高效能的濫用流量偵測方法

Che-Yu Wu; 吳哲宇

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/73346

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君(Hsu-Chun Hsiao)
dc.contributor.author	Che-Yu Wu	en
dc.contributor.author	吳哲宇	zh_TW
dc.date.accessioned	2021-06-17T07:29:41Z	-
dc.date.available	2021-07-03
dc.date.copyright	2019-07-03
dc.date.issued	2019
dc.date.submitted	2019-06-16
dc.identifier.citation	[1] Intel skylake cpu architecture characteristics. https://www.7-cpu.com/cpu/Skylake.html, Accessed August 2018. [2] M. Antonakakis, T. April, M. Bailey, M. Bernhard, A. Arbor, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, A. Arbor, L. Invernizzi, M. Kallitsis, M. Network, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas,Y. Zhou, M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou. Understanding the Mirai botnet. In USENIX Security Symposium, 2017. [3] C. Basescu, R. M. Reischuk, P. Szalachowski, A. Perrig, Y. Zhang, H.-C. Hsiao, A. Kubota, and J. Urakawa. SIBRA: Scalable internet bandwidth reservation architecture. In Proceedings of Network and Distributed System Security Symposium (NDSS), Feb. 2016. [4] B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422–426, 1970. [5] CAIDA. The CAIDA UCSD Anonymized Internet Traces - Oct. 18th. http://www.caida.org/data/passive/passive_dataset.xml, 2018. [6] K. K. Chang, A. Kashyap, H. Hassan, S. Ghose, K. Hsieh, D. Lee, T. Li, G. Pekhimenko, S. Khan, and O. Mutlu. Understanding latency variation in modern DRAM chips: Experimental characterization, analysis, and optimization. In Proceedings of ACM SIGMETRICS, June 2016. [7] B. Claise. Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational), Oct. 2004. [8] C. Estan, K. Keys, D. Moore, and G. Varghese. Building a Better NetFlow. In ACM SIGCOMM, 2004. [9] C. Estan and G. Varghese. New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice. ACM Transactions on Computer Systems, 21(3):270–313, 2003. [10] P. Flajolet, É. Fusy, O. Gandouet, and F. Meunier. Hyperloglog: the analysis of a near-optimal cardinality estimation algorithm. In Discrete Mathematics and Theoretical Computer Science, pages 137–156. Discrete Mathematics and Theoretical Computer Science, 2007. [11] W. Hoeffding. Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):13–30, 1963. [12] A. Lall, M. Ogihara, and J. Xu. An efficient algorithm for measuring medium-to large-sized flows in network traffic. In IEEE INFOCOM, 2009. [13] S. B. Lee, M. S. Kang, and V. D. Gligor. CoDef: Collaborative defense against large-scale link-flooding attacks. In Proceedings of CoNext, 2013. [14] Z. Liu, H. Jin, Y.-C. Hu, and M. Bailey. MiddlePolice: Toward enforcing destinationdefined policies in the middle of the internet. In Proceedings of ACM CCS, Oct. 2016. [15] G. S. Manku and R. Motwani. Approximate Frequency Counts over Data Streams. In Proceedings of VLDB, 2002. [16] P. E. McKenney. Stochastic fairness queueing. In IEEE INFOCOM, 1990. [17] A. Metwally, D. Agrawal, and A. E. Abbadi. Efficient computation of frequent and top-k elements in data streams. In International Conference on Database Theory, pages 398–412. Springer, 2005. [18] J. Misra and D. Gries. Finding Repeated Elements. Science of Computer Programming, 2(2):143–152, 1982. [19] R. Pagh and F. F. Rodler. Cuckoo hashing. In European Symposium on Algorithms, page 121–133. Springer, 2001. [20] S. Ramabhadran and G. Varghese. Efficient implementation of a statistics counter architecture. In ACM SIGMETRICS Performance Evaluation Review, volume 31, pages 261–271. ACM, 2003. [21] J. Sanjuas-Cuxart, P. Barlet-Ros, N. Duffield, and R. Kompella. Cuckoo Sampling: Robust Collection of Flow Aggregates under a Fixed Memory Budget. In IEEE INFOCOM, 2012. [22] D. Shah, S. Iyer, B. Prabhakar, and N. McKeown. Analysis of a statistics counter architecture. In Hot Interconnects, volume 9, pages 107–111, 2001. [23] V. Sivaraman, S. Narayana, O. Rottenstreich, S. Muthukrishnan, and J. Rexford. Heavy-hitter detection entirely in the data plane. In Proceedings of the Symposium on SDN Research, pages 164–176. ACM, 2017. [24] H. Wu, H.-C. Hsiao, D. E. Asoni, S. Scherrer, A. Perrig, and Y.