DOCSLIB.ORG

Advancing Cyber Security with a Semantic Path Merger Packet Classification Algorithm

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Advancing Cyber Security with a Semantic Path Merger Packet Classification Algorithm ADVANCING CYBER SECURITY WITH A SEMANTIC PATH MERGER PACKET CLASSIFICATION ALGORITHM A Thesis Presented to The Academic Faculty by J. Lane Thames In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Electrical and Computer Engineering Georgia Institute of Technology December 2012 Copyright c 2012 by J. Lane Thames ADVANCING CYBER SECURITY WITH A SEMANTIC PATH MERGER PACKET CLASSIFICATION ALGORITHM Approved by: Dr. Randal Abler, Advisor Dr. Raghupathy Sivakumar School of Electrical and Computer School of Electrical and Computer Engineering Engineering Georgia Institute of Technology Georgia Institute of Technology Dr. Henry Owen Dr. Dirk Schaefer School of Electrical and Computer School of Mechanical Engineering Engineering Georgia Institute of Technology Georgia Institute of Technology Dr. George Riley Date Approved: September 27, 2012 School of Electrical and Computer Engineering Georgia Institute of Technology To Linda, my wife and best friend, forever plus infinity iii ACKNOWLEDGEMENTS First and foremost, I give special thanks to my advisor, Dr. Randal (Randy) Abler, who has been a great friend and mentor. I began working with Dr. Abler while I was an under- graduate student at Georgia Tech. He introduced me to the world of computer networking, information technology, and cyber security, and I am indefinitely grateful for the support, guidance, and knowledge he has given to me throughout the years. I would like to thank Dr. George Riley, Dr. Henry Owen, Dr. Raghupathy Sivakumar, and Dr. Dirk Schaefer for taking time from their busy schedules to serve as my thesis committee. Their feedback, support, and guidance played an invaluable role in my disser- tation research. I am truly honored to have studied under the guidance of my advisor and committee. I am grateful to all of my friends, classmates, and colleagues from Georgia Tech for all of their support and encouragement. I am thankful for each and every one of the wonderful Georgia Tech faculty and staff who have helped me during my time as a student. I would like to extend a special thanks to Ms. Marilou Mycko, Mrs. Pat Potter, and Dr. Daniela Staiculescu for all of their administrative support during my time as a graduate student. I would like to express my sincere gratitude to Dr. David Frost for being such a great friend and mentor to me. Special thanks goes to Gail Wells. Gail allowed me to work with her as an undergraduate teaching assistant. It was during my time as a teaching assistant that I discovered a burning desire to teach, and it was this desire that influenced my decision to pursue a graduate degree. Several years ago, Dr. Schaefer and my colleagues in the Systems Realization Laboratory invited me to do collaborative research with them. Our research together over the last few years has been very rewarding, and, for this, I am deeply grateful. Finally and with immeasurable gratitude, I want to thank my wife, Linda, whose love and encouragement made this achievement possible. iv TABLE OF CONTENTS DEDICATION....................................... iii ACKNOWLEDGEMENTS ................................ iv LIST OF TABLES .................................... viii LIST OF FIGURES.................................... x NOMENCLATURE .................................... xiii SUMMARY......................................... xvii I INTRODUCTION.................................. 1 II CONCEPTS..................................... 6 2.1 Terminology . .6 2.2 Firewalls . .7 2.3 Intrusion Detection . 11 2.4 Intrusion Prevention . 14 2.5 Packet Classification . 15 2.6 Summary . 18 III BACKGROUND................................... 19 3.1 Distributed security architectures and defense systems . 19 3.2 Software-Based Packet Classification Algorithms . 25 3.2.1 One Dimensional Packet Classification Algorithms . 26 3.2.2 Multidimensional Packet Classification Algorithms . 36 3.3 Hardware-based Packet Classification . 41 3.4 Cyberattack Detection Algorithms with Intelligent Systems . 46 3.5 Summary . 50 IV CYBERATTACK DEFENSE WITH THE DISTRIBUTED FIREWALL AND ACTIVE RESPONSE ARCHITECTURE..................... 51 4.1 Motivation . 