Datacenter traffic monitoring and anomaly detection

MPhil Thesis Defence


Title: "Datacenter traffic monitoring and anomaly detection"

By

Miss Ang LI


Abstract

As cloud computing has become a popular service recent years, lots of big 
companies, such as,  Google, Yahoo!, Microsoft, Amazon and Apple have 
constructed large data centers to provide such services. Meanwhile, how to 
plan, build, manage and monitor network topology and security for data 
centers has become an important issue. In this thesis, based on analysis 
of characteristics of the network consist of virtual machines and that of 
different physical machines, we propose to emulate the network environment 
of data center based on Xen architecture, on which we can host a number of 
virtual machines emulating physical machines residing in a datacenter 
network. Thus, the emulation environment can provide a good platform for 
planning, and deciding monitor strategy without paying a premium for large 
scale equipments. We have evaluated our emulation based on comparison of 
network analysis under TCP workload.

Also, recent spates of cyber attacks towards cloud computing services 
running in large Internet data centers have made it imperative to develop 
effective techniques to detect anomalous behaviors in the datacenters. In 
this thesis, we also have studied the structural characteristics of IP 
address octets observed in large data centers, and present centroid based 
measures to capture the inherent IP structure in high-volume data center 
traffic, and subsequently design a simple yet effective algorithm to 
detect abnormal traffic patterns caused by network attacks such as worms, 
virus, and denial of service attacks. We evaluate the effectiveness and 
efficiency of this algorithm with synthetic traffic that combines real 
data center traffic collected from a large Internet content provider with 
worm traces or denial of service attacks. The experiment results show that 
our algorithm consistently diagnoses the abnormal traffic from normal 
ones, and does so in a short time with a low false alarm rate.


Date:			Wednesday, 15 December 2010

Time:			10:00am – 12:00noon

Venue:			Room 3501
 			Lifts 25/26

Committee Members:	Dr. Lin Gu (Supervisor)
 			Prof. Qian Zhang (Chairperson)
 			Prof. Lionel Ni


**** ALL are Welcome ****