Master’s Thesis (30 credits) By: Morten Lindeberg Supervisors: Vera Goebel and Jarle Søberg Design, Implementation, and Evaluation of Network Monitoring.

Slides:

Advertisements

Similar presentations

Network Performance Measurement

Advertisements

Analysis of : Operator Scheduling in a Data Stream Manager CS561 – Advanced Database Systems By Eric Bloom.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

MapReduce Online Created by: Rajesh Gadipuuri Modified by: Ying Lu.

1 11. Streaming Data Management Chapter 18 Current Issues: Streaming Data and Cloud Computing The 3rd edition of the textbook.

1 Enhanced EDF Scheduling Algorithms for Orchestrating Network-wide Active Measurements Prasad Calyam, Chang-Gun Lee Phani Kumar Arava, Dima Krymskiy OARnet,

CCNA – Network Fundamentals

Doc.: IEEE /0604r1 Submission May 2014 Slide 1 Modeling and Evaluating Variable Bit rate Video Steaming for ax Date: Authors:

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

A Data Stream Management System for Network Traffic Management Shivnath Babu Stanford University Lakshminarayanan Subramanian Univ. California, Berkeley.

The Design of the Borealis Stream Processing Engine Brandeis University, Brown University, MIT Magdalena BalazinskaNesime Tatbul MIT Brown.

Static Optimization of Conjunctive Queries with Sliding Windows over Infinite Streams Presented by: Andy Mason and Sheng Zhong Ahmed M.Ayad and Jeffrey.

Load Shedding in a Data Stream Manager Kevin Hoeschele Anurag Shakti Maskey.

Aurora Proponent Team Wei, Mingrui Liu, Mo Rebuttal Team Joshua M Lee Raghavan, Venkatesh.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

Chapter 10: Stream-based Data Management Title: Design, Implementation, and Evaluation of the Linear Road Benchmark on the Stream Processing Core Authors:

1 PODS 2002 Motivation. 2 PODS 2002 Data Streams data sets Traditional DBMS – data stored in finite, persistent data sets data streams New Applications.

1 Load Shedding in a Data Stream Manager Slides edited from the original slides of Kevin Hoeschele Anurag Shakti Maskey.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Bro: A System for Detecting Network Intruders in Real-Time Presented by Zachary Schneirov CS Professor Yan Chen.

1/16/2008CSCI 315 Operating Systems Design1 Introduction Notice: The slides for this lecture have been largely based on those accompanying the textbook.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

Morten Lindeberg University of Oslo (With slides from Vera Goebel)

Document Number ETH West Diamond Avenue - Third Floor, Gaithersburg, MD Phone: (301) Fax: (301)

Hands-on Networking Fundamentals

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Offline Performance Monitoring for Linux Abhishek Shukla.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.

IP and Errors IP Best Effort Datagrams can be: –Lost –Delayed –Duplicated –Delivered out of order –Corrupted.

An Integration Framework for Sensor Networks and Data Stream Management Systems.

On-Demand View Materialization and Indexing for Network Forensic Analysis Roxana Geambasu 1, Tanya Bragin 1 Jaeyeon Jung 2, Magdalena Balazinska 1 1 University.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Fundamentals of Computer Networks ECE 478/578 Lecture #19: Transport Layer Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.

A new model and architecture for data stream management.

Frontiers in Massive Data Analysis Chapter 3.  Difficult to include data from multiple sources  Each organization develops a unique way of representing.

1 Module 4: Implementing OSPF. 2 Lessons OSPF OSPF Areas and Hierarchical Routing OSPF Operation OSPF Routing Tables Designing an OSPF Network.

Design, Implementation, and Evaluation of Network Monitoring Tasks with the TelegraphCQ Data Stream Management System INF5100, Autumn 2006 Jarle Søberg.

Data Stream Management Systems

INNOV-10 Progress® Event Engine™ Technical Overview Prashant Thumma Principal Software Engineer.

4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.

An Example Data Stream Management System: TelegraphCQ INF5100, Autumn 2009 Jarle Søberg.

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

A new model and architecture for data stream management.

Big traffic data processing framework for intelligent monitoring and recording systems 學生 : 賴弘偉教授 : 許毅然作者 : Yingjie Xia a, JinlongChen a,b,n, XindaiLu.

