Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
SEDA: an architecture for well-conditioned, scalable internet services
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Bitmap algorithms for counting active flows on high speed links
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Flow sampling under hard resource constraints
Proceedings of the joint international conference on Measurement and modeling of computer systems
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
A robust system for accurate real-time summaries of internet traffic
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Ranking flows from sampled traffic
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Community-oriented network measurement infrastructure (CONMI) workshop report
ACM SIGCOMM Computer Communication Review
Declarative Network Monitoring with an Underprovisioned Query Processor
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Load shedding in a data stream manager
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Building robust network monitoring applications is hard given the unpredictable nature of network traffic. Complex analysis on streaming network data usually leads to overload situations when presented with anomalous traffic, extreme traffic mixes or highly variable rates. We present an on-line predictive load shedding scheme for monitoring systems that quickly reacts to overload situations by gracefully degrading the accuracy of analysis methods. The main novelty of our approach is that it does not require any knowledge of the monitoring applications. This way we preserve a high degree of flexibility, increasing the potential uses of these systems. We implemented our scheme in an existing network monitoring system and deployed it in a research ISP network. Our experiments show a 10-fold improvement in the accuracy of the results during long-lived executions with several concurrent monitoring applications. The system efficiently handles extreme load situations, while being always responsive and without undesired packet losses.