HILTI: An Abstract Execution Environment for Concurrent, Stateful Network Traffic Analysis

TitleHILTI: An Abstract Execution Environment for Concurrent, Stateful Network Traffic Analysis
Publication TypeTechnical Report
Year of Publication2012
AuthorsSommer, R., De Carli L., Kothari N., Vallentin M., & Paxson V.
Other Numbers3237
Abstract

When building applications that process large volumes of network traffic – such as firewalls, routers, or intrusion detection systems – one faces a striking gap between the ease with which the desired analysis can often be described in high-level terms, and the tremendous amount of low-level implementation details one must still grapple with for coming to an efficient and robust system. We present a novel environment, HILTI, that provides a bridge between these two levels by offering to the application designer the abstractions required for effectively describing typical network analysis tasks, while still being designed to provide the performance necessary for monitoring Gbps networks in operational settings. The new HILTI middle-layer consists of two main pieces: an abstract machine model that is specifically tailored to the networking domain and directly supports the field's common abstractions and idioms in its instruction set; and a compilation strategy for turning programs written for the abstract machine into optimized, natively executable task-parallel code for a given target platform. We have developed a prototype of the HILTI environment that fully supports all of the abstract machine's functionality, and we have ported a number of typical networking applications to the new environment. We also discuss how HILTI's processing can transparently integrate custom hardware elements where available as well as leverage non-standard many-core platforms for parallelization.

Acknowledgment

This work was partially supported by funding provided to ICSI through National Science Foundation grant CNS-0915667 (“A High-Performance Abstract Machine for Network Intrusion Detection”), and by Cisco Research Award “A Concurrency Model for Deep Stateful Network Security Monitoring.” Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation or Cisco Systems.

URLhttp://www.icsi.berkeley.edu/pubs/techreports/TR-12-003.pdf
Bibliographic Notes

ICSI Technical Report TR-12-003

Abbreviated Authors

R. Sommer, L. De Carli, N. Kothari, M. Vallentin, and V. Paxson

ICSI Research Group

Networking and Security

ICSI Publication Type

Technical Report