Delgado García, Igor
Projects
QoSensor: Diseño de un sensor para el análisis de la QoS en redes de datos
Departamento de Industria - SAIOTEK 2005-2006
DET (UPV/EHU): Armando Ferro, Alejandro Muñoz, Luis Zabala, Igor Delgado, Alfredo Beaumont
Fundación Deusto
09/2005 - 12/2006
Fundación Deusto
09/2005 - 12/2006
Publications
An analytical model for loss estimation in network traffic analysis systems
Armando Ferro, Igor Delgado, Alex Muñoz and Fidel Liberal
Journal of Computer and System Sciences
Volume 72, Issue 7. Pages 1121-1133
November 2006
Volume 72, Issue 7. Pages 1121-1133
November 2006
ABSTRACT
Simulation models have been developed in order to foresee characteristics of networks, systems or protocols when carrying out tests in laboratories is very expensive or even impossible. This paper presents a simulation model of a multiprocessor network traffic analysis system. The model, which is based on closed networks of queues, evaluates the efficiency of the system depending on the hardware/software platform features. Therefore, this model is able to estimate performance early in the design and development stages simulating a multiprocessor architecture in charge of analysing network traffic. The goodness of the model will be checked by comparing analytical results with practical ones obtained in laboratory using a traffic analysis system that runs on a multiprocessor platform.
Simulation models have been developed in order to foresee characteristics of networks, systems or protocols when carrying out tests in laboratories is very expensive or even impossible. This paper presents a simulation model of a multiprocessor network traffic analysis system. The model, which is based on closed networks of queues, evaluates the efficiency of the system depending on the hardware/software platform features. Therefore, this model is able to estimate performance early in the design and development stages simulating a multiprocessor architecture in charge of analysing network traffic. The goodness of the model will be checked by comparing analytical results with practical ones obtained in laboratory using a traffic analysis system that runs on a multiprocessor platform.
Conference Papers
Software Architecture Based on Multiprocessor Platform to Apply Complex Intrusion Detection Techniques
Armando Ferro, Fidel Liberal, Alejandro Muñoz, Igor Delgado, Alfredo Beaumont
2005 IEEE International Carnahan Conference on Security Techniques
Las Palmas de Gran Canaria, Spain
October 11-14, 2005
Las Palmas de Gran Canaria, Spain
October 11-14, 2005
ABSTRACT
The importance of security issues in network environments has increased greatly lately. Intrusion Detection Systems play an important role in network security environments. Nevertheless, nowadays, data network speed is so high that performing intrusion detection tasks becomes challenging. This paper presents a software architecture that intends to exploit the parallelism available on up-to-date and future workstations to apply intrusion detection rules in high speed networks. To achieve this, a shared memory multiprocessor system has been developed. The system includes a powerful rule language that adds big flexibility to the system.
The importance of security issues in network environments has increased greatly lately. Intrusion Detection Systems play an important role in network security environments. Nevertheless, nowadays, data network speed is so high that performing intrusion detection tasks becomes challenging. This paper presents a software architecture that intends to exploit the parallelism available on up-to-date and future workstations to apply intrusion detection rules in high speed networks. To achieve this, a shared memory multiprocessor system has been developed. The system includes a powerful rule language that adds big flexibility to the system.
Migración al kernel de un sensor de análisis de tráfico en redes de alta velocidad
Aritz Bastida, Igor Delgado, Alfredo Beaumont
XX Symposium Nacional de la URSI
Gandia, Spain
September 14-16, 2005
Gandia, Spain
September 14-16, 2005
ABSTRACT
Traffic analyzers play a very important role in Network Engineering. They are used in firewalling, QoS, Intrusion Detection Systems (IDS), network monitoring,and so on. As networks become faster, more traffic needs to be processed and so, traffic analyzers should have more processing power as well. However, the hardware solutions that have been suggested for now are quite expensive so they are not always convenient. As for software solutions, they are generally not too efficient, as they normally run in the user area of the operating system. In this paper, we describe a network traffic analyzer that has been moved to the Linux kernel, so that its performance can be improved and the package loss ratio minimized.
Traffic analyzers play a very important role in Network Engineering. They are used in firewalling, QoS, Intrusion Detection Systems (IDS), network monitoring,and so on. As networks become faster, more traffic needs to be processed and so, traffic analyzers should have more processing power as well. However, the hardware solutions that have been suggested for now are quite expensive so they are not always convenient. As for software solutions, they are generally not too efficient, as they normally run in the user area of the operating system. In this paper, we describe a network traffic analyzer that has been moved to the Linux kernel, so that its performance can be improved and the package loss ratio minimized.
