My research is focused on computer networks with particular interests on integrating novel architecture & functionality into network systems. We work on topics related to embedded design for network security and traffic measurement on FPGA and Network Processors.
A sketch-guided filtering scheme for assisting superspreader detection in the measurement of high-speed network traffic is proposed. The scheme comprises of an array of linear-counting sketches that rapidly eliminates flows with potentially low fan-out during a measurement interval. Based on the results of simulations obtained using realworld network traces, the filter can eliminate up to 90% of the flows of non-superspreader sources and improve the accuracy of superspreader identification. Furthermore, the proposed scheme has a smaller fan-out estimation error and consumes less memory than previously developed approaches. The hardware implementation can process network traffic at a throughput of 27 Gbit/s.
The purpose of this project is to study and implement a hardware-accelerated platform for stream-based high-speed network traffic measurement. The computation of entropy of a high-speed data stream in a one-pass fashion is crucial to many network security applications. Motivated by the work of Lall et al., this study examines the design trade-off of processing speed and accuracy for estimating the entropy norm. The proposed scheme leverages the Count Sketch with constant memory access on counter update and point query operations. With a bounded relative error and a constant memory access cycle, the design can process incoming traffic with a throughput of 30Gbps.
Sketch-based algorithms are widely applied in various networking applications. In this research, we present a compact implementation of real-time traffic change detection system with OpenFlow on a NetFPGA platform. It is capable of monitoring network traffic up to 4Gbps line rate with detection accuracy needed based on limited memory on-board. The system utilizes an one-pass scheme to reveal the flow ID exceeding the predefined threshold. Based on the network IDs, actions are issued immediately to switches for proper responses through OpenFlow protocol.
1st Asia NetFPGA Developers’Workshop, June 14, 2010 at KAIST, Daejeon, Korea