Leveraging 3D Game Engines (L3DGE): Novel techniques for anomalous traffic detection and collaborative network control.


Overview
An overview of a network using L3DGEWorld 2.2.

Network operators are continually challenged by the task of identifying, and subsequently reacting to, anomalous (and potentially malicious) Internet Protocol (IP) traffic entering, traversing or leaving their systems. Reaction to anomalous network events (such as updating firewall rules, re-routing traffic, etc) is often labour-intensive and does not occur in anything close to real-time (except in simple, clearly defined computer-controlled scenarios). As networks carry more mission critical data, joint decision-making by human operators becomes increasingly desirable. Often the detection, interpretation and reaction process requires staff with relatively expensive skills, thus technical means to reduce demands on such staff are worth exploring.

We propose an unconventional technical approach for traffic monitoring, identification and control that arises from two basic premises: we wish to allow network administrators the option of real time computer assisted collaboration on anomaly monitoring in enterprise networks and we believe the human mind is better than computer algorithms at pattern recognition.To that end, we are exploring techniques for mapping real-world network events into 3D virtual worlds through the (re)use of existing, freely-available 3D multiplayer game engine technology. External events (such a traffic monitored with conventional network sniffers) will be mapped into dynamic behaviour of in-world entities. In-world interactions between 'players' and entities will be mapped to external world actions (such as updating the ACL on a local firewall).

Although our initial focus is on network monitoring and control, we also plan to demonstrate the use of 3D virtual environments to capture real-time state of other complex systems, such as processor nodes in a supercomputer cluster.


The project has the following goals:
  • Published investigations into effective mappings between IP network events and visually orthogonal avatar behaviours (crucial for optimal recognition of potential patterns by the human mind)
  • Published investigations into effective mappings between ingame "interactions" and network configuration updates
  • Release of our code-base to the research community via Sourceforge or equivalent avenue (and the CAIA website)

Part of this project involves releasing tools, feature computation, and publishing interim results and papers on our website. To date our featured releases are L3DGEWorld (network monitoring), LCMON (supercomputer cluster monitoring) and LupsMON (remote UPS monitoring).

In September 2012 we released W3bworld and W3bmon proof-of-concepts showing how HTML5 techniques can be used to replicate L3DGE.

Program Leader

Grenville Armitage

Program Members

Warren Harrop

(Alumni: Alexander Shoolman, Carl Javier, Lucas Parry)

 

cisco logo

This project has been made possible in part by a grant from the Cisco University Research Program Fund at Community Foundation Silicon Valley.

Last Updated: Tuesday 2-Oct-2012 07:23:41 EST | Maintained by: Grenville Armitage (garmitage@swin.edu.au) | Authorised by: Grenville Armitage (garmitage@swin.edu.au)