The Experts below are selected from a list of 5904 Experts worldwide ranked by ideXlab platform
Sheng-de Wang - One of the best experts on this subject based on the ideXlab platform.
-
An embedded NIDS with multi-core aware Packet Capture
Proceedings - 16th IEEE International Conference on Computational Science and Engineering CSE 2013, 2013Co-Authors: Chia Hao Hsu, Sheng-de WangAbstract:Network security has been a serious problem in the Internet. To face this issue, network intrusion detection tools have become indispensable for computer systems and network gateways. In this paper we propose an embedded, multi-core aware network intrusion detection system (NIDS), which has the following features: 1) It integrates a novel multi-core aware Packet Capture module, called the MCA ring, and an NIDS. 2) It exploits a zero-copy mechanism to remove the overheads of Packet copy processing from the network interface driver to the NIDS application. 3) It uses the concept of process and IRQ affinity to enhance the processing speed. The performance of NIDS under different Packet Capture modules in multi-gigabits networks has also been analyzed and presented in this paper. The results show that our integrated multi-core aware MCA ring and NIDS is effective for detecting network intrusion attacks in multi-gigabits networks.
-
embedded network intrusion detection systems with a multi core aware Packet Capture module
International Conference on Parallel Processing, 2011Co-Authors: Chia Hao Hsu, Sheng-de WangAbstract:Network security has been a main concern in the Internet. To address this issue, network intrusion detection or prevention tools have become indispensable for system security. In this paper we first propose a multi-core aware Packet Capture module and integrated it with a network intrusion detection system (NIDS). We then analyze the performance of the NIDS under different Packet Capture libraries in high speed networks. The proposed multi-core aware Packet Capture module, called Flow Ring, can enhance the performance of NIDS to meet the speed requirements without Packet loss. Together with the techniques for the configuration of an NIDS with respect to multi-core and IRQ affinity, the proposed approach can get the most effective performance.
Luca Deri - One of the best experts on this subject based on the ideXlab platform.
-
high speed network traffic analysis with commodity multi core systems
Internet Measurement Conference, 2010Co-Authors: Francesco Fusco, Luca DeriAbstract:Multi-core systems are the current dominant trend in computer processors. However, kernel network layers often do not fully exploit multi-core architectures. This is due to issues such as legacy code, resource competition of the RX-queues in network interfaces, as well as unnecessary memory copies between the OS layers. The result is that Packet Capture, the core operation in every network monitoring application, may even experience performance penalties when adapted to multi-core architectures. This work presents common pitfalls of network monitoring applications when used with multi-core systems, and presents solutions to these issues. We describe the design and implementation of a novel multi-core aware Packet Capture kernel module that enables monitoring applications to scale with the number of cores. We showcase that we can achieve high Packet Capture performance on modern commodity hardware.
-
ncap wire speed Packet Capture and transmission
Workshop on End-to-End Monitoring Techniques and Services 2005., 2005Co-Authors: Luca DeriAbstract:With the increasing network speed, it is no longer possible to Capture and transmit network Packets at wire-speed using general-purpose operating systems. Many companies tried to tackle this problem by manufacturing costly network adapters able to keep up at high network speeds. This paper describes a new approach to wire-speed Packet Capture and transmission named nCap based on commercial network adapters rather than on custom network adapters and software.
Chia Hao Hsu - One of the best experts on this subject based on the ideXlab platform.
-
An embedded NIDS with multi-core aware Packet Capture
Proceedings - 16th IEEE International Conference on Computational Science and Engineering CSE 2013, 2013Co-Authors: Chia Hao Hsu, Sheng-de WangAbstract:Network security has been a serious problem in the Internet. To face this issue, network intrusion detection tools have become indispensable for computer systems and network gateways. In this paper we propose an embedded, multi-core aware network intrusion detection system (NIDS), which has the following features: 1) It integrates a novel multi-core aware Packet Capture module, called the MCA ring, and an NIDS. 2) It exploits a zero-copy mechanism to remove the overheads of Packet copy processing from the network interface driver to the NIDS application. 3) It uses the concept of process and IRQ affinity to enhance the processing speed. The performance of NIDS under different Packet Capture modules in multi-gigabits networks has also been analyzed and presented in this paper. The results show that our integrated multi-core aware MCA ring and NIDS is effective for detecting network intrusion attacks in multi-gigabits networks.
-
embedded network intrusion detection systems with a multi core aware Packet Capture module
International Conference on Parallel Processing, 2011Co-Authors: Chia Hao Hsu, Sheng-de WangAbstract:Network security has been a main concern in the Internet. To address this issue, network intrusion detection or prevention tools have become indispensable for system security. In this paper we first propose a multi-core aware Packet Capture module and integrated it with a network intrusion detection system (NIDS). We then analyze the performance of the NIDS under different Packet Capture libraries in high speed networks. The proposed multi-core aware Packet Capture module, called Flow Ring, can enhance the performance of NIDS to meet the speed requirements without Packet loss. Together with the techniques for the configuration of an NIDS with respect to multi-core and IRQ affinity, the proposed approach can get the most effective performance.
Guoliang Xing - One of the best experts on this subject based on the ideXlab platform.
