An Improved 30 Gbps-Class Large-Capacity Packet Processing Method Using Core Isolation Technology
Keywords:Network, Traffic Analysis, Packet Processing, Core Isolation, Huge Page, Network
With the spread of 5G services and the development of IoT technology, network traffic for information delivery is increasing in capacity. As network traffic increases, cyber threats also increase, resulting in an increasing importance on traffic analysis. The existing packet processing engine generates a signature by analyzing the characteristics of the attack after the occurrence of suspicious traffic, and based on this, it is difficult to properly respond to new and variant attack traffic because a manual response method is performed to detect the same attack. In addition, even during a network operation, only analysis results generated by passive filtering appear, and when abnormal or suspicious traffic is observed, the quality of the report is often affected by the analysis capability of the administrator. The packet processing method proposed in this paper applies the core isolation method to the NUMA structure applied to the existing 20 Gbps packet processing engine to increase the accessibility of the existing NUMA memory structure and lower the packet drop rate to enable high-capacity 30 Gbps traffic processing. Using the proposed processing engine, it is possible to determine the degree of possibility of abnormal traffic, preferentially by a quick analysis of suspicious traffic rather than a detailed analysis of traffic.
Cisco, Cisco visual networking index: Forecast and trends, 2017–2022, 2018, Vol. 11.
D. I. Oh, ‘In the post-corona era, cyber-attacks will intensify,’ Electronic Newspaper, https://www.etnews.com/20200512000181, 2020, Vol. 05.
K. H. Jung, B. H. Lee and D. Yang, “Performance Analysis of Detection Algorithms for the Specific Pattern in Packet Payloads,” Journal of the Korea Institute of Information and Communication Engineering, Vol. 22, No. 5, pp. 794–840, 2018. 02. DOI: https://doi.org/10.6109/jkiice.2018.22.4.794
S. H. Lee, J. C. Na and S. W. Son, “Traffic Analysis Technology Trends in Terms of Security, https://www.itfind.or.kr/WZIN/jugidong/1117/111701.html
Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville and Yoshua Bengio, ‘Generative adversarial nets. In Advances in Neural Information Processing Systems,’ NIPS, Proceedings of the 27th international conference on Neural Information processing Systems, ’14, Vol. 2. 2672–2680, 2014. 03
Schlegl Thomas, Philipp Seeböck, Sebastian M. Waldstein, Ursula Schmidt-Erfurth and Georg Langs, “Unsupervised Anomaly Detection with Generative Adversarial Networks to Guide Marker Discovery,” International Conference on Information Processing in Medical Imaging. Springer, Cham, 2017. 03
H. J. Choi, H. S. Kim and D. M. Shin, “Design and Implementation of Tor Traffic Collection System Using Multiple Virtual Machines,” Journal of Software Assessment and Valuation, Vol. 15, No. 1, pp. 1–10, 2019. DOI: https://10.29056/jsav.2019.06.01
Lameter Christoph, “NUMA (Non-Uniform Memory Access): An Overview: NUMA Becomes More Common Because Memory Controllers Get Close to Execution Units on Microprocessors,” Queue, Vol. 11, No. 7, pp. 40–51, 2013. 07
Christoph Lameter, “An Overview of Non-Uniform Memory Access,” Communications of the ACM, Vol. 56, No. 9, 59–54, 2013, https://dl.acm.org/doi/fullHtml/10.1145/2500468.2500477
S. Kim and S. Lee, “Automatic Malware Detection Rule Generation and Verification System,” Journal of Internet Computing and Services(JICS), Vol. 20, No. 2, pp. 9–19, 2019. 09. DOI: https://doi.org/10.7472/jksii.2019.20.2.9
M. Thottan and C. Ji, “Anomaly Detection in IP Networks,” IEEE Transactions on Signal Processing, Vol. 51, No. 8, pp. 2191–2204, 2003. 05. DOI: https://doi.org/10.3745/KTCCS.2020.9.5.113
H. H. Lim, D. H. Kim, K. T. Kim and H. Y. Youn, “Traffic Classification Using Machine Learning in SDN,” Vol. 26, No. 1 Winter Conference of the Korean Society of Computer and Information Technology, 2018. 01
Vinit Tirnagarwar, “CPU Isolation & CPU Affinity In Linux.”, https://www.linkedin.com/pulse/cpu-isolation-affinity-linux-vinit-tirnagarwar
Red Hat Customer Portal, “3.13, Isolating CPUS using tuned-profiles-realtime, https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/tuning_guide/isolating_cpus_using_tuned-profiles-realtime
S. Ahn, D. Kang and Y. Eom, “Analysis on the Characteristics and Performance Effects of Linux Huge Page,” Journal of the Korean Society of Information Sciences, Vol. 2017, No. 06, pp. 73–75, 2017. 06