Bolvedere: a scalable network flow threat analysis system
- Authors: Herbert, Alan
- Date: 2019
- Subjects: Bolvedere (Computer network analysis system) , Computer networks -- Scalability , Computer networks -- Measurement , Computer networks -- Security measures , Telecommunication -- Traffic -- Measurement
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/71557 , vital:29873
- Description: Since the advent of the Internet, and its public availability in the late 90’s, there have been significant advancements to network technologies and thus a significant increase of the bandwidth available to network users, both human and automated. Although this growth is of great value to network users, it has led to an increase in malicious network-based activities and it is theorized that, as more services become available on the Internet, the volume of such activities will continue to grow. Because of this, there is a need to monitor, comprehend, discern, understand and (where needed) respond to events on networks worldwide. Although this line of thought is simple in its reasoning, undertaking such a task is no small feat. Full packet analysis is a method of network surveillance that seeks out specific characteristics within network traffic that may tell of malicious activity or anomalies in regular network usage. It is carried out within firewalls and implemented through packet classification. In the context of the networks that make up the Internet, this form of packet analysis has become infeasible, as the volume of traffic introduced onto these networks every day is so large that there are simply not enough processing resources to perform such a task on every packet in real time. One could combat this problem by performing post-incident forensics; archiving packets and processing them later. However, as one cannot process all incoming packets, the archive will eventually run out of space. Full packet analysis is also hindered by the fact that some existing, commonly-used solutions are designed around a single host and single thread of execution, an outdated approach that is far slower than necessary on current computing technology. This research explores the conceptual design and implementation of a scalable network traffic analysis system named Bolvedere. Analysis performed by Bolvedere simply asks whether the existence of a connection, coupled with its associated metadata, is enough to conclude something meaningful about that connection. This idea draws away from the traditional processing of every single byte in every single packet monitored on a network link (Deep Packet Inspection) through the concept of working with connection flows. Bolvedere performs its work by leveraging the NetFlow version 9 and IPFIX protocols, but is not limited to these. It is implemented using a modular approach that allows for either complete execution of the system on a single host or the horizontal scaling out of subsystems on multiple hosts. The use of multiple hosts is achieved through the implementation of Zero Message Queue (ZMQ). This allows for Bolvedre to horizontally scale out, which results in an increase in processing resources and thus an increase in analysis throughput. This is due to ease of interprocess communications provided by ZMQ. Many underlying mechanisms in Bolvedere have been automated. This is intended to make the system more userfriendly, as the user need only tell Bolvedere what information they wish to analyse, and the system will then rebuild itself in order to achieve this required task. Bolvedere has also been hardware-accelerated through the use of Field-Programmable Gate Array (FPGA) technologies, which more than doubled the total throughput of the system.
- Full Text:
- Date Issued: 2019
- Authors: Herbert, Alan
- Date: 2019
- Subjects: Bolvedere (Computer network analysis system) , Computer networks -- Scalability , Computer networks -- Measurement , Computer networks -- Security measures , Telecommunication -- Traffic -- Measurement
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/71557 , vital:29873
- Description: Since the advent of the Internet, and its public availability in the late 90’s, there have been significant advancements to network technologies and thus a significant increase of the bandwidth available to network users, both human and automated. Although this growth is of great value to network users, it has led to an increase in malicious network-based activities and it is theorized that, as more services become available on the Internet, the volume of such activities will continue to grow. Because of this, there is a need to monitor, comprehend, discern, understand and (where needed) respond to events on networks worldwide. Although this line of thought is simple in its reasoning, undertaking such a task is no small feat. Full packet analysis is a method of network surveillance that seeks out specific characteristics within network traffic that may tell of malicious activity or anomalies in regular network usage. It is carried out within firewalls and implemented through packet classification. In the context of the networks that make up the Internet, this form of packet analysis has become infeasible, as the volume of traffic introduced onto these networks every day is so large that there are simply not enough processing resources to perform such a task on every packet in real time. One could combat this problem by performing post-incident forensics; archiving packets and processing them later. However, as one cannot process all incoming packets, the archive will eventually run out of space. Full packet analysis is also hindered by the fact that some existing, commonly-used solutions are designed around a single host and single thread of execution, an outdated approach that is far slower than necessary on current computing technology. This research explores the conceptual design and implementation of a scalable network traffic analysis system named Bolvedere. Analysis performed by Bolvedere simply asks whether the existence of a connection, coupled with its associated metadata, is enough to conclude something meaningful about that connection. This idea draws away from the traditional processing of every single byte in every single packet monitored on a network link (Deep Packet Inspection) through the concept of working with connection flows. Bolvedere performs its work by leveraging the NetFlow version 9 and IPFIX protocols, but is not limited to these. It is implemented using a modular approach that allows for either complete execution of the system on a single host or the horizontal scaling out of subsystems on multiple hosts. The use of multiple hosts is achieved through the implementation of Zero Message Queue (ZMQ). This allows for Bolvedre to horizontally scale out, which results in an increase in processing resources and thus an increase in analysis throughput. This is due to ease of interprocess communications provided by ZMQ. Many underlying mechanisms in Bolvedere have been automated. This is intended to make the system more userfriendly, as the user need only tell Bolvedere what information they wish to analyse, and the system will then rebuild itself in order to achieve this required task. Bolvedere has also been hardware-accelerated through the use of Field-Programmable Gate Array (FPGA) technologies, which more than doubled the total throughput of the system.
