Logo ČVUT
CZECH TECHNICAL UNIVERSITY IN PRAGUE
STUDY PLANS
2022/2023

HW accelerated network traffic monitoring

Login to KOS for course enrollment Display time-table
Code Completion Credits Range Language
BI-HAM KZ 4 2P+1C Czech
Lecturer:
Tomáš Čejka (guarantor)
Tutor:
Tomáš Čejka (guarantor)
Supervisor:
Department of Digital Design
Synopsis:

This course introduces students to modern and widely used technologies and principles in the area of network infrastructure and traffic monitoring. The monitoring and analysis of network traffic are mandatory skills to network operators (planning and development of resources and infrastructure) and security analysts alike (as a source of information and data for analysis). The goals of the course are to acquaint students with the modern trends and cornerstone principles in the area of monitoring network traffic on a hardware and software level and to develop their practical abilities in this field.

Requirements:

Basic knowledge of computer networks and their monitoring, finished Computer Networks course.

Syllabus of lectures:

1. Network protocol overview and introduction to network monitoring.

2. Monitoring on a hardware level (wired, optical, wireless networks)

3. Monitoring on a packet level and its hardware acceleration.

4. Packet analysis (libpcap, pf_rink, DPDK) and the use of the P4 language for monitoring.

5. Gathering telemetry data, sFlow

6. Monitoring on L3 & L4 - IP flow, NetFlow, IPFIX

7. Biflow, flow pairing, aggregation, traffic filtering on high speed networks.

8. Extended IP flow and feature extraction from the application layer.

9. Monitoring of encrypted traffic.

10. Monitoring virtual and cloud environments, datacenter, software defined networks.

11. Classification of network traffic and entities.

12. Monitoring IoT.

13. Network traffic visualization.

Syllabus of tutorials:

1. Tools for network analysis (tcpdump, wireshark, tshark).

2. Monitoring probes and data exporters.

3. Data flow collectors.

4. Deep Packet Inspection.

5. Data flow analysis, information about network state.

6. Network traffic visualization.

Study Objective:

The goals of this course are to introduce students to the principles of monitoring network infrastructure and using data from monitoring systems for security analysis and service fault detection. Upon successful completion of this course, the student will be familiar with timeless monitoring methods, which are used since the advent of computer networks, and which are the basis for all current monitoring infrastructure. The course further develops the students’ practical knowledge in the area of network monitoring and data analysis.

Study materials:

SANDERS, Chris: “Applied network security monitoring: collection, detection and analysis”. Waltman, MA: Syngress, c[2014]. ISBN 978-0-12417-208-1.

R. Hofstede et al.: „Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX,“ in IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 2037-2064, Fourthquarter 2014, doi: 10.1109/COMST.2014.2321898.

M. Lucas: “Network Flow Analysis”, No Starch Press, 2010, ISBN 978-1-59327-203-6.

P. Benáček, V. Puš, H. Kubátová, and T. Čejka, “P4-To-VHDL: Automatic generation of high-speed input and output network blocks,” Microprocessors and Microsystems, vol. 56, pp. 22–33, 2018.

T. Cejka, V. Bartos, L. Truxa, and H. Kubatova, “Using Application-Aware Flow Monitoring for SIP Fraud Detection,” in Intelligent Mechanisms for Network Configuration and Security: 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015, S. Latré, M. Charalambides, J. François, C. Schmitt, and B. Stiller, Eds. Ghent, Belgium: Springer International Publishing, 2015, pp. 87–99.

T. Cejka, V. Bartoš, M. Svepes, Z. Rosa, and H. Kubatova, “NEMEA: A Framework for Network Traffic Analysis,” in 12th International Conference on Network and Service Management (CNSM 2016), Montreal, Canada, 2016.

Note:
Time-table for winter semester 2022/2023:
Time-table is not available yet
Time-table for summer semester 2022/2023:
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon
Tue
Wed
Thu
Fri
roomT9:345
Čejka T.
14:30–16:00
(lecture parallel1)
Dejvice
NBFIT BOU ucebna
roomT9:345
Čejka T.
16:15–17:45
EVEN WEEK

(lecture parallel1
parallel nr.101)

Dejvice
NBFIT BOU ucebna
The course is a part of the following study plans:
Data valid to 2023-02-07
Aktualizace výše uvedených informací naleznete na adrese https://bilakniha.cvut.cz/en/predmet6609706.html