polito.it
Politecnico di Torino (logo)

Opportunistic Traffic Monitoring with eBPF

Simone Magnani

Opportunistic Traffic Monitoring with eBPF.

Rel. Fulvio Giovanni Ottavio Risso. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2020

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution.

Download (1MB) | Preview
Abstract:

The growth of new technologies has opened new horizons for the network traffic monitoring and analysis. Innovative solutions like eBPF and XDP marked a clear distinction between traditional methodologies and new ones, which lead to a more personalized and, sometimes, more efficient filtering. Although, despite their flexibility and effectiveness, these technologies may seriously harm system performance, since they move the entire monitoring engine into the lowest layers of the operative system, introducing new problems related to the significant delay that an inefficient program may insert. This thesis proposes unusual and innovative usages of these new technologies, strengthening and favouring an in-kernel analysis of packets, and dynamically inserting or removing user-defined monitoring programs, exporting only the desired metrics using lightweight and standard data-interchange formats. Polycube is the framework used as reference, an open source research project developed by the Computer Network Group of Politecnico di Torino, which enables the creation of virtual networks and provides fast and lightweight network functions, as bridge, router, nat and many others. Within this complex and efficient framework, the service Dynmon has been created, starting from an early prototype, in order to accomplish dynamic network monitoring. The performance of this new service has been compared to a well-known and widely used tool, NetFlow, and the promising and surprising results point out the efficiency of this new monitoring method. Finally, this thesis presents also a real use case scenario, the TOSHI project, where Dynmon has been used in a more complex infrastructure, with the aim of detecting different cybersecurity attacks using eBPF/XDP as the packet analysis and features extraction method. Its usage perfectly meets the project need, which is to provide different dynamic network traffic monitoring probes, in order to extract packets features, according to the considered cybersecurity attacks.

Relatori: Fulvio Giovanni Ottavio Risso
Anno accademico: 2020/21
Tipo di pubblicazione: Elettronica
Numero di pagine: 98
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/15983
Modifica (riservato agli operatori) Modifica (riservato agli operatori)