building a real time grid protocol analyser
play

Building a real-time Grid protocol analyser Jonathan Paisley - PowerPoint PPT Presentation

Feb 03, 2023 •551 likes •821 views

Building a real-time Grid protocol analyser Jonathan Paisley Department of Computing Science The Grid Wide-area distributed computing Lots of funding Network operators need to support it Traffic dominated by bulk data transfer Elephants and

  1. Building a real-time Grid protocol analyser Jonathan Paisley Department of Computing Science

  2. The Grid Wide-area distributed computing Lots of funding Network operators need to support it Traffic dominated by bulk data transfer

  3. Elephants and Mice

  4. Multiple Elephants and Mice

  5. Elephants and Mixed Mice

  6. Elephants and Cipher Mice ?

  7. Grid Monitoring Monitoring System Grid Application Users Signal ISP Operator Institution Network ISP's Network Monitoring point Servers with Other ISPs and the lots of storage Internet

  8. Approach Interpret protocol to learn about associated bulk connections Report on transfer sizes Be able to deal with mixed control-data flows

  9. DAG-based Network Monitor Just a PC with special network monitoring card. Example: 2.8 GHz dual Xeon, 2+ GB memory Image Source: Endace Measurement Systems

  10. Similarity to NIDS NIDS = Network Intrusion Detection System For example: Bro Does protocol analysis (FTP, SMTP, etc) Needs port-based filter Full reassembly of every monitored flow Too slow

  11. Design Goals Leverage DAG ring buffer architecture Capable of processing at GigE line rate Support full cleartext protocol analysis Efficiently handle mixed control/data

  12. Assumptions and Principles TCP only Applications under study not used maliciously Minimise memory copies Minimise heap allocation Process packets as soon as possible Single-threaded, data-driven

  13. DAG Ring Buffer Not-yet- Processed written DAG Write Pointer Unprocessed Application Acknowledged Pointer

  14. DAG Ring Buffer Not-yet- Processed written Application DAG Write Acknowledged Pointer Pointer Unprocessed Retained Application Processed Pointer

  15. DAG Ring Buffer Not-yet- Processed written Application DAG Write Acknowledged Pointer Pointer Unprocessed Retained Application Processed Pointer

  16. Writing Protocol Analysers Passive monitor sees both flow directions Code to track state -> generate events State machines can be complex Threaded programming style is easier ... but runtime cost normally higher

  17. ProtoThreads Similar to co-routines/continuations Implemented using a C switch statement State maintained in a structure Context switching by stack unwinding

  18. Analyser Example void AnalyserClass::AnalyserMain() { // Read function id and num args READ(OrigFlow, 2); func_id = *(uint16_t*)data; READ(OrigFlow, 2); num_args = *(uint16_t*)data; for (i=0;i<num_args;i++) { READ(OrigFlow, 4); len = *(uint32_t*)data; // Read the argument, but we // only need the first 200 bytes READ_AND_SKIP(OrigFlow, len, 200); // ... process the argument } READ(RespFlow, 4); result_value = *(uint32_t*)data; }

  19. Analyser Example void AnalyserClass::AnalyserMain() May { block // Read function id and num args READ(OrigFlow, 2); here! func_id = *(uint16_t*)data; READ(OrigFlow, 2); num_args = *(uint16_t*)data; for (i=0;i<num_args;i++) { READ(OrigFlow, 4); len = *(uint32_t*)data; // Read the argument, but we // only need the first 200 bytes READ_AND_SKIP(OrigFlow, len, 200); // ... process the argument } READ(RespFlow, 4); result_value = *(uint32_t*)data; }

  20. Scalability Presently limited to single processor Auxiliary flow tracing complicated by concurrent processing Could use retained packet scheme for all flows: gives extra 1-2 seconds buffering

  21. Evaluation Informal testing carried out during development Negligible load for ~900Mbps mixed control/ data SRB flow Initial testing with larger number of connections with flat-out* replay of IP header traces ~10-15% load * 250Mbps, 5000 new connections per second.

  22. Encrypted Analysis Ideas What can we know about encrypted traffic? Messages: (direction, size*, timing) Lack of messages (timeouts) If we understand framing protocol: can get application-level messages * with some bounded error

  23. Requests and Responses Monitoring Point Client Server Look out for associated bulk data flow!

  24. Approaches Hidden Markov Models? Naïve Bayesian Classifier? Other work: SSH password typing analysis HTTPS request analysis by URL lengths Sideband attacks on encryption algorithms

  25. Summary Built (hopefully) fast system for real-time protocol analysis work. Evaluation pending. Support for efficient handling of mixed control/data protocols. Coding of protocol analysers simplified by rich lightweight threaded interface. Starting work on classifying and event reporting of encrypted traffic.

