“Monitoring Networks with Queries Evaluated by Edge Computing” by Quangtri Thai, Ordonez Carlos, and Omprakash Gnawali. In Proceedings of the fifth Workshop on Real-time Stream Analytics, Stream Mining, CER/CEP & Stream Data Management in Big Data (RSASD 2020), Dec. 2020.
Monitoring networks requires efficiently detecting abnormal events and summarizing connection information in big volumes of packet-level data. Some of these tasks can be accomplished with network and operating system utilities, but the questions should be relatively simple and each tool is designed to provide specific analysis. Another requirement is to be able to process data both in a centralized and decentralized manner, given the diversity in instrumentation and vantage points. On the other hand, database systems can answer complex questions phrased as queries, provided data is in the right format and is quickly loaded. Having such motivation in mind, we propose to monitor a network with queries, running on a traditional DBMS (i.e. not a custom-built system programmed in C or C++). Thus, queries can be processed in a central manner in a traditional database server or in a distributed fashion, with edge computing. Our experimental evaluation shows queries can indeed be used to monitor the network with low latency and reasonable delay on a low-resource device like the Raspberry Pi. We explain some interesting findings in a local network. In addition, we show queries can be efficiently evaluated in a small computing device capturing local traffic, showing promise for distributed monitoring.
BibTeX entry:
@inproceedings{netmonitoring-rsasd2020,
author = {Quangtri Thai and Ordonez Carlos and Omprakash Gnawali},
title = {Monitoring Networks with Queries Evaluated by Edge Computing},
booktitle = {Proceedings of the fifth Workshop on Real-time Stream
Analytics, Stream Mining, CER/CEP & Stream Data Management in
Big Data (RSASD 2020)},
month = dec,
year = {2020}
}