Liu Bin,Lin Chuang,Qiao Jian,He Jianping,Peter Ungsunan

DOI: https://doi.org/10.1016/j.comnet.2007.12.004

IF: 5.493

2008-01-01

Computer Networks

Abstract:In this paper, a flow analysis and monitoring system based on NetFlow is introduced. The system is built on a Browser–Server framework, aimed at enterprise networks. Data collection and display are separated into two modules, which makes the system clearly demarcated and easy to deploy. The data collection module receives and analyzes NetFlow-exported packets and inserts per flow record information into the Oracle database. The display module acts as a J2EE web server, fetches real-time or history traffic information from the database and shows it to web users. In addition to the above-mentioned functions, the most important part of the system is an IDS. A real-time anomalous traffic monitoring module with a stable matching pattern algorithm and two traffic statistic based intrusion detection algorithms – one algorithm is based on variance similarity while the other is based on Euclidean distance – are embedded in the system to detect worm and other malicious attacks. With the aim of identifying anomalous network traffic simply and effectively, a proved “join” strategy is also designed along with the two traffic statistic based intrusion detection algorithms. The whole IDS module is able to run with low computational complexity and high detection accuracy. Finally, we conduct experiments to verify the performance of our system.

HAN Shao-fu,DU Shu-xin

DOI: https://doi.org/10.3969/j.issn.1006-6047.2006.04.023

2006-01-01

Abstract:Combined with the communication technology of GPRS(General Packet Ratio Service),J2EE(Java 2 platform Enterprise Edition)technology and database management,a power quality monitoring system based on browser /server structure is developed.Its structure and realization are introduced from both hardware and software,including GPRS data acquisition module,communication server,database server,Web server and client.The connection pool is used to connect Web server with database,and the technology of xmlhttp is used to display the real-time online data.The monitoring system is in operation now.

XUE Zhi-gang,JIN Bo,LI De-jun,YANG Can-jun

DOI: https://doi.org/10.3969/j.issn.1005-2895.2010.04.024

2010-01-01

Abstract:Seafloor observatory network is a subject service for undersea exploration and researching work.To realize condition monitoring,data measuring and the transmission preservation of other communicating signals,it is especially important to design and study monitor system of bank basestation and series data monitor system.Focusing on the features of Seafloor observatory,the paper realized working condition monitor,measurement transmission with VC and SQL-Serve technique,as well as share monitor data with Internet with the help of Web technique. Besides viewing of the long term and stableness features of seafloor observatory network,the paper put forward improving method and design idea,which were proved effective and reliable by practical running. [Ch,7 fig.10 ref.]

刘长东,陈坚红,盛德仁,任浩仁,李蔚

DOI: https://doi.org/10.3969/j.issn.1005-006X.2003.01.024

2003-01-01

Abstract:A kind of real-time monitoring system is developed, which fits different DCS systems and has a good real-time performance. In this system, the display module runs in web browser as a ActiveX component, which makes it easy to maintain, and a system uses UDP data package to transmit data with a high real-time performance. The system structure and implement method of the real-time display system are introduced.

Sun Zeyu,Li Meng,Zhang Yongsheng

DOI: https://doi.org/10.16526/j.cnki.11-4762/tp.2010.12.043

2010-01-01

Abstract:Network flow monitoring system is very important to the distribution of network resources,network planning,failure prediction and intrusion detection.The SNMP of traditional single monitoring system of netwok flow,measuring technique for network performance and network congestion are analyzed.And therefore,interactive network flow monitoring system model was proposed.Based on SNMP,this system employs interactive congestion control strategy to optimize the distribution of network resources and realize the real-time monitoring of network traffic data collection and network server.Eventually,the transmission speed of network is quickened and reliability of data is ensured.Network congestion is restrained.

Luiza Nacshon,Rami Puzis,Polina Zilberman

DOI: https://doi.org/10.48550/arXiv.1608.03307

2016-12-05

Abstract:OpenFlow is a protocol implementing Software Defined Networking, a new networking paradigm, which segregates packet forwarding and accounting (performed on switches) from the routing decisions and advanced protocols (executed on a central controller). This segregation increases agility and flexibility of a networking infrastructure and reduces its operational expenses. OpenFlow controllers expose standard interfaces to facilitate variety of networking applications. In particular, a monitoring application can use these interfaces to push into the OpenFlow switches rules that collect traffic flow statistics at different aggregation levels. The aggregation level determines the monitoring accuracy and the induced network overhead. In this paper, we propose Floware an OpenFlow application that allows discovery and monitoring of active flows at any required aggregation level. Floware balances the monitoring overhead among many switches in order to reduce its negative effect on network performance. In addition, Floware integrates with monitoring systems based on legacy protocols such as NetFlow. We demonstrate the application with soft switches emulated in Mininet, the Floodlight controller, and the NetFlow Analyzer as a legacy network analysis and intrusion detection system. Evaluation results demonstrate the positive impact of balanced monitoring.

