Skip navigation

DSpace JSPUI

DSpace preserves and enables easy and open access to all types of digital content including text, images, moving images, mpegs and data sets

Learn More
DSpace logo
English
中文
  • Browse
    • Communities
      & Collections
    • Publication Year
    • Author
    • Title
    • Subject
    • Advisor
  • Search TDR
  • Rights Q&A
    • My Page
    • Receive email
      updates
    • Edit Profile
  1. NTU Theses and Dissertations Repository
  2. 電機資訊學院
  3. 資訊工程學系
Please use this identifier to cite or link to this item: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/73346
Full metadata record
???org.dspace.app.webui.jsptag.ItemTag.dcfield???ValueLanguage
dc.contributor.advisor蕭旭君(Hsu-Chun Hsiao)
dc.contributor.authorChe-Yu Wuen
dc.contributor.author吳哲宇zh_TW
dc.date.accessioned2021-06-17T07:29:41Z-
dc.date.available2021-07-03
dc.date.copyright2019-07-03
dc.date.issued2019
dc.date.submitted2019-06-16
dc.identifier.citation[1] Intel skylake cpu architecture characteristics. https://www.7-cpu.com/cpu/Skylake.html, Accessed August 2018.
[2] M. Antonakakis, T. April, M. Bailey, M. Bernhard, A. Arbor, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, A. Arbor, L. Invernizzi, M. Kallitsis, M. Network, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas,Y. Zhou, M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou. Understanding the Mirai botnet. In USENIX Security Symposium, 2017.
[3] C. Basescu, R. M. Reischuk, P. Szalachowski, A. Perrig, Y. Zhang, H.-C. Hsiao, A. Kubota, and J. Urakawa. SIBRA: Scalable internet bandwidth reservation architecture. In Proceedings of Network and Distributed System Security Symposium (NDSS), Feb. 2016.
[4] B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422–426, 1970.
[5] CAIDA. The CAIDA UCSD Anonymized Internet Traces - Oct. 18th. http://www.caida.org/data/passive/passive_dataset.xml, 2018.
[6] K. K. Chang, A. Kashyap, H. Hassan, S. Ghose, K. Hsieh, D. Lee, T. Li, G. Pekhimenko, S. Khan, and O. Mutlu. Understanding latency variation in modern DRAM chips: Experimental characterization, analysis, and optimization. In Proceedings of ACM SIGMETRICS, June 2016.
[7] B. Claise. Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational), Oct. 2004.
[8] C. Estan, K. Keys, D. Moore, and G. Varghese. Building a Better NetFlow. In ACM SIGCOMM, 2004.
[9] C. Estan and G. Varghese. New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice. ACM Transactions on Computer Systems, 21(3):270–313, 2003.
[10] P. Flajolet, É. Fusy, O. Gandouet, and F. Meunier. Hyperloglog: the analysis of a near-optimal cardinality estimation algorithm. In Discrete Mathematics and Theoretical Computer Science, pages 137–156. Discrete Mathematics and Theoretical Computer Science, 2007.
[11] W. Hoeffding. Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):13–30, 1963.
[12] A. Lall, M. Ogihara, and J. Xu. An efficient algorithm for measuring medium-to large-sized flows in network traffic. In IEEE INFOCOM, 2009.
[13] S. B. Lee, M. S. Kang, and V. D. Gligor. CoDef: Collaborative defense against large-scale link-flooding attacks. In Proceedings of CoNext, 2013.
[14] Z. Liu, H. Jin, Y.-C. Hu, and M. Bailey. MiddlePolice: Toward enforcing destinationdefined policies in the middle of the internet. In Proceedings of ACM CCS, Oct. 2016.
[15] G. S. Manku and R. Motwani. Approximate Frequency Counts over Data Streams. In Proceedings of VLDB, 2002.
[16] P. E. McKenney. Stochastic fairness queueing. In IEEE INFOCOM, 1990.
[17] A. Metwally, D. Agrawal, and A. E. Abbadi. Efficient computation of frequent and top-k elements in data streams. In International Conference on Database Theory, pages 398–412. Springer, 2005.
[18] J. Misra and D. Gries. Finding Repeated Elements. Science of Computer Programming, 2(2):143–152, 1982.
[19] R. Pagh and F. F. Rodler. Cuckoo hashing. In European Symposium on Algorithms, page 121–133. Springer, 2001.
[20] S. Ramabhadran and G. Varghese. Efficient implementation of a statistics counter architecture. In ACM SIGMETRICS Performance Evaluation Review, volume 31, pages 261–271. ACM, 2003.
[21] J. Sanjuas-Cuxart, P. Barlet-Ros, N. Duffield, and R. Kompella. Cuckoo Sampling: Robust Collection of Flow Aggregates under a Fixed Memory Budget. In IEEE INFOCOM, 2012.
[22] D. Shah, S. Iyer, B. Prabhakar, and N. McKeown. Analysis of a statistics counter architecture. In Hot Interconnects, volume 9, pages 107–111, 2001.
[23] V. Sivaraman, S. Narayana, O. Rottenstreich, S. Muthukrishnan, and J. Rexford. Heavy-hitter detection entirely in the data plane. In Proceedings of the Symposium on SDN Research, pages 164–176. ACM, 2017.