-C. Hu. Clef: Limiting the damage caused by large flows in the internet core. In International Conference on Cryptology and Network Security (CANS), 2018. [25] H. Wu, H.-C. Hsiao, and Y.-C. Hu. Efficient large flow detection over arbitrary windows: An algorithm exact outside an ambiguity region. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC), pages 209–222. ACM, 2014. [26] X. Xiao. Technical, Commercial and Regulatory Challenges of QoS: An Internet Service Model Perspective. Morgan Kaufmann, 2008. [27] Q. Zhao, J. Xu, and Z. Liu. Design of a novel statistics counter architecture with optimal space and time efficiency. ACM SIGMETRICS Performance Evaluation Review, 34(1):323–334, 2006.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/73346	-
dc.description.abstract	偵測網路中的濫用流量方法已經被研究了超過15年，並且至今仍是一個網路系統中重要的問題，因爲有越來越多對延遲敏感的網路應用、日趨嚴重的大規模DDoS攻擊、以及對各種流量分配框架的需求。雖然已經有很多方法被設計來偵測網路中的濫用流量，仍然沒有系統可以可靠的偵測只超用允許頻寬50%的濫用流量。尤其在如核心路由器等高流量網路環境中，因爲高速記憶體及運算資源的限制，讓這個問題變得更加困難。我們設計、分析、實作、並測試CROFT，一個比起過去方法有更好特性的新濫用流量偵測演算法。CROFT在偵測1.5x-7x濫用流量上比以往的方法快超過300倍，而以往的方法在7x濫用流量的偵測時間就超過了300秒的時間限制。	zh_TW
dc.description.abstract	The detection of overuse flows has been a research problem studied for over 15 years, and it remains an important topic to this day due to the increasing importance of network performance for latency-sensitive applications, the impact of volumetric DDoS attacks, and the emergence of bandwidth allocation schemes. Although much progress has been achieved for designing efficient in-network detection of overuse flows, no system exists that can reliably detect overuse flows utilizing only 50% more than their permitted bandwidth. What further compounds the difficulty of the problem is the challenging environment of high-throughput packet processing on core Internet routers, which requires careful management of the limited amount of (expensive) fast memory and of computational resources. We design, analyze, implement, and evaluate CROFT, a new approach for efficiently detecting overuse flows that achieves dramatically better properties than prior work. CROFT is at least 300 times faster than prior approaches in detecting 1.5x-7x overuse flows: CROFT can detect 1.5x overuse flows in one second, whereas prior approaches fail to detect 7x overuse flows within a timeout of 300s.	en
dc.description.provenance	Made available in DSpace on 2021-06-17T07:29:41Z (GMT). No. of bitstreams: 1 ntu-108-R06922021-1.pdf: 1030388 bytes, checksum: 28215201f4bdf396003235b1233799f1 (MD5) Previous issue date: 2019	en
dc.description.tableofcontents	誌謝 iii Acknowledgements v 摘要 vii Abstract ix 1 Introduction 1 2 Problem Definition 5 2.1 Flow Policing Model 5 2.2 Desired Properties 6 2.3 Overuse Flows vs. Large Flows 7 2.3.1 FMF and AMF 8 2.3.2 EARDet 9 3 CROFT Algorithm 11 3.1 Overview 11 3.2 Estimate Algorithm 13 3.3 Sampler 15 3.4 Multi-class CROFT 16 3.5 Complexity Analysis 18 3.5.1 Time complexity 18 3.5.2 Space Complexity 19 4 Evaluation 21 4.1 Evaluation Metric: Detection Delay 21 4.2 Parameter Selection 21 4.3 Comparison: Fully utilized Traffic Trace 22 4.4 Comparison: CAIDA Traffic Trace 24 4.5 Sensitivity Tests of CROFT 25 5 Mathematical Analysis 33 5.1 Lower Bound of Detection Probability 33 5.2 Upper Bound of Damage 38 5.3 Compared to Experiments 39 6 Related Work 41 7 Conclusions 45 Bibliography 47
dc.language.iso	en
dc.subject	濫用流量偵測	zh_TW
dc.subject	低流量濫用流量	zh_TW
dc.subject	SRAM/DRAM 混合架構	zh_TW
dc.subject	Large-flow detection	en
dc.subject	Low-rate overuse flow	en
dc.subject	SRAM/DRAM hybrid scheme	en
dc.title	高效能的濫用流量偵測方法	zh_TW
dc.title	Core Router Overuse Flow Tracer (CROFT): An Efficient Algorithm for Detecting Overuse Flows	en
dc.type	Thesis
dc.date.schoolyear	107-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	王奕翔(I-Hsiang Wang),謝宏昀(Hung-Yun Hsieh)
dc.subject.keyword	濫用流量偵測,低流量濫用流量,SRAM/DRAM 混合架構,	zh_TW
dc.subject.keyword	Large-flow detection,Low-rate overuse flow,SRAM/DRAM hybrid scheme,	en
dc.relation.page	50
dc.identifier.doi	10.6342/NTU201900855
dc.rights.note	有償授權
dc.date.accepted	2019-06-16
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-108-1.pdf 未授權公開取用	1.01 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。