Title :
An Attack-Resilent Sampling Mechanism for Integrated IP Flow Monitors
Author :
McGlone, John ; Marshall, Alan ; Woods, Roger
Author_Institution :
Inst. of Electron., Commun. & Inf. Technol., Queens Univ. Belfast, Belfast, UK
Abstract :
This paper introduces an adaptive packet sampling mechanism for IP flow monitors that are incorporated into network elements. Such monitors have limited resources that can be rapidly exhausted by network attacks such as distributed denial-of-service (DDoS) and port scanning. The mechanism provides resilience against these types of network attacks by adapting its packet sampling rate according to the available resources in the monitor, and on the flow statistics. Results are presented that show how the sampling mechanism is able to constrain the number of flow entries to available memory resources and how it meets a key criterion of IP flow monitoring systems under duress, whereby the monitoring performance degrades gracefully during attack periods.
Keywords :
IP networks; sampling methods; telecommunication network routing; telecommunication security; IP flow monitoring system; adaptive packet sampling mechanism; attack-resilent sampling mechanism; distributed denial-of-service; flow statistics; port scanning; Bandwidth; Communication system traffic control; Conferences; Distributed computing; Field programmable gate arrays; Monitoring; Sampling methods; Statistics; Telecommunication traffic; Video on demand; DoS; IP flow monitoring; adaptive packet sampling;
Conference_Titel :
Distributed Computing Systems Workshops, 2009. ICDCS Workshops '09. 29th IEEE International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-0-7695-3660-6
Electronic_ISBN :
1545-0678
DOI :
10.1109/ICDCSW.2009.28
