A hadoop-based packet trace processing tool

Authors:
Yeonhee Lee;Wonchul Kang;Youngseok Lee
Affiliations:
Chungnam National University, Daejeon, Republic of Korea;Chungnam National University, Daejeon, Republic of Korea;Chungnam National University, Daejeon, Republic of Korea
Venue:
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Year:
2011

Citing 6
Cited 4

The Google file system

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
MapReduce: simplified data processing on large clusters

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Towards optimizing hadoop provisioning in the cloud

HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing
MapReduce online

NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Improving MapReduce performance in heterogeneous environments

OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation

Detecting DDoS attacks with Hadoop

Proceedings of The ACM CoNEXT Student Workshop
Toward scalable internet traffic measurement and analysis with Hadoop

ACM SIGCOMM Computer Communication Review
Review: A survey of network flow applications

Journal of Network and Computer Applications
Evaluating MapReduce for profiling application traffic

Proceedings of the first edition workshop on High performance and programmable networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Internet traffic measurement and analysis has become a significantly challenging job because large packet trace files captured on fast links could not be easily handled on a single server with limited computing and memory resources. Hadoop is a popular open-source cloud computing platform that provides a software programming framework called MapReduce and the distributed filesystem, HDFS, which are useful for analyzing a large data set. Therefore, in this paper, we present a Hadoopbased packet processing tool that provides scalability for a large data set by harnessing MapReduce and HDFS. To tackle large packet trace files in Hadoop efficiently, we devised a new binary input format, called PcapInputFormat, hiding the complexity of processing binary-formatted packet data and parsing each packet record. We also designed efficient traffic analysis MapReduce job models consisting of map and reduce functions. To evaluate our tool, we compared its computation time with a well-known packet-processing tool, CoralReef, and showed that our approach is more affordable to process a large set of packet data.