Stream-wise Aggregation of Flow Data

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F18%3A10133094" target="_blank" >RIV/63839172:_____/18:10133094 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Stream-wise Aggregation of Flow Data

Popis výsledku v původním jazyce

Network monitoring, especially in large networks, uses so-called flow data analysis. Such analysis is based on aggregation of network packets into IP flows that represent unidirectional communication between pairs of IP addresses. Authors of [1] presented a unique approach to the analysis to handle high data volume of the flow data at near real-time. It is based on a continuous on-the-fly analysis, without permanent storage. Naturally, this approach requires a particular design of the analysis tools. NEMEA [2] is the existing open source detection system that was developed by CESNET, the operator of the Czech National Research and Education Network (NREN), in cooperation with Czech universities. NEMEA uses a UniRec data format that allows for a representation of fixed-sized and variable sized data fields. There are many NEMEA modules, but a universal aggregation module for the NEMEA system was missing. That is why this work focused on the development of a new NEMEA module that can fulfill the requirements. This presentation describes the design and implementation of the new NEMEA aggregation module. The design was optimized to create a high-performance processing module since it must process a high volume of flow data with a low delay. The presentation also describes several use cases of the developed module, i.e., connections to existing other NEMEA modules or tools. Finally, the functionality and the performance of the developed module were evaluated, and the presented results confirm that the module is suitable for deployment in monitoring systems of high-speed networks.

Název v anglickém jazyce

Stream-wise Aggregation of Flow Data

Popis výsledku anglicky

Network monitoring, especially in large networks, uses so-called flow data analysis. Such analysis is based on aggregation of network packets into IP flows that represent unidirectional communication between pairs of IP addresses. Authors of [1] presented a unique approach to the analysis to handle high data volume of the flow data at near real-time. It is based on a continuous on-the-fly analysis, without permanent storage. Naturally, this approach requires a particular design of the analysis tools. NEMEA [2] is the existing open source detection system that was developed by CESNET, the operator of the Czech National Research and Education Network (NREN), in cooperation with Czech universities. NEMEA uses a UniRec data format that allows for a representation of fixed-sized and variable sized data fields. There are many NEMEA modules, but a universal aggregation module for the NEMEA system was missing. That is why this work focused on the development of a new NEMEA module that can fulfill the requirements. This presentation describes the design and implementation of the new NEMEA aggregation module. The design was optimized to create a high-performance processing module since it must process a high volume of flow data with a low delay. The presentation also describes several use cases of the developed module, i.e., connections to existing other NEMEA modules or tools. Finally, the functionality and the performance of the developed module were evaluated, and the presented results confirm that the module is suitable for deployment in monitoring systems of high-speed networks.

Druh

O - Ostatní výsledky

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

<a href="/cs/project/LM2015042" target="_blank" >LM2015042: E-infrastruktura CESNET</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů