SIGCOMM '92 Conference proceedings on Communications architectures & protocols
Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
SIGCOMM '95 Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
A measurement-based admission control algorithm for integrated service packet networks
IEEE/ACM Transactions on Networking (TON)
A framework for robust measurement-based admission control
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
ACM Transactions on Computer Systems (TOCS)
Measurement-based admission control with aggregate traffic envelopes
IEEE/ACM Transactions on Networking (TON)
Deriving traffic demands for operational IP networks: methodology and experience
IEEE/ACM Transactions on Networking (TON)
New directions in traffic measurement and accounting
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Service Overlay Networks: SLAs, QoS and Bandwidth Provisioning
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Comparison of Measurement-based Admission Control Algorithms for Controlled-Load Service
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Pushback for overlay networks: protecting against malicious insiders
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Hi-index | 0.00 |
This paper proposes a detection mechanism called DCAP for a network provider to monitor incoming traffic and identify misbehaving flows without having to keep per-flow accounting at any of its routers. Misbehaving flows refer to flows that exceed their stipulated bandwidth limit. Through collaborative aggregate policing at both ingress and egress nodes, DCAP is able to quickly narrow the search to a candidate group that contains the misbehaving flows, and eventually identify the individual culprits. In comparison to per-flow policing, the amount of state maintained at an edge router is reduced from O(n) to O(√n), where n is the number of admitted flows. Simulation results show that DCAP can successfully detect a majority (64--83%) of the misbehaving flows with almost zero false alarms. Packet losses suffered by innocent flows due to undetected misbehaving activity are insignificant (0.02--0.9%). We also successfully build a prototype that demonstrates how DCAP can be deployed with minimal processing overhead in a soft-QoS architecture.