Abstract
In this paper, we investigate the need for seamless dynamic reconfiguration of flow meters. Flow monitoring has become a primary measurement approach for various network management and security applications. Sampling and filtering techniques are usually employed in order to cope with the increasing bandwidth in today’s backbone networks. Additionally, low level analysis features can be used if CPU and memory resources are available. Obviously, the configuration of such algorithms depends on the (estimated) network load. In case of changing traffic pattern or varying demands on the flow analyzers, this configuration needs to be updated. Hereby it is essential to lose as little information, i.e. packet or flow data, as possible. We contribute to this domain by presenting an architecture for seamless reconfiguration without information loss, which we integrated into the monitoring toolkit Vermont. Additionally, we integrated support for situation awareness using module specific resource sensors. In a number of experiments, we evaluated the performance of Vermont and similar flow monitors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Carle, G., Dressler, F., Kemmerer, R.A., König, H., Kruegel, C., Laskov, P.: Manifesto — Perspectives Workshop: Network Attack Detection and Defense. In: Dagstuhl Perspectives Workshop 08102 — Network Attack Detection and Defense 2008, Schloss Dagstuhl, Wadern, Germany (March 2008)
Lampert, R.T., Sommer, C., Münz, G., Dressler, F.: Vermont — A Versatile Monitoring Toolkit Using IPFIX/PSAMP. In: IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006), Tübingen, Germany, IEEE (September 2006) 62–65
Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC 5101, IETF (January 2008)
Kobayashi, A., Nishida, H., Sommer, C., Dressler, F., Stephan, E., Claise, B.: IPFIX Mediation: Problem Statement. Internet-Draft (work in progress) draftietf-ipfix-mediators-problem-statement-00.txt, IETF (May 2008)
Estan, C., Savage, S., Varghese, G.: Automatically Inferring Patterns of Resource Consumption in Network Traffic. In: ACM SIGCOMM 2003, Karlsruhe, Germany, ACM (August 2003) 137–148
Jung, J., Paxson, V., Berger, A.W., lakrishnan, H.B.: Fast Portscan Detection Using Sequential Hypothesis Testing. In: IEEE Symposium on Security and Privacy, Berkeley/Oakland, CA (May 2004)
Bernaille, L., Teixeira, R.: Early Application Identification. In: 2nd International Conference On Emerging Networking Experiments And Technologies (CoNext 2006), Lisboa, Portugal (December 2006)
Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic Classification Through Simple Statistical Fingerprinting. ACM Computer Communication Review (CCR) 37(1) (January 2007) 5–16
Wagner, A., Dübendorfer, T., Hämmerle, L., Plattner, B.: Identifying P2P Heavy-Hitters from Network-Flow Data. In: 2nd CERT Workshop on Flow Analysis (FloCon 2005), Pittsburgh, Pennsylvania (September 2005)
Rajab, M.A., Monrose, F., Terzis, A.: On the Effectiveness of Distributed Worm Monitoring. In: 14th USENIX Security Symposium, Baltimore, MD (July 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Limmer, T., Dressler, F. (2009). Seamless Dynamic Reconfiguration of Flow Meters: Requirements and Solutions. In: David, K., Geihs, K. (eds) Kommunikation in Verteilten Systemen (KiVS). Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92666-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-92666-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-92665-8
Online ISBN: 978-3-540-92666-5
eBook Packages: Computer Science and Engineering (German Language)