to collect security-related data. However, in the context of big data and 5G, there exist a number of challenges in collecting these security-related data. In this paper, we first briefly introduce network security-related data, including its definition and characteristics, and the applications of network data collection. We then provide the requirements and objectives for security-related data collection and present a taxonomy of data collection technologies. Moreover, we review existing collection nodes, collection tools, and collection mechanisms in terms of network data collection and analyze them based on the proposed requirements and objectives toward high quality security-related data collection. Finally, we discuss open research issues and conclude with suggestions for future research directions.INDEX TERMS Network security, security-related data, data collection technologies, large-scale heterogeneous networks.

show abstract

Section: B: Improved Libpcapmentioning

confidence: 99%

Section: F: Network Interface Cardmentioning

confidence: 99%

Section: F: Load Balancing Based Data Collectionmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Network Security-Related Data Collection Technologies

et al. 2018

View full text Add to dashboard Cite

show abstract

“…Even after polymerization, there are still millions of flow records. Though only dealing with flow data, a central point of an operator would generate millions of records per second which will reach 30 billion per day [10][11][12][13] . Therefore, how to capture and store high arriving speed of packets and streams in real time is a major challenge.…”

Section: High-performance Packet/flow Capture Technologiesmentioning

confidence: 99%

A survey of bitmap index compression algorithms for Big Data

Chen

Wen

Cao

et al. 2015

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

With the growing popularity of Internet applications and the widespread use of mobile Internet, Internet traffic has maintained rapid growth over the past two decades. Internet Traffic Archival Systems (ITAS) for packets or flow records have become more and more widely used in network monitoring, network troubleshooting, and user behavior and experience analysis. In this paper, we survey bitmap-index compression algorithms for traffic archival systems. The current state-of-the-art bitmap-index encoding schemes include: BBC, WAH, PLWAH, EWAH, PWAH, CONCISE, and COMPAX. Based on differences in segmentation, chunking, merge compress, and Near Identical (NI) features, we provide a thorough categorization of the state-of-the-art bitmap compression algorithms. We also propose some new bitmap encoding algorithms-SECOMPAX, ICX, MASC, PLWAH+-and show the state diagrams for their encoding algorithms. We then evaluate their CPU and GPU implementations with a real Internet trace from CAIDA. Finally, we summarize and discuss the future direction of bitmap-index compression algorithms.

show abstract

“…This is a usual technique which has also been used in other works [29]. Note that if two different connections, possibly from a reincarnation, have the same source and destination IP address and TCP ports, then it is not possible to associate each segment to each particular connection.…”

Section: Seq=1 Length=5mentioning

confidence: 99%

High-speed TCP flow record extraction using GPUs

et al. 2015

View full text Add to dashboard Cite

Esta es la versión de autor del artículo publicado en: This is an author produced version of a paper published in:The Journal of Supercomputing 71.10 (2015): 3851 -3876 DOI: http://dx.doi.org/10.1007/s11227-015-1478-9 Copyright: © 2015 SpringerEl acceso a la versión del editor puede requerir la suscripción del recurso Access to the published version may require subscription Abstract Traffic analysis is an essential part of capacity planning, quality of service assurance and reinforcement of security in current telecommunication networks. Traffic volume increases with network speed and the analysis of large traffic traces is computationally intensive. The paper presents, for the first time ever, a flow extraction software that allows to obtain complex TCP-aware flow records at 4.4 Millions of packets per second in a single GPU. Such TCP flow records include number of retransmissions and duplicates per flow, whose calculation is very challenging to obtain at high-speed. Our software significantly increases the processing performance of the recently proposed high-speed sniffers based on commodity hardware and demonstrates the advantages of applying massively parallel processing devices for traffic analysis.

show abstract

Stream-Oriented Network Traffic Capture and Analysis for High-Speed Networks

Cited by 12 publications

References 29 publications

A Survey on Network Security-Related Data Collection Technologies

A Survey on Network Security-Related Data Collection Technologies

A survey of bitmap index compression algorithms for Big Data

High-speed TCP flow record extraction using GPUs

Contact Info

Product

Resources

About