An Attack-Resilent Sampling Mechanism for Integrated IP Flow Monitors

Author

McGlone, John ; Marshall, Alan ; Woods, Roger

Author_Institution

Inst. of Electron., Commun. & Inf. Technol., Queens Univ. Belfast, Belfast, UK

fYear

2009

fDate

22-26 June 2009

Firstpage

233

Lastpage

238

Abstract

This paper introduces an adaptive packet sampling mechanism for IP flow monitors that are incorporated into network elements. Such monitors have limited resources that can be rapidly exhausted by network attacks such as distributed denial-of-service (DDoS) and port scanning. The mechanism provides resilience against these types of network attacks by adapting its packet sampling rate according to the available resources in the monitor, and on the flow statistics. Results are presented that show how the sampling mechanism is able to constrain the number of flow entries to available memory resources and how it meets a key criterion of IP flow monitoring systems under duress, whereby the monitoring performance degrades gracefully during attack periods.

Keywords

IP networks; sampling methods; telecommunication network routing; telecommunication security; IP flow monitoring system; adaptive packet sampling mechanism; attack-resilent sampling mechanism; distributed denial-of-service; flow statistics; port scanning; Bandwidth; Communication system traffic control; Conferences; Distributed computing; Field programmable gate arrays; Monitoring; Sampling methods; Statistics; Telecommunication traffic; Video on demand; DoS; IP flow monitoring; adaptive packet sampling;

fLanguage

English

Publisher

ieee

Conference_Titel

Distributed Computing Systems Workshops, 2009. ICDCS Workshops '09. 29th IEEE International Conference on

Conference_Location

Montreal, QC

ISSN

1545-0678

Print_ISBN

978-0-7695-3660-6

Electronic_ISBN

1545-0678

Type

conf

DOI

10.1109/ICDCSW.2009.28

Filename

5158859