Monitoring Network Domains to Detect Service Violations and DoS Attacks

Wednesday, March 9, 2005 - 17:30
TH 331
Ahsan Habib, University of California, Berkeley
On-line monitoring of network activity is required to maintain confidence in the security and QoS of networks. However, continuous monitoring of a network domain poses several challenges. First, routers of a network domain need to be polled periodically to collect statistics about delay, loss, and bandwidth. Second, this huge amount of data has to be mined to obtain useful monitoring information. This increases the overhead for high speed core routers, and restricts the monitoring process from scalling to a large number of flows. To achieve scalability, pollng and measurements that involve core routers should be avoided. This talk presents a network tomography-based distributed network monitoring scheme that uses only edge-to-edge measurements, and scalse to large network domains. In this scheme, the edge routers form an overlay network with their neighboring edge routers. The overlay network is probed intelligently to identify the congested linksin the domain. A major advantage of this monitoring scheme is that when the network is not heavily congested, the monitoring scheme can detect attacks in both directions of all links with O(N) probes, where N is the number of edge routers. Through analytic study and a series of experiments, we show that the proposed scheme can effectively identify the congested links. The congested links are used to capture the misbehaving flows that are violating their service level agreements, or attacking the domain by injecting excessive traffic.

Ahsan Habib is a Postdoctoral Researcher in the School of Information Management and Systems (SIMS), University of California at Berkeley. His research interests include Network Security, Peer-to-Peer Networking, Network Economics, Multihoming, Next Generation Network Architecture, Quality of Service, and Distributed Systems. He received his Ph.D. from the Department of Computer Sciences at Purdue University in August 2003. He received a M.S. from the Department of Computer Science at Virginia Tech in 1999, and a B.Sc. from the Department of Computer Science and Engineering at Bangladesh University of Engineering and Technology in 1996.