Networking and Internet Architecture

An Changqing,Yang Jiahai

2006-01-01

Abstract:Understanding the characteristics of the traffic in operational network is crucial to network design and operation. As the network bandwidth grows, it's difficult for capturing and recording network traffic information. We overcome this by introducing network processor to conduct network traffic capture and export flow information. We proposed an algorithm based on packet classification to aggregate packets to flow. The algorithm makes use of the characteristics of flow aggregating. The space of it can be discontinuous and the rule of it can be updated dynamically, it's scalable and flexible. Both laboratory testing and practical operation proved that the system has high performance and is stable.

Hyun-chul Kim,Jihoon Lee

2013-09-30

Abstract:Measurement, analysis, and visualization of traffic data are critical day-to-day tasks for effective and efficient network management and operation. In this paper, we design and implement a novel interactive DBMS (Database Management System)-supported network traffic analysis and visualization system. To this end, we first survey and compare existing tools for network traffic measurement and analysis in terms of their supported features and functionalities. Then, we choose to extend FlowScan, one of the most widely-used software tool for network traffic analysis and visualization, with DBMS support as well as Web-based interactive query interface. We describe the overall system architecture and implementation, and demonstrate that our system can be used to easily identify heavy hitters (e.g., malicious attackers), in near real time.

Engineering,Computer Science

Tianzhu Zhang,Leonardo Linguaglossa,Massimo Gallo,Paolo Giaccone,Dario Rossi

DOI: https://doi.org/10.23919/tma.2018.8506565

2018-01-01

Abstract:Testing experimental network devices requires deep performance analysis, which is usually performed with expensive, not flexible, hardware equipment. With the advent of highspeed packet I/O frameworks, general purpose equipments have narrowed the performance gap in respect of dedicated hardware and a variety of software-based solutions have emerged for handling traffic at very high speed. While the literature abounds with software traffic generators, existing monitoring solutions do not target worst-case scenarios (i.e., 64B packets at line rate) that are particularly relevant for stress-testing high-speed network functions, or occupy too many resources. In this paper we first analyse the design space for high-speed traffic monitoring that leads us to specific choices characterizing FlowMon-DPDK, a DPDK-based software traffic monitor that we release as an open source project. In a nutshell, FlowMon-DPDK provides tunable fine-grained statistics at both packet and flow levels. Experimental results demonstrate that our traffic monitor is able to provide per-flow statistics with 5-nines precision at high-speed (14.88 Mpps) using an exiguous amount of resources. Finally, we showcase FlowMon-DPDK usage by testing two open source prototypes for stateful flow-level end-host and in-network packet processing.

Michael Collins,Jyotirmoy V. Deshmukh,Dristi Dinesh,Mukund Raghothaman,Srivatsan Ravi,Yuan Xia

2024-03-03

Abstract:Network security analysts gather data from diverse sources, from high-level summaries of network flow and traffic volumes to low-level details such as service logs from servers and the contents of individual packets. They validate and check this data against traffic patterns and historical indicators of compromise. Based on the results of this analysis, a decision is made to either automatically manage the traffic or report it to an analyst for further investigation. Unfortunately, due rapidly increasing traffic volumes, there are far more events to check than operational teams can handle for effective forensic analysis. However, just as packets are grouped into flows that share a commonality, we argue that a high-level construct for grouping network flows into a set a flows that share a hypothesis is needed to significantly improve the quality of operational network response by increasing Events Per Analysts Hour (EPAH).

Networking and Internet Architecture

Wei Guanxiong,Hou Dibo,Huang Pingjie,Zhang Guangxin

DOI: https://doi.org/10.4028/www.scientific.net/amm.316-317.678

2013-01-01

Applied Mechanics and Materials

Abstract:Water quality security is the guarantee of social development, the effective management of water quality information is the key to protect the water from pollution. This article focuses on the system architecture design and technology of Web-based water quality monitoring and information management system. Real-time communication between the Flex-written pages and the SQL Server database is achieved through the application of FluorineFx. The system realizes the visualized management of water quality information by visual components such as data table and data curve and so on.

