HILTI: An Abstract Execution Environment for Concurrent, Stateful Network Traffic Analysis
Title | HILTI: An Abstract Execution Environment for Concurrent, Stateful Network Traffic Analysis |
Publication Type | Technical Report |
Year of Publication | 2012 |
Authors | Sommer, R., De Carli L., Kothari N., Vallentin M., & Paxson V. |
Other Numbers | 3237 |
Abstract | When building applications that process large volumes of network traffic such as firewalls, routers, or intrusion detection systems one faces a striking gap between the ease with which the desired analysis can often be described in high-level terms, and the tremendous amount of low-level implementation details one must still grapple with for coming to an efficient and robust system. We present a novel environment, HILTI, that provides a bridge between these two levels by offering to the application designer the abstractions required for effectively describing typical network analysis tasks, while still being designed to provide the performance necessary for monitoring Gbps networks in operational settings. The new HILTI middle-layer consists of two main pieces: an abstract machine model that is specifically tailored to the networking domain and directly supports the field's common abstractions and idioms in its instruction set; and a compilation strategy for turning programs written for the abstract machine into optimized, natively executable task-parallel code for a given target platform. We have developed a prototype of the HILTI environment that fully supports all of the abstract machine's functionality, and we have ported a number of typical networking applications to the new environment. We also discuss how HILTI's processing can transparently integrate custom hardware elements where available as well as leverage non-standard many-core platforms for parallelization. |
Acknowledgment | This work was partially supported by funding provided to ICSI through National Science Foundation grant CNS-0915667 (A High-Performance Abstract Machine for Network Intrusion Detection), and by Cisco Research Award A Concurrency Model for Deep Stateful Network Security Monitoring. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation or Cisco Systems. |
URL | http://www.icsi.berkeley.edu/pubs/techreports/TR-12-003.pdf |
Bibliographic Notes | ICSI Technical Report TR-12-003 |
Abbreviated Authors | R. Sommer, L. De Carli, N. Kothari, M. Vallentin, and V. Paxson |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Technical Report |