A programmable architecture for scalable and real-time network traffic measurements
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Accurate anomaly detection through parallelism
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Volunteer-based distributed traffic data collection system
ICACT'10 Proceedings of the 12th international conference on Advanced communication technology
AirLab: consistency, fidelity and privacy in wireless measurements
ACM SIGCOMM Computer Communication Review
| Hi-index | 0.00 |
We present an architecture for a Distributed Online Measurement Environment (DOME) which is a passive measurement system that correlates network information between several measurement nodes placed at different locations in the network to offer a large scale view of network operation. The system is capable of capturing packet traces and pre-processing them on the measurement node itself. Real-time queries are implemented by breaking them down into standard statistics that are updated during run-time. We present details of a prototype implementation of our architecture on an Intel IXP2400 network processor. The prototype is deployed on the main Internet access link of the University of Massachusetts and measurement results are validated against those obtained from an Endace DAG card. Performance of the prototype is compared to that of a conventional post processing system for an application to detect network anomalies.