DCAP: detecting misbehaving flows via collaborative aggregate policing

Authors:
Chen-Nee Chuah;Lakshminarayanan Subramanian;Randy H. Katz
Affiliations:
University of California, Davis, CA;University of California, Berkeley, CA;University of California, Berkeley, CA
Venue:
ACM SIGCOMM Computer Communication Review
Year:
2003

Citing 14
Cited 1

Supporting real-time applications in an Integrated Services Packet Network: architecture and mechanism

SIGCOMM '92 Conference proceedings on Communications architectures & protocols
Detection of abrupt changes: theory and application

Detection of abrupt changes: theory and application
A generalized processor sharing approach to flow control in integrated services networks: the single-node case

IEEE/ACM Transactions on Networking (TON)
A generalized processor sharing approach to flow control in integrated services networks: the multiple node case

IEEE/ACM Transactions on Networking (TON)
Self-similarity through high-variability: statistical analysis of ethernet LAN traffic at the source level

SIGCOMM '95 Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
A measurement-based admission control algorithm for integrated service packet networks

IEEE/ACM Transactions on Networking (TON)
A framework for robust measurement-based admission control

SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Core-stateless fair queueing: achieving approximately fair bandwidth allocations in high speed networks

Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
The click modular router

ACM Transactions on Computer Systems (TOCS)
Measurement-based admission control with aggregate traffic envelopes

IEEE/ACM Transactions on Networking (TON)
Deriving traffic demands for operational IP networks: methodology and experience

IEEE/ACM Transactions on Networking (TON)
New directions in traffic measurement and accounting

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Service Overlay Networks: SLAs, QoS and Bandwidth Provisioning

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Comparison of Measurement-based Admission Control Algorithms for Controlled-Load Service

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution

Pushback for overlay networks: protecting against malicious insiders

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a detection mechanism called DCAP for a network provider to monitor incoming traffic and identify misbehaving flows without having to keep per-flow accounting at any of its routers. Misbehaving flows refer to flows that exceed their stipulated bandwidth limit. Through collaborative aggregate policing at both ingress and egress nodes, DCAP is able to quickly narrow the search to a candidate group that contains the misbehaving flows, and eventually identify the individual culprits. In comparison to per-flow policing, the amount of state maintained at an edge router is reduced from O(n) to O(√n), where n is the number of admitted flows. Simulation results show that DCAP can successfully detect a majority (64--83%) of the misbehaving flows with almost zero false alarms. Packet losses suffered by innocent flows due to undetected misbehaving activity are insignificant (0.02--0.9%). We also successfully build a prototype that demonstrates how DCAP can be deployed with minimal processing overhead in a soft-QoS architecture.