Zhen Chen,Lingyun Ruan,Junwei Cao,Yifan Yu,Xin Jiang

DOI: https://doi.org/10.1109/tst.2013.6574679

2013-01-01

Tsinghua Science & Technology

Abstract:The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system （such as Hadoop, ZFS, etc.） and open cloud computing platform （such as OpenStack, CloudStack, and Eucalyptus, etc.）, it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit （TIFA） with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.

Yu Zhou,Chen Sun,Hongqiang Harry Liu,Rui Miao,Shi Bai,Bo Li,Zhilong Zheng,Lingjun Zhu,Zhen Shen,Yongqing Xi,Pengcheng Zhang,Dennis Cai,Ming Zhang,Mingwei Xu

DOI: https://doi.org/10.1145/3387514.3406214

2020-01-01

Abstract:Network performance anomalies (NPAs), e.g. long-tailed latency, bandwidth decline, etc., are increasingly crucial to cloud providers as applications are getting more sensitive to performance. The fundamental difficulty to quickly mitigate NPAs lies in the limitations of state-of-the-art network monitoring solutions - coarse-grained counters, active probing, or packet telemetry either cannot provide enough insights on flows or incur too much overhead. This paper presents NetSeer, a flow event telemetry (FET) monitor which aims to discover and record all performance-critical data plane events, e.g. packet drops, congestion, path change, and packet pause. NetSeer is efficiently realized on the programmable data plane. It has a high coverage on flow events including inter-switch packet drop/corruption which is critical but also challenging to retrieve the original flow information, with novel intra- and inter-switch event detection algorithms running on data plane; NetSeer also achieves high scalability and accuracy with innovative designs of event aggregation, information compression, and message batching that mainly run on data plane, using switch CPU as complement. NetSeer has been implemented on commodity programmable switches and NICs. With real case studies and extensive experiments, we show NetSeer can reduce NPA mitigation time by 61%-99% with only 0.01% overhead of monitoring traffic.

Pan Dong,Li Jun,Pan Jingui

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.08.033

2007-01-01

Abstract:With the network development and service quality demand of network users,network accounting plays a more and more important role in network service.While most of current NASs(Network Accounting System) do not meet application requirement,NAS based on net-flow statistics will be the next network accounting mode.The current NAS is discussed,their working principle and application situation are axplained.Their advantages and disadvantages are analyzed and compared.The requirement of current network accounting and RTFM framework of network measurement are focused on,and a new and more effective NAS based on RTFM is prompted.

zhen chen,chuang lin,jia ni,donghua ruan,bo zheng,yixin jiang,xuehai peng,yang wang,anan luo,bing zhu,yao yue,fengyuan ren

DOI: https://doi.org/10.1109/LCN.2005.31

2005-01-01

Abstract:TCP/IP protocol suite carries most application data in Internet. TCP flow retrieval has more security meanings than the IP packet payload. Hence, monitoring the TCP flow has more strength than only monitoring the IP packet payload in the AntiWorm system. The main idea of this paper is to use the flexibility and high performance of network processors to scan TCP flow for locating worm's binary codes, and cut off their propagation. A stateful TCP flow inspection engine is implemented based on IXP network processor, which can monitor about 512K flows. The performance issues about IXP network processors are evaluated and collected, and an analysis is made for further optimizing the system performance. The system is also demonstrated and proved by using the Internet traces and real assaults of Worms. Software Package TCPScanner 1.0 is also given as a software release of the research

Aoying Zhou,Ying Yan,Xueqing Gong,Jianlong Chang,Dai

DOI: https://doi.org/10.1109/icde.2008.4497625

2007-01-01

Abstract:Network traffic monitoring have been gaining attentions due to its importance in telecom industry. However, the monitoring systems deployed in telecom operators are usually too slow because of their disk-based processing approach. To address this problem, an online network traffic monitoring system, named SMART, is designed and developed. The system converts different formats of raw Netflow data (Netflow IPv5, IPv7 and IPv9) to user-defined control flows through combination and filtering. It can compute top-k frequent flows with sliding window, detects burst on arbitrary attributes, and presents results visually to users. The system could be used to replace the traditional offline monitoring system used in Shanghai Telecom. In its daily operation, it is shown that the processing speed achieves 30,000 flows per second. The basis of advanced streaming algorithms and design of robust system architecture enable SMART to achieve good performance.

GAO Lei,YANG Jia-hai,ZHANG Hui,LI Fu-liang,ZHANG Bin

DOI: https://doi.org/10.3969/j.issn.1001-7445.2011.z1.017

2011-01-01

Abstract:The fine-grained flow level measurement is getting increasing demand in recent years.Though it fails to be a generic solution for its biased sampling,Netflow is promising for its compatibility with prevalent routers and its convenience to perform direct flow level measurement of both IPv4 and IPv6 traffic.Traditional flow level measurement systems based on Netflow are mostly centralized and each of them independently performs traffic analysis of its local flow records without any coordination in a large-scale network,suffering from unbalancing workload and bad scalability.In this paper we present the construction of FlowInfra which is a scalable infrastructure for network-wide flow measurement of pure IPv6 flow records from Netflow v9 exports.Through the assessment of its performance and flexible features,we show that FlowInfra achieved enhanced ability and robustness to perform network-wide flow level measurement.In addition,based on the observation on CERNET2's traffic data,we propose a new method to identify P2P traffic over IPv6.

SHEN Wen-chao,YANG Bo,L(U) Guo-han,YAN Cheng,LI Xing

DOI: https://doi.org/10.3321/j.issn:0438-0479.2007.z2.033

2007-01-01

Abstract:Cisco Netflow is widely used in many areas such as traffic monitoring,network security,etc.Most of high-end routers today can export Netflow,but their fixed format lacks some valuable information and cannot be customized.This paper covers the design and implementation of a high speed flow aggregation system based on commodity PC and general-purpose network cards.By modifying the network card driver,no packet copy in the RAM is achieved.By implementing a software based traffic scheduler,traffic from one network card is assigned to several CPUs for parallel process.This improves the system performance drastically.Netflow v9 format is used.According to the performance test,the system can process traffic from a single Gigabit link with 1 000 000 pps very well.

Yibo XUE,Dawei WANG,Luoshi ZHANG

DOI: https://doi.org/10.3778/j.issn.1673-9418.1306030

2014-01-01

Abstract:Along with the rapid development of Internet, the Internet service providers (ISPs) and network manage-ment departments are urgent to analyze the operating state of Internet, in order to guarantee the usability, stability and security of Internet. However, due to the rapidly growing user number, the ever increasing Internet bandwidth, the continuous change of traffic characteristics and the more and more complexity of the new emerging applications, it is facing with more and more challenges for network analysis. Therefore, in order to solve these issues, this paper proposes a novel analysis theory and method, named as network flow field. Network flow field not only concerns the“solid”metrics such as network packets and flows, but also pays more attention to the distribution and trend of network traffic, so it can reveal the traffic distribution and the relationship among network hosts, thus can reflect the social attributes of Internet. Based on the qualitative and quantitative analysis, network flow field theory and method can analyze the network deeply by using a new kind of view, it can not only obtain the basic statistical information of network traffic, bus also dig out its secret and implication information, such as timing relationship, state transition relationship, private network topology, key paths and key nodes, etc. The experimental results show that network flow field theory and method can achieve a good performance. Therefore, network flow field theory can provide the efficient framework and model for network traffic analysis, so as to guide the further research of network manage-ment, analysis and measurement field.

Tianzhu Zhang,Leonardo Linguaglossa,Massimo Gallo,Paolo Giaccone,Dario Rossi

DOI: https://doi.org/10.1109/tnsm.2019.2913710

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:In the last few years, several software-based solutions have been proved to be very efficient for high-speed packet processing, traffic generation, and monitoring, and can be considered valid alternatives to expensive and non-flexible hardware-based solutions. In this paper, we first benchmark heterogeneous design choices for software-based packet monitoring systems in terms of achievable performance and required resources (i.e., the number of CPU cores). Building on this extensive analysis we design FloWatcher-DPDK, a DPDK-based high-speed software traffic monitor we provide to the community as an open source project. In a nutshell, FloWatcher-DPDK provides tunable fine-grained statistics at packet and flow levels. Experimental results demonstrate that FloWatcher-DPDK sustains per-flow statistics with 5-nines precision at high-speed (e.g., 14.88 Mpps) using a limited amount of resources. Finally, we showcase the usage of FloWatcher-DPDK by configuring it to analyze the performance of two open source prototypes for stateful flow-level end-host and in-network packet processing.