HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis
Title | HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Sommer, R., Vallentin M., De Carli L., & Paxson V. |
Other Numbers | 3712 |
Abstract | When developing networking systems such as firewalls, routers,and intrusion detection systems, one faces a striking gap betweenthe ease with which one can often describe a desired analysis inhigh-level terms, and the tremendous amount of low-level imple-mentation details that one must still grapple with to come to a ro-bust solution. We present HILTI, a platform that bridges this divideby providing to application developers much of the low-level functionality, without tying it to a specific analysis structure. HILTI consists of two parts: (i)an abstract machine model that we tailor specifically to the networking domain, directly supporting thefields common abstractions and idioms in its instruction set; and(ii) acompilation strategy for turning programs written for the abstract machine into optimized, natively executable code. We havedeveloped a prototype of the HILTI compiler toolchain that fullyimplements the designs functionality, and ported exemplars of networking applications to the HILTI model to demonstrate the aptness of its abstractions. Our evaluation of HILTIs functionalityand performance confirms its potential to become a powerful platform for future application development. |
Acknowledgment | This work was supported in part by funding provided to ICSI through National Science Foundation grants CNS : 0831535 ("Comprehensive Application Analysis and Control"), CNS : 0915667 ("A High-Performance Abstract Machine for Network Intrusion Detection"), and CNS : 1228792 ("Understanding and Exploiting Parallelism in Deep Packet Inspection on Concurrent Architectures"). Additional funding was provided through NSF grant CNS : 1228782 ("Understanding and Exploiting Parallelism in Deep Packet Inspection on Concurrent Architectures"). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation. |
URL | http://www.icsi.berkeley.edu/pubs/networking/hilti14.pdf |
Bibliographic Notes | Proceedings of the Internet Measurement Conference 2014 (IMC 2014), Vancouver, British Columbia, Canada |
Abbreviated Authors | R. Sommer, M. Vallentin, L. De Carli, and V. Paxson |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Article in conference proceedings |