Mnemosyne

Description

The Mnemosyne project aims at implementing network short-term memory. Mnemosyne provides a framework that supports the development and control of dynamic queue-able persistent stores for streams of network traffic. Using Mnemosyne it is possible to create a set of stores that collect traffic, maintain a sliding window, and keep statistics on network usage. Mnemosyne provides an infrastructure to communicate securely with deployed stores so that it is possible to dynamically configure streams and collect the results of queries from a central location. It can be composed hierarchically to achieve scalability and extended trace-back.

Components

Mnemosyne is composed of a number of components:

The Packet Classification/Capture Library: The Packet Classification Library is a system-independent interface for user-level packet classification. It provides a portable framework for low-level network stream monitoring. Network streams are represented as either BPF programs or TCPDump filter expressions that characterize the traffic representative of that stream.
The AMP Configuration Protocol: AMP is a configuration protocol that is used to dynamically configure and query deployed Mnemosyne units in a secure way. The protocol is divided into three sections: dynamic deployment, dynamic configuration, and query. Dynamic deployment allows for the creation and destruction of streams, as well as the swapping of filters and response mechanism for existing streams. The dynamic configuration in the protocol defines a domain-independent exchange mechanism for domain-dependent stream parameter controls. The query facility provides a mechanism to send either a BPF program or a TCPDump Filter Expression to a repository for processing.
The Mnemosyne Controller: The Mnemosyne Controller is responsible for the deployment and management of Classifiers, interpreting the AMP protocol, and determining various storage and security policies.
The Mnemosyne Storage Unit: The Mnemosyne Storage Unit is responsible for satisfying the storage requests of the Mnemosyne Controller. It manages the persistence and permanence of network streams, as well as providing the implementation for the dynamic configuration.

Software

The Packet Classification Library (ver. 0.1)
A libpcap-based packet classifier.
- libpclap_0.1.tar.gz [MD5 Checksum]
The Mnemosyne tool (ver. 1.0)
The Mnemosyne Controller and Storage Unit.
- mnemosyne_1.0.tar.gz [MD5 Checksum].

Publications

G. Vigna and A. Mitchell, "Designing and Implementing Network Short-Term Memory,", in Proceedings of the International Conference on the Engineering of Complex Computer Systems (ICECCS), pp. 91-100, IEEE Press, Greenbelt, MD, December 2002.[PDF, BibTeX]
A. Mitchell and G. Vigna, "The AMP Protocol,", November 2002.[TXT]

People

G. Vigna
A. Mitchell

Acknowledgments

This research was supported by the Army Research Office, under agreement DAAD19-01-1-0484.