HKUST Library Institutional Repository Banner

HKUST Institutional Repository >
Computer Science and Engineering >
CSE Master Theses  >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1783.1/7088
Title: Datacenter traffic monitoring and anomaly detection
Authors: Li, Ang
Issue Date: 2010
Abstract: As cloud computing has become a popular service recent years, a number of big companies, such as Google, Yahoo!, Microsoft, Amazon and Apple, have constructed large datacenters to provide such services. Meanwhile, datacenter monitoring and network traffic analysis is important for planning, building and managing of datacenters. However, research in these areas has become challenging because of the large investment needed for building datacenter-scale testbeds. In this thesis, based on the analysis of characteristics of the network consisting of different virtual machines on one single physical machine and that consisting of different physical machines, we propose to emulate the datacenter network environment based on the Xen architecture, on which we can host a number of virtual machines emulating physical machines residing in a datacenter network. Thus, the emulation environment can provide a good platform for planning, and deciding monitoring strategy without costly full implementation for large scale equipment. We have evaluated our emulation based on the comparison of network performance data under TCP workloads. Meanwhile, the network analysis based on the monitoring traces generated on the emulation environment or real datacenters is also a grand technical challenge in large datacenters. It is also crucial since it provides evidences for anomaly detection which is important for the security of cloud computing services. In this thesis, we have studied the structural characteristics of IP address octets observed in large datacenters, and presented centroid based measures to capture the inherent IP structure in high-volume datacenter traffic, and subsequently designed a simple yet effective algorithm to detect abnormal traffic patterns caused by network attacks such as worms, viruses, and distributed denial of service (DDoS) attacks. We evaluate the effectiveness and efficiency of this algorithm with synthetic traffic that combines real datacenter traffic collected from a large Internet content provider with worm traces or DDos packets.
Description: Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2010
xi, 58 p. : ill. ; 30 cm
HKUST Call Number: Thesis CSED 2010 LiA
URI: http://hdl.handle.net/1783.1/7088
Appears in Collections:CSE Master Theses

Files in This Item:

File Description SizeFormat
th_redirect.html0KbHTMLView/Open

All items in this Repository are protected by copyright, with all rights reserved.