Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188785
J. Baliosian, J. Visca, E. Grampín, H. Vidal, M. Giachino
During the last years there has been a strong research effort on the autonomic communications and self-management paradigms. Following this impulse, the academic community and the industry have proposed several architectures and techniques to allow network devices to make their own configuration decisions. Those proposals often include resource-expensive technologies such as complex inference machines, ontological modeling and probabilistic prediction that may not be suitable for the most pervasive and inexpensive network-enabled devices. This paper addresses this facet of the autonomic systems introducing RAN. This system aims to be a complete rule-based, distributed system specially designed and implemented to enable autonomic behavior on very constrained devices, such as domestic wireless routers with resources as low as 16 MB of RAM and 4 MB of storage memory. The RAN system was developed to serve the objectives of Rural Ambient Networks, a project that targets the so-called Digital Divide deploying low-cost wireless mesh infrastructure in rural communities. In this context, RAN, in autonomic and distributed manners, optimizes the network configuration to minimize the monetary cost that the community has to pay for using the IT infrastructure. Finally, this work presents an evaluation of RAN that shows how it makes possible to perform sophisticated optimization decisions with a very small overhead in terms of CPU and memory.
{"title":"A rule-based distributed system for self-optimization of constrained devices","authors":"J. Baliosian, J. Visca, E. Grampín, H. Vidal, M. Giachino","doi":"10.1109/INM.2009.5188785","DOIUrl":"https://doi.org/10.1109/INM.2009.5188785","url":null,"abstract":"During the last years there has been a strong research effort on the autonomic communications and self-management paradigms. Following this impulse, the academic community and the industry have proposed several architectures and techniques to allow network devices to make their own configuration decisions. Those proposals often include resource-expensive technologies such as complex inference machines, ontological modeling and probabilistic prediction that may not be suitable for the most pervasive and inexpensive network-enabled devices. This paper addresses this facet of the autonomic systems introducing RAN. This system aims to be a complete rule-based, distributed system specially designed and implemented to enable autonomic behavior on very constrained devices, such as domestic wireless routers with resources as low as 16 MB of RAM and 4 MB of storage memory. The RAN system was developed to serve the objectives of Rural Ambient Networks, a project that targets the so-called Digital Divide deploying low-cost wireless mesh infrastructure in rural communities. In this context, RAN, in autonomic and distributed manners, optimizes the network configuration to minimize the monetary cost that the community has to pay for using the IT infrastructure. Finally, this work presents an evaluation of RAN that shows how it makes possible to perform sophisticated optimization decisions with a very small overhead in terms of CPU and memory.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114833256","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188828
Benny Rochwerger, A. Galis, Eliezer Levy, Juan A. Cáceres, David Breitgand, Y. Wolfsthal, I. Llorente, M. Wusthoff, R. Montero, E. Elmroth
RESERVOIR project [16] is developing an advanced system and service management approach that will serve as the infrastructure for Cloud Computing and Communications and Future Internet of Services by creative coupling of service virtualization, grid computing, networking and service management techniques. This paper presents work in progress for the integration and management of such systems into a new generation of Managed Service Infrastructure.
{"title":"RESERVOIR: Management technologies and requirements for next generation Service Oriented Infrastructures","authors":"Benny Rochwerger, A. Galis, Eliezer Levy, Juan A. Cáceres, David Breitgand, Y. Wolfsthal, I. Llorente, M. Wusthoff, R. Montero, E. Elmroth","doi":"10.1109/INM.2009.5188828","DOIUrl":"https://doi.org/10.1109/INM.2009.5188828","url":null,"abstract":"RESERVOIR project [16] is developing an advanced system and service management approach that will serve as the infrastructure for Cloud Computing and Communications and Future Internet of Services by creative coupling of service virtualization, grid computing, networking and service management techniques. This paper presents work in progress for the integration and management of such systems into a new generation of Managed Service Infrastructure.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"122 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116714616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188885
A. Hadjiantonis, G. Pavlou
The motivation of the presented thesis emanated from the need for unrestricted wireless communication in a scalable and predictable manner. This need is accentuated by the increasing users' demand for spontaneous communication. The objective is to propose a management framework able to leverage the potential of wireless ad hoc networks as an alternative communication method allowing them to coexist with other networks and to emerge as their flexible extension.
