@inproceedings{a158286905b74e16bc103d63a185cfda,
title = "VM-based architecture for network monitoring and analysis",
abstract = "A single physical machine provides multiple network monitoring and analysis services (e.g., IDS, QoS) which are installed on the same operating system. Isolation between services is weak and it is difficult to decide the optimum allocation of resources for each service. This paper presents a virtual-machine-based architecture for network traffic monitoring and analysis. Through virtualization, a machine under the architecture logically is divided into one host, one virtual machine monitor (VMM) and multiple virtual machines. The host is responsible for capturing network traffic, and multiplexing it to multiple virtual machines. Each virtual machine hosts a service. VMM performs functions such as isolating services and resolving the conflict between services. Compared with Xen, KVM is chosen as a VMM to implement the architecture. Some network optimizations of the architecture are given. Our evaluation results show that these optimizations can multiplex network traffic received by the host to all services, and improve the data receive performance of services by 67\% compared to the architecture in which the traffic is directly transferred to virtual machines, instead of the host, and optimized methods are not adopted.",
keywords = "KVM, Network monitoring, Virtual machine, Virtualization, Xen",
author = "Qiang Li and Qinfen Hao and Limin Xiao and Zhoujun Li",
year = "2008",
doi = "10.1109/ICYCS.2008.445",
language = "英语",
isbn = "9780769533988",
series = "Proceedings of the 9th International Conference for Young Computer Scientists, ICYCS 2008",
pages = "1395--1400",
booktitle = "Proceedings of the 9th International Conference for Young Computer Scientists, ICYCS 2008",
note = "9th International Conference for Young Computer Scientists, ICYCS 2008 ; Conference date: 18-11-2008 Through 21-11-2008",
}