[24] H. Wu, H.-C. Hsiao, D. E. Asoni, S. Scherrer, A. Perrig, and Y.-C. Hu. Clef: Limiting the damage caused by large flows in the internet core. In International Conference on Cryptology and Network Security (CANS), 2018.
[25] H. Wu, H.-C. Hsiao, and Y.-C. Hu. Efficient large flow detection over arbitrary windows: An algorithm exact outside an ambiguity region. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC), pages 209–222. ACM, 2014.
[26] X. Xiao. Technical, Commercial and Regulatory Challenges of QoS: An Internet Service Model Perspective. Morgan Kaufmann, 2008.
[27] Q. Zhao, J. Xu, and Z. Liu. Design of a novel statistics counter architecture with optimal space and time efficiency. ACM SIGMETRICS Performance Evaluation Review, 34(1):323–334, 2006.
dc.identifier.urihttp://tdr.lib.ntu.edu.tw/jspui/handle/123456789/73346-
dc.description.abstract偵測網路中的濫用流量方法已經被研究了超過15年,並且至今仍是一個網路系統中重要的問題,因爲有越來越多對延遲敏感的網路應用、日趨嚴重的大規模DDoS攻擊、以及對各種流量分配框架的需求。雖然已經有很多方法被設計來偵測網路中的濫用流量,仍然沒有系統可以可靠的偵測只超用允許頻寬50%的濫用流量。尤其在如核心路由器等高流量網路環境中,因爲高速記憶體及運算資源的限制,讓這個問題變得更加困難。
我們設計、分析、實作、並測試CROFT,一個比起過去方法有更好特性的新濫用流量偵測演算法。CROFT在偵測1.5x-7x濫用流量上比以往的方法快超過300倍,而以往的方法在7x濫用流量的偵測時間就超過了300秒的時間限制。		zh_TW
dc.description.abstractThe detection of overuse flows has been a research problem studied for over 15 years, and it remains an important topic to this day due to the increasing importance of network performance for latency-sensitive applications, the impact of volumetric DDoS attacks, and the emergence of bandwidth allocation schemes. Although much progress has been achieved for designing efficient in-network detection of overuse flows, no system exists that can reliably detect overuse flows utilizing only 50% more than their permitted bandwidth.
What further compounds the difficulty of the problem is the challenging environment of high-throughput packet processing on core Internet routers, which requires careful management of the limited amount of (expensive) fast memory and of computational resources.
We design, analyze, implement, and evaluate CROFT, a new approach for efficiently detecting overuse flows that achieves dramatically better properties than prior work. CROFT is at least 300 times faster than prior approaches in detecting 1.5x-7x overuse flows: CROFT can detect 1.5x overuse flows in one second, whereas prior approaches fail to detect 7x overuse flows within a timeout of 300s.		en
dc.description.provenanceMade available in DSpace on 2021-06-17T07:29:41Z (GMT). No. of bitstreams: 1
ntu-108-R06922021-1.pdf: 1030388 bytes, checksum: 28215201f4bdf396003235b1233799f1 (MD5)
Previous issue date: 2019		en
dc.description.tableofcontents誌謝 iii
Acknowledgements v
摘要 vii
Abstract ix
1 Introduction 1
2 Problem Definition 5
2.1 Flow Policing Model 5
2.2 Desired Properties 6
2.3 Overuse Flows vs. Large Flows 7
2.3.1 FMF and AMF 8
2.3.2 EARDet 9
3 CROFT Algorithm 11
3.1 Overview 11
3.2 Estimate Algorithm 13
3.3 Sampler 15
3.4 Multi-class CROFT 16
3.5 Complexity Analysis 18
3.5.1 Time complexity 18
3.5.2 Space Complexity 19
4 Evaluation 21
4.1 Evaluation Metric: Detection Delay 21
4.2 Parameter Selection 21
4.3 Comparison: Fully utilized Traffic Trace 22
4.4 Comparison: CAIDA Traffic Trace 24
4.5 Sensitivity Tests of CROFT 25
5 Mathematical Analysis 33
5.1 Lower Bound of Detection Probability 33
5.2 Upper Bound of Damage 38
5.3 Compared to Experiments 39
6 Related Work 41
7 Conclusions 45
Bibliography 47
dc.language.isoen
dc.subject濫用流量偵測zh_TW
dc.subject低流量濫用流量zh_TW
dc.subjectSRAM/DRAM 混合架構zh_TW
dc.subjectLarge-flow detectionen
dc.subjectLow-rate overuse flowen
dc.subjectSRAM/DRAM hybrid schemeen
dc.title高效能的濫用流量偵測方法zh_TW
dc.titleCore Router Overuse Flow Tracer (CROFT): An Efficient Algorithm for Detecting Overuse Flowsen
dc.typeThesis
dc.date.schoolyear107-2
dc.description.degree碩士
dc.contributor.oralexamcommittee王奕翔(I-Hsiang Wang),謝宏昀(Hung-Yun Hsieh)
dc.subject.keyword濫用流量偵測,低流量濫用流量,SRAM/DRAM 混合架構,zh_TW
dc.subject.keywordLarge-flow detection,Low-rate overuse flow,SRAM/DRAM hybrid scheme,en
dc.relation.page50
dc.identifier.doi10.6342/NTU201900855
dc.rights.note有償授權
dc.date.accepted2019-06-16
dc.contributor.author-college電機資訊學院zh_TW
dc.contributor.author-dept資訊工程學研究所zh_TW
Appears in Collections:資訊工程學系

Files in This Item:
File SizeFormat 
ntu-108-1.pdf
  Restricted Access 		1.01 MBAdobe PDF
Show simple item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

社群連結
聯絡資訊
10617臺北市大安區羅斯福路四段1號
No.1 Sec.4, Roosevelt Rd., Taipei, Taiwan, R.O.C. 106
Tel: (02)33662353
Email: ntuetds@ntu.edu.tw
意見箱
相關連結
館藏目錄
國內圖書館整合查詢 MetaCat
臺大學術典藏 NTU Scholars
臺大圖書館數位典藏館
本站聲明
© NTU Library All Rights Reserved