Rethinking Deep Packet Inspection design and deployment in the era of SDN and NFV

With the advent of Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), the design and deployment of DPI (Deep Packet Inspection) must be reconsidered. The programmability, global visibility and centralized control of SDN, as well as the NFV enabled lightweight service creation and migration, have potential to empower the capability of DPI tools. On the other hand, dynamic environments make the deployment of DPI challenging. Although it has been validated that some security functions like firewall, and Intrusion Detection System (IDS) can be implemented in SDN controllers or NFV, it remains unclear whether or not DPI can be done in the similar way considering its sophisticated interactions with the network traffic packets, especially for the stateful protocols and encrypted traffic. In other words, the design and deployment of DPI in an SDN and NFV architecture would not be as straightforward. Therefore, this paper aims to shed the light on the challenges facing DPI design and deployment in the context of SDN and NFV and propose a solution to overcome them

Monitoring and Indentification Packet in Wireless with Deep Packet Inspection Method

Layer 2 and Layer 3 are used to make a process of network monitoring, but with the development of applications on the network such as the p2p file sharing, VoIP, encrypted, and many applications that already use the same port, it would require a system that can classify network traffics, not only based on port number classification. This paper reports the implementation of the deep packet inspection method to analyse data packets based on the packet header and payload to be used in packet data classification. If each application can be grouped based on the application layer, then we can determine the pattern of internet users and also to perform network management of computer science department. In this study, a prototype wireless network and applications SSO were developed to detect the active user. The focus is on the ability of open DPI and nDPI in detecting the payload of an application and the results are elaborated in this paper

Klasifikasi Trafik Terenkripsi Menggunakan Metode Deep Packet Inspection

Tujuan dari penelitian ini adalah untuk mendesain simulasi online network untuk capture paket data terenkripsi dan melakukan proses ekstraksi fitur-fitur paket data yang terenkripsi. Metode yang digunakan adalah Deep Packet Inspection (DPI) dengan menggunakan Regular Expressions dalam proses mengenali pola trafik terenskripsi. Data yang digunakan dalam penelitian ini adalah paket data normal dan paket data terenkripsi dalam jaringan, dimana dari data tersebut data yang akan diolah adalah paket data yang terenkripsi (SSL/TLS). Hasil yang didapatkan menunjukkan bahwa pola dari paket terenskrip (SSL) memiliki Field yang terdiri dari Record Content Type, Protocol Version, Handshake Type dan Service. TLS 1.0 memiliki pola 0x16  0x0100 0x01 0x0b. TLS 1.2 memiliki pola 0x16  0x0300 0x03 0x0

A Novel Hybrid Security Framework (HSF) with Vshield Based Firewall to Secure Cloud Computing Environment

Cloud Computing is an emerging technology that provides an enormous amount of computing resources which includes networks, servers and storages which are accessed through the internet. In addition it allows useful provisioning of the resources based on the user’s demands. A crucial aspect of cloud computing infrastructure is to provide secure and reliable services.  The main challenge lies in the security issues is to reduce the impact of third party attacks in the cloud computing environment. Hence a novel Hybrid Security Framework(HSF) based on Reinforcement Learning (RL) Methodology with Vshield Firewall is proposed for securing the cloud environment.  The RL method is used for deep packet inspection and VShiled based firewall is established to deny the attacks which are malicious when authenticating the signature of incoming packets. The bipartite pattern matching approach is integrated with the RL method to verify the signatures for obtaining the decisions quickly.  The simulation results shows that the hybrid security framework is effective when compared with the existing methods by considering response time, resource utilization and denial of malicious attacks.  This indicates that our proposed framework achieves not only better security but also attains better efficiency in cloud computing environment

Fast Packet Processing on High Performance Architectures

The rapid growth of Internet and the fast emergence of new network applications have brought great challenges and complex issues in deploying high-speed and QoS guaranteed IP network. For this reason packet classication and network intrusion detection have assumed a key role in modern communication networks in order to provide Qos and security. In this thesis we describe a number of the most advanced solutions to these tasks. We introduce NetFPGA and Network Processors as reference platforms both for the design and the implementation of the solutions and algorithms described in this thesis. The rise in links capacity reduces the time available to network devices for packet processing. For this reason, we show different solutions which, either by heuristic and randomization or by smart construction of state machine, allow IP lookup, packet classification and deep packet inspection to be fast in real devices based on high speed platforms such as NetFPGA or Network Processors

Techniques For Accelerating Large-Scale Automata Processing

The big-data era has brought new challenges to computer architectures due to the large-scale computation and data. Moreover, this problem becomes critical in several domains where the computation is also irregular, among which we focus on automata processing in this dissertation. Automata are widely used in applications from different domains such as network intrusion detection, machine learning, and parsing. Large-scale automata processing is challenging for traditional von Neumann architectures. To this end, many accelerator prototypes have been proposed. Micron\u27s Automata Processor (AP) is an example. However, as a spatial architecture, it is unable to handle large automata programs without repeated reconfiguration and re-execution. We found a large number of automata states are never enabled in the execution but still configured on the AP chips, leading to its underutilization. To address this issue, we proposed a lightweight offline profiling technique to predict the never-enabled states and keep them out of the AP. Furthermore, we develop SparseAP, a new execution mode for AP to handle the misprediction efficiently. Our software and hardware co-optimization obtains 2.1x speedup over the baseline AP execution across 26 applications. Since the AP is not publicly available, we aim to reduce the performance gap between a general-purpose accelerator---Graphics Processing Unit (GPU) and AP. We identify excessive data movement in the GPU memory hierarchy and propose optimization techniques to reduce the data movement. Although our optimization techniques significantly alleviate these memory-related bottlenecks, a side effect of them is the static assignment of work to cores. This leads to poor compute utilization as GPU cores are wasted on idle automata states. Therefore, we propose a new dynamic scheme that effectively balances compute utilization with reduced memory usage. Our combined optimizations provide a significant improvement over the previous state-of-the-art GPU implementations of automata. Moreover, they enable current GPUs to outperform the AP across several applications while performing within an order of magnitude for the rest of them. To make automata processing on GPU more generic to tasks with different amounts of parallelism, we propose AsyncAP, a lightweight approach that scales with the input length. Threads run asynchronously in AsyncAP, alleviating the bottleneck of thread block synchronization. The evaluation and detailed analysis demonstrate that AsyncAP achieves significant speedup or at least comparable performance under various scenarios for most of the applications. The future work aims to design automatic ways to generate optimizations and mappings between automata and computation resources for different GPUs. We will broaden the scope of this dissertation to domains such as graph computing

Proceedings, MSVSCC 2018

Proceedings of the 12th Annual Modeling, Simulation & Visualization Student Capstone Conference held on April 19, 2018 at VMASC in Suffolk, Virginia. 155 pp

Safety and Reliability - Safe Societies in a Changing World

The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management - mathematical methods in reliability and safety - risk assessment - risk management - system reliability - uncertainty analysis - digitalization and big data - prognostics and system health management - occupational safety - accident and incident modeling - maintenance modeling and applications - simulation for safety and reliability analysis - dynamic risk and barrier management - organizational factors and safety culture - human factors and human reliability - resilience engineering - structural reliability - natural hazards - security - economic analysis in risk managemen