Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic

© 2020 Modern network traffic classification puts much attention toward producing a granular classification of the traffic, such as at the application service level. However, the classification process is often impaired by the lack of granular network traffic ground truth. Granular network traffic ground truth is critical to provide a benchmark for a fair evaluation of modern network traffic classification. Nevertheless, in modern network traffic classification, existing ground truth tools only managed to build the ground truth at the application name level at most. Application name level granularity is quickly becoming insufficient to address the current needs of network traffic classification and therefore; this paper presents the design, development and experimental evaluation of Grano-GT, a tool to build a reliable and highly granular network traffic ground truth for encrypted browser-based traffic at the application name and service levels. Grano-GT builds on four main engines which are packet capture, browser, application and service isolator engines. These engines work together to intercept the application requests and combine them with the support of temporal features and cascading filters to produce reliable and highly granular ground truth. Preliminary experimental results show that Grano-GT can classify the Internet traffic into respective application names with high reliability. Grano-GT achieved an average accuracy of more than 95% when validated using nDPI at the application name level. The remaining 5% loss of accuracy was primarily due to the unavailability of signatures in nDPI. In addition, Grano-GT managed to classify application service traffic with significant reliability and validated using the Kolmogorov-Smirnov test

Multi-objective flow measurement in software defined networks (SDN) for datacenter / Hamid Tahaei

Network traffic is growing exponentially due to the ever-increasing number of users, datacentres, Internet of Things (IoT) devices, and cloud-like applications/services. Network traffic monitoring and measurement has become a vital task and a crucial requirement for Datacentre Networks (DCNs) due to providing fine-grained and timely-based traffic flow information for network applications and management. Traditional network monitoring and measurement techniques either impose extra overhead into the network, or are inaccurate. In reducing the limitations in the traditional flow management systems, the most recent measurement methods elevate the accuracy and alleviate cost issues by applying an emerging technology known as Software-Defined Networking (SDN). SDN has emerged as an evolutionary paradigm in Datacentre Networks (DCN). It enables flexibility by separating the data from the control plane and centralising network decision making, and offers innovation in the network through network programmability. Despite the multitude of efforts proposed for traffic measurement in SDN, current solutions still incur high cost and limitations. These costs are seen as a multi-objective problem as it involves different overheads in the data and control plane such as controller overhead, communication overhead, and message interaction overhead. The problem is even more complex in different network deployments, “in-band and out-of-band”. Furthermore, the distinguishing property of SDN is the centralised controller architecture, which results in significant managerial benefits. Due to several scalability and availability issues of a centralised model, such as a single point of failure and network bottleneck, the controller has been made into a decentralised model that is physically distributed. However, little effort has been devoted to measurement techniques in SDN distributed controller architecture. Moreover, the imposed costs of flow measurement in distributed controller architecture are still an issue that remains unsolved. To address the aforementioned problems, a multi-objective and cost-effective network traffic flow measurement framework was proposed for DCNs. The proposed framework implements SDN capabilities to provide a fine-grained and accurate flow measurement that effectively minimises multi-objective costs for centralised and decentralised SDN controllers in different network deployments. The proposed framework is rigorously evaluated through several experiments, including emulation and simulation. The verification of both experiments is made with current state-of-the-art algorithms. To validate the simulation results, an available dataset from a public datacentre was used. The simulation results were then verified using statistical modelling and t-tests. The results obtained from the various experiments show the effectiveness of the proposed framework and algorithm

Cost Effective Network Flow Measurement for Software Defined Networks: A Distributed Controller Scenario

Software-defined networking (SDN) has emerged as an evolutionary paradigm in datacenter networks by separating data from control plane and centralizing network decision making. Traffic flow measurement in SDN is relatively lightweight in comparison to the traditional methods. It enables flow measurement system to overcome the issues of traditional measurement systems, such as cost and accuracy by employing a centralized controller. Nevertheless, a full physically centralized controller introduces negative impacts on the network as well as the measurement system (i.e., introducing extra overhead or accuracy issues). However, few efforts have been devoted to measurement techniques in SDN distributed controller architecture, where every controller pulls its corresponding flow statistics, and these statistics are required to expose by only one single expression as if they are collected by one controller. Moreover, the imposed costs of flow measurement in distributed controller architecture are still an issue that remains unsolved. In this paper, we attempt to fill in this gap and present a novel and a practical solution for a cost-effective measurement system in SDN distributed controller deployment. We also propose a synchronization mechanism for aggregating traffic statistics in the multiple controller model. We evaluate our method through extensive emulations in a datacenter topology and present our findings to demonstrate the impact of multiple controllers on overhead and accuracy

Cost Effective Network Flow Measurement for Software Defined Networks: A Distributed Controller Scenario

Software-defined networking (SDN) has emerged as an evolutionary paradigm in datacenter networks by separating data from control plane and centralizing network decision making. Traffic flow measurement in SDN is relatively lightweight in comparison to the traditional methods. It enables flow measurement system to overcome the issues of traditional measurement systems, such as cost and accuracy by employing a centralized controller. Nevertheless, a full physically centralized controller introduces negative impacts on the network as well as the measurement system (i.e., introducing extra overhead or accuracy issues). However, few efforts have been devoted to measurement techniques in SDN distributed controller architecture, where every controller pulls its corresponding flow statistics, and these statistics are required to expose by only one single expression as if they are collected by one controller. Moreover, the imposed costs of flow measurement in distributed controller architecture are still an issue that remains unsolved. In this paper, we attempt to fill in this gap and present a novel and a practical solution for a cost-effective measurement system in SDN distributed controller deployment. We also propose a synchronization mechanism for aggregating traffic statistics in the multiple controller model. We evaluate our method through extensive emulations in a datacenter topology and present our findings to demonstrate the impact of multiple controllers on overhead and accuracy

A multi-objective software defined network traffic measurement

Software Defined Networking (SDN) with defining characteristics, such as “separation of data and control plane” and “centralizing network control with decision making”, has significantly simplified network management. However, active monitoring techniques used to dynamically measure network traffic introduce additional overheads in the network, while a passive approach lacks accuracy in terms of traffic measurement. As a result, various efforts have been devoted to designing per-flow based network measurement system to address both accuracy and overhead challenges. Existing measurement techniques lack a multi-objective network measurement mechanism to overcome various overheads, like communication cost, controller computation, and accuracy in a real-time environment. Therefore, this paper presents a novel and practical solution to enable accurate real-time traffic matrix for the traffic measurement system in SDN. The solution is proposed to measure fine-grained monitoring task with less controller communication and computational cost with high accuracy. The solution is based on two measurement designs, namely: fixed and elastic schemas. Our experiments demonstrate that both fixed and elastic schemas achieve significant overhead reduction without compromising on accuracy