data analytics at line speed over controlled network team :alpha adroit ankit dwivedi nitish jain...

DATA ANALYTICS AT LINE SPEED OVER CONTROLLED NETWORK

TEAM :ALPHA ADROIT

ANKIT DWIVEDINITISH JAINPUNEETH REDDYRITU ARORAVINIT MELINAMANI

PROBLEM STATEMENT

(Software based) Data Analyzer

• Software based data analyzers Cannot achieve line

speed Packet decoding

overhead

DASHBOARD

PKT1

PKT1PKT1

PKT2

PKT2PKT2

2)Complex software and infrastructure

1)Slow

APPLICATION

Subscribers/Consumer

Gateway Router

Data Analysis System

Provides Organization with –

• Malicious Activity/Distributed Attack Notification

• Unauthorized Website Access

• Traffic Monitoring and Distribution

MULTI CORE IMPLEMENTATION

IN F

IFO

Arb

iter

OU

TPU

T Q

UEU

ESP1

CORE 2

CORE 1

P2

P1P1

INFORMATION

EXTRACTED!!

P2P2

P2

INFORMATION

EXTRACTED!!

P2P Detection System

Intrusion Detection System

P2P Detection System

Intrusion Detection System

FINISHED!!FINISHED!

!

FINISHED!!

FINISHED!!

P2P Hardware Accelerator: Pattern Matcher

Hardware Accelerator – An Overview

1.Source IP Address 2. Unauthorized access

1.Source IP Address 2. Authorized access

1.Source IP2.Destination IP3.Pattern match4.Detected Pattern - XXX

P2PDETECTION SYSTEM

PATTERN MATCHING

ENGINE

PKT

PKT

PKT

PKTPKTPKT

FLOW OF INSTRUCTIONS - SINGLE CORE DUAL THREAD

REGISTERFILE

INST.MEMORY

CONTROL UNIT

ALU

DATAMEMORY

ZERO

MUX

MUX

MUX

SIGN EXT.

PC1

PC2

MU

X

PC

THREAD SCHEDULER

ADD $3,$2,$1

T1

$3,$2,$1

$2,$1$3

$2

$1

$3

T1

SUM

SUM

$3 $3

SUM

BEQ TA,$3,$2

TA,$3,$2

$3,$2 $2

$3

TA

TA

TA

Z

TATA

Z

SAMPLE PACKET FLOW

Control Node (NetFPGA)

Node 1

Node 3Node 4

Node5

PKT

DASHBOARD

Control Node

Node1

Node3

Node4

Node5

Network Topology

Node5

Threshold level

Dat

a(K

b)

Torrentz

Control Node(NetFPGA)

Node1

Node3Node4

Node5

P2P PACKET FLOW

PKT

PKTPKT

DASHBOARD

Control Node

Node1

Node3

Node4

Node5

Network Topology

Node5

Threshold level

Restricted Website Access

Node 4 - 10.1.3.3 Pattern - XXXX

Malicious Activity

Node 1 - 10.1.0.3 Pattern - YYYY Node 6 - 10.1.5.3 Pattern - ZZZZSequence – XXXX- YYYY- ZZZZ

Distributed Attack

Traffic Distribution

Dat

a(K

b)

Torrentz

HTTP9%

RTP21%

TCP6%

UDP63%