Parallel Network Traffic Analysis
Bryce Bockman
bockmabe at plu.edu
Thu Nov 30 12:34:06 PST 2000
Hi all,
I am looking for some ideas on what sorts of network traffic
analysis
would merit the use of a cluster and some parallelization. Specifically
I am not looking for ideas just related to processing the headers of
very high volume networks, but other types of useful analysis of
captured/real time network traffic, so most likely something that looks
deeper into the packets of an average small to mid sized campus internet
connection (ruffly 1*T1 - Partial T3/OC3).
One thing that crept to mind in the beginning of this process
for me
was the use of a cluster for doing intrusion detection, by using known
patterns in the payloads of packets in conjunction with other common
network intrusion detection techniques. I perceive problems with this
idea though. The first, is that I'm not sure this problem merits more
power than a single high end workstation has as there are plenty of
network IDS products that run on a single PentiumII/PIII class system.
Second, the amount of research and data acquisition for the project to
be useful would be staggering due to the countless types of attacks and
patterns related to those attacks that would need to be cataloged and
accounted for in order for the software to be useful.
Anyway, are there other types of deep packet analysis that
anyone knows
of that merit the use of cluster/beowulf technology?
Thanks,
Bryce Bockman
More information about the Beowulf
mailing list