{"title":"Policy-based self-management of wireless ad hoc networks","authors":"A. Hadjiantonis, G. Pavlou","doi":"10.1109/INM.2009.5188885","DOIUrl":"https://doi.org/10.1109/INM.2009.5188885","url":null,"abstract":"The motivation of the presented thesis emanated from the need for unrestricted wireless communication in a scalable and predictable manner. This need is accentuated by the increasing users' demand for spontaneous communication. The objective is to propose a management framework able to leverage the potential of wireless ad hoc networks as an alternative communication method allowing them to coexist with other networks and to emerge as their flexible extension.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114587326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188867
Djakhongir Siradjev, Laziz Yunusov, Young-Tak Kim
In this paper we propose an IP traceback mechanism based on deterministic packet marking and logging, using protected nodes set to reduce logged data amount. The proposed scheme exploits the fact that the number of nodes that may be under attack is usually limited to a small fraction of total nodes in the Internet, greatly reducing storage requirements by logging only the traffic destined to this fraction of nodes, thus meeting the hardware limitations of high speed core routers. Before logging at the traceback-enabled router every packet is checked whether it is destined to a host in the protected nodes set by using bloom filter. Protected nodes set and list of traceback-enabled routers is managed by security management infrastructure, which can be mirrored to avoid introduction of single point of failure. Maintaining the list of traceback-enabled routers allows performing neighbor discovery in the overlay network, which is required to detect faked identification field value in IP header by an attacker. By adding initialization stage and infrastructure the proposed scheme can provide constant complexity of per-packet processing and much longer bloom filter refresh period comparing to other approaches that use logging paradigm. Performance evaluation shows that the proposed IP traceback mechanism can be implemented in the real Internet with scalability and good deployment feasibility in terms of false positive ratio and memory usage.
{"title":"Security management with scalable distributed IP traceback","authors":"Djakhongir Siradjev, Laziz Yunusov, Young-Tak Kim","doi":"10.1109/INM.2009.5188867","DOIUrl":"https://doi.org/10.1109/INM.2009.5188867","url":null,"abstract":"In this paper we propose an IP traceback mechanism based on deterministic packet marking and logging, using protected nodes set to reduce logged data amount. The proposed scheme exploits the fact that the number of nodes that may be under attack is usually limited to a small fraction of total nodes in the Internet, greatly reducing storage requirements by logging only the traffic destined to this fraction of nodes, thus meeting the hardware limitations of high speed core routers. Before logging at the traceback-enabled router every packet is checked whether it is destined to a host in the protected nodes set by using bloom filter. Protected nodes set and list of traceback-enabled routers is managed by security management infrastructure, which can be mirrored to avoid introduction of single point of failure. Maintaining the list of traceback-enabled routers allows performing neighbor discovery in the overlay network, which is required to detect faked identification field value in IP header by an attacker. By adding initialization stage and infrastructure the proposed scheme can provide constant complexity of per-packet processing and much longer bloom filter refresh period comparing to other approaches that use logging paradigm. Performance evaluation shows that the proposed IP traceback mechanism can be implemented in the real Internet with scalability and good deployment feasibility in terms of false positive ratio and memory usage.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127712161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188832
Michael Cardosa, M. Korupolu, Aameek Singh
Virtualization technologies like VMware and Xen provide features to specify the minimum and maximum amount of resources that can be allocated to a virtual machine (VM) and a shares based mechanism for the hypervisor to distribute spare resources among contending VMs. However much of the existing work on VM placement and power consolidation in data centers fails to take advantage of these features. One of our experiments on a real testbed shows that leveraging such features can improve the overall utility of the data center by 47% or even higher. Motivated by these, we present a novel suite of techniques for placement and power consolidation of VMs in data centers taking advantage of the min-max and shares features inherent in virtualization technologies. Our techniques provide a smooth mechanism for power-performance tradeoffs in modern data centers running heterogeneous applications, wherein the amount of resources allocated to a VM can be adjusted based on available resources, power costs, and application utilities. We evaluate our techniques on a range of large synthetic data center setups and a small real data center testbed comprising of VMware ESX servers. Our experiments confirm the end-to-end validity of our approach and demonstrate that our final candidate algorithm, PowerExpandMinMax, consistently yields the best overall utility across a broad spectrum of inputs - varying VM sizes and utilities, varying server capacities and varying power costs - thus providing a practical solution for administrators.