51 4.2 Functional Characteristics of Distributed Network Defense Mechanisms . 54 4.2.1 The Firewall Collaboration Framework . 54 4.3 The Distributed Firewall and Active Response Architecture . 58 v 4.3.1 High-level Description . 58 4.3.2 Architectural Description . 62 4.3.3 Firewalls, Blacklisting, and the Packet Classification Problem . 68 4.4 Summary . 71 V A NOVEL THEORY OF SEMANTIC ASSOCIATION SYSTEMS . 72 5.1 A Compositional Computing Model of Semantic Association Systems . 73 5.2 Formal Model of the Semantic Association System . 75 5.3 Hypergraph Representation of the Semantic Association Network . 80 5.4 Characteristics and other Transformations of the Semantic Association System . 84 5.5 Summary . 87 VI HARDWARE-BASED MULTIDIMENSIONAL PACKET CLASSIFICATION WITH THE SEMANTIC PATH MERGER ALGORITHM ............... 90 6.1 The SPM multidimensional packet classification algorithm . 93 6.2 Simulation Methodology . 109 6.2.1 The Cacti Integrated Memory Simulator . 109 6.2.2 Simulation performance metrics and parameters . 110 6.3 Simulation Results . 111 6.4 Summary . 116 VII ADVANCED CYBERATTACK DETECTION WITH COMPUTATIONAL IN- TELLIGENCE SYSTEMS ............................. 118 7.1 Datasets and Performance Metrics for Evaluating Cyberattack Detection Systems . 119 7.1.1 Datasets . 119 7.1.2 Performance Metrics . 121 7.2 Cyberattack Detection with Hybrid Intelligent Systems . 122 7.2.1 The HBSOM Classification Algorithm . 123 7.2.2 Simulation Results . 127 7.3 Cyberattack Detection with Ensembles of Computational Intelligence Sys- tems....................................... 128 7.3.1 The NNO Classification Algorithm . 129 7.3.2 Simulation Results . 130 vi 7.4 Summary . 136 VIII CONCLUSION.................................... 138 APPENDIX A CACTI 6.5 CONFIGURATION EXAMPLE . 141 APPENDIX B CACTI 6.5 SIMULATION OUTPUT . 145 APPENDIX C CACTI 6.5 CONFIGURATION EXAMPLE WITH MCPAT . 148 APPENDIX D CACTI 6.5 SIMULATION OUTPUT WITH MCPAT . 152 APPENDIX E RAW CACTI SIMULATION DATA . 155 REFERENCES....................................... 159 VITA ............................................ 172 vii LIST OF TABLES 1 A real-world firewall filter-set. 10 2 An example of points, prefixes, and ranges used by packet filters. 10 3 An example of SNORT detection rules (filters). 13 4 An example of a simple 2-dimensional packet classifier. 17 5 A one-dimensional routing table of prefixes. 27 6 An example of prefix expansion. 30 7 Resolving prefix collisions with prefix capture. 31 8 Generic model for the data structure of a trie node. 31 9 Data represented by the trie of Figure 20. 45 10 The ideas of data, information, semantics, knowledge, and perspectives. 74 11 The meta-language of the semantic data structure. 75 12 Conceptual typing production rules of the semantic space. 77 13 The path matrix for the CPHG from Figure 30. 82 14 Theoretical space-time bounds for packet classification algorithms. 90 15 Line rates, packets per second, and classification rates. 91 16 Two dimensional packet filters. 94 17 Correspondences between the path merger processes and the semantic asso- ciation network. 100 18 Parameters for a 3-dimensional packet classifier illustrating the construction of the SPM hypergrid. 102 19 A set of packet filters with parameters given by Table 18. 104 20 Partitioned path matrix corresponding to the colored paths from the semantic association network of Figure 41. 106 21 Metrics used to evaluate the performance of the SPM hardware algorithm. 111 22 Perspectives of the positive and negative classes for mixed detection binary classification. 122 23 Basis parameters of the performance metrics defined in Table 24. 122 24 Definitions and nomenclature of the performance metrics used to evaluate the proposed classification algorithms. 123 25 Classification results produced by simulations of the HBSOM and NBLN algorithms. 128 viii 26 EPO, TPO, and EDP data for w = (16; 32). 156 27 EPO, TPO, and EDP data for w = (64; 128). 157 28 Dynamic, static, and total power consumption data in units of Watts. 158 ix LIST OF FIGURES 1 The inside-outside topology-dependent firewall perspective. .8 2 A simple network system with a firewall and its filter-set. .9 3 The behavioral overlap of legitimate users and intruders. 12 4 A taxonomy of intrusion response systems [141]. 15 5 The geometric perspective of packet classification. 17 6 Primary functional components of the autonomous distributed firewall archi- tecture. 20 7 The DIADEM firewall architecture. 21 8 The firewall network system for worm defense. 23 9 The cooperative intrusion traceback and response architecture. 24 10 Three-layer analysis within EMERALD. 25 11 A unibit trie for the prefixes from Table 5. 27 12 A multibit trie with stride of two for the prefixes from Table 5. 29 13 Pushing information fields to the leaf nodes in a trie. 32 14 Illustration of the path compression concept. 33 15 Level and path compression techniques of the LC-trie algorithm. 34 16 Creating disjoint ranges from the filter-set of Table 5. 35 17 Assigning the best matching prefixes to the basic intervals from Table 5. 36 18 A two dimensional source/destination prefix trie. 38 19 Block diagram of a content addressable memory and its main functional components. 41 20 Generic trie-to-hardware mapping techniques. 45 21 The FCF functional components. 56 22 The DFAR firewall-based blacklist enforcement model. 59 23 A trusted domain of administration. 60 24
Load more

Recommended publications
  • 15-122: Principles of Imperative Computation, Fall 2010 Assignment 6: Trees and Secret Codes
    15-122: Principles of Imperative Computation, Fall 2010 Assignment 6: Trees and Secret Codes Karl Naden (kbn@cs) Out: Tuesday, March 22, 2010 Due (Written): Tuesday, March 29, 2011 (before lecture) Due (Programming): Tuesday, March 29, 2011 (11:59 pm) 1 Written: (25 points) The written portion of this week’s homework will give you some practice reasoning about variants of binary search trees. You can either type up your solutions or write them neatly by hand, and you should submit your work in class on the due date just before lecture begins. Please remember to staple your written homework before submission. 1.1 Heaps and BSTs Exercise 1 (3 pts). Draw a tree that matches each of the following descriptions. a) Draw a heap that is not a BST. b) Draw a BST that is not a heap. c) Draw a non-empty BST that is also a heap. 1.2 Binary Search Trees Refer to the binary search tree code posted on the course website for Lecture 17 if you need to remind yourself how BSTs work. Exercise 2 (4 pts). The height of a binary search tree (or any binary tree for that matter) is the number of levels it has. (An empty binary tree has height 0.) (a) Write a function bst height that returns the height of a binary search tree. You will need a wrapper function with the following specification: 1 int bst_height(bst B); This function should not be recursive, but it will require a helper function that will be recursive. See the BST code for examples of wrapper functions and recursive helper functions.
    [Show full text]
  • Algorithms Documentation Release 1.0.0
    algorithms Documentation Release 1.0.0 Nic Young April 14, 2018 Contents 1 Usage 3 2 Features 5 3 Installation: 7 4 Tests: 9 5 Contributing: 11 6 Table of Contents: 13 6.1 Algorithms................................................ 13 Python Module Index 31 i ii algorithms Documentation, Release 1.0.0 Algorithms is a library of algorithms and data structures implemented in Python. The main purpose of this library is to be an educational tool. You probably shouldn’t use these in production, instead, opting for the optimized versions of these algorithms that can be found else where. You should totally check out the docs for implementation details, complexities and further info. Contents 1 algorithms Documentation, Release 1.0.0 2 Contents CHAPTER 1 Usage If you want to use the algorithms in your code it is as simple as: from algorithms.sorting import bubble_sort my_list= bubble_sort.sort(my_list) 3 algorithms Documentation, Release 1.0.0 4 Chapter 1. Usage CHAPTER 2 Features • Pseudo code, algorithm complexities and futher info with each algorithm. • Test coverage for each algorithm and data structure. • Super sweet documentation. 5 algorithms Documentation, Release 1.0.0 6 Chapter 2. Features CHAPTER 3 Installation: Installation is as easy as: $ pip install algorithms 7 algorithms Documentation, Release 1.0.0 8 Chapter 3. Installation: CHAPTER 4 Tests: Pytest is used as the main test runner and all Unit Tests can be run with: $ ./run_tests.py 9 algorithms Documentation, Release 1.0.0 10 Chapter 4. Tests: CHAPTER 5 Contributing: Contributions are always welcome. Check out the contributing guidelines to get started.
    [Show full text]
  • Detecting Self-Conflicts for Business Action Rules
    2011 International Conference on Computer Science and Network Technology Detecting Self-Conflicts for Business Action Rules LUO Qian1, 2, TANG Chang-jie1+, LI Chuan1, YU Er-gai2 (1. Department of Computer Science, Sichuan University, Chengdu 610065, China; 2. The Second Research Institute of China Aviation Administration Centre, Chengdu 610041China) + Corresponding author: Changjie Tang Phone: +86-28-8546-6105, E-mail: [email protected] Rule4 FM D A CraftSite 4 Abstract—Essential discrepancies in business operation datasets Rule5 3U D Chengdu Y A CraftSite 5 may cause failures in operational decisions. For example, an Rule6 CA I A CraftSite 6 antecedent X may accidentally lead to different action results, which obviously violates the atomicity of business action rules and … … … … … … … will possibly cause operational failures. These inconsistencies Rule119 I B CraftSite 105 within business rules are called self-conflicts. In order to handle the problem, this paper proposes a fast rules conflict detection Rule120 M B CraftSite 229 algorithm called Multiple Slot Parallel Detection (MSPD). The algorithm manages to turn the seeking of complex conflict rules into the discovery of non-conflict rules which can be accomplished The “Rule1” says that “IF (Type = International and in linear time complexity. The contributions include: (1) formally Transition = San Francisco) THEN (Landing field = proposing the Self-Conflict problem of business action rules, (2) CraftSite1). The rule is made by operator “A", which stands for proving the Theorem of Rules Non-conflict, (3) proposing the MSPD algorithm which is based on Huffman- Tree, (4) a business operator, only investigated when a certain rule is to conducting extensive experiments on various datasets from Civil be discussed as a problem.
    [Show full text]
  • A Directory Index for Ext2
    A Directory Index for Ext2 Daniel Phillips Abstract has lacked to date. Without some form of directory indexing, there is a practical limit The native filesystem of Linux, Ext2, inherits of a few thousand files per directory before its basic structure from Unix systems that were quadratic performance characteristics become in widespread use at the time Linus Torvalds visible. To date, an applications such as a mail founded the Linux project more than ten years transfer agent that needs to manipulate large ago. Although Ext2 has been improved and numbers of files has had to resort to some strat- extended in many ways over the years, it still egy such as structuring the set of files as a shares an undesireable characteristic with those directory tree, where each directory contains early Unix filesystems: each directory opera- no more files than Ext2 can handle efficiently. tion (create, open or delete) requires a linear Needless to say, this is clumsy and inefficient. search of an entire directory file. This results in The design of a directory indexing scheme to a quadratically increasing cost of operating on be retrofitted onto a filesystem in widespread all the files of a directory, as the number of files production use presents some interesting and in the directory increases. The HTree direc- unique problems. First among these is the need tory indexing extension was designed and im- to maintain backward compatibility with exist- plemented by the author to address this issue, ing filesystems. If users are forced to recon- and has been shown in practice to perform very struct their partitions then much of the con- well.