Control-Based Load Shedding in Data Stream Management Systems Yicheng Tu and Sunil Prabhakar Department of Computer Sciences, Purdue University April 3,

Development of a QoE Model Himadeepa Karlapudi 03/07/03.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Improving BGP Convergence.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

REED ： Robust, Efficient Filtering and Event Detection in Sensor Network Daniel J. Abadi, Samuel Madden, Wolfgang Lindner Proceedings of the 31st VLDB.

CPT-S Advanced Databases 11 Yinghui Wu EME 49.

Control-Based Load Shedding in Data Stream Management Systems Yicheng Tu and Sunil Prabhakar Department of Computer Sciences, Purdue University April 3,

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

The Design of an Acquisitional Query Processor For Sensor Networks Samuel Madden, Michael J. Franklin, Joseph M. Hellerstein, and Wei Hong Presentation.

Streaming Semantic Data COMP6215 Semantic Web Technologies Dr Nicholas Gibbins –

1 Out of Order Processing for Stream Query Evaluation Jin Li (Portland State Universtiy) Joint work with Theodore Johnson, Vladislav Shkapenyuk, David.

S. Sudarshan CS632 Course, Mar 2004 IIT Bombay

Jennifer Rexford Princeton University

Distributed Network Traffic Feature Extraction for a Real-time IDS

Applying Control Theory to Stream Processing Systems

Introduction to Networking

Data collection methodology and NM paradigms

Software Architecture in Practice

The Design of an Acquisitional Query Processor For Sensor Networks

Language Processors Application Domain – ideas concerning the behavior of a software. Execution Domain – Ideas implemented in Computer System. Semantic.

Performance And Scalability In Oracle9i And SQL Server 2000

Presentation transcript:

Master’s Thesis (30 credits) By: Morten Lindeberg Supervisors: Vera Goebel and Jarle Søberg Design, Implementation, and Evaluation of Network Monitoring Tasks for the Borealis Stream Processing Engine

Slide no. 2 Outline Problem description Application domains Data stream management system (DSMS) Borealis Design Experiment Setup Implementation Evaluation Conclusion Future Work Network monitoring tasks

Slide no. 3 Problem Description Design, Implementation, and Evaluation of Network Monitoring Tasks for the Borealis Stream Processing Engine Network Monitoring Tasks: –Task-1: Verify Borealis load shedding mechanisms. –Task-2: Measure the average load of packets and network load per second over a one minute interval. –Task-3: How many packets have been sent to certain ports during the last five minutes? –Task-4: How many bytes have been exchanged on each connection during the last ten seconds? –Task-5: Identify possible SYN flood attacks

Slide no. 4 Application Domains Network monitoring (Controlling and measuring the Internet or parts of it) –Challenges Traffic volumes Get relevant data Privacy –On-line network measurements Passive: Our network tasks Active: E.g. Traceroute and Ping –Off-line network measurements Passive: E.g. InTraBase (Siekkinen, 2006) Active: Pandora FMS(Pandora, 2007) N.M Private network DB Looks at all passing packets Push - based

Slide no. 5 Cont. Application Domains Sensor networks –TinyDB Financial tickers –Traderbot Pull-based Push-based

Slide no. 6 DSMS Stream Data Model –Definition: A data stream is a real-time, continuous, ordered sequence of items (Golab, 2003) n 

Slide no. 7 Cont. DSMS Requirements –Continuous query language –Data reduction techniques Sampling Load shedding Aggregations with window techniques Without sliding windows aggregations would be a blocking operator, since one never will see the whole stream at once –Adaptive –Integration with a traditional database –Low latency and high throughput Hopping windows Tumbling windows Overlapping windows Window techniques: Windows are either time-based or tuple-based Streaming tuples should only be kept in main memory, never written to disk (too slow)

Slide no. 8 Cont. DSMS Existing systems: Name:Language: TelegraphCQ (Berkeley Uni.)SQL-like STREAM (Stanford Uni.)SQL-like Aurora (Brown, M.I.T++)Boxes and arrows Medusa (Brown, M.I.T++)Boxes and arrows Borealis (Brown, M.I.T++)Boxes and arrows Gigascope ($ AT&T)SQL-Like