{"title":"Shares and utilities based power consolidation in virtualized server environments","authors":"Michael Cardosa, M. Korupolu, Aameek Singh","doi":"10.1109/INM.2009.5188832","DOIUrl":"https://doi.org/10.1109/INM.2009.5188832","url":null,"abstract":"Virtualization technologies like VMware and Xen provide features to specify the minimum and maximum amount of resources that can be allocated to a virtual machine (VM) and a shares based mechanism for the hypervisor to distribute spare resources among contending VMs. However much of the existing work on VM placement and power consolidation in data centers fails to take advantage of these features. One of our experiments on a real testbed shows that leveraging such features can improve the overall utility of the data center by 47% or even higher. Motivated by these, we present a novel suite of techniques for placement and power consolidation of VMs in data centers taking advantage of the min-max and shares features inherent in virtualization technologies. Our techniques provide a smooth mechanism for power-performance tradeoffs in modern data centers running heterogeneous applications, wherein the amount of resources allocated to a VM can be adjusted based on available resources, power costs, and application utilities. We evaluate our techniques on a range of large synthetic data center setups and a small real data center testbed comprising of VMware ESX servers. Our experiments confirm the end-to-end validity of our approach and demonstrate that our final candidate algorithm, PowerExpandMinMax, consistently yields the best overall utility across a broad spectrum of inputs - varying VM sizes and utilities, varying server capacities and varying power costs - thus providing a practical solution for administrators.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130191795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188887
V. Thing, M. Sloman, Naranker Dulay
This dissertation presents a Distributed denial-of-service Adaptive ResponsE (DARE) system, capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integration of distributed modules for both signature-based and anomaly-based detection. Additionally, the innovative design of DARE's individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. The distributed components work together interactively to adapt detection and response according to the attack types. Experiments on DARE show that the attack detection and mitigation were successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests was maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. The dissertation is available at http://pubs.doc.ic.ac.uk/VrizlynnThing-PhD-Thesis-2008/VrizlynnThing-PhD-Thesis-2008.pdf.
{"title":"Adaptive response system for distributed denial-of-service attacks","authors":"V. Thing, M. Sloman, Naranker Dulay","doi":"10.1109/INM.2009.5188887","DOIUrl":"https://doi.org/10.1109/INM.2009.5188887","url":null,"abstract":"This dissertation presents a Distributed denial-of-service Adaptive ResponsE (DARE) system, capable of executing appropriate detection and mitigation responses automatically and adaptively according to the attacks. It supports easy integration of distributed modules for both signature-based and anomaly-based detection. Additionally, the innovative design of DARE's individual components takes into consideration the strengths and weaknesses of existing defence mechanisms, and the characteristics and possible future mutations of DDoS attacks. The distributed components work together interactively to adapt detection and response according to the attack types. Experiments on DARE show that the attack detection and mitigation were successfully completed within seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate and new legitimate requests was maintained. DARE is able to detect and trigger appropriate responses in accordance to the attacks being launched with high accuracy, effectiveness and efficiency. The dissertation is available at http://pubs.doc.ic.ac.uk/VrizlynnThing-PhD-Thesis-2008/VrizlynnThing-PhD-Thesis-2008.pdf.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131413866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188869
H. Matsuura, N. Morita
We propose a new service for the L1VPN (layer-1 virtual private network), in which an L1VPN customer can manage and control its own L1VPN from an end-to-end point of view. In the service, a customer can change its routing policy on the basis of a decision and set network notification policy for individual VPN users. These operations are conducted by an L1VPN NMS (network management system), which is distributed online by an L1VPN provider in EJB (enterprise java beans) format. In addition to the L1VPN NMS, EJB-based customer domain NMSs that manage individual customer domains are also delivered to individual customers. In cooperation with the provider NMS, which is for the L1VPN provider network, and the customer domain NMSs, an L1VPN NMS can update the L1VPN logical information from provider and customer domains. The L1VPN NMS receives alarm notifications from both NMSs and forwards them to IP users who are affected by the notifications. We evaluate the effect of an L1VPN on alarm notification time because swift alarm notification is critical for IP users. In addition, we evaluate the effect of deploying multiple customer domain NMSs in one Linux NMS server.
{"title":"EJB-based implementation of L1VPN NMS controlled by each customer","authors":"H. Matsuura, N. Morita","doi":"10.1109/INM.2009.5188869","DOIUrl":"https://doi.org/10.1109/INM.2009.5188869","url":null,"abstract":"We propose a new service for the L1VPN (layer-1 virtual private network), in which an L1VPN customer can manage and control its own L1VPN from an end-to-end point of view. In the service, a customer can change its routing policy on the basis of a decision and set network notification policy for individual VPN users. These operations are conducted by an L1VPN NMS (network management system), which is distributed online by an L1VPN provider in EJB (enterprise java beans) format. In addition to the L1VPN NMS, EJB-based customer domain NMSs that manage individual customer domains are also delivered to individual customers. In cooperation with the provider NMS, which is for the L1VPN provider network, and the customer domain NMSs, an L1VPN NMS can update the L1VPN logical information from provider and customer domains. The L1VPN NMS receives alarm notifications from both NMSs and forwards them to IP users who are affected by the notifications. We evaluate the effect of an L1VPN on alarm notification time because swift alarm notification is critical for IP users. In addition, we evaluate the effect of deploying multiple customer domain NMSs in one Linux NMS server.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131612110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188780
J. Hellerstein
Resource managers (RMs) often expose configuration parameters that have a significant impact on the performance of the systems they manage. Configuring RMs is challenging because it requires accurate estimates of performance for a large number of configuration settings and many workloads, which scales poorly if configuration assessment requires running performance benchmarks. We propose an approach to evaluating RM configurations called model fuzzing that combines measurement and simple models to provide accurate and scalable configuration evaluation. Based on model fuzzing, we develop a methodology for configuring RMs that considers multiple evaluation criteria (e.g., high throughput, low number of threads). Applying this methodology to the .NET thread pool, we find a configuration that increases throughput by 240% compared with the throughput of a poorly chosen configuration. Using model fuzzing reduces the computational requirements to configure the .NET thread pool from machine-years to machine-hours.
