Information Technology : Network technologies

Information Technology Portfolios


Middlebox Scaling for the Cloud

UW–Madison researchers have developed a method that efficiently adjusts the number of middleboxes on demand by transferring not only the flows of instructions but their related middlebox states as well. A new transfer process prevents the loss of data packets and preserves order.

More Efficient High-Speed Data Packet Classification

UW–Madison researchers have developed a system to reduce power usage using a TCAM preclassifier, which determines and activates only those memory blocks needed for a search.

The method works by preclassifying data packets according to a small set of rules and steering the process to a selected portion of the TCAM. To do this, a set of memory blocks hold classification rules dependent on multiple arguments. The rules are configured to be associatively searched as a group for particular argument values.

The preclassifier circuit receives a data packet and matches it to a preclassification rule, which activates the correct subset of blocks to perform an associative search.

Managing Virtual Memory to Reduce Latency

UW–Madison researchers have developed a hybrid system to manage virtual memory and reduce access latency.

The system allows some data accesses via conventional TLB/page table lookups. Other data accesses use a bypass circuit and calculate a physical address, for example, by adding an offset value to the virtual address, rather than performing a lookup. The bypass circuit is able to detect a subset of virtual addresses and translate them to physical addresses according to a stored offset between pairs.

SliceHash: High-Performance Indexing for Data-Intensive Systems

UW–Madison researchers have developed a high-performance ‘slicing’ method for organizing index data on an SSD such that related entries are located together.

Buffer indexes are used to accumulate hash-type index data for writing to the flash memory. The grouped data is arranged on the flash memory so that entries related to the same hash are clustered for more efficient lookup. Specifically, data is clustered onto flash ‘pages,’ which are read and written in an order than takes advantages of the underlying parallel structure of the flash memory. Small in-memory indexes – such as hash tables, bloom filters or LSH tables – may be used as buffers to resolve slow random writes. When full, they get written to the SSD.

New Framework Helps Compose and Scale Middlebox Software Modules for Cloud Computing

UW–Madison researchers have developed a new methodology for managing these challenges. Called Stratos, the framework recognizes middleboxes as first-class entities in cloud infrastructures – centralizing and automating configuration, management, scaling and placement of middleboxes – empowering end users to easily secure and optimize their applications.

LEAP - Improved Data Lookup for High-Speed Routers

UW–Madison researchers have developed LEAP (Latency, Energy and Area Optimized Lookup Pipeline), an improved tile-based approach for routing data packets in a network.

The router has a series of ports for receiving and transmitting packets, and communicating with a general-purpose processor. The router’s packet processing engine receives data and conducts memory lookups. The engine includes a set of connected computational tiles. Each tile has a set of functional units with inputs and outputs for processing arguments, and a store for holding instructions. Also, the tiles have a programmable multiway switch for communicating with the functional units and act according to the stored instructions.

The functional units may access a lookup memory holding packet data while interconnection circuitry manages communication of data between tiles.

Prioritized Data Mapping to Recover High Usefulness Data for Improved Wireless Communications

UW-Madison researchers have developed a wireless communication system with a physical transmitter that transmits symbols mapped to multiple bits under an encoding system that allows data in an incorrectly received symbol to be salvaged. This encoding system exploits predictable expectations in error rates of different bit positions of symbols to promote transmission of high usefulness data. By placing the high usefulness data preferentially in bit positions that have fewer errors, the likelihood that high usefulness data can be recovered even after symbol errors occur is increased. The system recovers data by harvesting a portion of the bits of erroneous symbols rather than discarding the bits.

The entire system consists of a transmitter, a prioritizer, an encoder and an interleaver. The wireless transmitter transmits the symbols. The prioritizer divides received multibit data units into categories of relatively high and low usefulness, and creates mixed multibit data units made up of high and low usefulness bits. The encoder maps the mixed multibit data units to symbols and provides the symbols to the transmitter for transmission. The interleaver and encoder work together to map high usefulness bits to positions within the symbols having lower data error rates.

Improved Delivery of Rich Media Content over Wireless Networks

UW-Madison researchers have developed a wireless system that provides a new approach for media delivery using existing systems, such as the 802.11 wireless protocol. This approach, which is achieved through simple software changes, promises to improve the delivery of HD media over wireless networks and enhance the user experience.

