News 

Events

Press Corner

Press Releases

Press Coverage

Multimedia Corner

Partners' Spotlights

Documents

Annual Reports

Newsletter

Technical Documents

Presentations
 

openlab Phase III

Automation Controls CC

Database CC

Networking CC

Platform CC

Previous Phases

Management

Education Corner
 

Student Programme

What is it?

How to apply-2012

Students-2012

Programme-2012

About CERN openlab

What is it?

Participants

Guiding Principles
 

openlab II

Platform CC

Virtualization

Optimization

Grid IC

Tycoon

SmartDomains

Database CC

Networking & Security

Networking
 Security

openlab I

opencluster

Usage

LCG on Itanium 2

SmartFrog
 
 

Printable version

CINBAD - CERN Investigation of Network Behavior Anomaly Detection

 

The project originates from a common interest between CERN and HP/ProCurve. As a leading scientific organization with open environment and demanding users, CERN looks for innovative technologies to meet the needs of the Large Hadron Collider (LHC).  We would like to improve the reliability, security, speed and performance of our IT infrastructure. The collaboration between CERN and HP/ProCurve puts our ideas and experience together in order to develop appropriate solutions for high-performance networking.

 

Overview

Today's networks are getting more complex and harder to master. They consist of many different elements, like switches, routers, servers and firewalls. An increase in configuration and topology complexity as well as in a number of users and services in the network might cause problems. Also the number of potential new network attacks and viruses grow with this complexity.  For that reason, the computer network might indeed operate in unexpected way. This deviation from the normal state is an anomaly. Even in CERN 'academic' environment, we can not afford network downtimes, especially when LHC starts to produce peta bytes of data.  The goal of the project is to detect these anomalies as early as possible. To achieve this goal, we look for all potential data sources, collect and store the data, and provide algorithms in order to accurately detect the anomalies. Using CERN's large network infrastructure as a source of data will help in providing scalable, efficient and accurate anomaly detection systems. 

 

 

The project goal is to understand the behavior of large computer networks (10’000+ nodes) in High Performance Computing or large Campus installations to be able to:

  • Detect traffic anomalies in the system

  • Be able to perform trend analysis

  • Automatically take counter measures

  • Provide post-mortem analysis facilities

Results

The results of this project (which started during CERN openlab II and was completed during CERN openlab III), are available to you in the openlab III section of the CERN openlab website and by clicking here.

Resources

Packet Sampling for Network Monitoring - Technical Report

sFlow

Our presentations

Packet Sampling and Network Monitoring

HP ProCurve project update

Initial plans for the HP ProCurve Project


Last update: Wednesday, 11. January 2012 16:06


Copyright CERN