Recommend

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic protocol for real-time traffic Protocol for the management of data flow Secure version of the protocol 2 What is real-time (time of

629 views • 33 slides
Real-Time in the Real World: Building a State of the Art Real-Time Analytics Platform INFORMS

Real-Time in the Real World: Building a State of the Art Real-Time Analytics Platform INFORMS

Real-Time in the Real World: Building a State of the Art Real-Time Analytics Platform INFORMS Analytics Conference April 14 th , 2015 Joe DeCosmo Chief Analytics Officer Enova International We are a growing global online Lender Founded

229 views • 18 slides
Real-Time Transport Protocol (RTP) August 12, 2001 RTP 2 RTP protocol goals mixers and

Real-Time Transport Protocol (RTP) August 12, 2001 RTP 2 RTP protocol goals mixers and

RTP 1 Real-Time Transport Protocol (RTP) August 12, 2001 RTP 2 RTP protocol goals mixers and translators control: awareness, QOS feedback media adaptation August 12, 2001 RTP 3 RTP the big picture application media

821 views • 42 slides
The I nCell Analyser 1 0 0 0 High throughput, high content screening The InCell Analyser 1000

The I nCell Analyser 1 0 0 0 High throughput, high content screening The InCell Analyser 1000

The I nCell Analyser 1 0 0 0 High throughput, high content screening The InCell Analyser 1000 Automated cellular and subcellular imaging system. Built around epifluorescent based microscope and image acquisition software. Fixed and live

639 views • 20 slides
REAL-TIME MICHAEL ROITZSCH OVERVIEW TU Dresden MOS Real - Time 2 SO FAR talked about

REAL-TIME MICHAEL ROITZSCH OVERVIEW TU Dresden MOS Real - Time 2 SO FAR talked about

Department of Computer Science Institute for System Architecture, Operating Systems Group REAL-TIME MICHAEL ROITZSCH OVERVIEW TU Dresden MOS Real - Time 2 SO FAR talked about in - kernel building blocks: threads memory IPC

511 views • 26 slides
RTP: Real-time Transport Protocol Krzysztof Hebel Multimedia Communications Laboratory

RTP: Real-time Transport Protocol Krzysztof Hebel Multimedia Communications Laboratory

RTP: Real-time Transport Protocol Krzysztof Hebel Multimedia Communications Laboratory Electrical &amp; Computer Engineering Department University of Waterloo February 21 st 2006 Presentation Outline Introduction Overview of RTP

475 views • 34 slides
H/2 DLC Protocol in Hard Real Time Systems H. Wijaya 23 , N. Esseling 2 , O. Klein 2 , W. Zirwas 1

H/2 DLC Protocol in Hard Real Time Systems H. Wijaya 23 , N. Esseling 2 , O. Klein 2 , W. Zirwas 1

H/2 DLC Protocol in Hard Real Time Systems H. Wijaya 23 , N. Esseling 2 , O. Klein 2 , W. Zirwas 1 , Hui Li 1 , J. M. Eichinger 1 , A. Vidal 2 1 = Siemens AG, 2 = ComNets, RWTH Aachen, 3 = AixCom GmbH GERMANY COVERAGE Initiated by Siemens AG

342 views • 13 slides
Building Real-Time Visualizations at Scale Mike Barry @msb5014 Kevin Robinson @krob Hello!

Building Real-Time Visualizations at Scale Mike Barry @msb5014 Kevin Robinson @krob Hello!

Building Real-Time Visualizations at Scale Mike Barry @msb5014 Kevin Robinson @krob Hello! Hello! analytics.twitter.com Hello! Answers Building Real-time Visualizations Real-time Actionable User-focused Analytics at Twitter

1.08k views • 76 slides
Outline The electric grid as it is The smart grid

Outline The electric grid as it is The smart grid

12-06-13 Real-Time Distributed Conges5on Control for Electrical Vehicle Charging Catherine Rosenberg (University of Waterloo) Joint work with Omid Ardakanian

810 views • 22 slides
Real-Time Protocol (RTP) bag of tricks use UDP to avoid TCP congestion control (delays)

Real-Time Protocol (RTP) bag of tricks use UDP to avoid TCP congestion control (delays)

Real-Time (Phone) Over IPs Multimedia Networking Best-Effort Last time Principles Classify multimedia Multimedia Networking Applications Settings applications Streaming stored audio and video Identify the network talk

372 views • 9 slides
Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing

Real- Time Building Energy Modeling and Fault Detection and Diagnostics for a DoD Building Bing Dong1, Zheng ONeill2 1 University of T exas, San Antonio, TX, USA 2 University of Alabama, AL, USA The work was done at the United Technologies

