Load-based dynamic flow scheduling in network security monitoring systems

Flow-based inspection is playing an important role in network security monitoring systems such as intrusion detection, attacks detection and so on. Traditional flow scheduling strategies are usually based on calculated hash values of input flows which is fixed for a long time. As the bandwidth grows dramatically these years, it is observed that servers handling flow inspections may be crashed due to large flow rates. However, fixed flow scheduling may still assign flows to the busy or crashed server causing those flows unprocessed. Thus it is important to choose proper scheduling strategy to fully exploit the server groups. In this article, a dynamic flow scheduling technique is proposed, where the flows are scheduled in reciprocal proportion to the load of targeted servers, i.e. CPU utility, memory usage, etc‥ A demonstration system is built and the results show that the proposed scheduling technique effectively reduced the packet drop rate of servers by 15%.

[1]  Steven H. Low,et al.  Optimization flow control—I: basic algorithm and convergence , 1999, TNET.

[2]  A. Saboor,et al.  Analyses of flow based techniques to detect Distributed Denial of Service attacks , 2015, 2015 12th International Bhurban Conference on Applied Sciences and Technology (IBCAST).

[3]  S Jeya,et al.  Network Security Using Flow Based Intrusion Detection System , 2007 .

[4]  Vallipuram Muthukkumarasamy,et al.  Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops.

[5]  Fabienne Anhalt,et al.  Size-based flow scheduling in a CICQ switch , 2010, 2010 International Conference on High Performance Switching and Routing.

[6]  Michael Mitzenmacher,et al.  How Useful Is Old Information? , 2000, IEEE Trans. Parallel Distributed Syst..

[7]  Falko Dressler,et al.  Hash tables for efficient flow monitoring: vulnerabilities and countermeasures , 2009, 2009 IEEE 34th Conference on Local Computer Networks.

[8]  Li Guo,et al.  LASF: A Flow Scheduling Policy in Stateful Packet Inspection Systems , 2007, 2007 12th IEEE Symposium on Computers and Communications.

[9]  Eytan Modiano,et al.  Receiver-based flow control for networks in overload , 2013, 2013 Proceedings IEEE INFOCOM.

[10]  Violet R. Syrotiuk,et al.  OpenFlow versus Commercial Load Balancers in a Campus Network , 2015, 2015 IEEE 82nd Vehicular Technology Conference (VTC2015-Fall).

[11]  Odej Kao,et al.  Multiple service load-balancing with OpenFlow , 2012, 2012 IEEE 13th International Conference on High Performance Switching and Routing.