TY - GEN
T1 - Intentional network monitoring
T2 - 13th ACM SIGCOMM Workshop on Hot Topics in Networks, HotNets 2014
AU - Donovan, Sean
AU - Feamster, Nick
N1 - Publisher Copyright:
Copyright © 2014 ACM.
PY - 2014/10/27
Y1 - 2014/10/27
N2 - Monitoring network traffic serves many purposes, from security to accounting, yet current mechanisms for collecting network traffic are typically based on low-level features of network traffic (e.g., IP addresses, port numbers), rather than characteristics that more closely map to intent (e.g., people, applications, or devices). In this paper, we present the case for intentional network monitoring-the practice of capturing the minimal set of traffic that satisfies the operator's monitoring intent or goal-and a preliminary design and implementation for NetAssay, a system that enables intentional monitoring. A significant challenge in developing NetAssay is developing a runtime that can maintain a mapping between stable abstractions that an operator or programmer might use to express intent (e.g., a username) and the dynamic, heterogeneous data that establishes these associations (e.g., information from a login server or DNS record). We present examples that show how the NetAssay runtime can perform late binding between these mappings and network flow space and discuss the research and technical challenges associated with establishing more general late-binding mechanisms.
AB - Monitoring network traffic serves many purposes, from security to accounting, yet current mechanisms for collecting network traffic are typically based on low-level features of network traffic (e.g., IP addresses, port numbers), rather than characteristics that more closely map to intent (e.g., people, applications, or devices). In this paper, we present the case for intentional network monitoring-the practice of capturing the minimal set of traffic that satisfies the operator's monitoring intent or goal-and a preliminary design and implementation for NetAssay, a system that enables intentional monitoring. A significant challenge in developing NetAssay is developing a runtime that can maintain a mapping between stable abstractions that an operator or programmer might use to express intent (e.g., a username) and the dynamic, heterogeneous data that establishes these associations (e.g., information from a login server or DNS record). We present examples that show how the NetAssay runtime can perform late binding between these mappings and network flow space and discuss the research and technical challenges associated with establishing more general late-binding mechanisms.
KW - Network Monitoring
KW - Software-defined networking (SDN)
UR - http://www.scopus.com/inward/record.url?scp=84914703558&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84914703558&partnerID=8YFLogxK
U2 - 10.1145/2670518.2673872
DO - 10.1145/2670518.2673872
M3 - Conference contribution
AN - SCOPUS:84914703558
T3 - Proceedings of the 13th ACM Workshop on Hot Topics in Networks, HotNets 2014
BT - Proceedings of the 13th ACM Workshop on Hot Topics in Networks, HotNets 2014
PB - Association for Computing Machinery
Y2 - 27 October 2014 through 28 October 2014
ER -