The system identifies priorities of data units and assigns physical transmission parameters based on usefulness of the data. The usefulness of each data unit is used to control the transmitter parameters for the data unit. These parameters include the transmission rates of the bits of the data unit, the order of transmission of the data units and/or the number of retransmission attempts of the data units. This system provides both an ordering and a quantitative difference in usefulness between data units, permitting adjustment of the transmission parameters for different data units and a simple method of scheduling data units for transmission.

SmartRE: A Framework for Coordinated Network-Wide Caching

UW-Madison researchers have developed an apparatus for efficiently reducing redundant network transmissions in a network.  This new caching framework supports RE operations while conserving resources and improving load sharing across the network. 

Throughput of redundancy-aware devices can be increased by intelligently allocating compression and decompression responsibilities across a network.  The apparatus avoids repeated compression-decompression actions along a series of routers using an implicit coordination scheme, which reduces the resources used by the operation.  Resource conservation is magnified in that each decompression saves the transfer of content across several routers in the network.

Pipelined Lookup Grid Architecture (PLUG)–Fast, Cool and Flexible Network Processing

UW-Madison researchers have developed Pipelined LookUp Grid (PLUG) as a component that can accommodate many types of lookup operations performed by network equipment while processing traffic.  PLUGs offer a hybrid of storage and computation functions to address the energy efficiency and performance requirements of network devices.

PLUGs provide a specialized circuit for performing lookup operations in which the memory of a lookup table is divided into “tiles.”  The connections between these tiles may be flexibly changed to match the particular problem being addressed.  When a tree-type lookup is preferred, such as with IP addresses, the tiles can be configured into a tree structure.  Conversely, when a hash table is preferred, such as in Ethernet-type lookups, the tiles can be reconfigured in parallel ranks suitable for hash tables.  The ability to programmably configure individual memory elements allows the router to flexibly move between protocols and to manage lookup decisions at a phenomenally high rate (1 to 1.5 billion decisions per second).

Faster, Smaller Alternative (XFAs) for Use in Network Intrusion Detection Systems to Identify Malware

UW-Madison researchers have developed systems and methods for creating extended finite automata (XFAs), a smaller and faster alternative to DFAs and NFAs.  The XFAs operate similarly to DFAs but use small amounts of “scratch memory,” a partition of memory that records the progress made in matching signatures. The signature matches are recorded as values stored in scratch memory, rather than distinctly and redundantly as in DFAs.  As a result, required memory space grows linearly rather than exponentially.

SAFE: A Dynamic Malware Detection and Prevention System

UW-Madison researchers have developed a behavior-based approach capable of detecting and stopping known and unknown malware. Most malware can be detected by observing malware-generated events, such as creating files or making network connections, from inside the “kernel,” the central component of the operating system. These events are essential to the function of the malware and not easily disguised.

The inventors have developed a program to monitor kernel events associated with all processes being executed on a computer. Code or programs from unverified sources are allowed to run in a controlled and isolated environment that restricts access to critical system resources, such as network and host system files. Before a kernel event associated with one of these unverified processes is committed to a system resource, it is evaluated against a set of policies that describe sequences of such events that are associated with malicious behavior. If a kernel event is identified as being malicious, the monitoring program stops the execution of the process and quarantines it for removal.

Apparatus and Algorithms for Channel Management in Wireless Local Area Networks

UW-Madison researchers have developed a method of assigning channels to a plurality of access points of a wireless local area network to provide enhanced bandwidth usage, interference minimization and load balancing. The method identifies a range set and an interference set for each client of a WLAN. Using a hierarchy of importance for each AP, it then calculates a respective interference level that would be experienced by that AP in at least two channels, and stores that information. The analysis cycles until AP assignment results in optimized throughput and interference.

Improved Method and Apparatus for Wire-Speed Packet Classification on IP Networks

UW-Madison researchers have developed a method and apparatus for packet classification at wire-speed using both hardware- and software-based classifiers.  In the new method, incoming packets are first processed through a hardware-based classifier that utilizes a set of evolving rules continuously modified by information from packet flow characteristics.  If the hardware-based classifier cannot classify the packet, it is then processed by a more sophisticated software-based classifier.  The combination of both hardware- and software-based classification allows optimal operation of the packet classifying apparatus.

The improved apparatus consists of a hardware-based packet classifier and a processor that executes the software-based packet classifier.  The hardware-based classifier is able to store, update and create new evolving rules with the assistance of cache manager software.  Updating the rules to promote maximum efficiency may involve ensuring rules are in accordance with sample packets, minimizing a cache miss ratio, reorganizing the structure of rules or hot-swapping rules.  The software-based classifier also has a full set of rules to classify any packets that the hardware-based classifier could not classify.  Taking advantage of hardware- and software-based classifiers, the new method and apparatus for packet classification maximizes the efficiency and speed of packet classification, in turn optimizing packet-based network quality of service and security.

