The fast evolving nature of modern cyber threats and network monitoring needscalls for new, "software-defined", approaches to simplify and quickenprogramming and deployment of online (stream-based) traffic analysis functions.StreaMon is a carefully designed data-plane abstraction devised to scalablydecouple the "programming logic" of a traffic analysis application (trackedstates, features, anomaly conditions, etc.) from elementary primitives(counting and metering, matching, events generation, etc), efficientlypre-implemented in the probes, and used as common instruction set forsupporting the desired logic. Multi-stage multi-step real-time tracking anddetection algorithms are supported via the ability to deploy custom states,relevant state transitions, and associated monitoring actions and triggeringconditions. Such a separation entails platform-independent, portable, onlinetraffic analysis tasks written in a high level language, without requiringdevelopers to access the monitoring device internals and program their custommonitoring logic via low level compiled languages (e.g., C, assembly, VHDL). Wevalidate our design by developing a prototype and a set of simple (butfunctionally demanding) use-case applications and by testing them over realtraffic traces.
展开▼
