Author :
Bianchi, G. ; Bonola, Marco ; Picierro, Giulio ; Pontarelli, Salvatore ; Monaci, Marco
Abstract :
The fast evolving nature of modern cyber threats and network monitoring as well as the increasing interest in virtualization approaches for more complex network middlebox functionalities call for new, “software-defined”, solutions to virtualize and simplify the programming and deployment of online (stream-based) traffic analysis functions. StreaMon is based on a data-plane abstraction devised to scalably decouple the “programming logic” of a traffic analysis application (tracked states, features, anomaly conditions, etc.) from elementary primitives (counting and metering, matching, events generation, etc), efficiently pre-implemented in the probes, and used as common instruction set for supporting the desired logic. The proposed SDN approach entails platform-independent, portable, multi-tenant online traffic analysis tasks written in a high level language and enables system users to completely virtualize network monitoring functionalities, isolate aggregated traffic flows and run multiple independent applications on a single software instance of the StreaMon platform. We validate our design by developing a prototype and a set of simple (but functionally demanding) use-case applications and by testing them over real traffic traces.
Keywords :
computer networks; data structures; high level languages; logic programming; system monitoring; telecommunication traffic; SDN approach; StreaMon; aggregated traffic flow; data-plane abstraction; high level language; modern cyber threat; multitenant online traffic analysis function; network middlebox functionality; network monitoring; programming logic; software-defined monitoring platform; stream-based traffic analysis; virtualization approach; Feature extraction; IP networks; Measurement; Monitoring; Probes; Programming; Servers; Network monitoring; XFSM; network programmability;
