Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
Present network monitoring systems need to cope with the ever-increasing amount of traffic in modern high-speed networks. These systems often perform sophisticated deep packet inspection (DPI) for anomaly detection, denial-of-service attacks detection and mitigation, intrusion detection and prevention, etc. Since DPI is resource-intensive, the monitoring devices are often not able to analyze all incoming traffic at link speeds. Consequently, sampling is employed to reduce the traffic volume and thus limit packet losses caused by resource exhaustion. Classical sampling methods select packets based on a fixed limiting parameter, regardless of the computational resource utilization of the monitoring device. This paper proposes a novel sampling approach for network traffic security monitoring that is based on an analytical model of the monitoring device. The model allows for testing adaptive sampling strategies that adjust the instantaneous sampling rate according to the input queue occupancy. The queue occupancy is used to drive the adaptation as it indicates the current relationship between available computational resources and the input traffic volume. Consequently, our approach maximizes the DPI ratio while simultaneously ensuring that the probability of packet loss due to resource exhaustion remains negligible. Analytical and simulation results are presented to demonstrate the impact of the proposed method on system parameters, along with a comparative studies.
Słowa kluczowe
Rocznik
Tom
Strony
943--951
Opis fizyczny
Bibliogr., 13 poz., rys., tab.
Twórcy
autor
- Warsaw University of Technology and National Institute of Telecommunications
autor
- Warsaw University of Technology and National Institute of Telecommunications
Bibliografia
- [1] N. Duffield, “Sampling for Passive Internet Measurement: A Review,” Statististical Science vol. 19, no. 3, pp. 472-498, 2004. https://doi.org/10.1214/088342304000000206
- [2] G. Roudière and P. Owezarski, “Evaluating the Impact of Traffic Sampling on AATAC’s DDoS Detection,” in Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity (WTMC ‘18). Association for Computing Machinery, New York, USA, pp. 27-32, 2018. https://doi.org/10.1145/3229598.3229605
- [3] L. Braun, C. Diekmann, N. Kammenhuber and G. Carle, “Adaptive load-aware sampling for network monitoring on multicore commodity hardware,” 2013 IFIP Networking Conference, New York, USA, pp. 1-9, 2013. https://doi.org/10.48550/arXiv.1604.02322
- [4] C. Estan, K. Keys, D. Moore, and G. Varghese, “Building a better NetFlow,” in Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM '04), Association for Computing Machinery, New York, USA, pp. 245-256, 2004. https://doi.org/10.1145/1015467.1015495
- [5] P. Barlet-Ros, G. Iannaccone, J. Sanjuàs-Cuxart, D. Amores-López, and J. Solé-Pareta, “Load shedding in network monitoring applications,” in Proceedings of the USENIX Annual Technical Conference, ATC’07, Berkeley, USA, pp. 1-14, 2007. https://dl.acm.org/doi/10.5555/1364385.1364390
- [6] J. Drobisz and K. J. Christensen, “Adaptive sampling methods to determine network traffic statistics including the Hurst parameter,” in Proceedings of 23rd Annual Conference on Local Computer Networks. LCN'98, Lowell, USA, pp. 238-247, 1998. https://doi.org/10.1109/LCN.1998.727664
- [7] Z. Jadidi, V. Muthukkumarasamy, E. Sithirasenan and K. Singh, “A probabilistic sampling method for efficient flow-based analysis,” Journal of Communications and Networks, vol. 18, no. 5, pp. 818-825, 2016. https://doi.org/10.1109/JCN.2016.000110
- [8] B. Zeng, D. Zhang, W. Li, M. Zhang and Q. Hong, “An Adaptive Sampling Methodology for Internet Traffic Data Measurement,” 2009 International Conference on Communication Software and Networks, Chengdu, China, pp. 215-218, 2009. https://doi.org/10.1109/ICCSN.2009.135
- [9] Wenhong Ma, J. Yan and Changcheng Huang, “Adaptive sampling methods for network performance metrics measurement and evaluation in MPLS-based IP networks,” in Proceedings of CCECE 2003 - Canadian Conference on Electrical and Computer Engineering, Toward a Caring and Humane Technology, vol. 2, Montreal, Canada, pp. 1005-1008, 2003. https://doi.org/10.1109/CCECE.2003.1226065
- [10] J. Zhang, X. Luo, R. Perdisci, G.i Gu, W. Lee, and N. Feamster, “Boosting the scalability of botnet detection using adaptive traffic sampling”, in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS '11). Association for Computing Machinery, New York, USA, pp. 124-134, 2011. https://doi.org/10.1145/1966913.1966930
- [11] M. Jin, C. Wang, P. Li and Z. Han, “Survey of Load Balancing Method Based on DPDK,” 2018 IEEE 4th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS), pp. 222-224, 2018. https://doi.org/10.1109/BDS/HPSC/IDS18.2018.00054
- [12] N. T. Bailey, “On queueing processes with bulk service,” Journal of the Royal Statistical Society: Series B (Methodological), vol. 16, no. 1, pp. 80-87, 1954. https://doi.org/10.1111/j.2517-6161.1954.tb00149.x
- [13] P. Wiśniewski, M. Sosnowski, W. Burakowski, “On Implementation of Efficient Inline DDoS Detector Based on AATAC Algorithm,” International Journal of Electronics and Telecommunications, vol. 68, no. 4, pp. 889-898, 2022. https://doi.org/10.24425/ijet.2022.143899
Uwagi
Opracowanie rekordu ze środków MNiSW, umowa nr POPUL/SP/0154/2024/02 w ramach programu "Społeczna odpowiedzialność nauki II" - moduł: Popularyzacja nauki (2025).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-1d374ee1-07ea-46d6-9b8a-c0f63cd8201b
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.