275 views • 14 slides
Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund New in

Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund New in

Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund New in draft-01 Header table in chapter 12 Updated all HTTP references to RFC 2616 State machine chapter totally rewritten Added PING method

512 views • 11 slides
Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #15 Updated 2009-03-03 Dependable Distributed Dependable Distributed Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real Aircraft/automotive

501 views • 9 slides
The Real-Time Transport Protocol Framework, HDTV and Standards Development Ladan Gharai

The Real-Time Transport Protocol Framework, HDTV and Standards Development Ladan Gharai

The Real-Time Transport Protocol Framework, HDTV and Standards Development Ladan Gharai University of Southern California/ISI HDTV Transport over IP The Audio/Video Transport (AVT) working group of Internet Engineering Task Force (IETF) is

447 views • 28 slides
MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise

MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise

MQTT Protocol for Real Time GNSS Data and Correction Distribution Precise Positioning Precise P Precise Positioning sitioning Real-Time Kinematic (RTK) positioning Precise Point Positioning (PPP) Requires additional correction!

340 views • 14 slides
RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS Real-time extensions to general-purpose OS Chenyang Lu 2 RTOS: Features for Efficiency Small Minimal set of functionality Fast context switch

504 views • 16 slides
The he Ca Capital pital Grid Grid Pr Projec oject Building Tomorrows Energy Grid Today

The he Ca Capital pital Grid Grid Pr Projec oject Building Tomorrows Energy Grid Today

The he Ca Capital pital Grid Grid Pr Projec oject Building Tomorrows Energy Grid Today Riggs R Rig gs Roa oad/ d/East Easter ern n Aven enue ue NE E Virtua ual Mee eeting ng September 17, 2020 Agenda Agenda Welcome

347 views • 23 slides
Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10 Updated 2009-02-15 Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time system Logical function What should be done &amp;

500 views • 8 slides
Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate Engine + Fabric Offline Develop initial monitoring query Back-test Progressive Non-temporal analysis Interactive Query Authoring

383 views • 15 slides
The Real-Time Channel Administration Protocol Bruce A. Mah The Tenet Group University of

The Real-Time Channel Administration Protocol Bruce A. Mah The Tenet Group University of

The Real-Time Channel Administration Protocol Bruce A. Mah The Tenet Group University of California, Berkeley and International Computer Science Institute Berkeley, California Hitachi-Tenet Meeting May 28-29, 1991 Bruce A. Mah The

498 views • 18 slides
Porting the Tenet Real-Time Protocol Suite to a HIPPI Network Bruce A. Mah and Domenico Ferrari

Porting the Tenet Real-Time Protocol Suite to a HIPPI Network Bruce A. Mah and Domenico Ferrari

Porting the Tenet Real-Time Protocol Suite to a HIPPI Network Bruce A. Mah and Domenico Ferrari {bmah,ferrari}@CS.Berkeley.EDU The Tenet Group University of California at Berkeley and International Computer Science Institute Fourth Gigabit

296 views • 15 slides
The Tenet Real-Time Protocol Suite Bruce A. Mah bmah@tenet.berkeley.edu The Tenet Group

The Tenet Real-Time Protocol Suite Bruce A. Mah bmah@tenet.berkeley.edu The Tenet Group

The Tenet Real-Time Protocol Suite Bruce A. Mah bmah@tenet.berkeley.edu The Tenet Group Computer Science Division University of California at Berkeley and The International Computer Science Institute Hewlett Packard Labs 6 August 1992 The

388 views • 27 slides
THE VECTOR NETWORK ANALYSER A SERIOUS TOOL FOR THE TECHNICAL RADIO AMATEUR WHAT IS A VECTOR

THE VECTOR NETWORK ANALYSER A SERIOUS TOOL FOR THE TECHNICAL RADIO AMATEUR WHAT IS A VECTOR

THE VECTOR NETWORK ANALYSER A SERIOUS TOOL FOR THE TECHNICAL RADIO AMATEUR WHAT IS A VECTOR NETWORK ANALYSER (VNA) A piece of test equipment which measures complex multi-port S parameters Input Output Unknown Circuit 2 Port analysis

326 views • 17 slides
Insights in building real-time experiences with WebRTC @VictorSanchez victor@mashme.tv ? What

Insights in building real-time experiences with WebRTC @VictorSanchez victor@mashme.tv ? What

Insights in building real-time experiences with WebRTC @VictorSanchez victor@mashme.tv ? What is Social video-collaboration platform Based in the cloud Integrates many tools Startup spin-off from UPM 2 ? How big is 800.000+ users in 72

384 views • 25 slides

More recommend