Scalable and Robust Decentralized IP Traffic Flow Collection and Analysis (SCRIPT)
The increasing number of IP flows over future very high-speed links will become a challenge to traditional centralized solutions for IP traffic flow collection and analysis due to the high demand of storage and processing resources which are limited and costly. Major research has been done in finding smart sampling methods that reduce the number of IP packets and IP flows that need to be processed and stored while keeping a high level of accuracy. While sampling has proven to be a valid approach to reduce the processing and storage load, for certain applications such as usage-based accounting and intrusion detection which require a high-level of accuracy, the use of sampling methods alone will not suffice for a centralized solution to scale to the increasing and highly variable load in terms of IP flow records to be collected and analyzed.
|Source of funding:||
Cisco, Silicon Valley Community Foundation
|Project Duration:||May 1, 2008 - April 30, 2009|
|Official Project Home Page:||http://www.csg.uzh.ch/research/previous-projects/script|
The goal of the SCRIPT project is to develop a scalable and robust
decentralized architecture (called SCRIPT) for collecting and analyzing IP
flow records with the necessary level of accuracy. The key idea is to
utilize resources of a large number of nodes, which collaboratively store
and process IP flow records in a highly scalable, robust, and flexible
Furthermore, the project aims to develop self-configuration mechanisms that will allow new nodes to be easily added to or removed from the flow collection and analysis network. An important advantage of this approach is the possibility to gradually increase storage and processing capacities compared to a complete replacement of devices when the number of IP flows increases.
Finally, by offering fast access to multiple-resolution aggregation of flow data, SCRIPT will be applicable to several IP traffic analysis scenarios such as flow accounting, flow path monitoring, and distributed intrusion detection systems (IDS).
- SCRIPT Public Workshop, January 20, 2010.
- Cristian Morariu, Burkhard Stiller: A Distributed Architecture for IP Traffic Analysis. 1st Internationmal Conference on Autonomous Infrastructure, Management, and Security (AIMS 2007), June 21-22, 2007, Oslo, Norway, Edts.: A. K. Bandara, M. Burgess, Lecture Notes in Computer Science (LNCS), Vol. 4543, ISBN 3-540-72985-2, Springer, Berlin, pp 216-220.
Cristian Morariu, Manuel Feier, Burkhard Stiller: LINUBIA: A
Linux-supported User-based IP Accounting, 18th IFIP/IEEE International
Workshop on Distributed Systems: Operation and Management (DSOM 2007),
October 29-31, 2007, San José, California, U.S.A. Edts.: Alexander
Clemm, Lisandro Granville, Rolf Stadler, Lecture Notes in Computer
Science (LNCS), Vol. 4785, ISBN: 3-540-75693-0, Springer, Berlin, pp
Inquiries may be directed to the local Swiss project management:
|Prof. Dr. Burkhard Stiller|
|University of Zürich, IFI|
|Phone: +41 44 635 67 10|
|Fax: +41 44 635 68 09|