2018
DOI: 10.1007/978-3-030-00434-7_5
|View full text |Cite
|
Sign up to set email alerts
|

CLEF: Limiting the Damage Caused by Large Flows in the Internet Core

Abstract: 2[0000−0002−5100−1519] , Hsu-Chun Hsiao 3[0000−0001−9592−6911] , Daniele E. Asoni 4[0000−0001−5699−9237] , Simon Scherrer 4[0000−0001−9557−1700] , Adrian Perrig 4[0000−0002−5280−5412] , and Yih-Chun Hu 1[0000−0002−7829−3929]Abstract. The detection of network flows that send excessive amounts of traffic is of increasing importance to enforce QoS and to counter DDoS attacks. Large-flow detection has been previously explored, but the proposed approaches can be used on high-capacity core routers only at the cost o… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
5
0

Year Published

2021
2021
2021
2021

Publication Types

Select...
2

Relationship

2
0

Authors

Journals

citations
Cited by 2 publications
(5 citation statements)
references
References 38 publications
0
5
0
Order By: Relevance
“…Large flow detection algorithms identify flows that use more than a threshold amount of bandwidth, and it is common that the higher the threshold the better the performance will be. Besides AMF (introduced in Section II-C), CLEF [37] proposes to detect low-rate overuse flows, which are similar to the lowrate overuse flows in our work, using recursive division and by combining two detectors with complementing properties. Our evaluation shows that LOFT outperforms EARDet, one of the detectors used by CLEF, when the overuse ratio is lower than 7x.…”
Section: Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…Large flow detection algorithms identify flows that use more than a threshold amount of bandwidth, and it is common that the higher the threshold the better the performance will be. Besides AMF (introduced in Section II-C), CLEF [37] proposes to detect low-rate overuse flows, which are similar to the lowrate overuse flows in our work, using recursive division and by combining two detectors with complementing properties. Our evaluation shows that LOFT outperforms EARDet, one of the detectors used by CLEF, when the overuse ratio is lower than 7x.…”
Section: Related Workmentioning
confidence: 99%
“…In this formulation of the heavy-hitter problem, the assumption is that network operators define a flow size threshold and want to identify all the flows that violate this threshold. Previous work [16], [5], [7], [11], [13], [38], [37], [33], [40] focused on detecting heavy hitters, e.g., flows that are 10x larger than the threshold such that a large measurement error can be tolerated. In contrast, the problem of detecting moderately large flows, i.e., flows that send slightly more (e.g., 1.50x) than the threshold flow size, is still in need of an effective solution.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…In the conventional formulation of the problem, network operators define a flow-size threshold and want to identify all flows that violate this threshold. However, previous work [15], [4], [6], [10], [12], [38], [37], [33], [40] has not resulted in monitoring schemes that can detect all threshold-violating flows (henceforth: overuse flows), but put a strong emphasis on detecting so-called heavy hitters (henceforth: highrate overuse flows). Heavy hitters are flows that consume a significant share of link bandwidth and are thus large compared to the given threshold.…”
Section: Introductionmentioning
confidence: 99%
“…To reduce fast-memory usage, a line of previous research devises sketches, which use a small number of counters and map every flow to a random subset of these counters. The size of each flow is then estimated based on the values of the counters corresponding to that flow [15], [12], [37], [27], [19]. Flows with an estimated size exceeding a pre-defined threshold are considered overusing.…”
Section: Introductionmentioning
confidence: 99%