Análisis de mecanismos software para la captura pasiva y procesamiento de tráfico de red
Igor Delgado, Armando Ferro, Alfredo Beaumont, Alex Muñoz
V Jornadas de Ingeniería Telemática (JITEL'05)
Vigo. Spain
September 12-14, 2005
Vigo. Spain
September 12-14, 2005
ABSTRACT
Analysis of network traffic has become a really important task for many fields, from IDS to QoS evaluation. The great increase in the speed of networks, much faster than processor's performance increase, is making difficult to handle the processing of all network packets. One way to solve this problem is to move the processing to the hardware elements. This is a very expensive solution and, in some cases, improving the performance of the capturing software may be enough. Although current general purpose operating systems have been improving the performance of network processing, there is still place for improvement. In this paper we present in detail the way followed by a packet through the operating system until it is processed at user level. Some empirical measurements has been made along the packet journey in order to find the bottlenecks of the capturing process as well as discussing some ways to further increase the performance of the capturing process.
Analysis of network traffic has become a really important task for many fields, from IDS to QoS evaluation. The great increase in the speed of networks, much faster than processor's performance increase, is making difficult to handle the processing of all network packets. One way to solve this problem is to move the processing to the hardware elements. This is a very expensive solution and, in some cases, improving the performance of the capturing software may be enough. Although current general purpose operating systems have been improving the performance of network processing, there is still place for improvement. In this paper we present in detail the way followed by a packet through the operating system until it is processed at user level. Some empirical measurements has been made along the packet journey in order to find the bottlenecks of the capturing process as well as discussing some ways to further increase the performance of the capturing process.
An Analytical Model for Performance Evaluation of Network Traffic Analysis Systems
Armando Ferro, Igor Delgado, Alex Munoz, Fidel Liberal
The 11th International Conference on Parallel and Distributed Systems (ICPADS 2005)
Fukuoka, Japan
July 20-22, 2005
Fukuoka, Japan
July 20-22, 2005
ABSTRACT
Simulation models have been developed in order to foresee characteristics of networks, systems or protocols when doing tests in laboratories are very expensive or even impossible. This paper presents a simulation model of a multiprocessor network traffic analysis system. The model, which is based on closed networks of queues, evaluates the efficiency of the system depending on the hardware/software platform features. Therefore, this model is able to estimate performance early in the design and development stages simulating a multiprocessor architecture in charge of analysing network traffic. The goodness of the model will be checked by comparing analytical results with practical ones obtained in laboratory using a traffic analysis system that runs in a multiprocessor platform.
Simulation models have been developed in order to foresee characteristics of networks, systems or protocols when doing tests in laboratories are very expensive or even impossible. This paper presents a simulation model of a multiprocessor network traffic analysis system. The model, which is based on closed networks of queues, evaluates the efficiency of the system depending on the hardware/software platform features. Therefore, this model is able to estimate performance early in the design and development stages simulating a multiprocessor architecture in charge of analysing network traffic. The goodness of the model will be checked by comparing analytical results with practical ones obtained in laboratory using a traffic analysis system that runs in a multiprocessor platform.
A Multiprocessor Architecture for Passive Analysis of Network Traffic Focusing on Complex QoS Strategies
Armando Ferro, Igor Delgado, Fidel Liberal, Alex Muñoz
IEEE International Conference on Communications (ICC 2005)
Seoul, Korea
May 16-20, 2005
Seoul, Korea
May 16-20, 2005
ABSTRACT
Data communication is a widespread service in our society and the need for controlling the information interchange increases. Intending to solve this need, different kind of data capture systems (sensors or probes) have been implemented. The aim of this paper is to present a new architecture that analyses data providing essential information like complex quality of service statistics, intrusion detection, accounting... Nowadays, performance requirements limit the functionalities of sensors. Therefore, we have developed a high performance multiprocessor architecture which can process passively and online the captured packets in different ways. This improvement allows to apply complex QoS algorithms whose implementation is quite difficult if the number of connections to follow is high.
Data communication is a widespread service in our society and the need for controlling the information interchange increases. Intending to solve this need, different kind of data capture systems (sensors or probes) have been implemented. The aim of this paper is to present a new architecture that analyses data providing essential information like complex quality of service statistics, intrusion detection, accounting... Nowadays, performance requirements limit the functionalities of sensors. Therefore, we have developed a high performance multiprocessor architecture which can process passively and online the captured packets in different ways. This improvement allows to apply complex QoS algorithms whose implementation is quite difficult if the number of connections to follow is high.
An Implementation For The Estimation Of User Perceived QoS
Fidel Liberal, Jose Oscar Fajardo, Jose Luis Jodrá, Igor Delgado García
IADAT International Conference on Telecomunications and Computer Networks (IADAT-tcn2004)
San Sebastián, Spain
December 1-3, 2004
San Sebastián, Spain
December 1-3, 2004
ABSTRACT
This paper presents an overview of the research activities accomplished in the 'Telematics Engineering Group' (UPV/EHU) in the area of perceived QoS. We go over the achieved works until the current day and we present as well the scheduled research tasks regarding the measurement of QoS from an end user perspective. The proposed theoretical model is intended to analyse the performance experimented in every agent involved in the provision o f Internet services. Furthermore, we state several in-progress enhancements to the model and introduce an approach to empirically validate the model.