- Full Text:
- Date Issued: 2019
Struggle in discourse the International's discourse against racism in the labour-movement in South Africa (1915-1919)
- Authors: Caldwell, Marc Anthony
- Date: 1997
- Subjects: International (Johannesburg, South Africa) -- History , International Socialist League (S.A.) -- History , South African newspapers -- Language , Mass media and race relations -- South Africa , Mass media and language -- South Africa , Labor unions and mass media -- South Africa
- Language: English
- Type: Thesis , Masters , MA
- Identifier: vital:3419 , http://hdl.handle.net/10962/d1002872 , International (Johannesburg, South Africa) -- History , International Socialist League (S.A.) -- History , South African newspapers -- Language , Mass media and race relations -- South Africa , Mass media and language -- South Africa , Labor unions and mass media -- South Africa
- Description: The International, as the weekly newspaper of the International Socialist League, articulated from 1915 to 1919 an ideology which stood opposed both to organised labour and nationalist movements in South Africa. This situation reflected significant historical struggles during this period, which constitutes essential background to the discourse of the International. The International's writers opposed the institution of trade unionism in the labour movement because it was fragmented on the lines of skill and race. They opposed both the National Party and the South African Native National Congress because they advocated racial (and national) rather than working class interests. Instead, these writers, according to their international socialist paradigm, advocated a working class united irrespective of race and skill at the level of industry. To analyse these ideological positions, discourse analysis provides a fruitful method for locating its dynamics in relation to other positions and extra-ideological (contextual) practices: The International's writers g~nerated a socialist position against racism by engaging in an ideological struggle in discourse. They articulated their anti-racist position from international socialism's critique of the 'languages' of both militarism and trade unionism in the discourse of labour. Within the discourse of militarism, the working class was signified as divided between hostile nations. These writers applied this as a metaphor to the division of the local labour movement and criticised the latter accordingly. In their view, just as workers were divided between the nations (nationalism), so they were divided within the nation (racism) in South Africa. One context cohered with the other, and both agreed with imperatives of international capitalism. This was fundamentally opposed to the principles of international socialism which characterised the International's discourse. Within the dominant discourse oflabour, workers were signified as divided between different trade unions on the basis of skills. Furthermore, in the South African context, trade unions organised only white workers, and ignored the far larger proportion of black labour. In this context, the International advocated industrial unionism, and criticised the narrow base of the white trade unions for fragmenting and weakening the working class in South African. The International's writers were thus led by the discourse of international socialism to a new discourse, whereby not white workers alone, but a racially-united working class movement would be the key to a socialist future in South Africa. Their struggle entailed a bid in and over discourse to rearticulate the sign of the 'native worker' within their own discourse as the dominant discourse type. Underpinning their struggle was a fundamental opposition to capitalist class relations.
- Full Text:
- Date Issued: 1997
- Authors: Caldwell, Marc Anthony
- Date: 1997
- Subjects: International (Johannesburg, South Africa) -- History , International Socialist League (S.A.) -- History , South African newspapers -- Language , Mass media and race relations -- South Africa , Mass media and language -- South Africa , Labor unions and mass media -- South Africa
- Language: English
- Type: Thesis , Masters , MA
- Identifier: vital:3419 , http://hdl.handle.net/10962/d1002872 , International (Johannesburg, South Africa) -- History , International Socialist League (S.A.) -- History , South African newspapers -- Language , Mass media and race relations -- South Africa , Mass media and language -- South Africa , Labor unions and mass media -- South Africa
- Description: The International, as the weekly newspaper of the International Socialist League, articulated from 1915 to 1919 an ideology which stood opposed both to organised labour and nationalist movements in South Africa. This situation reflected significant historical struggles during this period, which constitutes essential background to the discourse of the International. The International's writers opposed the institution of trade unionism in the labour movement because it was fragmented on the lines of skill and race. They opposed both the National Party and the South African Native National Congress because they advocated racial (and national) rather than working class interests. Instead, these writers, according to their international socialist paradigm, advocated a working class united irrespective of race and skill at the level of industry. To analyse these ideological positions, discourse analysis provides a fruitful method for locating its dynamics in relation to other positions and extra-ideological (contextual) practices: The International's writers g~nerated a socialist position against racism by engaging in an ideological struggle in discourse. They articulated their anti-racist position from international socialism's critique of the 'languages' of both militarism and trade unionism in the discourse of labour. Within the discourse of militarism, the working class was signified as divided between hostile nations. These writers applied this as a metaphor to the division of the local labour movement and criticised the latter accordingly. In their view, just as workers were divided between the nations (nationalism), so they were divided within the nation (racism) in South Africa. One context cohered with the other, and both agreed with imperatives of international capitalism. This was fundamentally opposed to the principles of international socialism which characterised the International's discourse. Within the dominant discourse oflabour, workers were signified as divided between different trade unions on the basis of skills. Furthermore, in the South African context, trade unions organised only white workers, and ignored the far larger proportion of black labour. In this context, the International advocated industrial unionism, and criticised the narrow base of the white trade unions for fragmenting and weakening the working class in South African. The International's writers were thus led by the discourse of international socialism to a new discourse, whereby not white workers alone, but a racially-united working class movement would be the key to a socialist future in South Africa. Their struggle entailed a bid in and over discourse to rearticulate the sign of the 'native worker' within their own discourse as the dominant discourse type. Underpinning their struggle was a fundamental opposition to capitalist class relations.
- Full Text:
- Date Issued: 1997
- «
- ‹
- 1
- ›
- »