Slide no. 9 Borealis Stream processing engine (SPE) –Academic research / Public domain –Distributed queries –General purpose Multi-player first person shooter game Network monitoring Continuous query language –Operator boxes and stream arrows –XML + GUI –E.g., operators: Map, Aggregate, Join, Filter, Random Drop and operators for integration with statically stored tables n2n5n3n4 n1 n6 Distributed query Data stream Result tuples High Availability

Slide no. 10 Design Task 2 - Version 1 –Average load and packet count Task 1 - Version 1 – Mapping

Slide no. 11 Cont. Design Task 3 - Version 2 – Port destination cont Task 4 - Version 2 – Exchanged bytes

Slide no. 12 Cont. Design Task 5 - Version 1 –SYN Flood attack (Several hosts initiate half-open connections to a server so that it has to deny service to others) –Identifies the relation between the count of SYN packets and normal packets (Non-SYN). Joins aggregated tuples if SYN count is twice or more the normal packet count.

Slide no. 13 Cont. Design <parameter name="predicate" value = "left.count * 2 < right.count and left.count > 0" />

Slide no. 14 Experiment Setup Scripts executes the different stages of each experiment TG: Generates traffic fyaf: Filters packet headers from NIC. Counts the number of packets retrieved by the C.A C.A: Transforms the packet headers into tuples. I/O to the Q.P Q.P: Performs the query on the tuples retrieved from C.A System resource consumption is logged by the execution scripts.. fyaf calculates the number of lost packets.. TG controls the amount of generated traffic per second..

Slide no. 15 Borealis Implementation Client application main-method: int main( int argc, const char *argv[] ) {... sock = get_connection(); NOTICE << "Socket opened: " << sock; status = marshal.open(); if ( status ) { WARN << "Could not deply the network."; } else { //Start the timer.. timer = Time::now(); // Send the first batch of tuples. Queue up the next round with a delay. marshal.sentPacket(); // Run the client event loop. Return only on an exception. marshal.runClient(); }... } fyafQuery processor Results Data stream Client application

Slide no. 16 Evaluation Results for Task 1 ( The map task ) CPU Maximums Drop box can lead to increased CPU utilization

Slide no. 17 Cont. Evaluation Results for Task 2 - (the simple task) (Lost packets at different network loads) 40 Mbit/s

Slide no. 18 Cont. Evaluation Results for Task 2 - (the simple task) (Task result - Measured Load) A c 98% A c 93% A c 96%

Slide no. 19 Cont. Evaluation Results for Task 3 - Memory Consumption Low memory consumption. (31 Mbyte). No changes when increasing load. Static tables causes increased memory consumption, but not much.

Slide no. 20 Cont. Evaluation TaskNetwork LoadMemory Consumption Task 130,40 Mbit/s31 Mbyte Task 240 Mbit/s31 Mbyte Task 310, 30 Mbit/s31, 33 Mbyte Task 420 Mbit/s31 Mbyte Task 520 Mbit/s30, 50+ Mbyte

Slide no. 21 Conclusion Support complex network monitor queries Borealis can handle network loads: –40 Mbit/s for simple tasks – Mbit/s for complex tasks –10 Mbit/s when comparing input packets with several thousands of statically stored tuples. Load Shedding –Not fully working, does not identify overload situations –random_drop box does not significantly increase supported network load Low memory consumption –System code parameters might affect performance

Slide no. 22 Future Work Distribution of queries Expand client application (fyaf and load shedding) Optimization of source code system parameters New version of Borealis (Winter 2007) Comparison with results from TelegraphCQ (Søberg, 2006) and STREAM (Hernes, 2006)

Slide no. 23 Bibliography (Søberg, 2006) - Design, implementation, and evaluation of network monitoring tasks with the TelegraphCQ data stream management system,Master’s Thesis (Hernes, 2006) - Design, implementation, and evaluation of network monitoring tasks with the STREAM data stream management system, Master’s Thesis (Siekkinen, 2006) - Root Cause Analysis of TCP Throughput: Methodology, Techniques, and Applications, Dr. Scient. Thesis (Golab, 2003) - Issues in Data Stream Management, Lukasz Golab and M. Tamer Ötzu, 2003 (Pandora, 2007) -