Self-management of hybrid optical and packet switching networks

Fioreze, T.

doi:10.3990/1.9789036529662

Cited by 4 publications

(9 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This situation is known as "the elephant and mice phenomenon". Fioreze [51] also shows that, since elephant flows generate a large amount of packets, there is a higher probability that a sampled packet belongs to one of these flows. In light of these considerations, we did not apply any scaling factor to the number of flows.…”

Section: Notementioning

confidence: 98%

“…In the literature, several flow definitions can be found [19,52,51,21]. We present the definition of IP flow as it is described by the IPFIX working group within the IETF [121,22]:…”

Section: Flow Definitionmentioning

confidence: 99%

“…An overview of this process is given by Fioreze et al [52,51]. It is analogously possible to have more detailed flow definitions.…”

Section: Flow Definitionmentioning

confidence: 99%

“…In this case, it would be incorrect to assume that we observed 100 different flows. In real traffic, it has been shown that a small number of flows account for the biggest percentage of the traffic, while the size of the majority of the flows is small [108,51]. This situation is known as "the elephant and mice phenomenon".…”

Section: Notementioning

confidence: 99%

“…The issue that arises from this observation is how we can regroup TCP sessions in a reliable manner. A first possibility appears in Fioreze [51]. The author proposes to distinguish different TCP sessions based on the time gap between the end time of a flow record and the start time of the next one.…”

Section: Flow Collection Locationmentioning

confidence: 99%

See 4 more Smart Citations

Flow-based intrusion detection

Sperotto

Pras

2011

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

View full text Add to dashboard Cite

The spread of 1-10Gbps technology has in recent years paved the way to a flourishing landscape of new, high-bandwidth Internet services. As users, we depend on the Internet in our daily life for simple tasks such as checking emails, but also for managing private and financial information. However, entrusting such information to the Internet also means that the network has become an alluring place for hackers. To this threat, the research community has answered with an increased interest in intrusion detection. With the number of attacks almost exponentially increasing, and the attackers' motivations moving from ideological to economical, the researchers' attention is focused on developing new techniques to timely detect intruders and prevent damage. Our studies in the field of intrusion detection, however, made us realize that additional research is needed, in particular: the creation of shared data sets to validate Intrusion Detection Systems (IDSs) and the development of automatic procedures to tune the parameters of IDSs.The contribution of this thesis is that it develops a structured approach to intrusion detection that focuses on (i) shared ground-truth data sets and (ii) automatic parameter tuning. We develop our approach by focusing on network flows. Flows offer an aggregated view of network traffic, by reporting on the amount of packets and bytes exchanged over the network. Therefore, flows drastically reduce the amount of data to be analyzed. In this thesis, we aim at detecting anomalies in flow-based time series, describing how the number of flows, packets and bytes changes over time.Ground truth data sets are fundamental in the development phase, for validation purposes and, if publicly available, for comparison between different IDSs. We attack the problem of ground truth generation in two complementary manners.First, we obtain ground truth information for flow-based intrusion detection by manually creating it. We do so by means of a honeypot-based data collection and monitoring setup, specifically tuned to (i) offer an attracting platform for attackers, and (ii) include enhanced logging capabilities to support the vi labeling of the collected data. The outcome of our research has been a publicly released flow-based labeled data set. To the best of our knowledge, no such data set already exists.Second, we generate ground truth information in an automatic manner. We do this by generating artificial flow, packet and byte time series for benign and attack traffic. In this thesis, we rely upon Hidden Markov Models (HMMs), which allow for probabilistic and compact representations of flow-based time series and can be used for generation purposes.Finally, we approach the problem of automatic tuning of IDSs. The performance of an IDS is governed by the trade-off between detecting all anomalies (at the expense of raising alarms too often), and missing anomalies (but not issuing many false alarms). We developed an optimization procedure that aims to mathematically treat such trade-off in a systematic m...

show abstract

Section: Notementioning

confidence: 98%

“…In the literature, several flow definitions can be found [19,52,51,21]. We present the definition of IP flow as it is described by the IPFIX working group within the IETF [121,22]:…”

Section: Flow Definitionmentioning

confidence: 99%

“…An overview of this process is given by Fioreze et al [52,51]. It is analogously possible to have more detailed flow definitions.…”

Section: Flow Definitionmentioning

confidence: 99%

Section: Notementioning

confidence: 99%

Section: Flow Collection Locationmentioning

confidence: 99%

See 3 more Smart Citations

Flow-based intrusion detection

Sperotto

Pras

2011

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

View full text Add to dashboard Cite

show abstract

Self-management of Hybrid Networks: Introduction, Pros and Cons

Fioreze

Pras

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In the last decade 'self-management' has become a popular research theme within the networking community. While reading papers, one could get the impression that self-management is the obvious solution to solve many of the current network management problems. There are hardly any publications, however, that discuss the drawbacks of selfmanagement. In this paper we will therefore introduce self-management for the specific case of hybrid networks, and discuss some pros and cons. In particular, this paper investigates the feasibility to employ selfmanagement functions within hybrid optical and packet switching networks. In such networks, large IP flows can be moved from the IP level to the optical level, in an attempt to reduce the load at the IP layer and enhance the quality of service (QoS) of the flow that is moved to the optical level. One of the typical management tasks within such networks, is the establishment and release of lightpaths. This paper identifies the advantages and disadvantages of introducing self-management to control such lightpaths.

show abstract

A Network Management System for Handling Scientific Data Flows

et al. 2014

View full text Add to dashboard Cite

Large scientific data transfers often occur at high rates causing increased burstiness in Internet tra c. To limit the adverse e↵ects of these high-rate large-sized flows, which are referred to as ↵ flows, on delay-sensitive audio/video flows, a network management system called Alpha Flow Tra c Engineering System (AFTES) is proposed for intra-domain tra c engineering. An o✏ine approach is used in which AFTES analyzes NetFlow records collected by routers, extracts source-destination address prefixes of ↵ flows, and uses these prefixes to configure firewall filters at ingress routers of a provider's network to redirect future ↵ flows to tra c-engineered paths and isolated queues. The e↵ectiveness of this scheme was evaluated through an analysis of The UVA portion was Manuscript Click here to download Manuscript: paper.pdf Click here to view linked References 2 Y a n , T r a c y , V e e r a r a g h a v a n , J i n , L i u 7 months of NetFlow data obtained from an ESnet router. For this data set, 91% of bytes generated by ↵ flows during high-rate intervals would have been directed had AFTES been deployed. The negative aspect of using address prefixes in firewall filters, i.e., the redirection of flows to ↵-flow paths/queues, was also quantified.

show abstract

Self-management of hybrid optical and packet switching networks

Cited by 4 publications

References 39 publications

Flow-based intrusion detection

Flow-based intrusion detection

Self-management of Hybrid Networks: Introduction, Pros and Cons

A Network Management System for Handling Scientific Data Flows

Contact Info

Product

Resources

About