Alysson Santos | Universidade Federal de Sergipe (original) (raw)

Uploads

Papers by Alysson Santos

Traffic identification and classification are essential tasks performed by Internet Service Provi... more Traffic identification and classification are essential tasks performed by Internet Service Provider (ISPs) administrators. Deep Packet Inspection (DPI) is currently playing a key role in traffic identification and classification due to its increased expressive power. To allow fair comparison among different DPI techniques and systems, workload generators should have the following characteristics: (i) synthetic packets with meaningful payloads; (ii) TCP and UDP traffic generation; (iii) a configurable network traffic profile, and (iv) a high-speed sending rate. This paper proposes a workload generator framework which inherits all of the above characteristics. A performance evaluation shows that our flexible workload generator system achieves very high sending rates over a 10Gbps network, using a commodity Linux machine. Additionally, we have configured and tested our workload generator following a real application traffic profile. We then analyzed its results within a DPI system, proving its accuracy and efficiency.

Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) syste... more Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) systems, which are the most accurate techniques for traffic identification and classification. However, building high performance DPI systems requires an in-depth and careful computing system design due to the memory and processing power demands. DPI's accuracy mostly depends on string matching process and regular expression heuristics that go deep down on the packet payloads in a search for networked application signatures. As ISPs backbone links' speed and data volume soar, commodity hardware-based DPI systems start to face performance bottlenecks (e.g., packet losses), which interferes on traffic classification accuracy dramatically. In this paper we propose a lightweight DPI (LW-DPI) system that overcomes performance bottlenecks of traditional DPI systems, without a significant decrease on accuracy. We evaluate LW-DPI's accuracy by inspecting two factors: a limited number of full-payload packets in a given flow or a fraction of the packet payload. Our experiments were performed using more than 6TB of packet-level data from a large ISP and show that there is some interesting trade-offs between such factors and accuracy. Most flows can be classified with only their first 7 packets or a fraction of their payload. We also show that the impact on DPI's processing time may decrease around 75% as compared to analyzing all full-payload packets in a flow.

Traffic identification and classification are essential tasks performed by Internet Service Provi... more Traffic identification and classification are essential tasks performed by Internet Service Provider (ISPs) administrators. Deep Packet Inspection (DPI) is currently playing a key role in traffic identification and classification due to its increased expressive power. To allow fair comparison among different DPI techniques and systems, workload generators should have the following characteristics: (i) synthetic packets with meaningful payloads; (ii) TCP and UDP traffic generation; (iii) a configurable network traffic profile, and (iv) a high-speed sending rate. This paper proposes a workload generator framework which inherits all of the above characteristics. A performance evaluation shows that our flexible workload generator system achieves very high sending rates over a 10Gbps network, using a commodity Linux machine. Additionally, we have configured and tested our workload generator following a real application traffic profile. We then analyzed its results within a DPI system, proving its accuracy and efficiency.

Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) syste... more Internet service providers (ISP) have been recently relying on deep packet inspection (DPI) systems, which are the most accurate techniques for traffic identification and classification. However, building high performance DPI systems requires an in-depth and careful computing system design due to the memory and processing power demands. DPI's accuracy mostly depends on string matching process and regular expression heuristics that go deep down on the packet payloads in a search for networked application signatures. As ISPs backbone links' speed and data volume soar, commodity hardware-based DPI systems start to face performance bottlenecks (e.g., packet losses), which interferes on traffic classification accuracy dramatically. In this paper we propose a lightweight DPI (LW-DPI) system that overcomes performance bottlenecks of traditional DPI systems, without a significant decrease on accuracy. We evaluate LW-DPI's accuracy by inspecting two factors: a limited number of full-payload packets in a given flow or a fraction of the packet payload. Our experiments were performed using more than 6TB of packet-level data from a large ISP and show that there is some interesting trade-offs between such factors and accuracy. Most flows can be classified with only their first 7 packets or a fraction of their payload. We also show that the impact on DPI's processing time may decrease around 75% as compared to analyzing all full-payload packets in a flow.

Log In