Instrument for Situational Network Awareness for Real-Time & Long-Term Data

iSNARLD and SentryWire Logo

UT/JICS at Oak Ridge National Labs in partnership with Alliance Technology Group & SentryWire, a division of Alliance, are developing an Instrument for Situational Network Awareness for Real-Time & Long-Term Data (iSNARLD). This new solution will instrument network packet capture coupled with a powerful analytics engine. This new solution will provide:

- Deep insights into the characteristics of network traffic
- Breadth of traffic flows
- Detection of potential attacks
- Detection of unauthorized data exfiltration
- Sources of inefficiencies or incorrect behaviors
- Behaviors of user or automated traffic

This instrument will enable, for the first time, analysis that can focus on a specific point in time (such as for real-time analysis), across a range of time spanning months to years. Leveraging the respective strengths in the current partnership will greatly enhance the prospects for developing an effective instrument with unprecedented capabilities and versatility. Furthermore, the collected network traffic data and associated analytics capabilities will provide information enabling revolutionary new insight into a spectrum of exciting new research thrusts, such as:

- Cyber Security in forensics and intrusion detection
- Real-Time network situational awareness
- Operations research into network performance and bottleneck identification
- And, limitless possibilities that have not been thought to be possible

The iSNARLD project has extraordinary potential impact on the broad research community as well as to society as a whole. The system will impact national cyber infrastructure and local research as well as the educational mission at The University of Tennessee.

The proposed Instrument for Situational Network Awareness for Real-Time & Long-Term Data (iSNARLD) will fundamentally transform networking and security research through its packet capture and impressive analytics capability. The instrument is the next major step in the evolution of networking infrastructure that provides high bandwidth coupled with security capabilities to detect intrusion and protect computational and data assets. The instrument will build upon a 20Gbps SentryWire Sentry250 system from Alliance with an effective capacity of up to 4PB (sufficient for months of network data, depending on specific traffic patterns). The proposed system will provide: (1) high-bandwidth, lossless packet capture; (2) metadata extraction to summarize and aggregate packet data to enable efficient analytics; (3) (near) real-time data analytics to support situational awareness of flows and performance along with security applications such as intrusion detection and prevention of data exfiltration; (4) batch or off-line analytics for machine-learning based discovery; (5) visualization support for enhanced situational awareness and network usage insight; and (6) unprecedented scale of network data (months to years) for analysis. The proposed system presents dramatically improved capabilities for providing situational awareness and understanding network usage in real-time or across periods spanning months to years, providing revolutionary opportunities across a broad spectrum of networking research, operations and even social science.