當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

Reading SBAR SDN flow-Based monitoring and Application Recognition

發布時間：2024/7/19 编程问答 41 豆豆

生活随笔收集整理的這篇文章主要介紹了 Reading SBAR SDN flow-Based monitoring and Application Recognition 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

在sdn下，控制平面基于網絡測量的的數據控制網絡，而細粒度的管理得益于細粒度的測量數據。針對sdn環境下的細粒度測量（識別具體應用程序），可以實現對細粒度的流量管控。
設計了識別系統SBAR，對數據流進行測量，識別出具體應用程序并得到它們的網絡數據。針對流分類，SBAR以應用程序協議為參照，使用了機器學習的算法。針對web和加密流量，使用深度包檢測檢測包的負載以識別應用程序。同時SBAR利用了OpenFlow提供的測量數據識別應用，交換機利用南向接口向控制器傳輸數據。最后使用GUI對得到的數據進行整合處理得到全網測量數據。經過驗證，SBAR檢測的準確率可以達到90%以上（由于使用DPI和ML可能有較大的資源開銷和時延）。

In the Software-Defined Networking (SDN) paradigm, it is essential to perform comprehensive traffic monitoring in order to provide the control plane with an accurate view of the network state.
This enables to perform such an effective fine-grained network management
with different purposes (e.g., traffic engineering, security).

NetFlow/IPFIX:There are a plenty of tools based on Netflow that harness the flow-level measurement.
Flows are often labeled (e.g., by protocol)
using port-based classification techniques which is gradually obsoleted beacause it is quite common to find very diverse applications operating over
the same application protocols（無法從端口號分辨出具體的應用程序）
QoE:the QoE perceived by end-users significantly depends on the type of application and the QoS level provided by the network (e.g., bandwidth, delay).（QoE感知取決于應用程序類型以及QoS級別）
Deep Packet Inspection (DPI)
typically achieves very accurate traffic classification by inspecting the packet payloads. However, applying DPI over all the packets traversing a network is often too resource consuming （根據負載分類，資源開銷過大）
Machine Learning (ML) classifiers were proposed with the aim of alleviating the
processing burden.Use **features* up to the transport layer to classify the traffic, useless when applied to distinguish among different applications generating traffic over the same protocol（根據特征分類，無法從相同協議分辨出不同程序）

We present SBAR, a monitoring system compliant with OpenFlow that provides flow-level measurement
Classify the traffic at two different levels:In the Software-Defined Networking (SDN) paradigm, it is essential to perform comprehensive traffic monitoring in order to provide the control plane with an accurate view of the network state. This
enables to perform such an effective fine-grained network management with different purposes (e.g., traffic engineering, security).
(i) every monitored flow is classified by application protocol,
(ii) for web and encrypted traffic, we apply specific DPI techniques to identify the applications （端口號相同要通過負載分辨出具體的應用程序）
generating each flow
Reduce the processing overhead in the controller(s) and the memory consumption in switches to maintain the measurements

Leverage the particularities of OpenFlow networks to efficiently implement a combination of techniques based on ML and DPI to accurately classify the traffic in the controller.
Leverage the support of OpenFlow to maintain the flow measurements (# of
packets and bytes, and duration) in the flow tables of the switches
OpenFlow provides an interface that permits to report the measurements to the controller(s) when some predefined timeouts (idle and hard) expire
Make use of ultiple tables of OpenFlow
to decouple the operation of this module from other modules executing
different network tasks (e.g., forwarding) in the controller.

Flow sampling using only native features of OpenFlow, which enables to address
common scalability issues in OpenFlow-based networks.

Per-flow classification by application protocols (e.g., SMTP, SSH) using a ML model

For web and encrypted flows, it applies specific DPI techniques [1, 2] to identify the applications (e.g., Netflix, Facebook) generating traffic.

the classification accuracy acheives 90% or higher.

Because of the DPI and ML, the resource overhead and latency probably are high(I guess)

轉載于:https://www.cnblogs.com/vancasola/p/9435975.html

以上是生活随笔為你收集整理的Reading SBAR SDN flow-Based monitoring and Application Recognition的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。