Leveraging 3D Game Engines (L3DGE): Novel techniques for anomalous traffic detection and collaborative network control.
Overview
|
| An overview of a network using L3DGEWorld 2.2.
|
Network operators are continually challenged by the task of
identifying, and subsequently reacting to, anomalous (and
potentially malicious) Internet Protocol (IP) traffic entering,
traversing or leaving their systems. Reaction to anomalous
network events (such as updating firewall rules, re-routing traffic,
etc) is often labour-intensive and does not occur in anything close
to real-time (except in simple, clearly defined computer-controlled
scenarios). As networks carry more mission critical data, joint
decision-making by human operators becomes increasingly
desirable. Often the detection, interpretation and reaction process
requires staff with relatively expensive skills, thus technical
means to reduce demands on such staff are worth exploring.
We propose an unconventional technical approach for traffic monitoring,
identification and control that arises from two basic premises: we wish to
allow network administrators the option of real time computer assisted
collaboration on anomaly monitoring in enterprise networks and we believe the
human mind is better than computer algorithms at pattern recognition.To that
end, we are exploring techniques for mapping real-world network events into 3D
virtual worlds through the (re)use of existing, freely-available 3D multiplayer
game engine technology. External events (such a traffic monitored with
conventional network sniffers) will be mapped into dynamic behaviour of
in-world entities. In-world interactions between 'players' and entities will be
mapped to external world actions (such as updating the ACL on a local
firewall).
Although our initial focus is on network monitoring and control, we
also plan to demonstrate the use of 3D virtual environments to capture
real-time state of other complex systems, such as processor nodes in
a supercomputer cluster.
The project has the following goals:
- Published
investigations into effective mappings between IP network events and
visually orthogonal avatar behaviours (crucial for optimal recognition
of potential patterns by the human mind)
- Published investigations into effective mappings between ingame "interactions" and network configuration updates
- Release of our code-base to the research community via Sourceforge or equivalent avenue (and the CAIA website)
Part of this project involves releasing tools, feature computation, and
publishing interim results and papers on our website.
To date our featured releases are L3DGEWorld (network monitoring, 2007-2008),
LCMON (supercomputer cluster monitoring, 2007), LupsMON (remote UPS monitoring, 2008) and LAMS (L3DGEworld for monitoring Asterisk VoIP servers, 2008).
In September 2012 we released W3bworld and W3bmon proof-of-concepts showing how HTML5 techniques can be used to replicate L3DGE.
In October 2012 we released a proof-of-concept arduino-l3dgecomm library and demo videos showing how an Arduino + L3DGEWorld could be used to monitor and interact with the real world from within a 3D game world.
In 2013 we embarked on Homenet3D, a re-imagining of the core L3DGEWorld ideas using HTML5/WebGL/WebSockets technologies to provide a more intuitive, qualitative view into the state of home networks.
Program Leader
Grenville Armitage
Program Members
Warren Harrop
(Alumni: Alexander Shoolman, Carl Javier,
Lucas Parry)
