Design of a sliding window scheme for detecting high packet-rate flows via random packet sampling

Abstract We discuss the design of a sliding window scheme for detecting high packet-rate flows via random packet sampling. We determine the values of control parameters, such as the sampling rate and window length, to minimize the false positive ratio, while keeping the false negative ratio sufficiently low and making the on-line processing possible. Under mild assumptions, we formulate this problem as a nonlinear program and provide its numerically feasible global optimal solution. We then conduct sampling experiments with public trace data and discuss the fundamental characteristics of the sliding window scheme with random packet sampling.

[1]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.

[2]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1951 .

[3]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[4]  Abhishek Kumar,et al.  Sketch Guided Sampling - Using On-Line Estimates of Flow Size for Adaptive Data Collection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[5]  George Varghese,et al.  New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice , 2003, TOCS.

[6]  Anja Feldmann,et al.  Deriving traffic demands for operational IP networks: methodology and experience , 2001, TNET.

[7]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[8]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[9]  Hui Zang,et al.  Impact of Packet Sampling on Portscan Detection , 2006, IEEE Journal on Selected Areas in Communications.

[10]  Erik D. Demaine,et al.  Frequency Estimation of Internet Packet Streams with Limited Space , 2002, ESA.

[11]  Dawn Xiaodong Song,et al.  New Streaming Algorithms for Fast Detection of Superspreaders , 2005, NDSS.

[12]  Shigeki Goto,et al.  Identifying Heavy-Hitter Flows from Sampled Flow Statistics , 2007, IEICE Trans. Commun..

[13]  Yi Lu,et al.  ElephantTrap: A low cost device for identifying large flows , 2007 .

[14]  Lukasz Golab,et al.  Issues in data stream management , 2003, SGMD.

[15]  Carsten Lund,et al.  Charging from sampled network usage , 2001, IMW '01.

[16]  Michael Stonebraker,et al.  Monitoring Streams - A New Class of Data Management Applications , 2002, VLDB.

[17]  Chadi Barakat,et al.  Ranking flows from sampled traffic , 2005, CoNEXT '05.

[18]  Richard M. Karp,et al.  A simple algorithm for finding frequent elements in streams and bags , 2003, TODS.

[19]  Martin May,et al.  Impact of packet sampling on anomaly detection metrics , 2006, IMC '06.

[20]  David Maier,et al.  No pane, no gain: efficient evaluation of sliding-window aggregates over data streams , 2005, SGMD.

[21]  Jennifer Widom,et al.  Query Processing, Resource Management, and Approximation ina Data Stream Management System , 2002 .

[22]  Edith Cohen,et al.  Processing top-k queries from samples , 2008, Comput. Networks.