Software Defined Monitoring of Application Protocols

journal article in Web of Science

English

With the ongoing shift of network services to the application layer also the monitoring systems focus more on the data from the application layer. The increasing speed of the network links, together with the increased complexity of application protocol processing, require a new way of hardware acceleration. We propose a new concept of hardware acceleration for flexible flow-based application level traffic monitoring which we call Software Defined Monitoring. Application layer processing is performed by monitoring tasks implemented in the software in conjunction with a configurable hardware accelerator. The accelerator is a high-speed application-specific processor tailored to stateful flow processing. The software monitoring tasks control the level of detail retained by the hardware for each flow in such a way that the usable information is always retained, while the remaining data is processed by simpler methods. Flexibility of the concept is provided by a plugin-based design of both hardware and software, which ensures adaptability in the evolving world of network monitoring. Our high-speed implementation using FPGA acceleration board in a commodity server is able to perform a 100 Gb/s flow traffic measurement augmented by a selected application-level protocol analysis.

Network Monitoring, Acceleration, Security, FPGA, L7

KEKELY, L.; KUČERA, J.; PUŠ, V.; KOŘENEK, J.; VASILAKOS, A.

2015

16. 4. 2015

0018-9340

IEEE TRANSACTIONS ON COMPUTERS

65

2

United States of America

615

626

12

https://www.fit.vut.cz/research/publication/10942/