Protomatching Network Traffic for High Throughput Network Intrusion Detection

UW-Madison researchers have developed a quick method of malware identification that can increase network throughput by as much as 25 percent. The protocol analysis, normalizing and signature-matching steps are blended into one operation, called a superset protomatcher, so that the most of the network data is only inspected once. The superset protomatcher identifies most of the benign traffic immediately so that only a few strings of data require normalization.

Method and System for Retrieving Information from Wireless Sensor Nodes

UW-Madison researchers have developed an alternative approach to retrieving information from a wireless sensor network. In this method, a computationally powerful Wireless Information Retriever (WIR) interrogates a group of computationally “dumb” wireless sensor nodes with wideband radio-frequency signals. The sensors act as “active scatterers” and generate a multipath response to the interrogation signal that includes the sensed data. The WIR then separates the signals from different sensors by matched filtering to their location-dependent response to rapidly retrieve their information.

Systems and Methods for Testing and Evaluating a Network Intrusion Detection System

UW-Madison researchers have developed a method for determining if a set of signatures provided to an intrusion detection system for a given attack is sufficient to detect all possible modifications of that attack. They developed a formal set of transformation rules that represent mutations that might be used to disguise an attack. These rules can be applied in any combination to a known attack instance to generate variations on the attack. The variations can then be input to a NIDS for testing. Failure of the NIDS to detect an attack instance indicates a vulnerability in the system.

Scalable Monitor of Malicious Network Traffic

The researchers have now developed an improved, scalable device that attaches to unused addresses and monitors communications to detect malicious network traffic. The device includes an active responder that simulates communication by an actual computer, but which requires fewer processing resources and may be readily scaled to monitor large numbers of network addresses. Preferably, the active responder provides a response based only on the previous statement from the malicious source. In most cases, this is sufficient to promote additional communication with the malicious source, presenting a complete record of the transaction for analysis and possible signature extraction. Experiments in a controlled laboratory situation as well as in a case study showed this device is efficient, scalable and useful.

Semantically-Aware Network Intrusion Signature Generator

UW-Madison researchers have developed an improved method for automatically generating signatures that are highly effective at identifying malicious network traffic. The method involves collecting malicious traffic on dark-space addresses (routable network addresses not used by legitimate systems), assigning multi-packet samples from the collected traffic to connections and/or sessions, and normalizing each packet sequence. Cluster analysis of the transformed sequence data is then used to organize the malicious network traffic into groups with similar characteristics. Finally, machine learning is used to generate semantically-aware signatures that identify all variants in each cluster. An analysis showed that the resulting signatures have extremely low false alarm rates compared to standard NIDS signature sets.

Reducing Bandwidth for On-Demand Data Streaming Using Mini-Clusters

UW-Madison researchers have developed a method that takes advantage of multicast to reduce the server and network bandwidth requirements of streaming media. The technique, called partitioned dynamic skyscraper, scales the bandwidth logarithmically with the client request rate while providing immediate service to clients.

Method for Efficient On-Demand Data Streaming

UW-Madison researchers have developed a method for holding and reserving a portion of the client reception bandwidth not contributing significantly to display quality to substantially reduce the server and network bandwidth associated with streaming media.

Method for Caching Media Files to Reduce Delivery Cost

When multicast stream merging is employed, the early parts of a program are transmitted more frequently than the later parts of a program. In addition, more clients are receiving the same unit of data later in the program. UW-Madison researchers have used this information to provide an improved system of allocating the data. Specifically, the program is split into a prefix and suffix, as a function of at least 1) the costs associated with storing the prefix at a regional storage location and 2) the costs of transmitting the suffix from the remote storage location.

Bandwidth Reduction of On-Demand Streaming Data Using Flexible Merger Hierarchies

UW-Madison researchers have now developed an improved on-demand multicast delivery technology that offers dramatic bandwidth savings. In their flexible merger hierarchy technique, 1) each data stream is multicast so that clients can listen to any stream, 2) clients accumulate data faster than their file play rate, allowing them to “catch up” to clients who began receiving the file earlier, 3) clients are merged into larger and larger groups, and 4) the dropped stream(s) is freed up for other users. The key to this technology is that the merger hierarchy changes dynamically as new client requests arrive, providing optimal bandwidth savings.