Skip to main content
SpringerLink
Log in

Towards Smarter Probes: In-Network Traffic Capturing and Processing

  • Chapter
  • First Online:
Trustworthy Internet

Abstract

Monitoring is a matter of the greatest importance for the correct operation of current communication networks. In spite of that, analyzing and checking out the traffic flowing over a high capacity link is still a very challenging technological issue, due to the huge amount of data stemming from such a process. Furthermore, current national and international legislation is imposing stricter and stricter limits on the storage and utilization of potentially privacy-sensitive data that may be generated from monitoring applications. We argue that both of these problems can be effectively addressed by increasing and extending the capabilities of traffic capturing devices beyond plain packet capturing and flow metering. Therefore, we envision a new generation of smart probes that support traffic pre-processing according to the needs of the specific application that is expected to provide the final results of the monitoring activity. The benefits of such an approach are two-fold: on one hand, in-network traffic filtering allows to discard a huge amount of information which is not relevant at all to the selected application, thus relaxing the performance requirements of the application itself. On the other hand, traffic pre-processing can be used to hide personal information that may be made available only to a user in possession of the required privileges upon verification of a given condition. Following such a general approach we propose a modular architecture that allows application specific traffic pre-processing to be carried out in a scalable and performance-effective way. Such an architecture interacts with the external network by enforcing strict role-based policies, thus allowing selective and proportional information disclosure; the architecture as it is can be easily integrated with a standard access control infrastructure. An example application is demonstrated in order to prove the effectiveness of the proposal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Snort. http://www.snort.org

  2. Keys, K., Moore, D., Koga, R., Lagache, E., Tesch, M., Claffy, K.: The architecture of coralreef: an internet traffic monitoring software suite. In: In PAM (2001)

    Google Scholar 

  3. Paxson, V., Mahdavi, J., Adams, A., Mathis, M.: An architecture for large scale internet measurement. IEEE Commun. Mag. 36(8), 48–54 (1998)

    Article  Google Scholar 

  4. Cisco: Approaching the zettabyte era. http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705 /ns827/white_paper_c11-481374_ns827_Networking_Solutions_White_Paper.html (2008)

  5. Cisco: Cisco systems netflow services export version 9. http://www.ietf.org/rfc/rfc3954.txt (2004)

  6. Ip flow information export (ipfix). http://www.datatracker.ietf.org/wg/ipfix/charter/

  7. Endace. http://www.endace.com

  8. Palo alto networks. http://www.paloaltonetworks.com

  9. Bianchi, G., Boschi, E., Gaudino, F., Koutsoloukas, E.A., Lioudakis, G.V., Rao, S., Ricciato, F., Schmoll, C., Strohmeier, F.: Privacy-preserving network monitoring: Challenges and solutions. In: 17th ICT Mobile and Wireless Communications Summit 2008 (2008)

    Google Scholar 

  10. FP7-PRISM: Deliverable d3.1.1 : State of the art on data protection algorithms for monitoring systems. Technical report http://fp7-prism.eu/images/upload/Deliverables/fp7-prism-wp3.1-d3.1.1-final.pdf (2008)

  11. Hintz, A.: Fingerprinting websites using traffic analysis. In: Workshop on Privacy Enhancing Technologies (2002)

    Google Scholar 

  12. Bissias, G., Liberatore, M., Jensen, D., Levine, B.: Privacy vulnerabilities in encrypted http streams. In: Danezis, G., Martin, D. (eds.) Privacy Enhancing Technologies, Lecture Notes in Computer Science, vol. 3856, pp. 1–11. Springer, Berlin (2006)

    Google Scholar 

  13. Yurcik, W., Woolam, C., Hellings, G., Khan, L., Thuraisingham, B.: Privacy/analysis tradeoffs in sharing anonymized packet traces: Single-field case. In: ARES ’08: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security. pp. 237–244. IEEE Computer Society, Washington, DC, USA (2008)

    Google Scholar 

  14. Cormode, G., Muthukrishnan, S.: An improved data stream summary: The count-min sketch and its applications. J. Algorithms. 55, 29–38 (2004)

    Google Scholar 

  15. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM. 13, 422–426 (1970)

    Article  MATH  Google Scholar 

  16. Fp7 prism. http://fp7-prism.eu/

  17. FP7-PRISM: Deliverable d2.2.2: Detailed system architecture specification. Technical report http://telscom.ch/wp-content/uploads/Prism/FP7-PRISM-WP2.2-D2.2.2.pdf (2010)

  18. Lioudakis, G.V., Gogoulos, F., Antonakopoulou, A., Mousas, A.S., Venieris, I.S., Kaklamani, D.I.: An access control approach for privacy-preserving passive network monitoring. In: Proceedings of the International Conference for Internet Technology and Secured Transactions, ICITST 2009. pp. 1–8 (2009)

    Google Scholar 

  19. Ficara, D., Giordano, S., Procissi, G., Vitucci, F.: Multilayer compressed counting bloom filters. In: Proceedings of the 27th IEEE Conference on Computer Communications, INFOCOM 2008. pp. 311–315 (2008)

    Google Scholar 

  20. Ficara, D., Giordano, S., Procissi, G., Vitucci, F.: Blooming trees: space-efficient structures for data representation. In: Proceedings of the IEEE Internaional Conference on Communications, ICC ’08. pp. 5828–5832 (2008)

    Google Scholar 

  21. Antichi, G., Ficara, D., Giordano, S., Procissi, G., Vitucci, F.: Counting bloom filters for pattern matching and anti- evasion at the wire speed. Netw. Mag. Global Internetwkg. 23(1), 30–35 (2009)

    Google Scholar 

  22. Bianchi, G., Boschi, E., Teofili, S., Trammell, B.: Measurement data reduction through variation rate metering. In: Proceedings of the IEEE INFOCOM. pp. 1–9 (2010)

    Google Scholar 

  23. Sun, C., Hu, C., Tang, Y., Liu, B.: More accurate and fast syn flood detection. In: Proceedings of the 18th Internatonal Conference on Computer Communications and Networks, ICCCN 2009. pp. 1–6 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CNIT and Dipartimento di Ingegneria dell’Informazione, Università di Pisa, Via Caruso 16, 56122, Pisa, Italy

    Nicola Bonelli, Andrea DiPietro, Stefano Giordano & Gregorio Procissi

Authors
  1. Nicola Bonelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrea DiPietro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefano Giordano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gregorio Procissi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fabio Vitucci
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gregorio Procissi .

Editor information

Editors and Affiliations

  1. , Information Engineering, University of Brescia, Via Branze 38, Brescia, 25123, Italy

    Luca Salgarelli

  2. , Electronic Engineering, University of Rome Tor Vergata, Via del Politecnico 1, Rome, 00133, Italy

    Giuseppe Bianchi

  3. , Electronic Engineering, University of Rome, Tor Vergata, Via del Politecnico 1, Rome, 00133, Italy

    Nicola Blefari-Melazzi

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Italia Srl

About this chapter

Cite this chapter

Bonelli, N., DiPietro, A., Giordano, S., Procissi, G., Vitucci, F. (2011). Towards Smarter Probes: In-Network Traffic Capturing and Processing. In: Salgarelli, L., Bianchi, G., Blefari-Melazzi, N. (eds) Trustworthy Internet. Springer, Milano. https://doi.org/10.1007/978-88-470-1818-1_22

Download citation

  • DOI: https://doi.org/10.1007/978-88-470-1818-1_22

  • Published:

  • Publisher Name: Springer, Milano

  • Print ISBN: 978-88-470-1817-4

  • Online ISBN: 978-88-470-1818-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation