Research at Cisco

Distributed Traffic Monitoring

Project ID:


RFP-2009-053

Title:


Distributed Traffic Monitoring

Summary:


Traditional traffic monitoring systems such as Intrusion Detection Systems have a number of shortcomings. These shortcomings can potentially be overcome through a distributed system. A distributed system is of particular interest because it can often achieve a degree of comprehensiveness and scalability that is hard to match in a centralized system.

The central question is how to quickly and efficiently use information available at various nodes of a distributed system. A related question is how to manage and configure such a distributed system without requiring extensive change in mindset.

Cisco seeks proposals for research that will contribute to the theoretical understanding of the design, provisioning, management, and efficient use of distributed traffic monitoring systems, with emphasis on intrusion detection.

Full Description:


Proposals should focus on the basic principles and constraints of distributed traffic monitoring systems. Distributed intrusion detection systems are of particular interest. Possible topics include, but are not limited to:

Distributed system architectures, platforms, tools, algorithms that support:

  • Distributed Policy Specification and Dissemination: Traditional approaches have been to configure each sensor individually or to configure all sensors alike. There are number of defects in these approaches; e.g., excessive operational overhead in the former, and inflexibility in the latter. Any new thinking that leads to more effective configuration methods will be of interest.
  • Distributed Sensor Information Integration: Current traffic sensors are able to generate large volumes of data pertaining to individual packets and sessions. Intelligent systems to analyze the data and take actions are easily overwhelmed by the sheer volume of data. New approaches to data integration are needed.
  • Sensor Virtualization: The above two issues arise due to the physical plurality of the number of devices. Virtualization has been used in other areas to abstract out the physical world from the logical world. By applying virtualization scalability issues has been handled effectively.

The goal of the RFP is to seek new insights into the issue rather then a particular implementation. New theoretical, empirical and experimental investigations will be of interest.

Constraints and other information:


IPR will stay with the University. Cisco expects customary scholarly dissemination of results, and hopes that promising results would be made available to the community without limiting licenses, royalties, or other encumbrances.

Proposal submission:


Please use the link below to submit a proposal for research responding to this RFP. After a preliminary review, we may ask you to revise and resubmit your proposal.

Create/submit a proposal for this RFP this link will generate a new window

RFPs may be withdrawn as research proposals are funded, or interest in the specific topic is satisfied. Researchers should plan to submit their proposals as soon as possible. The deadline for Submissions is the Friday of the first week of each calendar quarter (the months of January, April, July, October). Funding decisions and communication will occur within 90 days from the quarterly submission deadline. The usage of funding is expected within 12 months of funding decision. Please plan your requests accordingly.

Questions? Contact: research@cisco.com