HILTI: An Abstract Execution Environment for High-Performance Network Traffic Analysis

TitleHILTI: An Abstract Execution Environment for High-Performance Network Traffic Analysis
Publication TypeTechnical Report
Year of Publication2010
AuthorsSommer, R., Weaver N., & Paxson V.
Other Numbers2830
Abstract

When building applications that process large volumes of network traffic—such as high-performance firewalls or intrusion detection systems—one faces a striking gap between the ease with which the desired analysis can often be described in high-level terms, and the tremendous amount of low-level implementation details one must still grapple with for coming to an efficient and robust system. We present a novel environment that provides a bridge between these two levels by offering to the application designer the high-level abstractions required for effectively describing typical network analysis tasks, while still ensuring the performance necessary for monitoring Gbps networks in operational settings. This new middle-layer comprises two main pieces: an abstract machine model that is specifically tailored to the networking domain and directly supports the field’s common abstractions and idioms in its instruction set; and a compilation strategy for turning programs written for the abstract machine into highly optimized, natively executable task-parallel code for a given target platform. We present the design and an early prototype of the new environment and discuss opportunities for extensive compile-time code optimizations that our approach enables by leveraging domain-specific context. Such an environment holds promise for unleashing the community’s potential to build libraries of efficient analysis functionality, reusable across a wide range of scenarios.

Acknowledgment

This work was made possible by National Science Foundation grants NSF-0831535 (“Comprehensive Applications Analysis and Control”) and NSF-0915667 (“A High-Performance Abstract Machine for Network Intrusion Detection”). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation.

URLhttp://www.icsi.berkeley.edu/pubs/techreports/TR-10-003.pdf
Bibliographic Notes

ICSI Technical Report TR-10-003

Abbreviated Authors

R. Sommer, N. Weaver, and V. Paxson

ICSI Research Group

Networking and Security

ICSI Publication Type

Technical Report