-
a practical bluetooth traffic sniffing system design implementation and countermeasure
IEEE ACM Transactions on Networking, 2019Co-Authors: Wahhab Albazrqaoe, Jun Huang, Guoliang XingAbstract:With the prevalence of personal Bluetooth devices, potential breach of user privacy has been an increasing concern. To date, sniffing Bluetooth traffic has been widely considered an extremely intricate task due to Bluetooth’s indiscoverable mode, vendor-dependent adaptive hopping behavior, and the interference in the open 2.4 GHz band. In this paper, we present BlueEar –a practical Bluetooth traffic sniffer. BlueEar features a novel dual-radio architecture where two Bluetooth-compliant radios coordinate with each other on learning the hopping sequence of indiscoverable Bluetooth networks, predicting adaptive hopping behavior, and mitigating the impacts of RF interference. We built a prototype of BlueEar to sniff on Bluetooth classic traffic. Experiment results show that BlueEar can maintain a Packet Capture rate higher than 90% consistently in real-world environments, where the target Bluetooth network exhibits diverse hopping behaviors in the presence of dynamic interference from coexisting 802.11 devices. In addition, we discuss the privacy implications of the BlueEar system, and present a practical countermeasure that effectively reduces the Packet Capture rate of the sniffer to 20%. The proposed countermeasure can be easily implemented on Bluetooth master devices while requiring no modification to slave devices such as keyboards and headsets.
-
practical bluetooth traffic sniffing systems and privacy implications
International Conference on Mobile Systems Applications and Services, 2016Co-Authors: Wahhab Albazrqaoe, Jun Huang, Guoliang XingAbstract:With the prevalence of personal Bluetooth devices, potential breach of user privacy has been an increasing concern. To date, sniffing Bluetooth traffic has been widely considered an extremely intricate task due to Bluetooth's indiscoverable mode, vendor-dependent adaptive hopping behavior, and the interference in the open 2.4 GHz band. In this paper, we present BlueEar -a practical Bluetooth traffic sniffer. BlueEar features a novel dual-radio architecture where two Bluetooth-compliant radios coordinate with each other on learning the hopping sequence of indiscoverable Bluetooth networks, predicting adaptive hopping behavior, and mitigating the impacts of RF interference. Experiment results show that BlueEar can maintain a Packet Capture rate higher than 90% consistently in real-world environments, where the target Bluetooth network exhibits diverse hopping behaviors in the presence of dynamic interference from coexisting Wi-Fi devices. In addition, we discuss the privacy implications of the BlueEar system, and present a practical countermeasure that effectively reduces the Packet Capture rate of the sniffer to 20%. The proposed countermeasure can be easily implemented on the Bluetooth master device while requiring no modification to slave devices like keyboards and headsets.
Javier Aracil - One of the best experts on this subject based on the ideXlab platform.
-
commodity Packet Capture engines tutorial cookbook and applicability
IEEE Communications Surveys and Tutorials, 2015Co-Authors: Victor Moreno, Jose Luis Garciadorado, Javier Ramos, Pedro Santiago M Del Rio, Francisco J Gomezarribas, Javier AracilAbstract:Users' demands have dramatically increased due to widespread availability of broadband access and new Internet avenues for accessing, sharing and working with information. In response, operators have upgraded their infrastructures to survive in a market as mature as the current Internet. This has meant that most network processing tasks (e.g., routing, anomaly detection, monitoring) must deal with challenging rates, challenges traditionally accomplished by specialized hardware—e.g., FPGA. However, such approaches lack either flexibility or extensibility—or both. As an alternative, the research community has proposed the utilization of commodity hardware providing flexible and extensible cost-aware solutions, thus entailing lower operational and capital expenditure investments. In this scenario, we explain how the arrival of commodity Packet engines has revolutionized the development of traffic processing tasks. Thanks to the optimization of both NIC drivers and standard network stacks and by exploiting concepts such as parallelism and memory affinity, impressive Packet Capture rates can be achieved in hardware valued at a few thousand dollars. This tutorial explains the foundation of this new paradigm, i.e., the knowledge required to Capture Packets at multi-Gb/s rates on commodity hardware. Furthermore, we thoroughly explain and empirically compare current proposals, and importantly explain how apply such proposals with a number of code examples. Finally, we review successful use cases of applications developed over these novel engines.
-
high performance network traffic processing systems using commodity hardware
Traffic Monitoring and Analysis, 2013Co-Authors: Jose Luis Garciadorado, Felipe Mata, Javier Ramos, Pedro Santiago M Del Rio, Victor Moreno, Javier AracilAbstract:The Internet has opened new avenues for information accessing and sharing in a variety of media formats. Such popularity has resulted in an increase of the amount of resources consumed in backbone links, whose capacities have witnessed numerous upgrades to cope with the ever-increasing demand for bandwidth. Consequently, network traffic processing at today's data transmission rates is a very demanding task, which has been traditionally accomplished by means of specialized hardware tailored to specific tasks. However, such approaches lack either of flexibility or extensibility--or both. As an alternative, the research community has pointed to the utilization of commodity hardware, which may provide flexible and extensible cost-aware solutions, ergo entailing large reductions of the operational and capital expenditure investments. In this chapter, we provide a survey-like introduction to high-performance network traffic processing using commodity hardware. We present the required background to understand the different solutions proposed in the literature to achieve high-speed lossless Packet Capture, which are reviewed and compared.