    [Show full text]
  • Affinity Hybrid Tree
    Affinity Hybrid Tree: An Indexing Technique for Content-Based Image Retrieval in Multimedia Databases Kasturi Chatterjee and Shu-Ching Chen Florida International University Distributed Multimedia Information System Laboratory School of Computing and Information Sciences Miami, FL 33199, USA kchat001, chens @cs.fiu.edu Abstract supporting popular access mechanisms like CBIR arises. The main challenge of implementing such an index struc- A novel indexing and access method, called Affinity Hy- ture is to make it capable of handling high-level image rela- brid Tree (AH-Tree), is proposed to organize large image tionships easily and efficiently during access. The existing data sets efficiently and to support popular image access multidimensional index structures support CBIR by trans- mechanisms like Content-Based Image Retrieval (CBIR) by lating the content-similarity measurement into feature-level embedding the high-level semantic image-relationship in equivalence, which is a very difficult job and can result in the access mechanism as it is. AH-Tree combines Space- erroneous interpretation of user’s perception of similarity. Based and Distance-Based indexing techniques to form a There are several multidimensional indexing techniques hybrid structure which is efficient in terms of computational for capturing the low-level features like feature based or dis- overhead and fairly accurate in producing query results tance based techniques, each of which can be further classi- close to human perception. Algorithms for similarity (range fied as a data-partitioned [1][5][8][19] or space-partitioned and k-nearest neighbor) queries are implemented. Results [10][13] based algorithm. Feature based indexing tech- from elaborate experiments are reported which depict a low niques project an image as a feature vector in a feature space computational overhead in terms of the number of I/O and and index the space.
    [Show full text]
  • Kernel Methods for Tree Structured Data
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by AMS Tesi di Dottorato Dottorato di Ricerca in Informatica Universit`adi Bologna, Padova Ciclo XXI Settore scientifico disciplinare: INF/01 Kernel Methods for Tree Structured Data Giovanni Da San Martino Coordinatore Dottorato: Relatore: Prof. S. Martini Prof. A. Sperduti Esame finale anno 2009 Abstract Machine learning comprises a series of techniques for automatic extraction of mean- ingful information from large collections of noisy data. In many real world applica- tions, data is naturally represented in structured form. Since traditional methods in machine learning deal with vectorial information, they require an a priori form of preprocessing. Among all the learning techniques for dealing with structured data, kernel methods are recognized to have a strong theoretical background and to be effective approaches. They do not require an explicit vectorial representation of the data in terms of features, but rely on a measure of similarity between any pair of objects of a domain, the kernel function. Designing fast and good kernel functions is a challenging problem. In the case of tree structured data two issues become relevant: kernel for trees should not be sparse and should be fast to compute. The sparsity problem arises when, given a dataset and a kernel function, most structures of the dataset are completely dissimilar to one another. In those cases the classifier has too few information for making correct predictions on unseen data. In fact, it tends to produce a discriminating function behaving as the nearest neighbour rule. Sparsity is likely to arise for some standard tree kernel functions, such as the subtree and subset tree kernel, when they are applied to datasets with node labels belonging to a large domain.
    [Show full text]
  • Effective Spatial Data Partitioning for Scalable Query Processing
    Effective Spatial Data Partitioning for Scalable Query Processing Ablimit Aji Hoang Vo Fusheng Wang HP Labs Emory University Stony Brook University Palo Alto, California, USA Atlanta, Georgia, USA Stony Brook,New York, USA [email protected] [email protected] [email protected] ABSTRACT amounts of spatial data in a way that was never before pos- Recently, MapReduce based spatial query systems have emerged sible. The volume and velocity of data only increase signifi- as a cost effective and scalable solution to large scale spa- cantly as we shift towards the Internet of Things paradigm tial data processing and analytics. MapReduce based sys- in which devices have spatial awareness and produce data tems achieve massive scalability by partitioning the data and while interacting with each other. As science and businesses running query tasks on those partitions in parallel. There- are becoming increasingly data-driven, timely analysis and fore, effective data partitioning is critical for task paral- management of such data is of utmost importance to data lelization, load balancing, and directly affects system perfor- owners. A wide spectrum of applications and scientific disci- mance. However, several pitfalls of spatial data partitioning plines such as GIS, Location Based Social Networks (LBSN), make this task particularly challenging. First, data skew neuroscience [4], medical imaging [38] and astronomy [27], is very common in spatial applications. To achieve best can benefit from an efficient spatial query system to cope query performance, data skew need to be reduced to the with the challenges of Spatial Big Data. minimum. Second, spatial partitioning approaches generate To effectively store, manage and process such large amounts boundary objects that cross multiple partitions, and add of spatial data, a scalable distributed data management sys- extra query processing overhead.
    [Show full text]
  • 15-122: Principles of Imperative Computation, Fall 2010 Assignment 6: Trees and Secret Codes
    15-122: Principles of Imperative Computation, Fall 2010 Assignment 6: Trees and Secret Codes Karl Naden (kbn@cs) Out: Tuesday, March 22, 2010 Due (Written): Tuesday, March 29, 2011 (before lecture) Due (Programming): Tuesday, March 29, 2011 (11:59 pm) 1 Written: (25 points) The written portion of this week’s homework will give you some practice reasoning about variants of binary search trees. You can either type up your solutions or write them neatly by hand, and you should submit your work in class on the due date just before lecture begins. Please remember to staple your written homework before submission. 1.1 Heaps and BSTs Exercise 1 (3 pts). Draw a tree that matches each of the following descriptions. a) Draw a heap that is not a BST. b) Draw a BST that is not a heap. c) Draw a non-empty BST that is also a heap. 1.2 Binary Search Trees Refer to the binary search tree code posted on the course website for Lecture 17 if you need to remind yourself how BSTs work. Exercise 2 (4 pts). The height of a binary search tree (or any binary tree for that matter) is the number of levels it has. (An empty binary tree has height 0.) (a) Write a function bst height that returns the height of a binary search tree. You will need a wrapper function with the following specification: 1 int bst_height(bst B); This function should not be recursive, but it will require a helper function that will be recursive. See the BST code for examples of wrapper functions and recursive helper functions.
    [Show full text]
  • Huffman Trees
    Data compression Huffman Trees Compression reduces the size of a file: ・To save space when storing it. Greedy Algorithm for Data Compression ・To save time when transmitting it. ・Most files have lots of redundancy. Tyler Moore Who needs compression? ・Moore's law: # transistors on a chip doubles every 18–24 months. CS 2123, The University of Tulsa ・Parkinson's law: data expands to fill space available. ・Text, images, sound, video, … “ Everyday, we create 2.5 quintillion bytes of data—so much that Some slides created by or adapted from Dr. Kevin Wayne. For more information see 90% of the data in the world today has been created in the last https://www.cs.princeton.edu/courses/archive/fall12/cos226/lectures.php two years alone. ” — IBM report on big data (2011) Basic concepts ancient (1950s), best technology recently developed. 3 Applications Lossless compression and expansion Generic file compression. Message. Binary data B we want to compress. ・Files: GZIP, BZIP, 7z. Compress. Generates a "compressed" representation C (B). Archivers: PKZIP. Expand. Reconstructs original bitstream B. ・ uses fewer bits (you hope) ・File systems: NTFS, HFS+, ZFS. Multimedia. Compress Expand bitstream B compressed version C(B) original bitstream B ・Images: GIF, JPEG. 0110110101... 1101011111... 0110110101... ・Sound: MP3. ・Video: MPEG, DivX™, HDTV. Basic model for data compression Communication. ・ITU-T T4 Group 3 Fax. ・V.42bis modem. Compression ratio. Bits in C (B) / bits in B. ・Skype. Ex. 50–75% or better compression ratio for natural language. Databases. Google, Facebook, .... 4 5 Rdenudcany in Enlgsih lnagugae Variable-length codes Q. How mcuh rdenudcany is in the Enlgsih lnagugae? Use different number of bits to encode different chars.
    [Show full text]
  • Addition of Ext4 Extent and Ext3 Htree DIR Read-Only Support in Netbsd
    Addition of Ext4 Extent and Ext3 HTree DIR Read-Only Support in NetBSD Hrishikesh Christos Zoulas ​ ​ ​ <[email protected]> <[email protected]> ​ ​ ​ accessing a data block involves lots of indirection. Abstract Ext4 Extent provides a more efficient way of This paper discusses the project indexing file data blocks which especially reduces ‘Implementation of Ext4 and Ext3 Read Support for access time of large files by allocating contiguous NetBSD kernel’ done as a part of Google Summer of disk blocks for the file data. Code 2016. The objective of this project was to add The directory operations (create, open or the support of Ext3 and Ext4 filesystem features viz., delete) in Ext2fs requires a linear search of an entire Ext4 Extents and Ext3 HTree DIR in read only mode directory file. This results in a quadratically by extending the code of existing Ext2fs increasing cost of operating on all the files of a implementation in NetBSD kernel,. directory, as the number of files in the directory increases. The HTree directory indexing extension 1 Introduction added in Ext3fs, addresses this issue and reduces the respective operating cost to nlog(n). The fourth extended file systems or Ext4 as it is This project added these two features in the commonly known, is the default filesystem of many NetBSD kernel. The project was started with the Linux distributions. Ext4 is the enhancement of Ext3 implementation of Ext4 Extent in read-only mode and Ext2 filesystems which brought improved and then the next feature Ext3 Htree DIR read efficiency and more reliability. In many ways, Ext4 is support was implemented.
