Erschienen: 20.12.2011 Abbildung von Morariu | An Open Architecture for Distributed IP Traffic Analysis | 2011


An Open Architecture for Distributed IP Traffic Analysis

vergriffen, kein Nachdruck

48,80 €

inkl. Mwst.

2011. Buch. 178 S. Softcover

Shaker Verlag. ISBN 978-3-8440-0549-3

Format (B x L): 14.6 x 21.1 cm

Gewicht: 248 g

In englischer Sprache


Since the first days of the Internet the IP (Internet Protocol) traffic carried by network operators increased year after year. This was mainly caused by a continuous growth in the number of users having Internet access, combined with an increase in services that those users have access to using an IP infrastructure. Traditional telecommunication services that had their dedicated infrastructures (such as telephony, television) are in a process of gradually switching to IP. Two additional causes, which have lead to the increase of network traffic are a constant need of users to have access to higher quality services, and, the pervasiveness of modern mobile devices, which allow users to be connected to the Internet anytime and from almost anywhere. Different studies of the evolution of Internet traffic show that on average, during the last decade, Internet traffic increased between 50% to 100% every year, depending on the markets where those studies have been made. Looking at the behavior of Internet users during recent years, and considering Internet services that are still very new, or expected to be available soon, leads to estimations that the trend in traffic increase will continue at the same rate until 2013 and most probably beyond. By 2012 the total Internet traffic carried by Internet providers is estimated to be about 75 times higher than the total traffic carried in 2002. Besides the impact that such a traffic increase has on the routing and switching infrastructure of network operators also the network monitoring and management mechanisms need to be changed in order to address more traffic. Traffic metering and analysis mechanisms will still be important in the hands of network operators, as these are the basis for many network management operations, such as network monitoring, planning, intrusion detection, accounting, charging, or billing. One important problem, which was observed in today's IP traffic metering and analysis mechanisms and which motivates this thesis, is the use of a central element which collects all traffic metering data and which performs traffic analysis tasks on these data. The use of a central element is required by traffic analysis applications which have to correlate different pieces of metered data. High packet rates only allow for a limited number of operations to be made on a packet, before the next one arrives at the metering device. Similarly, as the IP metering data collected by large operators in a single day is in the orders of tens or hundreds of Gigabytes, traffic analysis applications take a long time to analyze that traffic. The contribution of this research is a set of building blocks for distributed traffic analysis. As traditional centralized approaches for traffic metering and analysis cannot scale with the traffic increase, this thesis proposes a distributed traffic metering and analysis model. A generic architecture for the distribution of captured IP metering data (DITA), which includes a framework for enabling distributed traffic analysis, is presented and evaluated. In addition, the thesis also proposes two metering mechanisms, as instances of the distributed metering process, which address problems of existing solution. The first metering mechanism enables a software-based traffic monitoring application, such as Snort or nTop, to run in parallel on several machines in order to increase the number of packets that can be inspected every second. The second metering mechanism allows for the identification of the user and application which sent (or received) a particular IP packet, not just the network device which they used. This tool supports accounting or intrusion detection systems for multi-user operating systems. The evaluation of these newly proposed mechanisms show that a distribution of traffic metering and traffic analysis is feasible and may be the basis of future scalable IP traffic metering and analysis infrastructures.


  • Dieses Set enthält folgende Produkte:
      Auch in folgendem Set erhältlich:
      • nach oben

        Ihre Daten werden geladen ...