- 學位論文
高效能的濫用流量偵測方法
Core Router Overuse Flow Tracer (CROFT): An Efficient Algorithm for Detecting Overuse Flows
摘要
偵測網路中的濫用流量方法已經被研究了超過15年,並且至今仍是一個網路系統中重要的問題,因爲有越來越多對延遲敏感的網路應用、日趨嚴重的大規模DDoS攻擊、以及對各種流量分配框架的需求。雖然已經有很多方法被設計來偵測網路中的濫用流量,仍然沒有系統可以可靠的偵測只超用允許頻寬50%的濫用流量。尤其在如核心路由器等高流量網路環境中,因爲高速記憶體及運算資源的限制,讓這個問題變得更加困難。 我們設計、分析、實作、並測試CROFT,一個比起過去方法有更好特性的新濫用流量偵測演算法。CROFT在偵測1.5x-7x濫用流量上比以往的方法快超過300倍,而以往的方法在7x濫用流量的偵測時間就超過了300秒的時間限制。
並列摘要
The detection of overuse flows has been a research problem studied for over 15 years, and it remains an important topic to this day due to the increasing importance of network performance for latency-sensitive applications, the impact of volumetric DDoS attacks, and the emergence of bandwidth allocation schemes. Although much progress has been achieved for designing efficient in-network detection of overuse flows, no system exists that can reliably detect overuse flows utilizing only 50% more than their permitted bandwidth. What further compounds the difficulty of the problem is the challenging environment of high-throughput packet processing on core Internet routers, which requires careful management of the limited amount of (expensive) fast memory and of computational resources. We design, analyze, implement, and evaluate CROFT, a new approach for efficiently detecting overuse flows that achieves dramatically better properties than prior work. CROFT is at least 300 times faster than prior approaches in detecting 1.5x-7x overuse flows: CROFT can detect 1.5x overuse flows in one second, whereas prior approaches fail to detect 7x overuse flows within a timeout of 300s.