internet monitoring system

8/2/2019 Internet Monitoring System

1/15

Internet Monitoring System

(IMS)Prepared by

Betha Aris


2/15

Intercepting Internet traffic with 100 Gbps speed

Hardware-based interception (front-end)

Software-based control and monitor (back-end)

Realtime Deep Packet Capture/Inspection

Data Warehouse Business Intelligence

Data Mining

Key Point


3/15

Capturing each packet (real-time and without loss)

Time-stamping each packet with nanosecondprecision

Recognizing the sources, destination and protocol

Filtering for duplicating packet (relevant packets)

Slicing packets to multiple CPUs for processing

Recording each packet to disk

Criterias


4/15

With 30 million packets (@20Gbps), it means these

tasks need to be completed for a packet every 30nanoseconds.

With 10 Gbps in both directions, at least 25 Giga Bytesof data per seconds. It means we need at least 2.160

Tera Bytes of data per day.

Challenges


5/15

Capturing with passive probe

Filtering

Mediation and Handover

Reconstruction

Analysis Reporting

Processes

Front-End(Hardware-based

Intelligence System)

Back-End(Software-based

Intelligence System)


6/15

Username & Network Access Identifier

L2 L7 Protocol (MAC, VPN, MPLS, IPV4/6, UDP/TCP, FTP, HTTP, DHCP etc)

Dial-in Calling Number Identity

Cable Modem Identity

Generic Keyword Spotting (Regular Expression)

RADIUS (Subscribers name)

Email (POP, IMAP, SMTP)Webmail Sender and Its Contents

Chat/IM Conversation

VoIP

Encrypted Protocols (Skype, Torrent, VPN and SSL)

Parameters for Identifying

Filtering Criterias


7/15

Giga InterfaceCapturing data from thesource

Network Processing UnitsFiltering Data (Deep PacketInspection)

Data Mining & Text MiningDecoding and processing

data

Data WarehouseIndexing and data storage

Business IntelligenceRefining data through

multiple interactive analysis

Conceptual Framework


8/15

Multiple passive taps (copper/fibre @10Gbps)

Multiple network probe (@10Gbps)

Mediation Server

Network Elements (Switches, Routers, Racks, etc)

Front-End (Provider Edge)


9/15

Passive interception

IP probes with on-board DPI

L2 L7 Protocol detection

IP Protocol stack interception

MPLS, VLAN, VPN interception

Front-End Capabilities


10/15

Storage

Monitoring Systems

Analysis Result

Reporting

Other customization needs

Back-End (LEA Operational Center)


11/15

How IMS Works


12/15

Proposed Network TopologyCan be changed based on further requirements/identifications


13/15

How NPUs Works


14/15

How Indexing Works


15/15

Proof of Concept

internet monitoring system

Documents