skip to main content
10.1145/1882486.1882539acmconferencesArticle/Chapter ViewAbstractPublication PagesancsConference Proceedingsconference-collections
research-article

Experience with high-speed automated application-identification for network-management

Published:19 October 2009Publication History

ABSTRACT

AtoZ, an automatic traffic organizer, provides control of how network-resources are used by applications. It does this by combining the high-speed packet processing of the NetFPGA with an efficient method for application-behavior labeling. AtoZ can control network resources by prohibiting certain applications and controlling the resources available to others. We discuss deployment experience and use real traffic to illustrate how such an architecture enables several distinct features: high accuracy, high throughput, minimal delay, and efficient packet labeling --- all in a low-cost, robust configuration that works alongside the enterprise access-router.

References

  1. M. Roesch. Snort --- Lightweight Intrusion Detection for Networks. In Proceedings of USENIX LISA'99, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks, 31(23--24):2435--2463, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. W. Lockwood et al. "NetFPGA--an open platform for gigabit-rate network switching and routing". In IEEE International Conference on Microelectronic Systems Education (MSE'07), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. L. Bernaille et al. Early application identification. In Proceedings of the ACM CoNEXT'06, December 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. W. Li et al. Efficient application identification and the temporal and spatial stability of classification schema. Computer Networks, 53(6):790--809, Apr 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. M. Dusi et al. Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting. Computer Networks, 53(1):81--97, Jan 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. G. Maier et al. Enriching network security analysis with time travel. In Proceedings of ACM SIGCOMM'08, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. R. Morris et al. The Click Modular Router. ACM Trans. Comput. Syst., 18(3):263--297, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. Broder & M. Mitzenmacher. Network applications of bloom filters: A survey. Internet Mathematics, 1(4):485--609, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  10. C. Estan and G. Varghese. New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice. ACM Trans. Comput. Syst., 21(3):270--313, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. A. Kumar et al. Space-code bloom filter for efficient per-flow traffic measurement. In Proceedings of IEEE INFOCOM, Mar 2004.Google ScholarGoogle ScholarCross RefCross Ref
  12. R. Pang et al. Characteristics of internet background radiation. In Proceedings of IMC'04, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. Karedla et al. Caching strategies to improve disk system performance. Computer, 27(3), 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. Canini et al. GTVS: Boosting the collection of application traffic ground truth. In Proceedings of TMA'09, May 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. M. Attig and J. W. Lockwood. SIFT: Snort intrusion filter for TCP. In Proceedings of the 13th Symposium on High Performance Interconnects (HOTI'05), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. H. Song et al. Snort offloader: A reconfigurable hardware NIDS filter. In Proceedings of FPL'05, 2005.Google ScholarGoogle Scholar
  17. J. Gonzalez et al. Shunting: A hardware/software architecture for flexible, high-performance network intrusion prevention. In Proceedings of CCS'07, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in
  • Published in

    cover image ACM Conferences
    ANCS '09: Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
    October 2009
    227 pages
    ISBN:9781605586304
    DOI:10.1145/1882486

    Copyright © 2009 ACM

    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    • Published: 19 October 2009

    Permissions

    Request permissions about this article.

    Request Permissions

    Check for updates

    Qualifiers

    • research-article

    Acceptance Rates

    Overall Acceptance Rate88of314submissions,28%

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader