Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188830
Sergio de Oliveira, Thiago Rodrigues de Oliveira, J. Nogueira
Wireless sensor networks are subjected to several types of attacks specially attacks of denial of service types (DoS). Several mechanisms and techniques were proposed to provide security to wireless sensor networks, like cryptographic process, key management protocols, intrusion detection systems, node revocation schemas, secure routing, and secure data fusion. A recent work proposes a security management framework to dynamically configure and reconfigure security components in sensor networks according to management information collected by sensor nodes and sent to decision-maker management entities. It turns on or off security components only when they are necessary, saving power and extend network lifetime. The architecture is policy based, what enable rules configuration specific for each application. We evaluate that security management framework, showing possibilities to save power and how that work can contribute to extend network lifetime. We propose some scenarios to evaluate the performance of the security management framework and estimate the cost of security components.
{"title":"A policy based security management architecture for sensor networks","authors":"Sergio de Oliveira, Thiago Rodrigues de Oliveira, J. Nogueira","doi":"10.1109/INM.2009.5188830","DOIUrl":"https://doi.org/10.1109/INM.2009.5188830","url":null,"abstract":"Wireless sensor networks are subjected to several types of attacks specially attacks of denial of service types (DoS). Several mechanisms and techniques were proposed to provide security to wireless sensor networks, like cryptographic process, key management protocols, intrusion detection systems, node revocation schemas, secure routing, and secure data fusion. A recent work proposes a security management framework to dynamically configure and reconfigure security components in sensor networks according to management information collected by sensor nodes and sent to decision-maker management entities. It turns on or off security components only when they are necessary, saving power and extend network lifetime. The architecture is policy based, what enable rules configuration specific for each application. We evaluate that security management framework, showing possibilities to save power and how that work can contribute to extend network lifetime. We propose some scenarios to evaluate the performance of the security management framework and estimate the cost of security components.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125842546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188832
Michael Cardosa, M. Korupolu, Aameek Singh
Virtualization technologies like VMware and Xen provide features to specify the minimum and maximum amount of resources that can be allocated to a virtual machine (VM) and a shares based mechanism for the hypervisor to distribute spare resources among contending VMs. However much of the existing work on VM placement and power consolidation in data centers fails to take advantage of these features. One of our experiments on a real testbed shows that leveraging such features can improve the overall utility of the data center by 47% or even higher. Motivated by these, we present a novel suite of techniques for placement and power consolidation of VMs in data centers taking advantage of the min-max and shares features inherent in virtualization technologies. Our techniques provide a smooth mechanism for power-performance tradeoffs in modern data centers running heterogeneous applications, wherein the amount of resources allocated to a VM can be adjusted based on available resources, power costs, and application utilities. We evaluate our techniques on a range of large synthetic data center setups and a small real data center testbed comprising of VMware ESX servers. Our experiments confirm the end-to-end validity of our approach and demonstrate that our final candidate algorithm, PowerExpandMinMax, consistently yields the best overall utility across a broad spectrum of inputs - varying VM sizes and utilities, varying server capacities and varying power costs - thus providing a practical solution for administrators.
{"title":"Shares and utilities based power consolidation in virtualized server environments","authors":"Michael Cardosa, M. Korupolu, Aameek Singh","doi":"10.1109/INM.2009.5188832","DOIUrl":"https://doi.org/10.1109/INM.2009.5188832","url":null,"abstract":"Virtualization technologies like VMware and Xen provide features to specify the minimum and maximum amount of resources that can be allocated to a virtual machine (VM) and a shares based mechanism for the hypervisor to distribute spare resources among contending VMs. However much of the existing work on VM placement and power consolidation in data centers fails to take advantage of these features. One of our experiments on a real testbed shows that leveraging such features can improve the overall utility of the data center by 47% or even higher. Motivated by these, we present a novel suite of techniques for placement and power consolidation of VMs in data centers taking advantage of the min-max and shares features inherent in virtualization technologies. Our techniques provide a smooth mechanism for power-performance tradeoffs in modern data centers running heterogeneous applications, wherein the amount of resources allocated to a VM can be adjusted based on available resources, power costs, and application utilities. We evaluate our techniques on a range of large synthetic data center setups and a small real data center testbed comprising of VMware ESX servers. Our experiments confirm the end-to-end validity of our approach and demonstrate that our final candidate algorithm, PowerExpandMinMax, consistently yields the best overall utility across a broad spectrum of inputs - varying VM sizes and utilities, varying server capacities and varying power costs - thus providing a practical solution for administrators.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130191795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188867
Djakhongir Siradjev, Laziz Yunusov, Young-Tak Kim
In this paper we propose an IP traceback mechanism based on deterministic packet marking and logging, using protected nodes set to reduce logged data amount. The proposed scheme exploits the fact that the number of nodes that may be under attack is usually limited to a small fraction of total nodes in the Internet, greatly reducing storage requirements by logging only the traffic destined to this fraction of nodes, thus meeting the hardware limitations of high speed core routers. Before logging at the traceback-enabled router every packet is checked whether it is destined to a host in the protected nodes set by using bloom filter. Protected nodes set and list of traceback-enabled routers is managed by security management infrastructure, which can be mirrored to avoid introduction of single point of failure. Maintaining the list of traceback-enabled routers allows performing neighbor discovery in the overlay network, which is required to detect faked identification field value in IP header by an attacker. By adding initialization stage and infrastructure the proposed scheme can provide constant complexity of per-packet processing and much longer bloom filter refresh period comparing to other approaches that use logging paradigm. Performance evaluation shows that the proposed IP traceback mechanism can be implemented in the real Internet with scalability and good deployment feasibility in terms of false positive ratio and memory usage.
{"title":"Security management with scalable distributed IP traceback","authors":"Djakhongir Siradjev, Laziz Yunusov, Young-Tak Kim","doi":"10.1109/INM.2009.5188867","DOIUrl":"https://doi.org/10.1109/INM.2009.5188867","url":null,"abstract":"In this paper we propose an IP traceback mechanism based on deterministic packet marking and logging, using protected nodes set to reduce logged data amount. The proposed scheme exploits the fact that the number of nodes that may be under attack is usually limited to a small fraction of total nodes in the Internet, greatly reducing storage requirements by logging only the traffic destined to this fraction of nodes, thus meeting the hardware limitations of high speed core routers. Before logging at the traceback-enabled router every packet is checked whether it is destined to a host in the protected nodes set by using bloom filter. Protected nodes set and list of traceback-enabled routers is managed by security management infrastructure, which can be mirrored to avoid introduction of single point of failure. Maintaining the list of traceback-enabled routers allows performing neighbor discovery in the overlay network, which is required to detect faked identification field value in IP header by an attacker. By adding initialization stage and infrastructure the proposed scheme can provide constant complexity of per-packet processing and much longer bloom filter refresh period comparing to other approaches that use logging paradigm. Performance evaluation shows that the proposed IP traceback mechanism can be implemented in the real Internet with scalability and good deployment feasibility in terms of false positive ratio and memory usage.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127712161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188870
J. Rhee, Andrzej Kochut, K. Beaty
The thin-client computing model has been recently regaining popularity in a new form known as the virtual desktop. That is where the desktop is hosted on a virtualized platform. Even though the interest in this computing paradigm is broad there are relatively few tools and methods for benchmarking virtual client infrastructures. We believe that developing such tools and approaches is crucial for the future success of virtual client deployments and also for objective evaluation of existing and new algorithms, communication protocols, and technologies. We present DeskBench, a virtual desktop benchmarking tool, that allows for fast and easy creation of benchmarks by simple recording of the user's activity. It also allows for replaying the recorded actions in a synchronized manner at maximum possible speeds without compromising the correctness of the replay. The proposed approach relies only on the basic primitives of mouse and keyboard events as well as screen region updates which are common in window manager systems. We have implemented a prototype of the system and also conducted a series of experiments measuring responsiveness of virtual machine based desktops under various load conditions and network latencies. The experiments illustrate the flexibility and accuracy of the proposed method and also give some interesting insights into the scalability of virtual machine based desktops.
{"title":"DeskBench: Flexible virtual desktop benchmarking toolkit","authors":"J. Rhee, Andrzej Kochut, K. Beaty","doi":"10.1109/INM.2009.5188870","DOIUrl":"https://doi.org/10.1109/INM.2009.5188870","url":null,"abstract":"The thin-client computing model has been recently regaining popularity in a new form known as the virtual desktop. That is where the desktop is hosted on a virtualized platform. Even though the interest in this computing paradigm is broad there are relatively few tools and methods for benchmarking virtual client infrastructures. We believe that developing such tools and approaches is crucial for the future success of virtual client deployments and also for objective evaluation of existing and new algorithms, communication protocols, and technologies. We present DeskBench, a virtual desktop benchmarking tool, that allows for fast and easy creation of benchmarks by simple recording of the user's activity. It also allows for replaying the recorded actions in a synchronized manner at maximum possible speeds without compromising the correctness of the replay. The proposed approach relies only on the basic primitives of mouse and keyboard events as well as screen region updates which are common in window manager systems. We have implemented a prototype of the system and also conducted a series of experiments measuring responsiveness of virtual machine based desktops under various load conditions and network latencies. The experiments illustrate the flexibility and accuracy of the proposed method and also give some interesting insights into the scalability of virtual machine based desktops.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128825375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188848
Sheila Becker, R. State, T. Engel
This paper proposes a new model, based on mainstream game theory for the optimal configuration of services. We consider the case of reliable realtime P2P communications and show how the configuration of security mechanisms can be configured using game theoretical concepts, in which the defendant is played by the management plane having to face adversaries which play the attacker role. Our main contribution lies in proposing a risk assessment framework and deriving optimal strategies - in terms of Nash equilibrium - for both the attacker and the defendant. We consider the specific service of communications in autonomic networks and we show how the optimal configuration can be determined within the proposed framework.
{"title":"Defensive configuration with game theory","authors":"Sheila Becker, R. State, T. Engel","doi":"10.1109/INM.2009.5188848","DOIUrl":"https://doi.org/10.1109/INM.2009.5188848","url":null,"abstract":"This paper proposes a new model, based on mainstream game theory for the optimal configuration of services. We consider the case of reliable realtime P2P communications and show how the configuration of security mechanisms can be configured using game theoretical concepts, in which the defendant is played by the management plane having to face adversaries which play the attacker role. Our main contribution lies in proposing a risk assessment framework and deriving optimal strategies - in terms of Nash equilibrium - for both the attacker and the defendant. We consider the specific service of communications in autonomic networks and we show how the optimal configuration can be determined within the proposed framework.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128783849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188869
H. Matsuura, N. Morita
We propose a new service for the L1VPN (layer-1 virtual private network), in which an L1VPN customer can manage and control its own L1VPN from an end-to-end point of view. In the service, a customer can change its routing policy on the basis of a decision and set network notification policy for individual VPN users. These operations are conducted by an L1VPN NMS (network management system), which is distributed online by an L1VPN provider in EJB (enterprise java beans) format. In addition to the L1VPN NMS, EJB-based customer domain NMSs that manage individual customer domains are also delivered to individual customers. In cooperation with the provider NMS, which is for the L1VPN provider network, and the customer domain NMSs, an L1VPN NMS can update the L1VPN logical information from provider and customer domains. The L1VPN NMS receives alarm notifications from both NMSs and forwards them to IP users who are affected by the notifications. We evaluate the effect of an L1VPN on alarm notification time because swift alarm notification is critical for IP users. In addition, we evaluate the effect of deploying multiple customer domain NMSs in one Linux NMS server.
{"title":"EJB-based implementation of L1VPN NMS controlled by each customer","authors":"H. Matsuura, N. Morita","doi":"10.1109/INM.2009.5188869","DOIUrl":"https://doi.org/10.1109/INM.2009.5188869","url":null,"abstract":"We propose a new service for the L1VPN (layer-1 virtual private network), in which an L1VPN customer can manage and control its own L1VPN from an end-to-end point of view. In the service, a customer can change its routing policy on the basis of a decision and set network notification policy for individual VPN users. These operations are conducted by an L1VPN NMS (network management system), which is distributed online by an L1VPN provider in EJB (enterprise java beans) format. In addition to the L1VPN NMS, EJB-based customer domain NMSs that manage individual customer domains are also delivered to individual customers. In cooperation with the provider NMS, which is for the L1VPN provider network, and the customer domain NMSs, an L1VPN NMS can update the L1VPN logical information from provider and customer domains. The L1VPN NMS receives alarm notifications from both NMSs and forwards them to IP users who are affected by the notifications. We evaluate the effect of an L1VPN on alarm notification time because swift alarm notification is critical for IP users. In addition, we evaluate the effect of deploying multiple customer domain NMSs in one Linux NMS server.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131612110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188887
V. Thing, M. Sloman, Naranker Dulay
This dissertation presents a Distributed denial-of-service Adaptive ResponsE (DARE) system, capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integration of distributed modules for both signature-based and anomaly-based detection. Additionally, the innovative design of DARE's individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. The distributed components work together interactively to adapt detection and response according to the attack types. Experiments on DARE show that the attack detection and mitigation were successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests was maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. The dissertation is available at http://pubs.doc.ic.ac.uk/VrizlynnThing-PhD-Thesis-2008/VrizlynnThing-PhD-Thesis-2008.pdf.
{"title":"Adaptive response system for distributed denial-of-service attacks","authors":"V. Thing, M. Sloman, Naranker Dulay","doi":"10.1109/INM.2009.5188887","DOIUrl":"https://doi.org/10.1109/INM.2009.5188887","url":null,"abstract":"This dissertation presents a Distributed denial-of-service Adaptive ResponsE (DARE) system, capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integration of distributed modules for both signature-based and anomaly-based detection. Additionally, the innovative design of DARE's individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. The distributed components work together interactively to adapt detection and response according to the attack types. Experiments on DARE show that the attack detection and mitigation were successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests was maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. The dissertation is available at http://pubs.doc.ic.ac.uk/VrizlynnThing-PhD-Thesis-2008/VrizlynnThing-PhD-Thesis-2008.pdf.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131413866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188806
Mohamed Abouelela, M. El-Darieby
Providing network QoS involves, among other things, ensuring network survivability in spite of network faults. Fault recovery mechanisms should reduce recovery time, especially for real-time and mission-critical applications while guaranteeing QoS requirements, in terms of bandwidth and delay constraints and maximizing network resources utilization. In this paper, we propose a scalable recovery mechanism based on hierarchical networks. The proposed mechanism is based on inter-domain segmental restoration and is performed by a recovery module (RM) introduced for each domain of the hierarchy. The RM cooperates with Path Computation Element (PCE) to perform recovery while maintaining QoS. Segmental restoration ensures faster recovery time by trying to recover failed paths as close as possible to where the fault occurred. The recovery mechanism aggregates fault notification messages to reduce the size of the signaling storm. In addition, the recovery mechanism ranks failed paths to reduce recovery time for high-priority traffic. We present simulation results conducted for different network sizes and hierarchy structures. Two metrics were considered: recovery time and signaling storm size. A significant decrease in the recovery time with increasing number of hierarchical levels for the same network size is observed. The larger the number of hierarchy levels, the smaller the number of network nodes in each domain and, generally, the faster the routing computations and routing tables search times. In addition, the recovery mechanism results in reducing recovery time for high priority traffic by nearly 90% over that of lower priority traffic. However, increasing the number of hierarchical levels results in a linear increase in signaling storm size.
{"title":"PCE-based hierarchical segment restoration","authors":"Mohamed Abouelela, M. El-Darieby","doi":"10.1109/INM.2009.5188806","DOIUrl":"https://doi.org/10.1109/INM.2009.5188806","url":null,"abstract":"Providing network QoS involves, among other things, ensuring network survivability in spite of network faults. Fault recovery mechanisms should reduce recovery time, especially for real-time and mission-critical applications while guaranteeing QoS requirements, in terms of bandwidth and delay constraints and maximizing network resources utilization. In this paper, we propose a scalable recovery mechanism based on hierarchical networks. The proposed mechanism is based on inter-domain segmental restoration and is performed by a recovery module (RM) introduced for each domain of the hierarchy. The RM cooperates with Path Computation Element (PCE) to perform recovery while maintaining QoS. Segmental restoration ensures faster recovery time by trying to recover failed paths as close as possible to where the fault occurred. The recovery mechanism aggregates fault notification messages to reduce the size of the signaling storm. In addition, the recovery mechanism ranks failed paths to reduce recovery time for high-priority traffic. We present simulation results conducted for different network sizes and hierarchy structures. Two metrics were considered: recovery time and signaling storm size. A significant decrease in the recovery time with increasing number of hierarchical levels for the same network size is observed. The larger the number of hierarchy levels, the smaller the number of network nodes in each domain and, generally, the faster the routing computations and routing tables search times. In addition, the recovery mechanism results in reducing recovery time for high priority traffic by nearly 90% over that of lower priority traffic. However, increasing the number of hierarchical levels results in a linear increase in signaling storm size.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127658964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188827
Byungjoon Lee, Seong Moon, Youngseok Lee
When we reverse-engineer unknown protocols or analyze the Internet traffic, it is critical to capture complete traffic traces generated by a target application. Besides, to prove the accuracy of Internet traffic classification algorithms of the traffic monitoring system usually located in the middle of the network, it is highly required to retain traffic traces associated with the related application. Therefore, in this paper, we present an application-specific packet capturing method at end hosts, which is based on the dynamic kernel probing technique. From the experiments it is shown that the proposed method is useful for creating per-application complete traffic traces without performance degradation.
{"title":"Application-specific packet capturing using kernel probes","authors":"Byungjoon Lee, Seong Moon, Youngseok Lee","doi":"10.1109/INM.2009.5188827","DOIUrl":"https://doi.org/10.1109/INM.2009.5188827","url":null,"abstract":"When we reverse-engineer unknown protocols or analyze the Internet traffic, it is critical to capture complete traffic traces generated by a target application. Besides, to prove the accuracy of Internet traffic classification algorithms of the traffic monitoring system usually located in the middle of the network, it is highly required to retain traffic traces associated with the related application. Therefore, in this paper, we present an application-specific packet capturing method at end hosts, which is based on the dynamic kernel probing technique. From the experiments it is shown that the proposed method is useful for creating per-application complete traffic traces without performance degradation.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131055043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188820
C. Mingardi, G. Nunzi, D. Dudkowski, M. Brunner
Event handling is a management mechanism that provides means for the network to react on changes in the network conditions or performance. In the construction of a clean-slate management architecture, we consider this as a main building block. This paper proposes a fully distributed event distribution in a fully distributed environment: differently from existing works, no configuration is required in advance, and yet nodes have guarantee that events are delivered and that certain delivery objectives are respected. The contributions of this paper are: a generic system model for event handling and an analysis of event distribution mechanisms with respect to timeliness and traffic metrics. The paper describes and discusses in detail the results based on simulations and provides guidelines for management functions of the Future Internet.
{"title":"Event handling in clean-slate Future Internet management","authors":"C. Mingardi, G. Nunzi, D. Dudkowski, M. Brunner","doi":"10.1109/INM.2009.5188820","DOIUrl":"https://doi.org/10.1109/INM.2009.5188820","url":null,"abstract":"Event handling is a management mechanism that provides means for the network to react on changes in the network conditions or performance. In the construction of a clean-slate management architecture, we consider this as a main building block. This paper proposes a fully distributed event distribution in a fully distributed environment: differently from existing works, no configuration is required in advance, and yet nodes have guarantee that events are delivered and that certain delivery objectives are respected. The contributions of this paper are: a generic system model for event handling and an analysis of event distribution mechanisms with respect to timeliness and traffic metrics. The paper describes and discusses in detail the results based on simulations and provides guidelines for management functions of the Future Internet.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"122 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130783876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: