Skip to content

Optimize profiler #1743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AlyaGomaa wants to merge 153 commits into
base: develop
Choose a base branch
from
Open

Optimize profiler #1743

AlyaGomaa wants to merge 153 commits into from

Conversation

@AlyaGomaa
Copy link
Collaborator

@AlyaGomaa AlyaGomaa commented Nov 28, 2025

Closes #1738

  • use processes instead of threads for true parallelism of profiler workers
  • increase workers as throughput increases by checking the input.py and profiler.py flows/sec imbalance

AlyaGomaa and others added 19 commits November 26, 2025 13:22
@AlyaGomaa
Make the 3 profiler threads 3 Processes for true parallelism
0fb9b3c
@AlyaGomaa
Add a separate class for the profiler workers
0d3c717
@AlyaGomaa
profiler: handle starting the workers
0601da9
@AlyaGomaa
profiler: get handler class only once in the main profiler , instead …
e7744e5 
…of in each worker
@AlyaGomaa
profiler: share the localnet_cache accross all workers
25c74e4
@AlyaGomaa
pass bloom filters to profiler workers
0496b82
@AlyaGomaa
db: add functions to get and set modules' flows processed per second
b50ed62
@AlyaGomaa
store the flows processed per second for the pinput and profiler
b9f4d16
@AlyaGomaa
start with 3 profiler workers and increase them up to 10 on high thro…
3bc55df 
…ughput
@AlyaGomaa
Fix printing the used local network once by each worker
0ff8b8a
@AlyaGomaa
Fix problem finding last flows count when calculating the flows per s…
79e1fe8 
…econd of input and profiler
@harpomaxx
Add dataset generation and LLM evaluation documentation
40da82e 
- Add comprehensive dataset documentation with two workflows:
  - Summarization workflow (event summaries and behavior analysis)
  - Risk analysis workflow (root cause and risk assessment)
- Add detailed workflow implementation guides for both pipelines
- Add LLM evaluation framework and results documentation
- Add DAG parser technical reference documentation
- Organize all documentation under new "Datasets & LLM Training" section in Immune.md
- Fix broken cross-references between documentation files
- Preserve legacy documentation for historical reference
@harpomaxx
Fix documentation structure: move security topics to separate section
30f4827 
- Create 'Security & Network Configuration' section for ARP and traffic routing docs
- These were incorrectly nested under 'Datasets & LLM Training' section
@harpomaxx
Reorder documentation sections: move Security & Network Configuration…
1f6a0f4 
… before Datasets

- Security & Network Configuration section now appears before Datasets & LLM Training
- This provides better logical flow in the documentation navigation
@AlyaGomaa
profiler: fix problem using input_fps as str
dcb8d41
@AlyaGomaa
fix storing profiler workers PID in the db without a name
8c27332
@AlyaGomaa
update profiler unit tests
e1aa9bf
@AlyaGomaa
add profiler_worker unit tests
d734952
@AlyaGomaa
Add profiler worker to CI uni-tests
32a7080
@github-project-automation github-project-automation bot moved this to Todo in Slips Nov 28, 2025
@AlyaGomaa
delete the tracking of SrcIPs and DstIPs times contacted of every pro…
da0a86f 
…file in redis since it's no longer used in slips
@AlyaGomaa
add get_modified_profiles_since to the list of channels, not db const…
a037cf4 
…ants
@AlyaGomaa
merge the calls to add_ips() and add_port() into one func for clarity…
5bd5189 
…, they don't do diff things
@AlyaGomaa
optimize add_ips() by using a redis pipe
42bc43d
@AlyaGomaa
keep track of ips contacted by a specific profile/tw in a separate ha…
0a61fe8 
…shmap to be able to access their dports later by the portscan modules
@AlyaGomaa
add a file with the icmp ports that slips uses for detection to be ab…
0c2aff1 
…le to import it anywhere (in the db and in the modules that may need it)
@AlyaGomaa
db: add a generator to return dstips_with_not_established_flows of a …
28989a3 
…profile and tw
@AlyaGomaa
db: add a func to get_info_about_not_established_flows used by both p…
415de90 
…ortscan detectors
@AlyaGomaa
vertical_ps: get needed info for detections in O(1) using the new red…
a35b146 
…is hmaps
@AlyaGomaa
change th eformat of msgs in tw_modified channel to avoid _ or : sepa…
799f950 
…rator of profiles and tws
@AlyaGomaa
profiler: check for stop msgs as early as possible
68e7245
@AlyaGomaa
add a common func in slips_utils to validate ips used in portscan det…
8868874 
…ections to use it by the db and the modules
@AlyaGomaa
db: change the keys needed for horizontal portscand etections to be a…
b449e64 
…ble to retreive the needed info in O(1)
@AlyaGomaa
db: update the horizontal portscan keys to access the needed info in …
1322cd9 
…o(1)
@AlyaGomaa
horizontal_portscan: use the new db keys
35e33e0
@AlyaGomaa
network_discovery: del unused logic
f4a54ab
@AlyaGomaa
Make all profiler workers an IModule for easier use of redis channels
a0d645a
@AlyaGomaa
When an input processor parses a zeek #field line, it publishes in a …
0f4f2d4 
…redis channel (new_zeek_fields_line) the recognized indices so other profiler workers know about it
@AlyaGomaa
When a profiler worker is added due to high throuput, make it get its…
ee0e0ba 
…' line processors from the db instead of the channel because msgs published in that channel won't be accessible by the new worker
@AlyaGomaa
fix problem stopping the aid manager
6bec796
@AlyaGomaa
rename flow_attributes_db.py to scan_detections_db.py
17f31c1
@AlyaGomaa
test10/conn.log: add horizontal portscan flows for testing
52344c5
@AlyaGomaa
store horizontal portscan detections in a zset to be able to get the …
6be0e45 
…attack starttime when setting an evidence
@AlyaGomaa
Fix latency logging json alerts to alerts.json
b5520c4
@AlyaGomaa
Add an extra zset for storing icmp scan attacks starttime
29a17b8
@AlyaGomaa
db: add a key to track the starttime of icmp scans
e26ef98
@AlyaGomaa
get the needed info for icmp scan detections in O(1)
30403ea
@AlyaGomaa
move convert_str_to_state and is_info_needed_by_the_icmp_scan_detecto…
ab88253 
…r_module to slips_utils to be used by all modules
@AlyaGomaa
test10/ add an icmp scan to 1 host for testing
2ccd7fe
@AlyaGomaa
update unit test files
5877cd6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Slips
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AlyaGomaa @harpomaxx