Network attack detection at flow level
NEW2AN'11/ruSMART'11 Proceedings of the 11th international conference and 4th international conference on Smart spaces and next generation wired/wireless networking
Active flows in diagnostic of troubleshooting on backbone links
Journal of High Speed Networks
Hi-index | 0.00 |
Abstract— This paper introduces an adaptive packet sampling mechanism for IP flow monitors that are incorporated into network elements. Such monitors have limited resources that can be rapidly exhausted by network attacks such as distributed denial-of-service (DDoS) and port scanning. The mechanism provides resilience against these types of network attacks by adapting its packet sampling rate according to the available resources in the monitor, and on the flow statistics. Results are presented that show how the sampling mechanism is able to constrain the number of flow entries to available memory resources and how it meets a key criterion of IP flow monitoring systems under duress, whereby the monitoring performance degrades gracefully during attack periods.