ETD system

Electronic theses and dissertations repository


Tesi etd-04052012-111741

Thesis type
Tesi di dottorato di ricerca
email address
Architectures and algorithms for packet processing and network monitoring
Settore scientifico disciplinare
Corso di studi
relatore Ing. Procissi, Gregorio
relatore Prof. Russo, Franco
tutor Prof. Giordano, Stefano
Parole chiave
  • network monitoring - packet processing
Data inizio appello
Riassunto analitico
As internet is becoming a critical infrastructure and the amount of traffic<br>carried on it is rapidly growing, along with the potential security<br>threats, monitoring is becoming more and more a crucial activity to the<br>correct operations of networks and network based services. However,<br>the amount of data to be analyzed, the extreme variety of the analysis<br>to be supported, along with the need to correlate data from different<br>sources and the limitations imposed by the privacy legislation make<br>network monitoring a difficult and challenging task. In this work we explore<br>several research fields, all of them related to network monitoring<br>and testing. First of all, we propose tomographic techniques, that allow<br>to infer the internal state of the network by applying statistical analysis<br>to measurements carried out by the end–hosts, with no cooperation<br>from the internal nodes. We then illustrate novel algorithms and data<br>structures for speeding up expensive packet processing tasks, such as<br>deep packet inspection. Subsequently, we move on to architectural topics<br>and show how general purpose processors and special purpose devices<br>can complement each other in order to build monitoring and testing systems<br>offering an optimal trade–off between flexibility and performance.<br>Moreover, we also investigate on the potential that the modern commodity<br>hardware (which is highly parallel) provides and on how this can be<br>leveraged for the benefit of the network monitoring applications. Finally,<br>we delve into the topic of distributed monitoring and propose novel solutions<br>for building an overlay of monitoring probes which can efficiently<br>correlate the observed data, thus avoiding the scalability bottleneck of an<br>architecture based on a single collection point.