Marina: Realizing ML-Driven Real-Time Network Traffic Monitoring at Terabit Scale

被引：0

作者：

Seufert, Michael ^{[1
,2
]}

Dietz, Katharina ^{[1
]}

Wehner, Nikolas ^{[1
]}

Geissler, Stefan ^{[1
]}

Schueler, Joshua ^{[1
,3
]}

Wolz, Manuel ^{[1
]}

Hotho, Andreas ^{[1
,4
]}

Casas, Pedro ^{[5
]}

Hossfeld, Tobias ^{[1
]}

Feldmann, Anja ^{[6
]}

机构：

[1] Univ Wurzburg, Chair Commun Networks, D-97074 Wurzburg, Germany

[2] Univ Augsburg, Chair Networked Embedded Syst & Commun Syst, D-86159 Augsburg, Germany

[3] Tesat Spacecom GmbH & Co KG, D-71522 Backnang, Germany

[4] Univ Wurzburg, Chair Data Sci, D-97074 Wurzburg, Germany

[5] AIT Austrian Inst Technol, Ctr Digital Safety & Secur, Competence Unit Data Sci & Artificial Intelligence, A-1210 Vienna, Austria

[6] Max Planck Inst Informat, Dept Internet Architecture, D-66123 Saarbrucken, Germany

来源：

IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT | 2024年 / 21卷 / 03期

关键词：

Monitoring; Real-time systems; Servers; Task analysis; Feature extraction; Telemetry; Telecommunication traffic; Network monitoring; artificial intelligence; machine learning; encrypted traffic; real-time monitoring; P4; programmable data plane; MACHINE; CLASSIFICATION;

D O I：

10.1109/TNSM.2024.3382393

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Network operators require real-time traffic monitoring insights to provide high performance and security to their customers. It has been shown that artificial intelligence and machine learning (ML) can improve the visibility of telemetry systems, especially with encrypted traffic. However, current solutions cannot cope with high traffic rates and volumes in large-scale networks. To realize the ML-driven network intelligence paradigm at terabit scale, we design Marina, a system that spreads monitoring over a highly efficient data plane, which can extract traffic statistics at line rate, and a powerful ML server, which can run monitoring inference using complex ML models. We apply temporal microaggregation into sub-second time slots and extract moment-based statistics. These allow to flexibly obtain accurate ML-based monitoring decisions during the next time slot. To demonstrate the scalability of our design, we implement and evaluate a Marina data plane prototype on a Barefoot Wedge 100BF-65X P4 switch, which can monitor more than 520,000 concurrent flows at full switching capacity of 6.4 Tbps. We validate the analytics capabilities enabled by our Marina implementation for four ML-driven real-time monitoring tasks with a broad set of standard ML models, achieving comparable or better than state-of-the-art results.

引用

页码：2773 / 2790

页数：18

共 126 条

[1] Acar Abbas, 2020, WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, P207, DOI 10.1145/3395351.3399421
[2] Aggarwal V., 2014, P ACM HOTMOBILE, P1
[3] A Novel Hierarchical Intrusion Detection System based on Decision Tree and Rules-based Models
Ahmim, Ahmed
Maglaras, Leandros
Ferrag, Mohamed Amine
Derdour, Makhlouf
Janicke, Helge
[J]. 2019 15TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING IN SENSOR SYSTEMS (DCOSS), 2019, : 228 - 233
[4] Akem A.T.J., 2023, P IEEE INT C COMP CO, P1
[5] Optuna: A Next-generation Hyperparameter Optimization Framework
Akiba, Takuya
Sano, Shotaro
Yanase, Toshihiko
Ohta, Takeru
Koyama, Masanori
[J]. KDD'19: PROCEEDINGS OF THE 25TH ACM SIGKDD INTERNATIONAL CONFERENCCE ON KNOWLEDGE DISCOVERY AND DATA MINING, 2019, : 2623 - 2631
[6] Alon N., 1996, Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, P20, DOI 10.1145/237814.237823
[7] [Anonymous], 1975, Theory
[8] [Anonymous], 2017, Rec. P.1203
[9] [Anonymous], 1998, nProbe
[10] [Anonymous], 2020, ITU-Rec. P. 1204

← 1 2 3 4 5 6 7 8 9 10 →