Lobster

The main goal of this proposal is to develop and deploy an advanced European Internet Traffic Monitoring Infrastructure based on passive monitoring sensors at speeds of 2.5 Gbps, and possibly up to 10Gbps. We believe that such an infrastructure will serve as a catalytic tool that will boost our understanding of the Internet and will lead to its better use in the long-run. Passive monitoring at such high speeds stresses significantly the computational, communication, and storage capabilities of the underlying monitoring sensor and poses several interesting research challenges. Fortunately, within the FP5 IST SCAMPI project, we have successfully met several of these challenges by designing and developing an advanced Internet passive monitoring system at 10Gbps that combines novel hardware and software components. Having met the research challenges posed by passive monitoring at 10Gbps, we propose to deploy a network of such passive sensors in several key places creating a European Passive Internet Traffic Monitoring Infrastructure.

`Like Galileo's telescope provided mankind with a wealth of knowledge about the solar system, Lobster aims to give new insights in traffic behaviour on the Internet.'


For more information about Lobster research at the Vrije Universiteit, contact Herbert Bos, or check out the official Lobster website.

Goals

More specifically the objectives of this proposal are to:

1. Develop and Deploy an advanced Internet Traffic Monitoring Infrastructure across Europe.
Based on passive monitoring, and capitalizing on our experience gained in the SCAMPI IST FP5 project, this infrastructure will be unique in Europe and among the only two similar infrastructures that exist in the world today. The passive monitoring infrastructure will be installed at several NRNs and ISPs. Some of them, being partners of this project will pioneer such installations during the first phase of the project. Once the pilot core monitoring infrastructure has been installed during the first phase of \pn\/, that second phase will start, during which, several more NRNs and ISPs will be able to join the infrastructure through the installation of passive monitoring sensors.

2. Create a human network in the area of advanced Internet traffic monitoring.
The network will consist of all stakeholders in the area including NRNs, ISPs, research organizations, and network equipment manufacturers. This human network will deal with (i) the operation of the monitoring infrastructure, (ii) the expansion of the infrastructure through the inclusion of new member nodes, (ii) the support of the new member nodes through transfer of know-how, (iii) the establishment of policies necessary to share and collaboratively use the monitoring infrastructure.

3. Develop the appropriate data anonymizing tools that will prohibit unauthorized tampering with the original traffic data.
To avoid any unauthorized use of network traffic data, we will to develop a set of tools for encryption and anonymization of the original information contained in the monitored traffic. At the lowest layer, this infrastructure will consist of code running on the packet capture card which will encrypt and sanitize the data before they get the chance to reach the host computer. At the higher level, this toolset will provide application-specific anonymization through a Scripting Sanitization Language (SiSaL). SiSaL will enable authorized users to anonymize the data in application-specific ways so that both the anonymity of users is protected and the necessary information is provided to the monitoring application.

4. Develop novel applications enabled by the availability of the passive network traffic monitoring infrastructure.
Within Lobster we will develop novel applications that were not possible to be developed on top of traditional monitoring systems. Such applications include: (a) Accurate Traffic Characterization for protocols that use dynamic ports, (b) Intrusion Detection, (c) Stealth worm spread detection.

5. Provide anonymized data traffic information on a daily basis.
Once we have the monitoring infrastructure in place, we plan to provide periodic summaries of anonymized traffic data every day at regular intervals. These data, that will be strictly anonymized so as to protect the privacy of the original Internet users, will be used to detect of Internet trends, to calibrate models of the Internet, and in general to support Internet-related research.

6. Dissemination of project Results.


Contact details


For more information about the Lobster project, contact Herbert Bos.