DocumentCode
2446389
Title
An Attack-Resilent Sampling Mechanism for Integrated IP Flow Monitors
Author
McGlone, John ; Marshall, Alan ; Woods, Roger
Author_Institution
Inst. of Electron., Commun. & Inf. Technol., Queens Univ. Belfast, Belfast, UK
fYear
2009
fDate
22-26 June 2009
Firstpage
233
Lastpage
238
Abstract
This paper introduces an adaptive packet sampling mechanism for IP flow monitors that are incorporated into network elements. Such monitors have limited resources that can be rapidly exhausted by network attacks such as distributed denial-of-service (DDoS) and port scanning. The mechanism provides resilience against these types of network attacks by adapting its packet sampling rate according to the available resources in the monitor, and on the flow statistics. Results are presented that show how the sampling mechanism is able to constrain the number of flow entries to available memory resources and how it meets a key criterion of IP flow monitoring systems under duress, whereby the monitoring performance degrades gracefully during attack periods.
Keywords
IP networks; sampling methods; telecommunication network routing; telecommunication security; IP flow monitoring system; adaptive packet sampling mechanism; attack-resilent sampling mechanism; distributed denial-of-service; flow statistics; port scanning; Bandwidth; Communication system traffic control; Conferences; Distributed computing; Field programmable gate arrays; Monitoring; Sampling methods; Statistics; Telecommunication traffic; Video on demand; DoS; IP flow monitoring; adaptive packet sampling;
fLanguage
English
Publisher
ieee
Conference_Titel
Distributed Computing Systems Workshops, 2009. ICDCS Workshops '09. 29th IEEE International Conference on
Conference_Location
Montreal, QC
ISSN
1545-0678
Print_ISBN
978-0-7695-3660-6
Electronic_ISBN
1545-0678
Type
conf
DOI
10.1109/ICDCSW.2009.28
Filename
5158859
Link To Document