Comparing IO Visor and Pcap for Security Inspection of Traced Packets from SmartX Box

  • Muhammad Ahmad Rathore
  • Aris Cahyadi Risdianto
  • Taekho Nam
  • JongWon Kim
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 474)


With the dawn of distributed cloud computing technology running on hyper-converged box-style hardware, infrastructure operators are facing two challenges of minimizing resource overhead and ensuring infrastructure security. In this paper, we try to compare IO Visor-based and pcap-based packet tracing for security inspection of traced packets from Linux-based hyper-converged SmartX Box. For security inspection, we implement the integration of IO Visor packet tracing with Bro IDS by employing customized scripting and experimentally validate the security inspection performance.


Infrastructure security Packet tracing and collection Intrusion detection system IO visor kernel-level tracing 



This work was supported by Institute for Information & Communications Technology Promotion (IITP) grants funded by the Korea government (MSIT) (No. 2015-0-00575, Global SDN/NFV Open-Source Software Core Module/Function Development) and (No. 2017-0-00368, Hyper-Fast & Visible Data Transport with Software/Hardware Co-design based on Open-Source IO Visor Inter-connect).


  1. 1.
    Gregg, B.: Linux 4. X Tracing Tools: Using BPF Superpowers (2016)Google Scholar
  2. 2.
    Nam, T., et al.: Open-Source IO Visor eBPF-based Packet Tracing on Multiple Network Interfaces of Linux Boxes (2017, in press)Google Scholar
  3. 3.
    Corbet, J.: Extending extended BPF, 2 July 2014.
  4. 4.
    IOVisor community. BPF-based Linux IO analysis, networking, monitoring.
  5. 5.
  6. 6.
    Risdianto, A.C., Na, T., Kim, J.: Running lifecycle experiments over SDN-enabled OF@ TEIN testbed. In: 2014 IEEE Fifth International Conference on Communications and Electronics (ICCE), pp. 194–198. IEEE, July 2014Google Scholar
  7. 7.
    Lee, J., et al.: IO Visor-based Packet Tracing and Collection over Distributed SmartX Server-Switch Boxes (2017, in press)Google Scholar
  8. 8.
    OpenStack Open Source Cloud Computing Software, 15 August 2017.
  9. 9.
    Ha, T., Yoon, S., Risdianto, A.C., Kim, J., Lim, H.: Suspicious flow forwarding for multiple intrusion detection systems on software-defined networks. IEEE Netw. 30(6), 22–27 (2016)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  • Muhammad Ahmad Rathore
    • 1
  • Aris Cahyadi Risdianto
    • 1
  • Taekho Nam
    • 1
  • JongWon Kim
    • 1
  1. 1.School of Electrical Engineering and Computer ScienceGwangju Institute of Science and Technology (GIST)GwangjuSouth Korea

Personalised recommendations