ETD system

Electronic theses and dissertations repository

 

Tesi etd-04052012-111741


Thesis type
Tesi di dottorato di ricerca
Author
DI PIETRO, ANDREA
email address
andrea.dipietro@for.unipi.it
URN
etd-04052012-111741
Title
Architectures and algorithms for packet processing and network monitoring
Settore scientifico disciplinare
ING-INF/03
Corso di studi
INGEGNERIA DELL'INFORMAZIONE
Commissione
relatore Ing. Procissi, Gregorio
relatore Prof. Russo, Franco
tutor Prof. Giordano, Stefano
Parole chiave
  • network monitoring - packet processing
Data inizio appello
01/06/2012;
Consultabilità
completa
Riassunto analitico
As internet is becoming a critical infrastructure and the amount of traffic<br>carried on it is rapidly growing, along with the potential security<br>threats, monitoring is becoming more and more a crucial activity to the<br>correct operations of networks and network based services. However,<br>the amount of data to be analyzed, the extreme variety of the analysis<br>to be supported, along with the need to correlate data from different<br>sources and the limitations imposed by the privacy legislation make<br>network monitoring a difficult and challenging task. In this work we explore<br>several research fields, all of them related to network monitoring<br>and testing. First of all, we propose tomographic techniques, that allow<br>to infer the internal state of the network by applying statistical analysis<br>to measurements carried out by the end–hosts, with no cooperation<br>from the internal nodes. We then illustrate novel algorithms and data<br>structures for speeding up expensive packet processing tasks, such as<br>deep packet inspection. Subsequently, we move on to architectural topics<br>and show how general purpose processors and special purpose devices<br>can complement each other in order to build monitoring and testing systems<br>offering an optimal trade–off between flexibility and performance.<br>Moreover, we also investigate on the potential that the modern commodity<br>hardware (which is highly parallel) provides and on how this can be<br>leveraged for the benefit of the network monitoring applications. Finally,<br>we delve into the topic of distributed monitoring and propose novel solutions<br>for building an overlay of monitoring probes which can efficiently<br>correlate the observed data, thus avoiding the scalability bottleneck of an<br>architecture based on a single collection point.
File