    [Show full text]
  • TABLEFS: Enhancing Metadata Efficiency in the Local File System
    TABLEFS: Enhancing Metadata Efficiency in the Local File System Kai Ren, Garth Gibson Carnegie Mellon University kair, garth @cs.cmu.edu { } Abstract phasize simple (NoSQL) interfaces and large in-memory caches [2, 24, 33]. File systems that manage magnetic disks have long rec- Some of these key-value stores feature high rates ognized the importance of sequential allocation and large of change and efficient out-of-memory Log-structured transfer sizes for file data. Fast random access has dom- Merge (LSM) tree structures [8, 23, 32]. An LSM tree inated metadata lookup data structures with increasing can provide fast random updates, inserts and deletes use of B-trees on-disk. Yet our experiments with work- without scarificing lookup performance [5]. We be- loads dominated by metadata and small file access in- lieve that file systems should adopt LSM tree techniques dicate that even sophisticated local disk file systems like used by modern key-value stores to represent metadata Ext4, XFS and Btrfs leave a lot of opportunity for perfor- and tiny files, because LSM trees aggressively aggregate mance improvement in workloads dominated by meta- metadata. Moreover, today’s key-value store implemen- data and small files. tations are “thin” enough to provide the performance lev- In this paper we present a stacked file system, els required by file systems. TABLEFS, which uses another local file system as an ob- In this paper we present experiments in the most ma- ject store. TABLEFS organizes all metadata into a sin- ture and restrictive of environments: a local file sys- gle sparse table backed on disk using a Log-Structured tem managing one magnetic hard disk.
    [Show full text]
  • Algebras for Tree Algorithms
    t r l o L 0' :.;:. ."'\ If) OJ O. _\ II L U •• 0 o U fj n .- - CL _ :03:'" 0 0" :J 'E ,l;! d Algebras for Tree Algorithms ] eremy Gibbons Linacre College, Oxford A thesis submitted in p"rtia] fulfilment of the requirements for the degree of Doctor of Philosophy "t the University of Oxford September 1991 '\cchnical Monogr<lph PRG-94 ISBN 0-902928,72-4 Programming Research Group Oxford University Computing Laboratory 11 Keblc Road Oxford OX I 3QD England Copyright © 199\ Jeremy Gibbons Author's current address: Department of CompLller Science Univcrsily ofAuckland Privale Bag 92019 Auckland New Zealand Electronic mail: [email protected] 'I\1irJnda' is a trademark of Research Software Ltd. Abstract This thesis presents an investigation into the properties ofvarious alge- bras of trees. In particular, we study the influence that the structure of a tree algebr<l has on the solution ofalgorithmic problems about trees in that algebra. The investigation 1S conducted within the framework pro- vided by the nird-Mccrtcns formalism, a calculus for the construction ofprogT<lms by equation.al reasoning from their specifications. \Vc present three difTcrcnt tree algebras: two kinds ofbinary tree ami a kind of general tree. One of the binary tree algebras, called 'hip trees', is nc'-\'. Instead ofbeing: built with a single ternary operator, hip trees are built with two bjnary operators which respectively add left and right children to trees which do not already have them; these operators enjoy a kind of associativity property. Each of these algebras brings with it with a class of 'structure- respecting' [unctions called catamorphisms; the definition ofa catamor- phism and a number ofits properties come for free from the definition of the algcl)l'a, bcca usc the algebra is chosen to be initial in a class of algebras induced by a (cocontilluous) functor.
    [Show full text]