{"title":"Configuring resource managers using model fuzzing: A case study of the .NET thread pool","authors":"J. Hellerstein","doi":"10.1109/INM.2009.5188780","DOIUrl":"https://doi.org/10.1109/INM.2009.5188780","url":null,"abstract":"Resource managers (RMs) often expose configuration parameters that have a significant impact on the performance of the systems they manage. Configuring RMs is challenging because it requires accurate estimates of performance for a large number of configuration settings and many workloads, which scales poorly if configuration assessment requires running performance benchmarks. We propose an approach to evaluating RM configurations called model fuzzing that combines measurement and simple models to provide accurate and scalable configuration evaluation. Based on model fuzzing, we develop a methodology for configuring RMs that considers multiple evaluation criteria (e.g., high throughput, low number of threads). Applying this methodology to the .NET thread pool, we find a configuration that increases throughput by 240% compared with the throughput of a poorly chosen configuration. Using model fuzzing reduces the computational requirements to configure the .NET thread pool from machine-years to machine-hours.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126688058","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188820
C. Mingardi, G. Nunzi, D. Dudkowski, M. Brunner
Event handling is a management mechanism that provides means for the network to react on changes in the network conditions or performance. In the construction of a clean-slate management architecture, we consider this as a main building block. This paper proposes a fully distributed event distribution in a fully distributed environment: differently from existing works, no configuration is required in advance, and yet nodes have guarantee that events are delivered and that certain delivery objectives are respected. The contributions of this paper are: a generic system model for event handling and an analysis of event distribution mechanisms with respect to timeliness and traffic metrics. The paper describes and discusses in detail the results based on simulations and provides guidelines for management functions of the Future Internet.
{"title":"Event handling in clean-slate Future Internet management","authors":"C. Mingardi, G. Nunzi, D. Dudkowski, M. Brunner","doi":"10.1109/INM.2009.5188820","DOIUrl":"https://doi.org/10.1109/INM.2009.5188820","url":null,"abstract":"Event handling is a management mechanism that provides means for the network to react on changes in the network conditions or performance. In the construction of a clean-slate management architecture, we consider this as a main building block. This paper proposes a fully distributed event distribution in a fully distributed environment: differently from existing works, no configuration is required in advance, and yet nodes have guarantee that events are delivered and that certain delivery objectives are respected. The contributions of this paper are: a generic system model for event handling and an analysis of event distribution mechanisms with respect to timeliness and traffic metrics. The paper describes and discusses in detail the results based on simulations and provides guidelines for management functions of the Future Internet.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"122 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130783876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-01DOI: 10.1109/INM.2009.5188827
Byungjoon Lee, Seong Moon, Youngseok Lee
When we reverse-engineer unknown protocols or analyze the Internet traffic, it is critical to capture complete traffic traces generated by a target application. Besides, to prove the accuracy of Internet traffic classification algorithms of the traffic monitoring system usually located in the middle of the network, it is highly required to retain traffic traces associated with the related application. Therefore, in this paper, we present an application-specific packet capturing method at end hosts, which is based on the dynamic kernel probing technique. From the experiments it is shown that the proposed method is useful for creating per-application complete traffic traces without performance degradation.
{"title":"Application-specific packet capturing using kernel probes","authors":"Byungjoon Lee, Seong Moon, Youngseok Lee","doi":"10.1109/INM.2009.5188827","DOIUrl":"https://doi.org/10.1109/INM.2009.5188827","url":null,"abstract":"When we reverse-engineer unknown protocols or analyze the Internet traffic, it is critical to capture complete traffic traces generated by a target application. Besides, to prove the accuracy of Internet traffic classification algorithms of the traffic monitoring system usually located in the middle of the network, it is highly required to retain traffic traces associated with the related application. Therefore, in this paper, we present an application-specific packet capturing method at end hosts, which is based on the dynamic kernel probing technique. From the experiments it is shown that the proposed method is useful for creating per-application complete traffic traces without performance degradation.","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131055043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: