REN He-qi,YANG Jian-hua,HU Hui-zhu,SHU Xiao-wu

DOI: https://doi.org/10.3969/j.issn.1005-6734.2005.05.012

2005-01-01

Abstract:The paper presents a high speed high precision data transmission system that solves the electromagnetic interference problem in wire data transmission of FOG performance measurements.Based on the RF chip with system grade,bidirectional wireless communication module is constructed.The system realizes high speed precision data transmission under electromagnetic interference environment.The FOG’s scale factor measurement indicates that the system has the feature of anti-electromagnetism,high speed and low error rate.

严登俊,袁洪,高维忠,吴峰,鞠平

DOI: https://doi.org/10.3321/j.issn:1000-1026.2003.10.016

2003-01-01

Abstract:In present, the communication delay is uncertain and the number of the phase measurement unit (PMU) is limited in the supervisory and control system for dynamic stability. In order to make full use of the accuracy and high speed of computer network in data transmission, a transfer system for PMU data is built based on a combination of Ethernet and ATM. In the system, the communication delay, which is produced by the CSMA/CD in Ethernet, is reduced by using the Ethernet switch combined with the ATM switch. The error rate is also reduced because the program of the communication is programmed with the Windows Socket and TCP/IP protocol. Based on the fibre-optic telecommunication cable, a real-time transmission channel for the whole network phasor information is constructed. In the engineering practice, the system can transmit data one time in one circle to realize the real-time monitoring of the power network operation situation based on the PMU wide area measured data.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

Wei Dong,Yunhao Liu,Yuan He,Tong Zhu,Chun Chen

DOI: https://doi.org/10.1109/tnet.2013.2288646

2013-01-01

IEEE/ACM Transactions on Networking

Abstract:Understanding the packet delivery performance of a wireless sensor network (WSN) is critical for improving system performance and exploring further development and applications of WSN techniques. In spite of many empirical measurements in the literature, we still lack in-depth understanding on how and to what extent different factors contribute to the overall packet losses with respect to a complete stack of protocols at large scales. Specifically, very little is known about (1) When, where, and under what kind of circumstances packet losses occur. (2) Why packets are lost. As a step towards addressing those issues, we deploy a large-scale WSN and design a measurement system for retrieving important system metrics. We propose MAP, a step-by-step methodology to identify the losses, extract system events, and perform spatial-temporal correlation analysis by employing a carefully examined casual graph. MAP enables us to get a closer look at the root causes of packet losses in a low-power ad-hoc network. This study validates some earlier conjectures on WSNs and reveals some new findings. The quantitative results also shed lights for future large-scale WSN deployments.

Yuehai Wang,Qinyong Wang

DOI: https://doi.org/10.1166/sl.2013.2964

2013-01-01

Sensor Letters

Abstract:Measurement and mapping process of a circuit's netlist is usually heavily relied on manual interventions. An Improved Sensor Net list Mapping System (INMS), using USB chip as a centralized control unit, was designed and implemented to increase the measure speed and reduce the human interventions. INMS decreases the number of the controlling and translating layers, use a channel-independent testing technique, and implements an automatic querying process. The experiments verified the effectiveness of our INMS approach.

Yi Gao,Wei Dong,Xiaoyu Zhang,Wenbin Wu

DOI: https://doi.org/10.1109/tnet.2020.2965587

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:Most sensor networks employ dynamic routing protocols so that the routing topology can be dynamically optimized with environmental changes. The routing behaviors can be quite complex with increasing network scale and environmental dynamics. Knowledge on the routing path of each packet is certainly a great help in understanding the complex routing behaviors, allowing effective performance diagnosis and efficient network management. We propose PAT, a universal sensornet path tracing approach. PAT includes an intelligent path encoding scheme that allows efficient decoding at the PC side. To make PAT more scalable, we propose techniques to accurately estimate the degree information by exploiting timing information, allowing more compact path encoding. Moreover, we employ subpath concatenation to infer excessively long paths with a high recovery probability. We carefully evaluate PAT's performance using testbed experiments and and extensive simulations with up to 4,000 nodes. Results show that PAT significantly outperforms existing approaches.

Ling Ruilin,Li Junfeng,Li Dan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20160823

2017-01-01

Journal of Computer Research and Development

Abstract:With the development of Internet application and the increase of network bandwidth,security issues become increasingly serious.In addition to the spread of the virus,spams and DDoS attacks,there have been lots of strongly hidden attack methods.Network probe tools which are deployed as a bypass device at the gateway of the intranet,can collect all the traffic of the current network and analyze them.The most important module of the network probe is packet capture.In Linux network protocol stack,there are many performance bottlenecks in the procedure of packets processing which cannot meet the demand of high speed network environment.In this paper,we introduce several new packet capture engines based on zero-copy and multi-core technology.Further,we design and implement a scalable high performance packet capture framework based on Intel DPDK,which uses RSS (receiver-side scaling) to make packet capture parallelization and customize the packet processing.Additionally,this paper also discusses more effective and fair Hash function by which data packet can be deliveried to different receiving queues.In evaluation,we can see that the system can capture and process the packets in nearly line-speed and balance the load between CPU cores.

Zhen Chen,Xi Shi,Ling-Yun Ruan,Feng Xie,Jun Li

DOI: https://doi.org/10.1109/ICCCN.2012.6289215

2012-01-01

Abstract:Archiving Internet traffic is an essential function for retrospective network event analysis. The state-of-art approach for network monitoring and analysis is storing and analyzing the statistics of network flows. However this approach loses much valuable information inside Internet traffic. With the advancement of commodity hardware, especially the volume of storage device and the speed of interconnect technologies used in network adapter card, now it is practical to capture 10Gbps real-time network traffic with a commodity computer. In this context, this paper presents the design and implementation of a novel system for archiving and querying network flows. A flow granularity indexing and storage mechanism is proposed, and the bitmap index database is utilized to store index information. Based on real network traces, we demonstrate that the system has a higher performance in storing and querying with respect to both time and space metrics compared with traditional methods.

YU Rong,SUN Zhi,CHEN Jia,MEI Shunliang,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2005.10.022

2005-01-01

Abstract:Intrusion detection technology is an indispensable way to protect the network security.This paper presents a high-speed intrusion detection system(IDS framework based on network processor and detection cluster.Two hardware algorithms were developed for the traffic distributor.One is the high-speed data-receiving program with the IXP1200 network processor,while the other is the load balance policy based on the destination media access control(MAC address.Tests show that the first algorithm achieves more than(1 Gb/s data-capturing ability,while the second algorithm is a satisfactery trade-off between protecting information integrity and reducing computational complexity.

Zhichun Li,Yan Gao,Yan Chen

2005-01-01

Abstract:Traffic anomalies and attacks are commonplace in to- day's networks, and identifying them rapidly and ac- curately is critical for large networks. With the rapid growth of network bandwidth and fast emergence of new attacks/worms, existing network intrusion detection sys- tems (IDS) are insufficient for the following two reasons. First, they are mostly host-based or located on low-end routers, and not scalable to high-speed networks. How- ever, it is crucial to identify fast propagation of worms in their early phases, which can only possibly be achieved by detection at high speed edge/backbone routers instead of at end hosts. Unfortunately, the existing schemes are not scalable to the link speeds and number of flows for high-speed networks. According to a recent research agenda (7) by DARPA, detection on edge networks is par- ticularly critical, powerful and efficient (without deploy- ing IDSs on all the edge hosts). Second, most of the existing approaches are signature based, which cannot detect unknown attacks. Statistical IDSs are therefore proposed to detect anomalies. Cur- rent systems are mostly designed to detect based on the overall traffic, thus they tend to be inaccurate or can- not find real attack flows for mitigation even when spot- ting anomalies. For instance, the state-of-the-art stateless router-based SYN flooding detection techniques, Change Point Monitoring (CPM), use the statistical behavior of SYN-FIN, or SYN-SYN/ACK packet pairs based on over- all traffic for detection (5). It detects well with pure SYN

Meng Shuai,Kunqing Xie,Xiujun Ma,Guojie Song

DOI: https://doi.org/10.1109/itsc.2008.4732675

2008-01-01

Abstract:Wireless sensor networks are expected to be deployed on urban roadways to monitor the traffic continuously. One of the requirements of traffic monitoring is displaying the traffic states of the front roadways, which can guide the drivers to choose the right way and avoid potential traffic congestions. In this scenario, the information of traffic state changes should be refreshed as early as possible. We propose an adaptive segmentation of the traffic flow based on discrete Fourier transform, which responses timely to traffic state changes without inducing large error. On the other hand, considering the limited power of wireless sensor networks, we propose a novel algorithm for in-network aggregation of the traffic flow time-series, which reduces the communication cost between the sensor nodes and base station significantly. The proposed algorithm scales well with the size of the sensor networks. Our methods are computationally efficient and suitable to be implemented on sensor nodes. The primary experiments on PeMS data demonstrate the effectiveness and energy efficiency of our approach.

Haiguang Lai,Shengwen Cai,Hao Huang,Junyuan Xie,Hui Li

DOI: https://doi.org/10.1007/978-3-540-24852-1_32

2004-01-01

Abstract:The process speed of network-based intrusion detection systems (NIDSs) is still low compared with the speed of networks. As a result, few NIDS is applicable in a high-speed network. A parallel NIDS for high-speed networks is presented in this paper. By dividing the overall traffic into small slices, several sensors can analyze the traffic concurrently and significantly increase the process speed. For most attacks, our partition algorithm ensures that a single slice contains all the evidence necessary to detect a specific attack, making sensor-to-sensor interaction unnecessary, Meanwhile, by making use of the character of the network traffic, the algorithm can also dynamically balance all sensors' loads. To keep the system as simple as possible, a specific sensor is used to detect the scan and the DoS attack. Although only one sensor is used for this kind of attacks, we argue that our system can still provide high process ability....

Yun-long MA,Qian-li ZHANG,Ji-long WANG

2013-01-01

Abstract:To deal with the large-scale traffic capture and management in high speed network,the performance of IPFIX system was studied.An optimized architecture was proposed and implemented based on improved binary information integration to collect data and improved multi-layer hash algorithm to storage data.This system was deployed in Tsinghua university campus network and can scale to the 10 GB network traffic collection and accurate pricing.

Rafael Oliveira,Tiago Pedrosa,José Rufino,Rui Pedro Lopes

DOI: https://doi.org/10.3390/systems12040126

2024-04-07

Systems

Abstract:The rapid evolution of technology has fostered an exponential rise in the number of individuals and devices interconnected via the Internet. This interconnectedness has prompted companies to expand their computing and communication infrastructures significantly to accommodate the escalating demands. However, this proliferation of connectivity has also opened new avenues for cyber threats, emphasizing the critical need for Intrusion Detection Systems (IDSs) to adapt and operate efficiently in this evolving landscape. In response, companies are increasingly seeking IDSs characterized by horizontal, modular, and elastic attributes, capable of dynamically scaling with the fluctuating volume of network data flows deemed essential for effective monitoring and threat detection. Yet, the task extends beyond mere data capture and storage; robust IDSs must integrate sophisticated components for data analysis and anomaly detection, ideally functioning in real-time or near real-time. While Machine Learning (ML) techniques present promising avenues for detecting and mitigating malicious activities, their efficacy hinges on the availability of high-quality training datasets, which in turn poses a significant challenge. This paper proposes a comprehensive solution in the form of an architecture and reference implementation for (near) real-time capture, storage, and analysis of network data within a 1 Gbps network environment. Performance benchmarks provided offer valuable insights for prototype optimization, demonstrating the capability of the proposed IDS architecture to meet objectives even under realistic operational scenarios.

Yun Mao,Kang Chen,Dongsheng Wang,Weimin Zheng

DOI: https://doi.org/10.1145/502932.502942

2001-01-01

Abstract:Web traffic has been increasing and evolving rapidly in recent years. It is important to measure the volume and characteristic of such dominant traffic to understand large-scale user access pattern and analyze performance of Web applications. Among the common methods of Web measurements, the passive way using packet monitoring is more advantageous since it provides comprehensive information and is transparent to end-users. However, the throughput of current packet monitoring system is limited by the bandwidth of network adapters. Computational capacity and buffer size are also potential performance bottlenecks for monitoring high-speed links. This paper proposes a cluster-based online monitoring system, which generates rich logs by packet sniffing for Web analysis in a cluster environment. Powered by cluster computing technologies, the system achieves high performance and availability. Other techniques, such as online reconstruction in memory and kernel packet filter, are also adopted to improve the system performance. The experimental results indicate that it is feasible to trace in high-speed links with the cluster-based system.

Zhichun Li,Gao Xia,Hongyu Gao,Yi Tang,Yan Chen,Bin Liu,Junchen Jiang,Yuezhou Lv

DOI: https://doi.org/10.1145/1851275.1851216

IF: 1.937

2010-01-01

ACM SIGCOMM Computer Communication Review

Abstract:Accuracy and speed are the two most important metrics for Network Intrusion Detection/Prevention Systems (NIDS/NIPSes). Due to emerging polymorphic attacks and the fact that in many cases regular expressions (regexes) cannot capture the vulnerability conditions accurately, the accuracy of existing regex-based NIDS/NIPS systems has become a serious problem. In contrast, the recently-proposed vulnerability signatures [10, 29] (a.k.a. data patches) can exactly describe the vulnerability conditions and achieve better accuracy. However, how to efficiently apply vulnerability signatures to high speed NIDS/NIPS with a large ruleset remains an untouched but challenging issue.This paper presents the first systematic design of vulnerability signature based parsing and matching engine, NetShield, which achieves multi-gigabit throughput while offering much better accuracy. Particularly, we made the following contributions: (i) we proposed a candidate selection algorithm which efficiently matches thousands of vulnerability signatures simultaneously requiring a small amount of memory; (ii) we proposed an automatic lightweight parsing state machine achieving fast protocol parsing. Experimental results show that the core engine of NetShield achieves at least 1.9+Gbps signature matching throughput on a 3.8GHz single-core PC, and can scale-up to at least 11+Gbps under a 8-core machine for 794 HTTP vulnerability signatures. We release our prototype and sample signatures at www.nshield.org.

Xiaofei Bu,Yu-E Sun,Yang Du,Xiaocan Wu,Boyu Zhang,He Huang

DOI: https://doi.org/10.1007/s12083-020-01036-8

2021-01-11

Abstract:Detecting the flows with abnormally large spreads over big network data can help us identify network attacks, such as DDoS attacks and scanners. Most per-flow measurement studies use compact data structures to reduce their memory requirements, fitting in the limited on-chip memory and catching up with the line rate. In this paper, we study a novel problem called spread estimation among multi-periods to measure the total number of distinct elements or the number of distinct <i>k</i>-persistent elements in a flow among multiple traffic measurement periods. In our design, we use an on-chip/off-chip model to record the per-flow traffic information, which uses small on-chip memory and matches the line rate, <i>i.e.</i>, we use on-chip memory to filter out the duplicates, sample the elements, and store the sampled traffic data in off-chip memory. By performing the set operations on the sampled traffic data, we can derive the total number of distinct elements and the number of distinct <i>k</i>-persistent elements among multiple periods based on probability analysis. The experimental results on real Internet traffic traces show that, when performing spread estimation among multiple periods, our estimator is efficient in memory usage and estimation accuracy and can efficiently detect the stealthy DDoS attack and scanners.

computer science, information systems,telecommunications

Jiawei Ye,Jiaqian Li,Ai Er Pan Jiang,Chengrong Wu

DOI: https://doi.org/10.1109/SmartCloud52277.2021.00016

2021-01-01

Abstract:This paper works on the ubiquitous situation in network packet capturing. The packet capture tool randomly loses packages due to burst network traffic, especially when handling massive network flow in cloud computing data centers. Using the high-performance packet capture tool PF_RING, we propose an adaptive version with a scalable ring structure named PF_RING-TA. When the network traffic changes significantly, PF_RING-TA can automatically scale the size of the buffer space in the kernel to ensure that the random packet loss rate is reduced to an acceptable level. Experiments show that in various scenarios, PF_RING-TA has a notable improvement in the packet loss rate compared that of the original PF_RING.

Wei Wei

2007-01-01

Abstract:Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS can not meet the speed’s demand, resulting in rising of false negatives. To promote the NIDS performance and efficiency, present studies on IDSs for high-speed network monitoring have begun to choose the distributed architecture as an alterative, first suggested by Christopher Kruegel et al . In such a design, the incoming network traffic is disseminated to a pool of sensors, which process a fraction of the whole traffic, reducing the possibility of packet loss caused by overload.

WU Hao,LI Yang,ZHANG Chu-wen,LIU Bin

DOI: https://doi.org/10.13190/j.jbupt.2017.s.006

2017-01-01

Abstract:Aiming at the problem that how to trade off the access throughput,accuracy and capacity of counter memory in high-speed network measurement,the non-linear sampling was adopted to develop an FPGA-based network measurement system FPGA-based adaptive sampling measurement (FAST).The key designs of FAST include the centralized state machine,the separate function banks in counter memory and the parallel export operations.Through numerous evaluations,this FAST prototype can adaptively tune sampling rate according to real-time flow volume and reach a high counter compression rate with more than 99％ average accuracy rate.The throughput attains to 27.4Mpps.