Abstract | ||
---|---|---|
In the context of a collaborating surveillance system for active TCP sessions handled by a networking device, we consider two problems. The first is the problem of protecting a flow table from overflow and the second is developing an efficient algorithm for estimating the number of active flows coupled with the identification of "heavy-hitter" TCP sessions. Our proposed techniques are sensitive to limited hardware and software resources allocated for this purpose in the linecards in addition to the very high data rates that modern line cards handle; specifically we are interested in cooperatively maintaining a per-flow state with a low cost, which has resiliency on dynamic traffic mix. We investigate a traditional timeout processing mechanism to manage the flow table for per-flow monitoring, called Timeout-Based Purging (TBP), our proposed Clock-like Flow Replacement (CFR) algorithms using a replacement policy, called "clock", and a hybrid approach combining these two. Experiments with Internet traces show that our CFR schemes can significantly reduce both false positive and false negative rates regardless of whether the flow table is fully occupied or sufficiently empty, even under SYN flooding. Our hybrid scheme estimates the number of active flows accurately, and confines the heavy-hitters without storing packet counters. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/ICDCS.2009.53 | ICDCS |
Keywords | Field | DocType |
cfr scheme,flow table,resilient flow monitoring,session purging,clock-like flow replacement schemes,per-flow monitoring,hybrid scheme,active tcp sessions,active tcp session,networking device,quality of service,tcp session,hybrid approach,timeout processing mechanism,false negative rate,timeout-based purging,per-flow state,transport protocols,dynamic traffic mix,surveillance system,telecommunication security,telecommunication traffic,telecommunication network routing,flow table management,active flow,resource allocation,data mining,probability density function,internet,resource management,estimation,software maintenance,collaboration,hardware,radiation detectors,false positive | Traffic mix,Line card,Computer science,Network packet,Computer network,Quality of service,Timeout,Software,SYN flood,Distributed computing,The Internet | Conference |
ISSN | ISBN | Citations |
1063-6927 E-ISBN : 978-0-7695-3659-0 | 978-0-7695-3659-0 | 0 |
PageRank | References | Authors |
0.34 | 22 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Gunwoo Nam | 1 | 83 | 5.61 |
Pushkar Patankar | 2 | 13 | 1.71 |
Seung-Hwan Lim | 3 | 207 | 14.37 |
Bikash Sharma | 4 | 235 | 13.86 |
George Kesidis | 5 | 356 | 44.92 |
Chita R. Das | 6 | 1467 | 80.03 |