This paper presents an overview of the research activities accomplished in the 'Telematics Engineering Group' (UPV/EHU) in the area of perceived QoS. We go over the achieved works until the current day and we present as well the scheduled research tasks regarding the measurement of QoS from an end user perspective. The proposed theoretical model is intended to analyse the performance experimented in every agent involved in the provision o f Internet services. Furthermore, we state several in-progress enhancements to the model and introduce an approach to empirically validate the model.
A New Approach To Analysis Traffic Based On Multiprocessor Architectures
Igor Delgado García, Alfredo Beaumont, Jose Oscar Fajardo, Jose Luis Jodrá
IADAT International Conference on Telecomunications and Computer Networks (IADAT-tcn2004)
San Sebastián, Spain
December 1-3, 2004
San Sebastián, Spain
December 1-3, 2004
ABSTRACT
The current expansion of new services, which require high bandwidth rates, has enforced an increase of network throughput hindering network monitoring. Conventional network traffic analysis tools like tcpdump or ethereal were not designed to keep up with new rates so loss rates are very high. Consequently, we have developed a sensor that exploits multiprocessor features in order to reduce loss rates in high speed networks. Most network traffic analysis require communication among instances yielding synchronization troubles that must be solved. As the sensor splits traffic analysis loads among different processes, they will concurrently access to shared memory areas. Conventional synchronization mechanisms like semaphores are not a good approach because they harm sensor’s performance highly. Hence, in this paper we introduce a number of mechanisms that improve the overall performance of the sensor as a result of an effective communication among instances.
The current expansion of new services, which require high bandwidth rates, has enforced an increase of network throughput hindering network monitoring. Conventional network traffic analysis tools like tcpdump or ethereal were not designed to keep up with new rates so loss rates are very high. Consequently, we have developed a sensor that exploits multiprocessor features in order to reduce loss rates in high speed networks. Most network traffic analysis require communication among instances yielding synchronization troubles that must be solved. As the sensor splits traffic analysis loads among different processes, they will concurrently access to shared memory areas. Conventional synchronization mechanisms like semaphores are not a good approach because they harm sensor’s performance highly. Hence, in this paper we introduce a number of mechanisms that improve the overall performance of the sensor as a result of an effective communication among instances.
Herramienta de Captura y Análisis Concurrente de Tráfico en Redes de Alta Velocidad
Igor Delgado, Alfredo Beaumont, Jose Oscar Fajardo
XIX Simposium Nacional URSI
Barcelona, Spain
September, 2004
Barcelona, Spain
September, 2004
ABSTRACT
As networks become faster, traffic analizers and network intrusion detections systems have big problems handling all the traffic of a network. As a result of the investigation on this topic, looking for parallelism in the processing of the captured traffic, this document presents a tool designed for high-speed network traffic analysis. The tool is based on the concurrent analysis of multiple instances, using shared memory as an interface among instances and between modules of the system. The system includes a powerful rule language with adds big flexibility to the system, and so the tool may work in different areas involving traffic analysis, including both for Intrusion Detection System (IDS) and Quality of Service (QoS) analysis.
As networks become faster, traffic analizers and network intrusion detections systems have big problems handling all the traffic of a network. As a result of the investigation on this topic, looking for parallelism in the processing of the captured traffic, this document presents a tool designed for high-speed network traffic analysis. The tool is based on the concurrent analysis of multiple instances, using shared memory as an interface among instances and between modules of the system. The system includes a powerful rule language with adds big flexibility to the system, and so the tool may work in different areas involving traffic analysis, including both for Intrusion Detection System (IDS) and Quality of Service (QoS) analysis.
Gestión de reglas para el análisis de tráfico basado en un lenguaje estructurado
Armando Ferro, Fidel Liberal, Igor Delgado
XVIII Simposium Nacional URSI
A Coruña, Spain
September 10-12, 2003
A Coruña, Spain
September 10-12, 2003
ABSTRACT
The communication is very important in our society. As the need of controling the information interchange increases, data capture system has been implemented. Analysing data can provide essential information like intrusion detection, quality of service statistics, accounting… These scopes are differents so a unified language facilitates to compose rules and to interchange them with other systems. XML (Extensible Markup Language) tags are defined to create a large number of differents and complex rules. Then it was developed a parser which load in memory these rules.
The communication is very important in our society. As the need of controling the information interchange increases, data capture system has been implemented. Analysing data can provide essential information like intrusion detection, quality of service statistics, accounting… These scopes are differents so a unified language facilitates to compose rules and to interchange them with other systems. XML (Extensible Markup Language) tags are defined to create a large number of differents and complex rules. Then it was developed a parser which load in memory these rules.