The effects of DDoS attacks on flow monitoring applications


Share/Save/Bookmark

Sadre, Ramin and Sperotto, Anna and Pras, Aiko (2012) The effects of DDoS attacks on flow monitoring applications. In: IEEE Network Operations and Management Symposium, NOMS 2012, 16-20 April 2012, Maui, Hawaii (pp. pp. 269-277).

[img] PDF
Restricted to UT campus only
: Request a copy
893kB
Abstract:Flow-based monitoring has become a popular approach in many areas of network management. However, flow monitoring is, by design, susceptible to anomalies that generate a large number of flows, such as Distributed Denial-Of-Service attacks. This paper aims at getting a better understanding on how a flow monitoring application reacts to the presence of massive attacks.We analyze the performance of a flow monitoring application from the perspective of the flow data it has to process. We first identify the changes in the flow data caused by a massive attack and propose a simple queueing model that describes the behavior of the flow monitoring application. Secondly, we present a case study based on a real attack trace collected at the University of Twente and we analyze the performance of the flow monitoring application by means of simulation experiments. We conclude that the observed changes in the flow data might cause unwanted effects in monitoring applications. Furthermore, our results show that our model can help to parametrize and dimension flow-based monitoring systems.
Item Type:Conference or Workshop Item
Copyright:© 2012 IEEE
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/81678
Official URL:http://dx.doi.org/10.1109/NOMS.2012.6211908
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page