What is UPFRAME?

We published a paper on UPFrame at IEEE IWCIP 2005, see "A Framework for Real-Time Worm Attack Detection and Backbone Monitoring" on the DDoSVax publication page.

UPFRAME is an application framework that is able to:

• Receive and process incoming UDP packets at fast rates
• Buffer several megabytes of incoming data to smoothen out data bursts
• Feed the received packets to plugins that independently process the data in the packets

Features

• The framework was designed to be fast, stable and resource efficient.
• There are mechanisms that ensure the proper operation of the framework even in case of a malfunctioning plugin.
• The current operational state of the framework like buffer allocation, number of incoming packets etc. can be observed using a web interface.

System Requirements

• The framework runs on Linux (x86 and amd64) and FreeBSD (x86).
• On Linux the package was tested using Gentoo Linux from April 1st, 2004 as well as Debian Linux Sarge. It works on 2.4 as well as on 2.6 kernels.
• On FreeBSD the package was compiled using FreeBSD 5.2.1-RELEASE. The following changes have to be made in the kernel config file:

  options         SYSVSHM                 #SYSV-style shared memory
  options         SHMALL=131072
  options         SHMMAX=(SHMMAXPGS*PAGE_SIZE+1)
  options         SHMMAXPGS=131072
  options         SHMMNI=131072
  options         SHMSEG=64
  			

  This configures approx. 512 MB of Shared Memory.
• The package requires: gcc (version 3.3 or newer), glibc (version 2.3 or newer). gnumake (version 3.8 or newer). Compilation is likely to fail if your system does not meet these requirements. Note: The Makefile does not work with the tool make provided by FreeBSD, you must use gnumake.
• The statistics web frontend was tested with php 4.3.4, RRDTool 1.0.45, the RRDTool-php4 bindings and Perl 5.8.3.

Licensing, Documentation and Contact